Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp4965692rwb; Sun, 22 Jan 2023 00:13:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXt6IBp7VSGcSstEWAhx5WoKTmC4ZWnb7kQgexve0oxBFbfEO7BLzdOsWU41JM40aTI2Tbtp X-Received: by 2002:a17:90a:728d:b0:226:8141:ac3a with SMTP id e13-20020a17090a728d00b002268141ac3amr42954529pjg.39.1674375238083; Sun, 22 Jan 2023 00:13:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674375238; cv=none; d=google.com; s=arc-20160816; b=nfXfmD/SR3YFBXZXO/jG5ivFD4lBwOr+Pnpftoue/IcW6hDO5vFHH8jGeWVYUsIMOd v3tfDbsm3k1Ye7IPtN+tr2mlKvBNGH7W4k210FllWfqymKF66GU5HPb/pf/YZtt8BG7I Dev+Ja1eywrCQmqnMxMPJt6Se5bHKEzcfvBAdQW2Pvf3RIJFuiEXbfBYncusZfLvgKrS WgO4ADXWTKEKAe9KYmjLHNZsq1KnElaqOh8b+++VyXreBPOKdMylDc0y7xJ4ZxzbHtH6 vpdCMc+3gT5/63r5Zf6lzqPvCDzxI2Rr505zImH3ymP5lBwJOtVLSPVG2U3j39EAen3z tc4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=szN2RzrM0V2mjxYlDlaOhTR5jLmRrjx1vkyYsYCvpaU=; b=1FVEm9LPVnN4ObACFjxSumpO/07DGBCu5wagXD/G1QoorI8RzA5/oziQVtzISQWr7P 70puTWKcF9Qqu88zGUvHkv5tZZQrnV18/w0nBujXTfjrXEdBF2t8VebgeBAMC0KTl7TQ 0cxo4G1O3pRcG3njwFczOteGLLPrz+Jce76396+XnmVFyWDHq6+M8WjrdaLN6uXJY+eZ bTdv9u4H8mkvk3zo9gZbbYQ6YskON54FEuAaJAKImPAO9xM5ddtUisGIc0CNue6JoOQ1 wQcaD0sW3rMEaS6eefRw9QiEG1nCA5+q0lZS1N6gJ64F6LJGeEIbXtgV04pMvRrzGNbg TtnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p1-20020a17090a74c100b002297fd129e5si8179500pjl.24.2023.01.22.00.13.33; Sun, 22 Jan 2023 00:13:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229778AbjAVIHm (ORCPT + 99 others); Sun, 22 Jan 2023 03:07:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229636AbjAVIHm (ORCPT ); Sun, 22 Jan 2023 03:07:42 -0500 Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 430B63C08 for ; Sun, 22 Jan 2023 00:07:40 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1pJVO5-002kCF-Hr; Sun, 22 Jan 2023 16:07:38 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Sun, 22 Jan 2023 16:07:37 +0800 Date: Sun, 22 Jan 2023 16:07:37 +0800 From: Herbert Xu To: Linux Crypto Mailing List Cc: Ard Biesheuvel Subject: [v2 PATCH] crypto: xts - Handle EBUSY correctly Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org v2 fixes a typo in the commit message. ---8<--- As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of xts may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. Fixes: 8083b1bf8163 ("crypto: xts - add support for ciphertext stealing") Signed-off-by: Herbert Xu Acked-by: Ard Biesheuvel diff --git a/crypto/xts.c b/crypto/xts.c index 63c85b9e64e0..de6cbcf69bbd 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -203,12 +203,12 @@ static void xts_encrypt_done(struct crypto_async_request *areq, int err) if (!err) { struct xts_request_ctx *rctx = skcipher_request_ctx(req); - rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; + rctx->subreq.base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG; err = xts_xor_tweak_post(req, true); if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) { err = xts_cts_final(req, crypto_skcipher_encrypt); - if (err == -EINPROGRESS) + if (err == -EINPROGRESS || err == -EBUSY) return; } } @@ -223,12 +223,12 @@ static void xts_decrypt_done(struct crypto_async_request *areq, int err) if (!err) { struct xts_request_ctx *rctx = skcipher_request_ctx(req); - rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; + rctx->subreq.base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG; err = xts_xor_tweak_post(req, false); if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) { err = xts_cts_final(req, crypto_skcipher_decrypt); - if (err == -EINPROGRESS) + if (err == -EINPROGRESS || err == -EBUSY) return; } } -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt