Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2733246ybz; Mon, 27 Apr 2020 03:34:30 -0700 (PDT) X-Google-Smtp-Source: APiQypIe/auIDfRMq3utobHa3mx7EstqNkQEJf4XgITNdMs9wSYL99aVsfetLlA7GdUiuMG/yizR X-Received: by 2002:a17:906:add7:: with SMTP id lb23mr19989050ejb.6.1587983670842; Mon, 27 Apr 2020 03:34:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587983670; cv=none; d=google.com; s=arc-20160816; b=wugeELB2UWgTjqlaSSuvbHiXVbMSy9YniRcXgbyNdh2lIRpOAp/sCPEfSivYkaJp2j oavgZ0Iwqv4uMPvO8ZbZrQECYQk9nU930nR11HY9vLEKGKHxL5QHhUW5GMjx8MeZIoUM z6vIH2WdJup8a27QKnckEg7+dSAZkOJ+Xv7zetSkGpVBFVS4s6N/hNUaSly3gNv4YtUI Y8K2Snnipyr32jUX6OXCcA/Fq1d1e2+K5ffvkwisCi2lt/Nc2oq7NR4y+Y9nImAtkkiz CTz5+giKi1rzPvF1PfTKtlHBQ76056LfCJjbHxtdEhmBJpCVZ/hrpvAt/13uTHKB0DiZ dspw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=ZLNxaYSJbk4dG4StEHDEM0nClXcBDVlNw8yf74VY54w=; b=d06bwfqAv0qdS8UQIBtom7uFS2QE7XwjE6V/fDFoQJ3tIJWs3yOkFEmSEPDL2kPSxR XpVmdYwD4J0hs8+cXsprhsLWum/FV9HS6ePJYbW1glzQTUgQDYrItvteXUvfr9WkEDYs WpAK+SUUeJcCX65Ss9hSNzrqQ9YNqSE6aL+/g0yz4i8BmpQ3LyZaRdnSBQzVIioeWUUw VXizI+VYqUFkjB+0P9iAc+8LsWzZc5VrE2fGOlew8YTU1wI3dQBqSFjceAatdkxHZ0GV xiHuCemM2r9Hdy/7MqpxxS7gO2MCx2z5ktVudZA45soIKlsUNXlUPAW28DNHd+eigRE1 G//w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s15si7639206edq.231.2020.04.27.03.34.07; Mon, 27 Apr 2020 03:34:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727771AbgD0KcB (ORCPT + 99 others); Mon, 27 Apr 2020 06:32:01 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:2106 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726786AbgD0Kbm (ORCPT ); Mon, 27 Apr 2020 06:31:42 -0400 Received: from lhreml723-chm.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id AC11C564B7EF5C0124A8; Mon, 27 Apr 2020 11:31:40 +0100 (IST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by lhreml723-chm.china.huawei.com (10.201.108.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 11:31:40 +0100 Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 12:31:39 +0200 From: Roberto Sassu To: , CC: , , , , , "Roberto Sassu" , Subject: [PATCH v2 2/6] evm: Check also if *tfm is an error pointer in init_desc() Date: Mon, 27 Apr 2020 12:28:56 +0200 Message-ID: <20200427102900.18887-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200427102900.18887-1-roberto.sassu@huawei.com> References: <20200427102900.18887-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.160] X-ClientProxiedBy: lhreml710-chm.china.huawei.com (10.201.108.61) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch avoids a kernel panic due to accessing an error pointer set by crypto_alloc_shash(). It occurs especially when there are many files that require an unsupported algorithm, as it would increase the likelihood of the following race condition: Task A: *tfm = crypto_alloc_shash() <= error pointer Task B: if (*tfm == NULL) <= *tfm is not NULL, use it Task B: rc = crypto_shash_init(desc) <= panic Task A: *tfm = NULL This patch uses the IS_ERR_OR_NULL macro to determine whether or not a new crypto context must be created. Cc: stable@vger.kernel.org Fixes: d46eb3699502b ("evm: crypto hash replaced by shash") Co-developed-by: Krzysztof Struczynski Signed-off-by: Krzysztof Struczynski Signed-off-by: Roberto Sassu --- security/integrity/evm/evm_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 35682852ddea..77ad1e5a93e4 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -91,7 +91,7 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo) algo = hash_algo_name[hash_algo]; } - if (*tfm == NULL) { + if (IS_ERR_OR_NULL(*tfm)) { mutex_lock(&mutex); if (*tfm) goto out; -- 2.17.1