From: "Thomas D." <whissi@whissi.de>
To: Willy Tarreau <w@1wt.eu>, Sasha Levin <sasha.levin@oracle.com>
Cc: "herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"dvyukov@google.com" <dvyukov@google.com>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: Broken userspace crypto in linux-4.1.18
Date: Thu, 18 Feb 2016 00:49:57 +0100 [thread overview]
Message-ID: <56C50725.6080408@whissi.de> (raw)
In-Reply-To: <20160217233353.GC31125@1wt.eu>
Hi
Willy Tarreau wrote:
>> Is there a dependency I missed in 4.1? I don't really see anything that
>> could have gone wrong there.
>
> Or maybe Thomas can run a bisect ?
I cannot follow. I did a bisect between 4.1.7 and 4.1.8 as I have written
in my first mail. The bad commit was:
> commit 0571ba52a19e18a1c20469454231eef681cb1310
> Author: Herbert Xu
> Date: Wed Dec 30 11:47:53 2015 +0800
>
> crypto: af_alg - Disallow bind/setkey/... after accept(2)
>
> [ Upstream commit c840ac6af3f8713a71b4d2363419145760bd6044 ]
>
> Each af_alg parent socket obtained by socket(2) corresponds to a
> tfm object once bind(2) has succeeded. An accept(2) call on that
> parent socket creates a context which then uses the tfm object.
>
> Therefore as long as any child sockets created by accept(2) exist
> the parent socket must not be modified or freed.
>
> This patch guarantees this by using locks and a reference count
> on the parent socket. Any attempt to modify the parent socket will
> fail with EBUSY.
bisect log:
> Bisecting: 114 revisions left to test after this (roughly 7 steps)
> [3a1e81ad84e4d880b00ecf7ad8d03b9b772ddfa7] crypto: algif_hash - Fix race condition in hash_check_key
> Bisecting: 56 revisions left to test after this (roughly 6 steps)
> [d6341753c418d3699948290d8c0b9d9dc78bd209] udf: Prevent buffer overrun with multi-byte characters
> Bisecting: 28 revisions left to test after this (roughly 5 steps)
> [13aedd784b84cb7d8a3bb835941d80e99f5c796e] dmaengine: dw: fix cyclic transfer setup
> Bisecting: 14 revisions left to test after this (roughly 4 steps)
> [664ecf4f243bac17065cd9878790d40a592e2f3d] zram/zcomp: use GFP_NOIO to allocate streams
> Bisecting: 7 revisions left to test after this (roughly 3 steps)
> [0571ba52a19e18a1c20469454231eef681cb1310] crypto: af_alg - Disallow bind/setkey/... after accept(2)
> Bisecting: 3 revisions left to test after this (roughly 2 steps)
> [2c641f5b0c8e87d43235ce39890bcc4d0c7cd2fb] memcg: only free spare array when readers are done
> Bisecting: 1 revision left to test after this (roughly 1 step)
> [0e19e24c3fe0abde8e2c5f4543616a251ccea6bf] kernel/panic.c: turn off locks debug before releasing console lock
> Bisecting: 0 revisions left to test after this (roughly 0 steps)
> [bc24ac15b0746172a8f603171352aa54abcf7c78] printk: do cond_resched() between lines while outputting to consoles
> 0571ba52a19e18a1c20469454231eef681cb1310 is the first bad commit
-Thomas
next prev parent reply other threads:[~2016-02-17 23:49 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-17 14:04 Broken userspace crypto in linux-4.1.18 Thomas D.
2016-02-17 14:37 ` Sasha Levin
2016-02-17 15:24 ` Thomas D.
2016-02-17 22:12 ` Sasha Levin
2016-02-17 23:33 ` Willy Tarreau
2016-02-17 23:49 ` Thomas D. [this message]
2016-02-18 0:01 ` Willy Tarreau
2016-02-18 8:17 ` Stephan Mueller
2016-02-18 9:41 ` Jiri Slaby
2016-02-18 11:09 ` Thomas D.
2016-02-20 14:33 ` Thomas D.
2016-02-21 16:40 ` [PATCH] " Milan Broz
2016-02-23 21:02 ` Milan Broz
2016-02-23 21:21 ` Sasha Levin
[not found] ` <CAA-+O6H8TQxrKOQAL+s+PGnkOJe-f3dEs-wKGbM1BFZ7_aC2dg@mail.gmail.com>
2016-02-24 0:10 ` Thomas D.
2016-02-24 2:24 ` Greg KH
2016-02-24 8:32 ` Jiri Slaby
2016-02-24 8:54 ` Milan Broz
2016-02-24 17:12 ` Greg KH
2016-02-26 11:25 ` Milan Broz
2016-02-26 11:44 ` [PATCH 1/4] crypto: algif_skcipher - Require setkey before accept(2) Milan Broz
2016-02-26 11:44 ` [PATCH 2/4] crypto: algif_skcipher - Add nokey compatibility path Milan Broz
2016-02-26 11:44 ` [PATCH 3/4] crypto: algif_skcipher - Remove custom release parent function Milan Broz
2016-02-26 11:44 ` [PATCH 4/4] crypto: algif_skcipher - Fix race condition in skcipher_check_key Milan Broz
2016-02-27 14:45 ` [PATCH 1/4] crypto: algif_skcipher - Require setkey before accept(2) Herbert Xu
2016-02-27 21:40 ` Sasha Levin
2016-02-28 8:18 ` Milan Broz
2016-02-26 16:43 ` [PATCH] Re: Broken userspace crypto in linux-4.1.18 Sasha Levin
2016-04-17 22:17 ` Thomas D.
2016-04-17 22:39 ` Sasha Levin
2016-04-18 2:02 ` Herbert Xu
2016-04-18 9:48 ` Thomas D.
2016-04-18 12:54 ` Sasha Levin
2016-04-18 20:41 ` Milan Broz
2016-04-18 20:56 ` Thomas D.
2016-04-18 21:03 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C50725.6080408@whissi.de \
--to=whissi@whissi.de \
--cc=dvyukov@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=sasha.levin@oracle.com \
--cc=stable@vger.kernel.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.