From: Eric Biggers <ebiggers@kernel.org>
To: Dmitry Safonov <dima@arista.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-kernel@vger.kernel.org, David Ahern <dsahern@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Dmitry Safonov <0x7f454c46@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Francesco Ruggeri <fruggeri05@gmail.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Salam Noureddine <noureddine@arista.com>,
netdev@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH] crypto: ahash - Set using_shash for cloned ahash wrapper over shash
Date: Mon, 6 Nov 2023 19:36:54 -0800 [thread overview]
Message-ID: <20231107033654.GA938@sol.localdomain> (raw)
In-Reply-To: <20231107023717.820093-1-dima@arista.com>
On Tue, Nov 07, 2023 at 02:37:17AM +0000, Dmitry Safonov wrote:
> The cloned child of ahash that uses shash under the hood should use
> shash helpers (like crypto_shash_setkey()).
>
> The following panic may be observed on TCP-AO selftests:
>
> > ==================================================================
> > BUG: KASAN: wild-memory-access in crypto_mod_get+0x1b/0x60
> > Write of size 4 at addr 5d5be0ff5c415e14 by task connect_ipv4/1397
> >
> > CPU: 0 PID: 1397 Comm: connect_ipv4 Tainted: G W 6.6.0+ #47
> > Call Trace:
> > <TASK>
> > dump_stack_lvl+0x46/0x70
> > kasan_report+0xc3/0xf0
> > kasan_check_range+0xec/0x190
> > crypto_mod_get+0x1b/0x60
> > crypto_spawn_alg+0x53/0x140
> > crypto_spawn_tfm2+0x13/0x60
> > hmac_init_tfm+0x25/0x60
> > crypto_ahash_setkey+0x8b/0x100
> > tcp_ao_add_cmd+0xe7a/0x1120
> > do_tcp_setsockopt+0x5ed/0x12a0
> > do_sock_setsockopt+0x82/0x100
> > __sys_setsockopt+0xe9/0x160
> > __x64_sys_setsockopt+0x60/0x70
> > do_syscall_64+0x3c/0xe0
> > entry_SYSCALL_64_after_hwframe+0x46/0x4e
> > ==================================================================
> > general protection fault, probably for non-canonical address 0x5d5be0ff5c415e14: 0000 [#1] PREEMPT SMP KASAN
> > CPU: 0 PID: 1397 Comm: connect_ipv4 Tainted: G B W 6.6.0+ #47
> > Call Trace:
> > <TASK>
> > ? die_addr+0x3c/0xa0
> > ? exc_general_protection+0x144/0x210
> > ? asm_exc_general_protection+0x22/0x30
> > ? add_taint+0x26/0x90
> > ? crypto_mod_get+0x20/0x60
> > ? crypto_mod_get+0x1b/0x60
> > ? ahash_def_finup_done1+0x58/0x80
> > crypto_spawn_alg+0x53/0x140
> > crypto_spawn_tfm2+0x13/0x60
> > hmac_init_tfm+0x25/0x60
> > crypto_ahash_setkey+0x8b/0x100
> > tcp_ao_add_cmd+0xe7a/0x1120
> > do_tcp_setsockopt+0x5ed/0x12a0
> > do_sock_setsockopt+0x82/0x100
> > __sys_setsockopt+0xe9/0x160
> > __x64_sys_setsockopt+0x60/0x70
> > do_syscall_64+0x3c/0xe0
> > entry_SYSCALL_64_after_hwframe+0x46/0x4e
> > </TASK>
> > RIP: 0010:crypto_mod_get+0x20/0x60
>
> Make sure that the child/clone has using_shash set when parent is
> an shash user.
>
> Fixes: 2f1f34c1bf7b ("crypto: ahash - optimize performance when wrapping shash")
> Cc: David Ahern <dsahern@kernel.org>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Dmitry Safonov <0x7f454c46@gmail.com>
> Cc: Eric Biggers <ebiggers@google.com>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Francesco Ruggeri <fruggeri05@gmail.com>
> To: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Salam Noureddine <noureddine@arista.com>
> Cc: netdev@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Signed-off-by: Dmitry Safonov <dima@arista.com>
> ---
> crypto/ahash.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/crypto/ahash.c b/crypto/ahash.c
> index deee55f939dc..80c3e5354711 100644
> --- a/crypto/ahash.c
> +++ b/crypto/ahash.c
> @@ -651,6 +651,7 @@ struct crypto_ahash *crypto_clone_ahash(struct crypto_ahash *hash)
> err = PTR_ERR(shash);
> goto out_free_nhash;
> }
> + nhash->using_shash = true;
> *nctx = shash;
> return nhash;
> }
>
> base-commit: be3ca57cfb777ad820c6659d52e60bbdd36bf5ff
Thanks:
Reviewed-by: Eric Biggers <ebiggers@google.com>
Note that this bug would have been prevented if crypto_clone_*() were covered by
the crypto self-tests.
- Eric
prev parent reply other threads:[~2023-11-07 3:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 2:37 [PATCH] crypto: ahash - Set using_shash for cloned ahash wrapper over shash Dmitry Safonov
2023-11-07 3:36 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231107033654.GA938@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=0x7f454c46@gmail.com \
--cc=davem@davemloft.net \
--cc=dima@arista.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=fruggeri05@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=noureddine@arista.com \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).