From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
herbert@gondor.apana.org.au, will@kernel.org,
kernel-team@android.com
Subject: Re: [PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly
Date: Wed, 12 May 2021 13:04:37 -0700 [thread overview]
Message-ID: <YJw01Z3oxwY5Sfpa@gmail.com> (raw)
In-Reply-To: <20210512184439.8778-2-ardb@kernel.org>
On Wed, May 12, 2021 at 08:44:33PM +0200, Ard Biesheuvel wrote:
> There are corner cases where skcipher_walk_aead_[en|de]crypt() may be
> invoked with a zero sized input, which is not rejected by the walker
> code, but results in the skcipher_walk structure to not be fully
> initialized. This will leave stale values in its page and buffer
> members, which will be subsequently passed to kfree() or free_page() by
> skcipher_walk_done(), resulting in a crash if those routines fail to
> identify them as in valid inputs.
>
> Fix this by setting page and buffer to NULL even if the size of the
> input is zero.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Is this fixing an existing bug, or only a bug that got exposed by this patchset?
It would be helpful to make that clear (and if it fixes an existing bug, include
a Fixes tag).
Also, skcipher_walk_virt() doesn't set page and buffer to NULL, as it is
currently expected that skcipher_walk_done() is only called when
walk.nbytes != 0. Is something different for skcipher_walk_aead_[en|de]crypt()?
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
herbert@gondor.apana.org.au, will@kernel.org,
kernel-team@android.com
Subject: Re: [PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly
Date: Wed, 12 May 2021 13:04:37 -0700 [thread overview]
Message-ID: <YJw01Z3oxwY5Sfpa@gmail.com> (raw)
In-Reply-To: <20210512184439.8778-2-ardb@kernel.org>
On Wed, May 12, 2021 at 08:44:33PM +0200, Ard Biesheuvel wrote:
> There are corner cases where skcipher_walk_aead_[en|de]crypt() may be
> invoked with a zero sized input, which is not rejected by the walker
> code, but results in the skcipher_walk structure to not be fully
> initialized. This will leave stale values in its page and buffer
> members, which will be subsequently passed to kfree() or free_page() by
> skcipher_walk_done(), resulting in a crash if those routines fail to
> identify them as in valid inputs.
>
> Fix this by setting page and buffer to NULL even if the size of the
> input is zero.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Is this fixing an existing bug, or only a bug that got exposed by this patchset?
It would be helpful to make that clear (and if it fixes an existing bug, include
a Fixes tag).
Also, skcipher_walk_virt() doesn't set page and buffer to NULL, as it is
currently expected that skcipher_walk_done() is only called when
walk.nbytes != 0. Is something different for skcipher_walk_aead_[en|de]crypt()?
- Eric
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-05-12 21:08 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 18:44 [PATCH v3 0/7] running kernel mode SIMD with softirqs disabled Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 20:04 ` Eric Biggers [this message]
2021-05-12 20:04 ` Eric Biggers
2021-05-12 21:24 ` Ard Biesheuvel
2021-05-12 21:24 ` Ard Biesheuvel
2021-05-21 7:55 ` Herbert Xu
2021-05-21 7:55 ` Herbert Xu
2021-05-21 9:28 ` Ard Biesheuvel
2021-05-21 9:28 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 2/7] crypto: aead - disallow en/decrypt for non-task or non-softirq context Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 20:06 ` Eric Biggers
2021-05-12 20:06 ` Eric Biggers
2021-05-12 21:24 ` Ard Biesheuvel
2021-05-12 21:24 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 3/7] crypto: skcipher " Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 4/7] crypto: arm64/gcm-aes-ce - remove non-SIMD fallback path Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 5/7] crypto: arm64/aes-neonbs - stop using SIMD helper for skciphers Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 20:08 ` Eric Biggers
2021-05-12 20:08 ` Eric Biggers
2021-05-12 21:25 ` Ard Biesheuvel
2021-05-12 21:25 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 6/7] crypto: arm64/aes-ce " Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 18:44 ` [PATCH v3 7/7] crypto: arm64/aes-ccm - remove non-SIMD fallback path Ard Biesheuvel
2021-05-12 18:44 ` Ard Biesheuvel
2021-05-12 20:11 ` [PATCH v3 0/7] running kernel mode SIMD with softirqs disabled Eric Biggers
2021-05-12 20:11 ` Eric Biggers
2021-05-12 21:31 ` Ard Biesheuvel
2021-05-12 21:31 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YJw01Z3oxwY5Sfpa@gmail.com \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=kernel-team@android.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.