[PATCH] evm: Don't deadlock if a crypto algorithm is unavailable

linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Matthew Garrett <mjg59@google.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.vnet.ibm.com, Matthew Garrett <mjg59@google.com>,
	wangjunwen@baidu.com
Subject: [PATCH] evm: Don't deadlock if a crypto algorithm is unavailable
Date: Wed, 30 May 2018 13:28:04 -0700	[thread overview]
Message-ID: <20180530202804.148245-1-mjg59@google.com> (raw)
In-Reply-To: <CACdnJus+5Xog03Z1VYdw_8dx64Wg2zzh1b2bL-FDt0O9+p_eGQ@mail.gmail.com>

Does this help?

Trying to instantiate a non-existent crypto algorithm will cause the
kernel to trigger a module load. If EVM appraisal is enabled, this will
in turn trigger appraisal of the module, which will fail because the
crypto algorithm isn't available. Add a CRYPTO_NOLOAD flag and skip
module loading if it's set, and add that flag in the EVM case.
---
 crypto/api.c                        | 2 +-
 include/linux/crypto.h              | 5 +++++
 security/integrity/evm/evm_crypto.c | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/crypto/api.c b/crypto/api.c
index 0ee632bba064..7aca9f86c5f3 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -229,7 +229,7 @@ static struct crypto_alg *crypto_larval_lookup(const char *name, u32 type,
 	mask &= ~(CRYPTO_ALG_LARVAL | CRYPTO_ALG_DEAD);
 
 	alg = crypto_alg_lookup(name, type, mask);
-	if (!alg) {
+	if (!alg && !(mask & CRYPTO_NOLOAD)) {
 		request_module("crypto-%s", name);
 
 		if (!((type ^ CRYPTO_ALG_NEED_FALLBACK) & mask &
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 6eb06101089f..e8839d3a7559 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -112,6 +112,11 @@
  */
 #define CRYPTO_ALG_OPTIONAL_KEY		0x00004000
 
+/*
+ * Don't trigger module loading
+ */
+#define CRYPTO_NOLOAD			0x00008000
+
 /*
  * Transform masks and values (for crt_flags).
  */
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index eb87d40c62a5..ff8687232a1a 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -97,7 +97,8 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo)
 		mutex_lock(&mutex);
 		if (*tfm)
 			goto out;
-		*tfm = crypto_alloc_shash(algo, 0, CRYPTO_ALG_ASYNC);
+		*tfm = crypto_alloc_shash(algo, 0,
+					  CRYPTO_ALG_ASYNC | CRYPTO_NOLOAD);
 		if (IS_ERR(*tfm)) {
 			rc = PTR_ERR(*tfm);
 			pr_err("Can not allocate %s (reason: %ld)\n", algo, rc);
-- 
2.17.1.1185.g55be947832-goog

next prev parent reply	other threads:[~2018-05-30 20:28 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-15 17:53 [PATCH V4] evm: Allow non-SHA1 digital signatures Matthew Garrett
2018-05-16 22:12 ` Mimi Zohar
2018-05-17 22:09   ` Matthew Garrett
2018-05-18 16:03     ` Mimi Zohar
2018-05-29 18:26       ` Matthew Garrett
     [not found]         ` <15252CF8C1B4384C8CE16D7D55C66479011414E7BF@BC-MAIL-M04.internal.baidu.com>
2018-05-30 18:29           ` Matthew Garrett
2018-05-30 20:28             ` Matthew Garrett [this message]
     [not found]               ` <15252CF8C1B4384C8CE16D7D55C66479011414E83B@BC-MAIL-M04.internal.baidu.com>
2018-05-31 19:30                 ` [PATCH] evm: Don't deadlock if a crypto algorithm is unavailable Matthew Garrett
2018-05-31 19:55                   ` Mimi Zohar
2018-05-31 20:07                     ` Matthew Garrett
2018-05-31 20:32                       ` Mimi Zohar
2018-05-31 21:06                         ` Matthew Garrett
2018-06-01 11:21                           ` Mimi Zohar
2018-06-01 20:52                             ` Matthew Garrett
2018-06-01 22:26                               ` Mimi Zohar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0ee632bba06 dfblob:7aca9f86c5f dfblob:6eb06101089
dfblob:e8839d3a755 dfblob:eb87d40c62a dfblob:ff8687232a1 )
 OR (
bs:"[PATCH] evm: Don't deadlock if a crypto algorithm is unavailable" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180530202804.148245-1-mjg59@google.com \
    --to=mjg59@google.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=wangjunwen@baidu.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).