Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3689960ybv; Mon, 10 Feb 2020 04:46:10 -0800 (PST) X-Google-Smtp-Source: APXvYqwUAwTMTsjpYF2u+EPFUnKusHPL3wxi8Z24IWqTcUXO4HGqzW+uSWctgAm2XXPZyGMS7YR6 X-Received: by 2002:a05:6830:18d4:: with SMTP id v20mr941888ote.29.1581338770399; Mon, 10 Feb 2020 04:46:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581338770; cv=none; d=google.com; s=arc-20160816; b=Wr8mRP/qVO8Yoh/0WVVdiD4zwu4wVVOOJVGeHPWRcRDLN8GdX294Ux8LX1vuzxQDh0 GUv9p5y29amTm8UjYQXA7UqYP4lF4c/KzjY1PcnFYZdEhAc0Nq38vq1SZcxxWWjNwMQ2 GjBEusNnicT4rN+fXqPoGqEuSzdpSyiTr+rQBrmHpee8eP0nt4IUPb0xR54mF7qXTivk VMYDu6wm+d1Mo+X14LRJWXkyyTBWpRjS6uTLEysxgZpejwJf7hhTPt/J/TpEcJNzimgx KJf3HQc33TmSwAEoiy+GNwsJ7ZIJM5seOd5g4UMOy6i0Q5Biw/WWvVzK6pr/IKpkoSLZ KzzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=t0Rnww1/W5hzesIETC2t9lbZa7hg3YKsOVTtbn/aSiw=; b=ofYFR3E8ZONyrinJ5xhGrqiaJu/d7f7LznKWI/VwIEX7DvaLXxvTFbr5S6J9Z9JY9n zpDlSCQvCYghiN2qNtQYpy0+09DYgc23FtLQ45QPq9NBhRHvIj/65vAsD2jcpik9+70e eYpyUM+QPyIODNXNadoHmzZ7omdzezP5E0XuwpPBu1RKTKV1hWcHkENRmjFISty+9zOF kM+U6SAxRDhy8Cq1vuXXG934+tvcHWK3VbByrsJNp1yrcrP2nxlocM2IjjVo5o0/KU0v YfbdtWcDNMIRhm9Of7nphV2JR6/71qpll3jMJkK29NytOfMuxUmmDTgZ27sti6bIVS0C 4yRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dGwHW4Fb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si140049oto.127.2020.02.10.04.45.58; Mon, 10 Feb 2020 04:46:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dGwHW4Fb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730308AbgBJMop (ORCPT + 99 others); Mon, 10 Feb 2020 07:44:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:41428 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729414AbgBJMkp (ORCPT ); Mon, 10 Feb 2020 07:40:45 -0500 Received: from localhost (unknown [209.37.97.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 924DB24672; Mon, 10 Feb 2020 12:40:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581338444; bh=8nb5Kb/aNnx3b2+BuP2kxWHE/LxEWpN7ibvn/DYhSMk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dGwHW4Fby6rx1cXstj+36BYNsZo5Cc8FU3ty19jmewY+vfRC6zY9OOjoD6JIdaGpe rO1CaruOF3YoJEeozr2Wak+ojDdkNSACYJduN8i6IGvrR+0PAuQ39Un45wdAA1lNpp DqhtP6I2CcDg9X7e6awIaK+1bDkvIhNZ00W6w7h0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Herbert Xu Subject: [PATCH 5.5 185/367] crypto: api - Fix race condition in crypto_spawn_alg Date: Mon, 10 Feb 2020 04:31:38 -0800 Message-Id: <20200210122441.754434395@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200210122423.695146547@linuxfoundation.org> References: <20200210122423.695146547@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Herbert Xu commit 73669cc556462f4e50376538d77ee312142e8a8a upstream. The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could disappear altogether before we shoot it. This patch fixes it by moving the shooting into the locked section. Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/algapi.c | 16 +++++----------- crypto/api.c | 3 +-- crypto/internal.h | 1 - 3 files changed, 6 insertions(+), 14 deletions(-) --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -697,22 +697,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn); static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn) { struct crypto_alg *alg; - struct crypto_alg *alg2; down_read(&crypto_alg_sem); alg = spawn->alg; - alg2 = alg; - if (alg2) - alg2 = crypto_mod_get(alg2); - up_read(&crypto_alg_sem); - - if (!alg2) { - if (alg) - crypto_shoot_alg(alg); - return ERR_PTR(-EAGAIN); + if (alg && !crypto_mod_get(alg)) { + alg->cra_flags |= CRYPTO_ALG_DYING; + alg = NULL; } + up_read(&crypto_alg_sem); - return alg; + return alg ?: ERR_PTR(-EAGAIN); } struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, --- a/crypto/api.c +++ b/crypto/api.c @@ -346,13 +346,12 @@ static unsigned int crypto_ctxsize(struc return len; } -void crypto_shoot_alg(struct crypto_alg *alg) +static void crypto_shoot_alg(struct crypto_alg *alg) { down_write(&crypto_alg_sem); alg->cra_flags |= CRYPTO_ALG_DYING; up_write(&crypto_alg_sem); } -EXPORT_SYMBOL_GPL(crypto_shoot_alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask) --- a/crypto/internal.h +++ b/crypto/internal.h @@ -68,7 +68,6 @@ void crypto_alg_tested(const char *name, void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg); void crypto_remove_final(struct list_head *list); -void crypto_shoot_alg(struct crypto_alg *alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask); void *crypto_create_tfm(struct crypto_alg *alg,