Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3688121rdh; Tue, 28 Nov 2023 00:35:43 -0800 (PST) X-Google-Smtp-Source: AGHT+IGJjrf/KA9svdAvkRMPXPeNJFzAD4rJD5ix2h0ZsBEcSC9Miv4ZDZKFQUSc+HONhwvbyWjB X-Received: by 2002:a05:6871:e70f:b0:1fa:3d9:271c with SMTP id qa15-20020a056871e70f00b001fa03d9271cmr18448248oac.45.1701160543150; Tue, 28 Nov 2023 00:35:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701160543; cv=none; d=google.com; s=arc-20160816; b=XeVva+PL+xALAzq2ChoMok+Pl78J4jqtDJoXgJsuR9ffxIkow5DWxHW25KSTzCm4gQ xWqt2o1bNFjSdCYTv4e4eMDgHxyiBgPzqnspNbN8m1amBz8Mkm0LWWwrTpLr2kfpyaaO 6/9rG0SI7hC32yVuApEOi42O2FWqAXz3diPppYgsuAFCFdUk2QMnoHMC7B4BQWHsxgMZ NvSsOMFni9tFBqwgG/VXiTxVbIO8LBjFkTvi2RAjwLMZHR9Yibs4MQN3lkgb9wJBthi0 E/wHLthDJN+o5F8h0ajdsvSQY+igmPgnnDcw9ftFozJ6cX9RAlUQ5Ve5t7SQcwxhbZlg ZiNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:to:from:date; bh=IySUFFAJvw3dTMO68ut2sqO9bldFh0cGiZnnSQA1vOg=; fh=lpqg4l/zG62Vtlk5f1vTs7pj8YbgnMQlYyL5UjfbSP8=; b=NTaGcBqNfM6nNOK0B7EwujIFF+9orXCVnNbgdKeiRF2DC4EZXurA6N79AtGyIK4Qz0 22c1ZMiSq0vB//AIsoEwWd3biDoXrn3c97EJq/IQeOJU+H7jkszD7xiJbt4l5ojU9Knr CCQ7++M7jol6qyrTZqgxmwyJX/napCsk3qv0VHFAvqo8kctZxzH6rl/cUMg5Z0uuneYD uGxfWzepX2Q7oFJ/D1Qp5dThWUjc2C7b+9SxkbpQDve1SMf3Bj0PfHFeNn94B9MgQ3Qg zADOjXnZMYBOsd5yBvDRQyHcGbzbk/FRpyc3Dha1vhdyzZRRnG8GrQoXhcVQzTnMbfs1 IHcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-355-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-355-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id l27-20020a63ba5b000000b00578d460cd7esi11857913pgu.431.2023.11.28.00.35.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 00:35:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-355-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-355-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-crypto+bounces-355-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id F3F65B20FF5 for ; Tue, 28 Nov 2023 08:35:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 673DE15AC0 for ; Tue, 28 Nov 2023 08:35:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=none X-Original-To: linux-crypto@vger.kernel.org Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 591AEF5 for ; Tue, 28 Nov 2023 00:25:46 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1r7tPY-004Jtw-Sw; Tue, 28 Nov 2023 16:25:41 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Tue, 28 Nov 2023 16:25:49 +0800 Date: Tue, 28 Nov 2023 16:25:49 +0800 From: Herbert Xu To: Linux Crypto Mailing List Subject: [PATCH] crypto: af_alg - Disallow multiple in-flight AIO requests Message-ID: Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Having multiple in-flight AIO requests results in unpredictable output because they all share the same IV. Fix this by only allowing one request at a time. Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to algif_aead") Fixes: a596999b7ddf ("crypto: algif - change algif_skcipher to be asynchronous") Signed-off-by: Herbert Xu --- crypto/af_alg.c | 14 +++++++++++++- include/crypto/if_alg.h | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index ea6fb8e89d06..68cc9290cabe 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1116,9 +1116,13 @@ EXPORT_SYMBOL_GPL(af_alg_sendmsg); void af_alg_free_resources(struct af_alg_async_req *areq) { struct sock *sk = areq->sk; + struct af_alg_ctx *ctx; af_alg_free_areq_sgls(areq); sock_kfree_s(sk, areq, areq->areqlen); + + ctx = alg_sk(sk)->private; + ctx->inflight = false; } EXPORT_SYMBOL_GPL(af_alg_free_resources); @@ -1188,11 +1192,19 @@ EXPORT_SYMBOL_GPL(af_alg_poll); struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, unsigned int areqlen) { - struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); + struct af_alg_ctx *ctx = alg_sk(sk)->private; + struct af_alg_async_req *areq; + /* Only one AIO request can be in flight. */ + if (ctx->inflight) + return ERR_PTR(-EBUSY); + + areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); if (unlikely(!areq)) return ERR_PTR(-ENOMEM); + ctx->inflight = true; + areq->areqlen = areqlen; areq->sk = sk; areq->first_rsgl.sgl.sgt.sgl = areq->first_rsgl.sgl.sgl; diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index ef8ce86b1f78..08b803a4fcde 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -136,6 +136,7 @@ struct af_alg_async_req { * recvmsg is invoked. * @init: True if metadata has been sent. * @len: Length of memory allocated for this data structure. + * @inflight: Non-zero when AIO requests are in flight. */ struct af_alg_ctx { struct list_head tsgl_list; @@ -154,6 +155,8 @@ struct af_alg_ctx { bool init; unsigned int len; + + unsigned int inflight; }; int af_alg_register_type(const struct af_alg_type *type); -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt