From: Breno Leitao <leitao@debian.org>
To: Sam James <sam@gentoo.org>
Cc: Nayna Jain <nayna@linux.ibm.com>,
Paulo Flabiano Smorigo <pfsmorigo@gmail.com>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Eric Biggers <ebiggers@google.com>,
Ard Biesheuvel <ardb@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Calvin Buckley <calvin@cmpct.info>,
Brad Spengler <brad.spengler@opensrcsec.com>,
linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] crypto: nx: fix nx_crypto_ctx_exit argument
Date: Sun, 24 May 2026 08:10:26 +0100 [thread overview]
Message-ID: <ahKkTuPAf7UsU1Hx@gmail.com> (raw)
In-Reply-To: <a3e89c1e8342ffa415b0d29725a0571a4f355d34.1779472902.git.sam@gentoo.org>
On Fri, May 22, 2026 at 07:01:42PM +0000, Sam James wrote:
> nx_crypto_ctx_shash_exit calls nx_crypto_ctx_exit with crypto_shash_ctx(...)
> but crypto_shash_ctx gives a nx_crypto_ctx *, not a crypto_tfm *.
>
> Fix the type in nx_crypto_ctx_exit and drop the bogus crypto_tfm_ctx
> call.
>
> This fixes the following oops:
>
> BUG: Unable to handle kernel data access at 0xc0403effffffffc8
> Faulting instruction address: 0xc000000000396cb4
> Oops: Kernel access of bad area, sig: 11 [#15]
> Call Trace:
> nx_crypto_ctx_shash_exit+0x24/0x60
> crypto_shash_exit_tfm+0x28/0x40
> crypto_destroy_tfm+0x98/0x140
> crypto_exit_ahash_using_shash+0x20/0x40
> crypto_destroy_tfm+0x98/0x140
> hash_release+0x1c/0x30
> alg_sock_destruct+0x38/0x60
> __sk_destruct+0x48/0x2b0
> af_alg_release+0x58/0xb0
> __sock_release+0x68/0x150
> sock_close+0x20/0x40
> __fput+0x110/0x3a0
> sys_close+0x48/0xa0
> system_call_exception+0x140/0x2d0
> system_call_common+0xf4/0x258
>
> .. which came from hardlink(1) opportunistically using AF_ALG.
>
> The same problem exists with nx_crypto_ctx_skcipher_exit getting a context
> it wasn't expecting, but apparently nobody hit that for years.
>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Fixes: bfd9efddf990 ("crypto: nx - convert AES-ECB to skcipher API")
> Fixes: 9420e628e7d8 ("crypto: nx - Use API partial block handling")
> Reported-by: Calvin Buckley <calvin@cmpct.info>
> Tested-by: Calvin Buckley <calvin@cmpct.info>
> Suggested-by: Brad Spengler <brad.spengler@opensrcsec.com>
> Signed-off-by: Sam James <sam@gentoo.org>
Acked-by: Breno Leitao <leitao@debian.org>
prev parent reply other threads:[~2026-05-24 7:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-22 18:01 [PATCH] crypto: nx: fix nx_crypto_ctx_exit argument Sam James
2026-05-22 18:44 ` Eric Biggers
2026-05-23 4:08 ` [PATCH v2] " Sam James
2026-05-25 7:56 ` [PATCH v3] " Sam James
2026-05-23 6:30 ` [PATCH] " Simon Richter
2026-05-24 7:10 ` Breno Leitao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ahKkTuPAf7UsU1Hx@gmail.com \
--to=leitao@debian.org \
--cc=ardb@kernel.org \
--cc=brad.spengler@opensrcsec.com \
--cc=calvin@cmpct.info \
--cc=chleroy@kernel.org \
--cc=davem@davemloft.net \
--cc=ebiggers@google.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mpe@ellerman.id.au \
--cc=nayna@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=pfsmorigo@gmail.com \
--cc=sam@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox