From: Herbert Xu <herbert@gondor.apana.org.au>
To: Harald Freudenberger <freude@linux.ibm.com>
Cc: dengler@linux.ibm.com, davem@davemloft.net, hca@linux.ibm.com,
linux-s390@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v3 3/3] s390/crypto: New s390 specific shash phmac
Date: Tue, 12 Nov 2024 09:38:52 +0800 [thread overview]
Message-ID: <ZzKxrKpSFCdz8LPp@gondor.apana.org.au> (raw)
In-Reply-To: <20241107145521.424769-4-freude@linux.ibm.com>
On Thu, Nov 07, 2024 at 03:55:21PM +0100, Harald Freudenberger wrote:
>
> +static int s390_phmac_sha2_init(struct shash_desc *desc)
> +{
> + struct s390_phmac_ctx *tfm_ctx = crypto_shash_ctx(desc->tfm);
> + struct s390_kmac_sha2_ctx *ctx = shash_desc_ctx(desc);
> + unsigned int bs = crypto_shash_blocksize(desc->tfm);
> + int rc;
> +
> + rc = phmac_convert_key(desc->tfm);
> + if (rc)
> + goto out;
> +
> + spin_lock_bh(&tfm_ctx->pk_lock);
> + memcpy(ctx->param + SHA2_KEY_OFFSET(bs),
> + tfm_ctx->pk.protkey, tfm_ctx->pk.len);
> + spin_unlock_bh(&tfm_ctx->pk_lock);
This appers to be completely broken. Each tfm can be used by
an unlimited number of descriptors in parallel. So you cannot
modify the tfm context. I see that you have taken spinlocks
around it, but it is still broken:
CPU1 CPU2
lock(tfm)
tfm->pk = pk1
unlock(tfm)
lock(tfm)
tfm->pk = pk2
unlock(tfm)
lock(tfm)
copy tfm->pk to desc
pk2 is copied
unlock(tfm)
Now this could all be harmless because pk1 and pk2 may be guaranteed
to be the same, but if that's the case why go through all this in
the first place? You could've just done it in setkey.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2024-11-12 1:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 14:55 [PATCH v3 0/3] New s390 specific protected key hmac Harald Freudenberger
2024-11-07 14:55 ` [PATCH v3 1/3] crypto: api - Adjust HASH_MAX_DESCSIZE for s390-phmac context Harald Freudenberger
2024-11-07 14:55 ` [PATCH v3 2/3] s390/crypto: Add protected key hmac subfunctions for KMAC Harald Freudenberger
2024-11-07 14:55 ` [PATCH v3 3/3] s390/crypto: New s390 specific shash phmac Harald Freudenberger
2024-11-11 12:13 ` Ingo Franzki
2024-11-12 1:34 ` Herbert Xu
2024-11-12 1:38 ` Herbert Xu [this message]
2024-11-12 12:45 ` Harald Freudenberger
2024-11-14 11:17 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzKxrKpSFCdz8LPp@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=dengler@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox