From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CAB533A9D6 for ; Sun, 10 May 2026 23:25:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778455516; cv=none; b=Dse0Dw6/UbclcBTI+jdXuIZ2Jw/YRUvl9rQFXhF0nDy//+DjEdHY3gAF10/9bM41vnH0oEL+rsTj1tC5fNzt3ryMyGyeQoVs+/lZN9AEpxHB9V9FOcsjK/YDuSx9i8kPqUlTz08VUJ6UrKWb6lg+6FBaSxJ7vKWZ/eO23AapwH0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778455516; c=relaxed/simple; bh=/8xhVXrz8Q3xpD7n94ZUl2QrHgwje+BwlZ2z4YrUPuI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KnOc9qwVDzU9QmddBv7h8REtJd65DpuwZ49nXujxsTvyy6Y2KkllgAG+PJYQn5LyPxYJTJTqM7Pt4njHXLse/wAaFO5nuSz921BHpiccT5ylbABsf4IFEy5NsNwHsg8B6QOa9sNBE9KjgToGZJYAtRnRKNxhNHNJbLYMAivF1kk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PWSFukBs; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PWSFukBs" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-7bd5c582c47so33147867b3.2 for ; Sun, 10 May 2026 16:25:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778455513; x=1779060313; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZOy80O60KUIlyR9w5AQAgpnG4tbnSWNzRVhKEWyyTiM=; b=PWSFukBsuCDiJKYHM2AhTDVXUMY6qTVT+shRweNH6zUcpDuTqUIVWpapzBAhQWCRo5 DwCRRoz7b+jorgtjI8zNlA4PUXwN331i5g8ugB0YGxEOMtrZkFaK5JXZogEEnXRusL5Y s7lTG4zv17VpA93jF8GyWBPa5UAadom+Bfv8AwdT0DazeVXTipShUmf5HmV73JEsfQM8 cw/ZUBqogbATcUFvoaOKXIU6dBst+hjM9G3sQklRVI55wfRLujCLgoIXeBC4wz0lnvQD WeUzquPTwg7qRAmjgn51HEiWB2d7blMUimSfmTu7yS3taiHcEJIT2jzRTtGduiK+KMhS FQlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778455513; x=1779060313; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ZOy80O60KUIlyR9w5AQAgpnG4tbnSWNzRVhKEWyyTiM=; b=i4p2ym8jbGyKudsCUH9LgmxXc5OT20Xf2psoPN/xYnXQ+ZcuH/Zsvt9Xe9i7fA1bOT Z2YgKhRraknXlcSgB8C5qwroebVP+dQaEpbe9Vd71tqoLiWNrEt+p1AFJtohUXMdmoEC umfM8iqOmLTLgkaX8zNxc4XLwPfBTSrHOYu1NvdTqTvBqykLGVotMVG/epo464HQdVa1 pYyWmwBOszObDFGWb/qFNt37gPTi95JJHDAOQJqDX2WTWtR53xltu4n9vHvw10Khuewu VbLTqc4sh6V04wFzTBA3tiUTrwveHgDJ3OEUfpwJhVB/p0cWZHil4QJ6C7sZJr3qB5u+ JmmQ== X-Forwarded-Encrypted: i=1; AFNElJ9Ll034DjPdhd4OeFL8duxia7N8t070iUgicFWWeIVP5pX+WGRnHwdyGmX5SeMnGVcXRYr2MJee5TnLnAw=@vger.kernel.org X-Gm-Message-State: AOJu0YzS20ibfIeexYarkYHU0OCjak0O51446GjTsAu6c3AcWGZnCqT6 TO+NPo4Z4J02tH/iJWb1wU4OAKy0NMN3KZ/i72kgYTHn9AAbzzGT5Da6 X-Gm-Gg: Acq92OGDDhwV2obtx1aJ2xE0kD/aLE5JG7ZETJFNHJyluxNWfyxXpxotgW4z7OAwf4I TBDD0wMsTLG9XlWRnx9B66VhmyjxgAk5nIJW75Pel4rWqlSs5poegUCdIt8iKmN5UN5rRXxFo+S MlaN+aNMHuG0k2rdj/LpxYZohV2z0Oe5vQs+7wQp0we6q1fxvfgdPSQRjoD62QLjCpIay2zfJMw tOoDDQmGHTEJDZhwrEL56Vgcmd4h8GrJNrymSSc6sfSBMh4qsqeMCX4siXydW32DESGxfEpzlWA xFQeDrb/RLAcu2VRNrJ+fWDIJdBFikOgFAbAK8xgqXvfvYuOh/4vSql9FP+GJ8Es8VcKYNnPv93 Z8cW/gWXY5Lk0UNXsgHi7td1xJAvX6PLT47ViWpEOeOq+IHFw8fhlM1vWTzJROEGptQjsDLuZaP QFHnN6ygeKlCX+S11EalKzmrEDAjO16anjtHYMcANdrek0Gly7BHTFNvPYIuYtEMcxqujt5EP6o 2FzOtJAg3ssrXEwpWD0O6TzS+IH+otZH/O2L2Qz5Uo= X-Received: by 2002:a05:690c:6f06:b0:79a:7157:879 with SMTP id 00721157ae682-7bdf5f37cf8mr216629967b3.50.1778455513123; Sun, 10 May 2026 16:25:13 -0700 (PDT) Received: from server0.tail6e7dd.ts.net (c-68-48-65-54.hsd1.mi.comcast.net. [68.48.65.54]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7bd6656d218sm137549197b3.22.2026.05.10.16.25.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 10 May 2026 16:25:12 -0700 (PDT) From: Michael Bommarito To: Herbert Xu , David Howells , "David S. Miller" , linux-crypto@vger.kernel.org Cc: Eric Biggers , Marc Dionne , linux-afs@lists.infradead.org, Ilya Dryomov , Xiubo Li , ceph-devel@vger.kernel.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] crypto: krb5 - filter out async aead implementations at alloc Date: Sun, 10 May 2026 19:24:55 -0400 Message-ID: <20260510232455.2245650-1-michael.bommarito@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260502132506.1936358-1-michael.bommarito@gmail.com> References: <20260502132506.1936358-1-michael.bommarito@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit krb5_aead_encrypt(), krb5_aead_decrypt() in rfc3961_simplified.c and rfc8009_encrypt(), rfc8009_decrypt() in rfc8009_aes2.c set a NULL completion callback and treat any negative return from crypto_aead_{encrypt,decrypt}() as terminal, falling through to kfree_sensitive(buffer). When the encrypt_name resolves to an async AEAD instance the request returns -EINPROGRESS, the buffer is freed while the backend's worker still holds a pointer, and the worker dereferences the freed slab on completion. KASAN report under UML+SLUB with a synthetic async aead backend bound to krb5->encrypt_name: BUG: KASAN: slab-use-after-free in t5_stub_complete+0x7d/0xc7 The helpers were written synchronously, so filter the async instances out at allocation time instead of plumbing crypto_wait_req() through every call site. Reachable via net/rxrpc/rxgk.c, fs/afs/cm_security.c and net/ceph/crypto.c on systems with an async AEAD provider bound to the krb5 enctype name. Fixes: 00244da40f78 ("crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions") Fixes: 6c3c0e86c2ac ("crypto/krb5: Implement the AES enctypes from rfc8009") Cc: stable@vger.kernel.org Suggested-by: Herbert Xu Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Michael Bommarito --- crypto/krb5/krb5_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/krb5/krb5_api.c b/crypto/krb5/krb5_api.c index 23026d4206c8..2b20284fa0ab 100644 --- a/crypto/krb5/krb5_api.c +++ b/crypto/krb5/krb5_api.c @@ -165,7 +165,7 @@ struct crypto_aead *krb5_prepare_encryption(const struct krb5_enctype *krb5, struct crypto_aead *ci = NULL; int ret = -ENOMEM; - ci = crypto_alloc_aead(krb5->encrypt_name, 0, 0); + ci = crypto_alloc_aead(krb5->encrypt_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(ci)) { ret = PTR_ERR(ci); if (ret == -ENOENT) -- 2.53.0