Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp709827ybv; Thu, 13 Feb 2020 08:08:35 -0800 (PST) X-Google-Smtp-Source: APXvYqx3n27ue6r2uUFUR0tL/tO1wBO/sAQUs3Z1GWCdh8nDaxQw5YgAO4falg3wA5HWiqAt/175 X-Received: by 2002:aca:1012:: with SMTP id 18mr3257066oiq.151.1581610115651; Thu, 13 Feb 2020 08:08:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581610115; cv=none; d=google.com; s=arc-20160816; b=rvpsbTp13PY0VtCDcCCIuk55PbWnKxmHIU9sOf5GYCteGFnN20lg+ys1TQ66qxoXjL sYBsBadQDjZbBYY3/arX+sVb63UqdfxVHPj5MXnlFoWEokc/JsvXuVIFJWnyFGt+ixrz HPi7Q8PiZpNWpKh7YPvA5nNxRLw3gZ8Y1uk9cefZ9/+OQcrxEJY5aGko2Ln29/FhU6Qu zZIzT6KNChS0EXuQYdr/XYRfdFDnx2iYRUbFYl+LKpTpscIT6BFPBpmOBW+l0ByJNEcA YW401Z2rcGiutX46KQT6pdjL5Boe7fVhpKl43QryTG6qgWDczEA1KEdizz9ym1zKRCvi ua5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1Ju3X1JZnywQbYNdxkq0GlpfUsrA6B89ZljFY8J5nj4=; b=cOPYL9C+3KPAJ5fUG86GjJKWf4HnMzHqmioOrZSkaUqS2zc5Cp2Jg6So8GeFdOXt8x HXtfY20GwZmUd6fX/YZxARTV3a1eJbrRDtdoHlIXAS1aSCl1SslP/6SiV3a5wJKZuCZ9 K4tLGaFMrTiqoQqJ2/X1PI06frwYQFsefccRljej4YB+mLUWxwttU7LAO33iIdF66k4q KqPrAOEnPevmFL8JPqYj6BKs0pdeuQpjXYtW/jbTh7e4itKVcZ9mIVMmd+0FH8s+TsoV XdVAqBpF+ep6+oLlUNJKkcAH6uqfxBTaRlIzao6gV15mxbalbvneVQplvTfLkJgTANKs Fkwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="zt/Y7fdp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p3si1324698oih.186.2020.02.13.08.08.21; Thu, 13 Feb 2020 08:08:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="zt/Y7fdp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730372AbgBMQGO (ORCPT + 99 others); Thu, 13 Feb 2020 11:06:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:35318 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725781AbgBMPXk (ORCPT ); Thu, 13 Feb 2020 10:23:40 -0500 Received: from localhost (unknown [104.132.1.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 74EEF246C1; Thu, 13 Feb 2020 15:23:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581607419; bh=PTPApXUgqmGll2uKZ0d6K4HlFTjkG6irNywR7Btj+yM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zt/Y7fdp4UalFoZJtIvWx8grHSeK5SAWIxCUBEhc9V4F7Sgy462PmA+r6xS8Bk9Nd np9Is/W/xpB36nWZtG24nkgLP+M+uACugVYVnGwhRNtIcJ2D8FRCuL17Xyju34lIGP PFP6d3eZtlrewunIMf0Vy3stfm0gSGLqZS6tIDOc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Herbert Xu Subject: [PATCH 4.9 038/116] crypto: api - Fix race condition in crypto_spawn_alg Date: Thu, 13 Feb 2020 07:19:42 -0800 Message-Id: <20200213151857.948420705@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200213151842.259660170@linuxfoundation.org> References: <20200213151842.259660170@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Herbert Xu commit 73669cc556462f4e50376538d77ee312142e8a8a upstream. The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could disappear altogether before we shoot it. This patch fixes it by moving the shooting into the locked section. Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/algapi.c | 16 +++++----------- crypto/api.c | 3 +-- crypto/internal.h | 1 - 3 files changed, 6 insertions(+), 14 deletions(-) --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -662,22 +662,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn); static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn) { struct crypto_alg *alg; - struct crypto_alg *alg2; down_read(&crypto_alg_sem); alg = spawn->alg; - alg2 = alg; - if (alg2) - alg2 = crypto_mod_get(alg2); - up_read(&crypto_alg_sem); - - if (!alg2) { - if (alg) - crypto_shoot_alg(alg); - return ERR_PTR(-EAGAIN); + if (alg && !crypto_mod_get(alg)) { + alg->cra_flags |= CRYPTO_ALG_DYING; + alg = NULL; } + up_read(&crypto_alg_sem); - return alg; + return alg ?: ERR_PTR(-EAGAIN); } struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, --- a/crypto/api.c +++ b/crypto/api.c @@ -355,13 +355,12 @@ static unsigned int crypto_ctxsize(struc return len; } -void crypto_shoot_alg(struct crypto_alg *alg) +static void crypto_shoot_alg(struct crypto_alg *alg) { down_write(&crypto_alg_sem); alg->cra_flags |= CRYPTO_ALG_DYING; up_write(&crypto_alg_sem); } -EXPORT_SYMBOL_GPL(crypto_shoot_alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask) --- a/crypto/internal.h +++ b/crypto/internal.h @@ -87,7 +87,6 @@ void crypto_alg_tested(const char *name, void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg); void crypto_remove_final(struct list_head *list); -void crypto_shoot_alg(struct crypto_alg *alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask); void *crypto_create_tfm(struct crypto_alg *alg,