Received: by 2002:a05:6520:4211:b029:f4:110d:56bc with SMTP id o17csp1547528lkv; Wed, 19 May 2021 12:29:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyMfs6Y9NhCmgRW3BpZ+/LuDZX5NsTpvp60xhYJjZHXuh0rFS7SviXRYIhOV6EU52MHMMMC X-Received: by 2002:a05:6e02:ec7:: with SMTP id i7mr658274ilk.147.1621452556536; Wed, 19 May 2021 12:29:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621452556; cv=none; d=google.com; s=arc-20160816; b=p8UMn3nMA/84Ola0hOl+0ctXRfcoc4qxSaPb988q8iRXzbwSRNA+12DNOnunA+F3yO UuUjgVeC40k5/UwW+6a/EOwsfSVGHXsZp/FalChPk6P+PySS8Ir1nYyew5uee+I0QJx6 j+zMsNag6pBhao9h5peslwXuKDp2AuLKz3xJ+Lgq6ABbM9Vo/0Zj+KJ5iRzdFlR4x553 9VS0pti+NIel76Gy5oL2n6xkgeg+sMc2JmY5BEzuL6VzwZyJt5wFTmLHNtIWTVIkp9Ic hQ8c34lHQgjjukTaA7O/GM5zx6P4S8GgcdrnF33TIZjCwxvijN11/EUdUYxYWA9As8DM rxFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jnUiG5Y8fqhLbmdp9ESaxb3riucaiuuQE3KmZyP5x9c=; b=y+u1JpdbGg+VjluJ+alM0N422ahiUmVzcr5PuaCBd5twOT6uXMtI3dQmFnI111vvgo kW0v0SAYrqCcd6u27HnAINyoA2gHC6A0iEJKGNakQxsrvWECDpjnI8G9xgBcUNZm0XrI kASnp3fCsDb+qGl+/jwdY196ARhMQfIk80E6TGV5iL8p/HUqyDzNOWYJLYOtRCh7OFFJ A40RCbDuxrr+dufFq9OSPT2cQjwbnWnlh2UKkjXdlkEAr2Y7ABKThfsvyWwWN6b08Tiv /MaSbXaHPZOKY9IAV+0WQeSWIk7GM9JmwIXL6xCzyQgrmbh245BCEsQkJXFRhHBTGdut TH3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Brw1T6XE; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t14si182863ios.45.2021.05.19.12.29.01; Wed, 19 May 2021 12:29:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Brw1T6XE; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350133AbhESLYQ (ORCPT + 99 others); Wed, 19 May 2021 07:24:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:52858 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350260AbhESLYJ (ORCPT ); Wed, 19 May 2021 07:24:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E7118611BF; Wed, 19 May 2021 11:22:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1621423370; bh=813vbDqlVp4TbHnw89ag9TrBuAfoPXQrAusOPwlb2rU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Brw1T6XE0yCFB5iVo+miBtWO8wz4UmajA8EcKnQkX+4YMT4KaR5x1w+u/43HZmBTY R5Lr+tI0o0GiEDOIV5/LeSboXD//qyI8cJMBUzwu+qisa5jWp6j04X66NfJfEXP9kQ jQUZ7EcX9TZzF2cBGylXEux4s8q2cFeIAjz2eLjbkZAouhtv9h4Q/v6k0gwOtq36xy 61NSvBJqQwaL0SUj2MdS/dDY3hGApJtK8OBBOmoRxIEvzTY5lkzchfsj85cN+XtKQw W/95vEJof393JQGZ0wNnOB7OhIAB2oH/36Iou+gUO6y6fjOwx6QC08XACLAeDV3ksS +K1NdC5y82KCg== From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, ebiggers@kernel.org, herbert@gondor.apana.org.au, will@kernel.org, kernel-team@android.com, Ard Biesheuvel Subject: [PATCH v4 3/7] crypto: skcipher - disallow en/decrypt for non-task or non-softirq context Date: Wed, 19 May 2021 13:22:35 +0200 Message-Id: <20210519112239.33664-4-ardb@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210519112239.33664-1-ardb@kernel.org> References: <20210519112239.33664-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org In order to ensure that kernel mode SIMD routines will not need a scalar fallback if they run with softirqs disabled, disallow any use of the skcipher encrypt and decrypt routines from outside of task or softirq context. Signed-off-by: Ard Biesheuvel --- crypto/skcipher.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index ed2deb031742..f69492aab75d 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -628,7 +628,11 @@ int crypto_skcipher_encrypt(struct skcipher_request *req) int ret; crypto_stats_get(alg); - if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) + if (!(alg->cra_flags & CRYPTO_ALG_ASYNC) && + WARN_ONCE(!in_task() && !in_serving_softirq(), + "synchronous call from invalid context\n")) + ret = -EBUSY; + else if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) ret = -ENOKEY; else ret = crypto_skcipher_alg(tfm)->encrypt(req); @@ -645,7 +649,11 @@ int crypto_skcipher_decrypt(struct skcipher_request *req) int ret; crypto_stats_get(alg); - if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) + if (!(alg->cra_flags & CRYPTO_ALG_ASYNC) && + WARN_ONCE(!in_task() && !in_serving_softirq(), + "synchronous call from invalid context\n")) + ret = -EBUSY; + else if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) ret = -ENOKEY; else ret = crypto_skcipher_alg(tfm)->decrypt(req); -- 2.20.1