Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1321390yba; Tue, 2 Apr 2019 06:50:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqzueI5aPOkyyo4n5Yuva3xLhD7xgMKQXxaFPzNfByMR392JbJgV9y3T20Gl8w4+FqKoIMiw X-Received: by 2002:a63:6cc7:: with SMTP id h190mr33766882pgc.350.1554213033702; Tue, 02 Apr 2019 06:50:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554213033; cv=none; d=google.com; s=arc-20160816; b=bJfaV5T/5b2vGghjPH96sY1/mQBJEqPxiWoYBnquhoIRXX44EDUqQpVvNC5LIL10p+ wNaKBqz7kSOQxYmHGCBxqRjOTLyfiq6VZJJWSVphZbZN7yz5Spq4HB01M+Zg1L6ksHr3 gC4IFHkw483D5r4x4z0YFV5+Gx8Qe8URcjisRdH7Rvl8xEGRIt8q4E5xX+4V2FKEfquQ zTs8lVdUusBcm6OTLMNnOf6YZreuyOL1zKyfTNlN/Swl6I1f/ZqIl+CJ/HQT+BjW2DUe Y9pxWd0qUJMMkfN7KcAHT1m8LEg2cWLYFUPUGEhyj0o4j9bQs1JjOD3YiaSic6vGy4xt JmdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=5N4HqBEcziwj4DfLUOjF6RjFaj0dgyIqsw7Xw/mcAgQ=; b=PcJX6vBX6JzXdRFgC1c+fJfdQUARriPzFDrL8vAjrJ0gZzP/7A7gwrHWPUBtn2gzxi lHck0vIsaQhzs+PduXXnCWwHdoj9UBDVTTX1ISkP8EZhSateRjtdmuwd2UnFss/21UP3 FRLyRstckRZ5ZkPZtlDspMSVIb39IEX6fMRvWMsI6NJsQQpPuAQ0RRZb+33gqNylbCLL o8Knjks+l89KU7JzZXyXC98CLrzcPk6LslQfUBszTXf5oEN1nOmU/j2c8lXrujeFt0d3 v43NN35qH3pvu0ZLy9hTQZlB/PugvEfkZ/s0ua1L3Q12TXqrV0Lhcj/ZCkzzRlKuUvWA fuTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n1si11353505pld.251.2019.04.02.06.50.18; Tue, 02 Apr 2019 06:50:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732060AbfDBNtE (ORCPT + 99 others); Tue, 2 Apr 2019 09:49:04 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:42884 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731189AbfDBNkC (ORCPT ); Tue, 2 Apr 2019 09:40:02 -0400 Received: from [167.98.27.226] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hBJdw-0002nj-C9; Tue, 02 Apr 2019 14:40:00 +0100 Received: from ben by deadeye with local (Exim 4.92) (envelope-from ) id 1hBJdv-0004t0-9g; Tue, 02 Apr 2019 14:39:59 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Denis Kirjanov , "Herbert Xu" , "Eric Biggers" Date: Tue, 02 Apr 2019 14:38:27 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 32/99] crypto: user - support incremental algorithm dumps In-Reply-To: X-SA-Exim-Connect-IP: 167.98.27.226 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.65-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 0ac6b8fb23c724b015d9ca70a89126e8d1563166 upstream. CRYPTO_MSG_GETALG in NLM_F_DUMP mode sometimes doesn't return all registered crypto algorithms, because it doesn't support incremental dumps. crypto_dump_report() only permits itself to be called once, yet the netlink subsystem allocates at most ~64 KiB for the skb being dumped to. Thus only the first recvmsg() returns data, and it may only include a subset of the crypto algorithms even if the user buffer passed to recvmsg() is large enough to hold all of them. Fix this by using one of the arguments in the netlink_callback structure to keep track of the current position in the algorithm list. Then userspace can do multiple recvmsg() on the socket after sending the dump request. This is the way netlink dumps work elsewhere in the kernel; it's unclear why this was different (probably just an oversight). Also fix an integer overflow when calculating the dump buffer size hint. Fixes: a38f7907b926 ("crypto: Add userspace configuration API") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu [bwh: Backported to 3.16: adjust filename] Signed-off-by: Ben Hutchings --- crypto/crypto_user.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c @@ -226,30 +226,33 @@ static int crypto_report(struct sk_buff static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb) { - struct crypto_alg *alg; + const size_t start_pos = cb->args[0]; + size_t pos = 0; struct crypto_dump_info info; - int err; - - if (cb->args[0]) - goto out; - - cb->args[0] = 1; + struct crypto_alg *alg; + int res; info.in_skb = cb->skb; info.out_skb = skb; info.nlmsg_seq = cb->nlh->nlmsg_seq; info.nlmsg_flags = NLM_F_MULTI; + down_read(&crypto_alg_sem); list_for_each_entry(alg, &crypto_alg_list, cra_list) { - err = crypto_report_alg(alg, &info); - if (err) - goto out_err; + if (pos >= start_pos) { + res = crypto_report_alg(alg, &info); + if (res == -EMSGSIZE) + break; + if (res) + goto out; + } + pos++; } - + cb->args[0] = pos; + res = skb->len; out: - return skb->len; -out_err: - return err; + up_read(&crypto_alg_sem); + return res; } static int crypto_dump_report_done(struct netlink_callback *cb) @@ -478,7 +481,7 @@ static int crypto_user_rcv_msg(struct sk if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) && (nlh->nlmsg_flags & NLM_F_DUMP))) { struct crypto_alg *alg; - u16 dump_alloc = 0; + unsigned long dump_alloc = 0; if (link->dump == NULL) return -EINVAL; @@ -486,16 +489,16 @@ static int crypto_user_rcv_msg(struct sk down_read(&crypto_alg_sem); list_for_each_entry(alg, &crypto_alg_list, cra_list) dump_alloc += CRYPTO_REPORT_MAXSIZE; + up_read(&crypto_alg_sem); { struct netlink_dump_control c = { .dump = link->dump, .done = link->done, - .min_dump_alloc = dump_alloc, + .min_dump_alloc = min(dump_alloc, 65535UL), }; err = netlink_dump_start(crypto_nlsk, skb, nlh, &c); } - up_read(&crypto_alg_sem); return err; }