Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp2144499rwb; Thu, 19 Jan 2023 21:57:37 -0800 (PST) X-Google-Smtp-Source: AMrXdXudY3YRV2tKnaPc8KgnT2GH+NiWgO6iAm7DBeEn57ezA+mtJg2waDrq7iRUcMlTCxUOTqD1 X-Received: by 2002:a17:902:ea95:b0:194:d2c9:7d80 with SMTP id x21-20020a170902ea9500b00194d2c97d80mr4021458plb.40.1674194256894; Thu, 19 Jan 2023 21:57:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674194256; cv=none; d=google.com; s=arc-20160816; b=op8NPFluA0LWye5D2AOsX2/gTRsFxdHicmhFMHztGIegM+oX9I+GHXcHxoBlh6hPF9 5OGGXkQegJsZY74Zhmc/EL6IceK3C4yL5AzxpWo76cuJT4ast+bBsJkV3JgzSa31sL+z 4fh13GmWu0lX3pKzKIfvu5tecIp2WNLDv9CuMgbYvF0R1v09MWMzqH8+uoUFtNE2qmIU mgqhKogcMOWHL2qQNfwf2SGMT0Pu4XqBqWln1clu7nIwDsHdP0qHG2UsMjvtxcGcQjfi YfclLqVUxEkO8WL8Pn5oENhOFVrQjxFaStpyPbxzS3dx1MC1IIz32AYuyCnilPWtcAfB V4kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=FiVv3t5F+pBila29r1oh2ce/EGe4iVATm4niYyjcPwE=; b=V3HdzWLdDSg9zG+Bz6aAaC2y3TMpDCLwa9TIlGwfUcCNHc+5VDR5qGzVTzPNzYGU1E mS4LHZxMoo+8h3z74v7kUwRxP3Pfx9jOKi8Y1lpSGpsT8fZqtigdGtT5Ci1e81ctytRs wttwAQRdm4GuzE2EWaQkmA/neXVF7dYJnEmrjZCOImWc/6OSzh9j5UNiJXJtFst/2Guy 4vbOtX7aiCHqx/+9dq499XF88BBcsyXe0OK83v0sK8wxbJMBY39DSxQ1wHgW57pF/yJN Orof9Sni04avyrGyHzFDBX/xo2o0pjQvIVXE2nMiMvvSgrl1L1/pJPpRvWSvQJ976Xdt 5NEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hlQ5sHkw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s13-20020a170902ea0d00b00188e045470csi844330plg.542.2023.01.19.21.57.19; Thu, 19 Jan 2023 21:57:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hlQ5sHkw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230212AbjATFxw (ORCPT + 99 others); Fri, 20 Jan 2023 00:53:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231138AbjATFxr (ORCPT ); Fri, 20 Jan 2023 00:53:47 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07DFB4ABC1 for ; Thu, 19 Jan 2023 21:53:29 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ABCD4B82162 for ; Thu, 19 Jan 2023 09:50:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B6FEC433D2 for ; Thu, 19 Jan 2023 09:50:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674121839; bh=cwfGxQaG+URthgCetdxt06MgdLxrxjNtdHKT4FtVIT0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hlQ5sHkwGpxp76mYavwbSbYa0wcZbK2DMUE47wRwDl/FwveFfL7GhDWBh+juEyKdE YNGFq7w8PRa9YiUFqQd+XUf58+ANaqIR8cnEBW1d3FW1lxUtgoHrhZ3MmwAvwhSLTF 8KJ6qs59cI2oeFred6/nvib95qF/W32v1dinVLQg+AzreS47BSLv+GHptzfzdul+BU Pw08LDBaECNWVY4FHWrw1mMmJdeZZvw8W3Zax/rFRfCKhmeg9VcEx4yC2sCGAUpf0z vynXFwz9ekxQGNT7qX5Knm9sfqi+OKzkYNHfSHbykDAaZ6rcxQudNQyuOYVRP5xZpV HCcoXthi3A3Jw== Received: by mail-lf1-f45.google.com with SMTP id bf43so2421846lfb.6 for ; Thu, 19 Jan 2023 01:50:39 -0800 (PST) X-Gm-Message-State: AFqh2krrPK2HYpDxnuGlBL0l1Lv8XP3YRpnEdnf4KNQgoOJrYxINElIM EFvenZJ+ViaRXkXSwPKG5oMLIpUqIRbaLL6kvdA= X-Received: by 2002:ac2:4ade:0:b0:4d0:7b7:65dc with SMTP id m30-20020ac24ade000000b004d007b765dcmr457752lfp.122.1674121837337; Thu, 19 Jan 2023 01:50:37 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Thu, 19 Jan 2023 10:50:26 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] crypto: xts - Handle EBUSY correctly To: Herbert Xu Cc: Linux Crypto Mailing List , Ard Biesheuvel Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 19 Jan 2023 at 10:08, Herbert Xu wrote: > > As it is xts only handles the special return value of EINPROGERSS, EINPROGRESS > which means that in all other cases it will free data related to the > request. > > However, as the caller of xts may specify MAY_BACKLOG, we also need > to expect EBUSY and treat it in the same way. Otherwise backlogged > requests will trigger a use-after-free. > > Fixes: 8083b1bf8163 ("crypto: xts - add support for ciphertext stealing") > Signed-off-by: Herbert Xu > > diff --git a/crypto/xts.c b/crypto/xts.c > index 63c85b9e64e0..de6cbcf69bbd 100644 > --- a/crypto/xts.c > +++ b/crypto/xts.c > @@ -203,12 +203,12 @@ static void xts_encrypt_done(struct crypto_async_request *areq, int err) > if (!err) { > struct xts_request_ctx *rctx = skcipher_request_ctx(req); > > - rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; > + rctx->subreq.base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG; I don't get this bit. We used to preserve CRYPTO_TFM_REQ_MAY_BACKLOG before (along with all other flags except MAY_SLEEP), but now, we *only* preserve CRYPTO_TFM_REQ_MAY_BACKLOG. So how is this related? Why are we clearing CRYPTO_TFM_REQ_FORBID_WEAK_KEYS here for instance? > err = xts_xor_tweak_post(req, true); > > if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) { > err = xts_cts_final(req, crypto_skcipher_encrypt); > - if (err == -EINPROGRESS) > + if (err == -EINPROGRESS || err == -EBUSY) Apologies for the noob questions about this aspect of the crypto API, but I suppose this means that, if CRYPTO_TFM_REQ_MAY_BACKLOG was specified, it is up to the skcipher implementation to queue up the request and return -EBUSY, as opposed to starting the request asynchronously and returning -EINPROGRESS? So why the distinction? If the skcipher signals that the request is accepted and will complete asynchronously, couldn't it use EINPROGRESS for both cases? Or is the EBUSY interpreted differently by the caller, for providing back pressure to the source? > return; > } > } > @@ -223,12 +223,12 @@ static void xts_decrypt_done(struct crypto_async_request *areq, int err) > if (!err) { > struct xts_request_ctx *rctx = skcipher_request_ctx(req); > > - rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; > + rctx->subreq.base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG; > err = xts_xor_tweak_post(req, false); > > if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) { > err = xts_cts_final(req, crypto_skcipher_decrypt); > - if (err == -EINPROGRESS) > + if (err == -EINPROGRESS || err == -EBUSY) > return; > } > } > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt