Patch "crypto: algif_skcipher - Do not dereference ctx without socket lock" has been added to the 4.3-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    crypto: algif_skcipher - Do not dereference ctx without socket lock

to the 4.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-algif_skcipher-do-not-dereference-ctx-without-socket-lock.patch
and it can be found in the queue-4.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 6454c2b83f719057069777132b13949e4c6b6350 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 3 Feb 2016 21:39:26 +0800
Subject: crypto: algif_skcipher - Do not dereference ctx without socket lock

From: Herbert Xu <herbert@gondor.apana.org.au>

commit 6454c2b83f719057069777132b13949e4c6b6350 upstream.

Any access to non-constant bits of the private context must be
done under the socket lock, in particular, this includes ctx->req.

This patch moves such accesses under the lock, and fetches the
tfm from the parent socket which is guaranteed to be constant,
rather than from ctx->req.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/algif_skcipher.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -295,8 +295,11 @@ static int skcipher_sendmsg(struct socke
 {
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
+	struct sock *psk = ask->parent;
+	struct alg_sock *pask = alg_sk(psk);
 	struct skcipher_ctx *ctx = ask->private;
-	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
+	struct skcipher_tfm *skc = pask->private;
+	struct crypto_skcipher *tfm = skc->skcipher;
 	unsigned ivsize = crypto_skcipher_ivsize(tfm);
 	struct skcipher_sg_list *sgl;
 	struct af_alg_control con = {};
@@ -508,7 +511,7 @@ static int skcipher_recvmsg_async(struct
 	struct skcipher_async_req *sreq;
 	struct skcipher_request *req;
 	struct skcipher_async_rsgl *last_rsgl = NULL;
-	unsigned int txbufs = 0, len = 0, tx_nents = skcipher_all_sg_nents(ctx);
+	unsigned int txbufs = 0, len = 0, tx_nents;
 	unsigned int reqsize = crypto_skcipher_reqsize(tfm);
 	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
 	int err = -ENOMEM;
@@ -526,6 +529,7 @@ static int skcipher_recvmsg_async(struct
 	sreq->inflight = &ctx->inflight;
 
 	lock_sock(sk);
+	tx_nents = skcipher_all_sg_nents(ctx);
 	sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
 	if (unlikely(!sreq->tsg))
 		goto unlock;
@@ -633,9 +637,12 @@ static int skcipher_recvmsg_sync(struct
 {
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
+	struct sock *psk = ask->parent;
+	struct alg_sock *pask = alg_sk(psk);
 	struct skcipher_ctx *ctx = ask->private;
-	unsigned bs = crypto_skcipher_blocksize(crypto_skcipher_reqtfm(
-		&ctx->req));
+	struct skcipher_tfm *skc = pask->private;
+	struct crypto_skcipher *tfm = skc->skcipher;
+	unsigned bs = crypto_skcipher_blocksize(tfm);
 	struct skcipher_sg_list *sgl;
 	struct scatterlist *sg;
 	int err = -EAGAIN;


Patches currently in stable-queue which might be from herbert@gondor.apana.org.au are

queue-4.3/crypto-fix-test-vector-for-rsa.patch
queue-4.3/crypto-algif_skcipher-use-new-skcipher-interface.patch
queue-4.3/crypto-af_alg-disallow-bind-setkey-...-after-accept-2.patch
queue-4.3/crypto-crc32c-fix-crc32c-soft-dependency.patch
queue-4.3/crypto-af_alg-forbid-bind-2-when-nokey-child-sockets-are-present.patch
queue-4.3/crypto-crc32c-pclmul-use-.rodata-instead-of-.rotata.patch
queue-4.3/crypto-caam-fix-non-block-aligned-hash-calculation.patch
queue-4.3/crypto-nx-fix-timing-leak-in-gcm-and-ccm-decryption.patch
queue-4.3/crypto-skcipher-copy-iv-from-desc-even-for-0-len-walks.patch
queue-4.3/crypto-algif_hash-fix-race-condition-in-hash_check_key.patch
queue-4.3/crypto-skcipher-add-crypto_skcipher_has_setkey.patch
queue-4.3/crypto-chacha20-ssse3-align-stack-pointer-to-64-bytes.patch
queue-4.3/crypto-algif_skcipher-add-key-check-exception-for-cipher_null.patch
queue-4.3/crypto-algif_skcipher-do-not-assume-that-req-is-unchanged.patch
queue-4.3/crypto-algif_hash-remove-custom-release-parent-function.patch
queue-4.3/crypto-algif_skcipher-load-tx-sg-list-after-waiting.patch
queue-4.3/crypto-algif_skcipher-require-setkey-before-accept-2.patch
queue-4.3/crypto-user-lock-crypto_alg_list-on-alg-dump.patch
queue-4.3/crypto-marvell-cesa-fix-test-in-mv_cesa_dev_dma_init.patch
queue-4.3/crypto-algif_skcipher-add-nokey-compatibility-path.patch
queue-4.3/crypto-shash-fix-has_key-setting.patch
queue-4.3/crypto-algif_skcipher-do-not-dereference-ctx-without-socket-lock.patch
queue-4.3/crypto-algif_skcipher-remove-custom-release-parent-function.patch
queue-4.3/crypto-af_alg-allow-af_af_alg_release_parent-to-be-called-on-nokey-path.patch
queue-4.3/crypto-hash-add-crypto_ahash_has_setkey.patch
queue-4.3/crypto-af_alg-add-nokey-compatibility-path.patch
queue-4.3/crypto-algif_skcipher-do-not-set-may_backlog-on-the-async-path.patch
queue-4.3/crypto-sun4i-ss-add-missing-statesize.patch
queue-4.3/crypto-algif_hash-require-setkey-before-accept-2.patch
queue-4.3/crypto-algif_skcipher-sendmsg-sg-marking-is-off-by-one.patch
queue-4.3/crypto-qat-don-t-use-userspace-pointer.patch
queue-4.3/crypto-talitos-fix-timing-leak-in-esp-icv-verification.patch
queue-4.3/crypto-algif_hash-only-export-and-import-on-sockets-with-data.patch
queue-4.3/crypto-algif_skcipher-fix-race-condition-in-skcipher_check_key.patch
queue-4.3/crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch
queue-4.3/crypto-caam-make-write-transactions-bufferable-on-ppc-platforms.patch
queue-4.3/crypto-af_alg-fix-socket-double-free-when-accept-fails.patch