2020-04-07 16:00:00

by Iuliana Prodan

[permalink] [raw]
Subject: [PATCH] crypto: caam - fix the address of the last entry of S/G

For skcipher algorithms, the input, output HW S/G tables
look like this: [IV, src][dst, IV]
Now, we can have 2 conditions here:
- there is no IV;
- src and dst are equal (in-place encryption) and scattered
and the error is an "off-by-one" in the HW S/G table.

This issue was seen with KASAN:
BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018

Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321

CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted
5.6.0-rc1-00165-ge4ef8383-dirty #4
Hardware name: LS1046A RDB Board (DT)
Call trace:
dump_backtrace+0x0/0x260
show_stack+0x14/0x20
dump_stack+0xe8/0x144
print_address_description.isra.11+0x64/0x348
__kasan_report+0x11c/0x230
kasan_report+0xc/0x18
__asan_load4+0x90/0xb0
skcipher_edesc_alloc+0x95c/0x1018
skcipher_encrypt+0x84/0x150
crypto_skcipher_encrypt+0x50/0x68
test_skcipher_vec_cfg+0x4d4/0xc10
test_skcipher_vec+0x178/0x1d8
alg_test_skcipher+0xec/0x230
alg_test.part.44+0x114/0x4a0
alg_test+0x1c/0x60
cryptomgr_test+0x34/0x58
kthread+0x1b8/0x1c0
ret_from_fork+0x10/0x18

Allocated by task 321:
save_stack+0x24/0xb0
__kasan_kmalloc.isra.10+0xc4/0xe0
kasan_kmalloc+0xc/0x18
__kmalloc+0x178/0x2b8
skcipher_edesc_alloc+0x21c/0x1018
skcipher_encrypt+0x84/0x150
crypto_skcipher_encrypt+0x50/0x68
test_skcipher_vec_cfg+0x4d4/0xc10
test_skcipher_vec+0x178/0x1d8
alg_test_skcipher+0xec/0x230
alg_test.part.44+0x114/0x4a0
alg_test+0x1c/0x60
cryptomgr_test+0x34/0x58
kthread+0x1b8/0x1c0
ret_from_fork+0x10/0x18

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff000022a02800
which belongs to the cache dma-kmalloc-512 of size 512
The buggy address is located 344 bytes inside of
512-byte region [ffff000022a02800, ffff000022a02a00)
The buggy address belongs to the page:
page:fffffe00006a8000 refcount:1 mapcount:0 mapping:ffff00093200c400
index:0x0 compound_mapcount: 0
flags: 0xffff00000010200(slab|head)
raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
ffff000022a02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff000022a02880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff000022a02900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
^
ffff000022a02980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff000022a02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc

Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support")
Cc: <[email protected]> # v5.3+
Signed-off-by: Iuliana Prodan <[email protected]>
---
drivers/crypto/caam/caamalg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index b7bb7c3..eed41da 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1711,7 +1711,7 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,

if (ivsize || mapped_dst_nents > 1)
sg_to_sec4_set_last(edesc->sec4_sg + dst_sg_idx +
- mapped_dst_nents);
+ mapped_dst_nents - 1 + !!ivsize);

if (sec4_sg_bytes) {
edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
--
2.1.0


2020-04-07 18:56:56

by Horia Geanta

[permalink] [raw]
Subject: Re: [PATCH] crypto: caam - fix the address of the last entry of S/G

On 4/7/2020 6:59 PM, Iuliana Prodan wrote:
> For skcipher algorithms, the input, output HW S/G tables
> look like this: [IV, src][dst, IV]
> Now, we can have 2 conditions here:
> - there is no IV;
> - src and dst are equal (in-place encryption) and scattered
> and the error is an "off-by-one" in the HW S/G table.
>
> This issue was seen with KASAN:
> BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018
>
> Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321
>
> CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted
> 5.6.0-rc1-00165-ge4ef8383-dirty #4
Non-public SHA1, dirty tree.

Probably it's not reproducible without applying previous fixes?
https://patchwork.kernel.org/project/linux-crypto/list/?series=266561

> Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support")
> Cc: <[email protected]> # v5.3+
> Signed-off-by: Iuliana Prodan <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>

Thanks,
Horia

2020-04-08 08:17:01

by Iuliana Prodan

[permalink] [raw]
Subject: Re: [PATCH] crypto: caam - fix the address of the last entry of S/G

On 4/7/2020 9:56 PM, Horia Geanta wrote:
> On 4/7/2020 6:59 PM, Iuliana Prodan wrote:
>> For skcipher algorithms, the input, output HW S/G tables
>> look like this: [IV, src][dst, IV]
>> Now, we can have 2 conditions here:
>> - there is no IV;
>> - src and dst are equal (in-place encryption) and scattered
>> and the error is an "off-by-one" in the HW S/G table.
>>
>> This issue was seen with KASAN:
>> BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018
>>
>> Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321
>>
>> CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted
>> 5.6.0-rc1-00165-ge4ef8383-dirty #4
> Non-public SHA1, dirty tree.
>
> Probably it's not reproducible without applying previous fixes?
> https://patchwork.kernel.org/project/linux-crypto/list/?series=266561

Yes, this appears after applying the use-after-free patches.

>> Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support")
>> Cc: <[email protected]> # v5.3+
>> Signed-off-by: Iuliana Prodan <[email protected]>
> Reviewed-by: Horia Geant? <[email protected]>
>
> Thanks,
> Horia
>

2020-04-16 06:52:39

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH] crypto: caam - fix the address of the last entry of S/G

On Tue, Apr 07, 2020 at 06:58:45PM +0300, Iuliana Prodan wrote:
> For skcipher algorithms, the input, output HW S/G tables
> look like this: [IV, src][dst, IV]
> Now, we can have 2 conditions here:
> - there is no IV;
> - src and dst are equal (in-place encryption) and scattered
> and the error is an "off-by-one" in the HW S/G table.
>
> This issue was seen with KASAN:
> BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018
>
> Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321
>
> CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted
> 5.6.0-rc1-00165-ge4ef8383-dirty #4
> Hardware name: LS1046A RDB Board (DT)
> Call trace:
> dump_backtrace+0x0/0x260
> show_stack+0x14/0x20
> dump_stack+0xe8/0x144
> print_address_description.isra.11+0x64/0x348
> __kasan_report+0x11c/0x230
> kasan_report+0xc/0x18
> __asan_load4+0x90/0xb0
> skcipher_edesc_alloc+0x95c/0x1018
> skcipher_encrypt+0x84/0x150
> crypto_skcipher_encrypt+0x50/0x68
> test_skcipher_vec_cfg+0x4d4/0xc10
> test_skcipher_vec+0x178/0x1d8
> alg_test_skcipher+0xec/0x230
> alg_test.part.44+0x114/0x4a0
> alg_test+0x1c/0x60
> cryptomgr_test+0x34/0x58
> kthread+0x1b8/0x1c0
> ret_from_fork+0x10/0x18
>
> Allocated by task 321:
> save_stack+0x24/0xb0
> __kasan_kmalloc.isra.10+0xc4/0xe0
> kasan_kmalloc+0xc/0x18
> __kmalloc+0x178/0x2b8
> skcipher_edesc_alloc+0x21c/0x1018
> skcipher_encrypt+0x84/0x150
> crypto_skcipher_encrypt+0x50/0x68
> test_skcipher_vec_cfg+0x4d4/0xc10
> test_skcipher_vec+0x178/0x1d8
> alg_test_skcipher+0xec/0x230
> alg_test.part.44+0x114/0x4a0
> alg_test+0x1c/0x60
> cryptomgr_test+0x34/0x58
> kthread+0x1b8/0x1c0
> ret_from_fork+0x10/0x18
>
> Freed by task 0:
> (stack is not available)
>
> The buggy address belongs to the object at ffff000022a02800
> which belongs to the cache dma-kmalloc-512 of size 512
> The buggy address is located 344 bytes inside of
> 512-byte region [ffff000022a02800, ffff000022a02a00)
> The buggy address belongs to the page:
> page:fffffe00006a8000 refcount:1 mapcount:0 mapping:ffff00093200c400
> index:0x0 compound_mapcount: 0
> flags: 0xffff00000010200(slab|head)
> raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400
> raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
> page dumped because: kasan: bad access detected
>
> Memory state around the buggy address:
> ffff000022a02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffff000022a02880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >ffff000022a02900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
> ^
> ffff000022a02980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff000022a02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>
> Fixes: 334d37c9e263 ("crypto: caam - update IV using HW support")
> Cc: <[email protected]> # v5.3+
> Signed-off-by: Iuliana Prodan <[email protected]>
> ---
> drivers/crypto/caam/caamalg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt