Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3686043iob; Tue, 17 May 2022 05:27:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRd9u7yuXnizTAEAb1woewbRGcG7BNEd4CY1ceXyv7o9o8K9gua93uS/Am7R2Oc0on9X0h X-Received: by 2002:a05:6402:2999:b0:428:bb4d:6cea with SMTP id eq25-20020a056402299900b00428bb4d6ceamr18741532edb.29.1652790447777; Tue, 17 May 2022 05:27:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652790447; cv=none; d=google.com; s=arc-20160816; b=JbtynwTwbPbLGrOxW8eVcGn13eH9uBNn1ehIKzkFAiU7tKffb4Xl8lVY1QT4K49sx1 P41CH/N/AJRGIbZOys+YY8cO1LIZFGs6509/lzsCiV6iwkXRU7UGpaN9FgzD8n2Jz2gG Fy0hKey+tOuhTehd4mnB57q1WmZC9d/Idl3E5fa/nKpEmQrQAXeAcYP//3UYiADG/pPY Rlk2CYFmMlXjplmwj9215dvIq4/LJ+uZsDrYhSDzuCnv2mC8o+E9xS7Ez2eVAKmzvc1U M6pj1kSKnLJcR0BMlJVEs3V2CXT+cXdVnBCT71DbdnNYJHk49yGdaWusWfPwq1elxSQP 2Y1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=NdmDoOmItN6dDsItzbpgaRIZLjDTcynPiAjDz8/NEgY=; b=nW5YSnb4r7tMtOb3gdVuuHhzbpOQ6zAiUgJQwfVEdOdyBLJH+/tFmdVeBTN3f0wjTb v5RG66bkjvapoNwigIV2GzsH6mP4Ex73XAZMVUgYf6BdS6nGbJ3MSKnuA1+ObWZsAs94 k2FfT2wu29cyBK2GIImi8wM1KgBi9mpbdL5+C/HuUdJPPIjDX9PdhJwDiqLO9eaboX7r bJ7JNwlohWn7JlWaO9N+wS7YSHAyQjtrHcm7UHL24L5AwCA2U51zKJFtHgRnq8EkRDBc Jx46bSZ0cEE8xItA7AKaQmNkQT9HfgDQiHp1vsUxZkWLoV3kkUYjYf4oba2VSIAt5G8O MHVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dp1-20020a170906c14100b006f3a0ad9695si2726672ejc.81.2022.05.17.05.26.59; Tue, 17 May 2022 05:27:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234015AbiEQK1u (ORCPT + 99 others); Tue, 17 May 2022 06:27:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344397AbiEQKZK (ORCPT ); Tue, 17 May 2022 06:25:10 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4C5CDFB for ; Tue, 17 May 2022 03:24:48 -0700 (PDT) Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nquNW-00061W-Qk; Tue, 17 May 2022 12:24:34 +0200 Received: from [2a0a:edc0:0:900:1d::77] (helo=ptz.office.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1nquNW-002r1Z-T0; Tue, 17 May 2022 12:24:33 +0200 Received: from ukl by ptz.office.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1nquNU-00AI12-St; Tue, 17 May 2022 12:24:32 +0200 Date: Tue, 17 May 2022 12:24:32 +0200 From: Uwe =?utf-8?Q?Kleine-K=C3=B6nig?= To: Tudor Ambarus Cc: Alexandre Belloni , Nicolas Ferre , linux-crypto@vger.kernel.org, kernel@pengutronix.de, Claudiu Beznea , linux-arm-kernel@lists.infradead.org, linux-i2c@vger.kernel.org, Ard Biesheuvel Subject: Re: Bug in atmel-ecc driver Message-ID: <20220517102432.pljcsjkar3oswdnl@pengutronix.de> References: <20220513135954.exewihnibnhdckkn@pengutronix.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nyzsmgemgobidxym" Content-Disposition: inline In-Reply-To: <20220513135954.exewihnibnhdckkn@pengutronix.de> X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: ukl@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org --nyzsmgemgobidxym Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, [added Ard to Cc as he last touched that driver] On Fri, May 13, 2022 at 03:59:54PM +0200, Uwe Kleine-K=F6nig wrote: > TL;DR: when a device bound to the drivers/crypto/atmel-ecc.c driver is > unbound while tfm_count isn't zero, this probably results in a > use-after-free. >=20 > The .remove function has: >=20 > if (atomic_read(&i2c_priv->tfm_count)) { > dev_err(&client->dev, "Device is busy\n"); > return -EBUSY; > } >=20 > before actually calling the cleanup stuff. If this branch is hit the > result is likely: >=20 > - "Device is busy" from drivers/crypto/atmel-ecc.c > - "remove failed (EBUSY), will be ignored" from the i2c core > - the devm cleanup callbacks are called, including the one kfreeing > *i2c_priv > - at a later time atmel_ecc_i2c_client_free() is called which does > atomic_dec(&i2c_priv->tfm_count); > - *boom* >=20 > I think to fix that you need to call get_device for the i2c device > before increasing tfm_count (and a matching put_device when decreasing > it). Having said that the architecture of this driver looks strange to > me, so there might be nicer fixes (probably with more effort). I tried to understand the architecture a bit, what I found is irritating. So the atmel-ecc driver provides a static struct kpp_alg atmel_ecdh_nist_p256 which embeds a struct crypto_alg (.base). During =2Eprobe() it calls crypto_register_kpp on that global kpp_alg. That is, if there are two or more devices bound to this driver, the same kpp_alg structure is registered repeatedly. This involves (among others) - refcount_set(&atmel_ecdh_nist_p256.base.cra_refcount) in crypto_check_alg() - INIT_LIST_HEAD(&atmel_ecdh_nist_p256.base.cra_users) in __crypto_register_alg() and then a check about registering the same alg twice which makes the call crypto_register_alg() return -EEXIST. So if a second device is bound, it probably corrupts the first device and then fails to probe. So there can always be (at most) only one bound device which somehow makes the whole logic in atmel_ecdh_init_tfm -> atmel_ecc_i2c_client_alloc to select the least used(?) i2c client among all the bound devices ridiculous. Is there someone still caring for this driver? Does this justify=20 diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index 7b2d138bc83e..b3242fba82aa 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -573,6 +573,7 @@ config CRYPTO_DEV_ATMEL_I2C =20 config CRYPTO_DEV_ATMEL_ECC tristate "Support for Microchip / Atmel ECC hw accelerator" + depends on BROKEN depends on I2C select CRYPTO_DEV_ATMEL_I2C select CRYPTO_ECDH ? Best regards Uwe --=20 Pengutronix e.K. | Uwe Kleine-K=F6nig | Industrial Linux Solutions | https://www.pengutronix.de/ | --nyzsmgemgobidxym Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEfnIqFpAYrP8+dKQLwfwUeK3K7AkFAmKDd9cACgkQwfwUeK3K 7Alnuwf9ECdi4grneYiBAliu6gFKQduRiVrgt3b8bhatN+TwhigWTC9csf8M/KVx vVd2VMqnMRD79u1IcJMC/uo4ts5jxhPDqZMau5Qc/8WgS5Ug8V/R4+SLGBq+vsUA ZQgBqdldd90AmhMZpAleqbdDKPiyvJKKQ7OZv7T97rqwgrTGZqdZmuYZ4QZOaqY9 JAb5LE5ufdKgXe/jlpkg/K/sgBrJSBa4Fu6AjEoqYQ7jxiyOuzOCky8nsA0CE4+o oWdxtJj5fLoJeBWZ17AbWojcrGBrgGq5vlPOtxyH5wDhTNrRayVpxLS8tlxnX0dd SUliftAkPVyncECJrau5JIIb4N4apQ== =7Loo -----END PGP SIGNATURE----- --nyzsmgemgobidxym--