* [PATCH] crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
@ 2018-10-19 16:57 Loic
2018-11-05 23:29 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Loic @ 2018-10-19 16:57 UTC (permalink / raw)
To: stable; +Cc: baijiaju1990, herbert
Hello,
Please picked up this patch for linux 4.4 and 4.9.
Compiled/tested without problem.
[ Upstream commit 9039f3ef446e9ffa200200c934f049add9e58426 ]
From: Jia-Ju Bai <baijiaju1990@163.com>
Date: Tue, 3 Oct 2017 10:25:22 +0800
Subject: [PATCH] crypto: shash - Fix a sleep-in-atomic bug in
shash_setkey_unaligned
The SCTP program may sleep under a spinlock, and the function call path is:
sctp_generate_t3_rtx_event (acquire the spinlock)
sctp_do_sm
sctp_side_effects
sctp_cmd_interpreter
sctp_make_init_ack
sctp_pack_cookie
crypto_shash_setkey
shash_setkey_unaligned
kmalloc(GFP_KERNEL)
For the same reason, the orinoco driver may sleep in interrupt handler,
and the function call path is:
orinoco_rx_isr_tasklet
orinoco_rx
orinoco_mic
crypto_shash_setkey
shash_setkey_unaligned
kmalloc(GFP_KERNEL)
To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
crypto/shash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 5e31c8d776dfc..8fcecc66741d1 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -41,7 +41,7 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key,
int err;
absize = keylen + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
- buffer = kmalloc(absize, GFP_KERNEL);
+ buffer = kmalloc(absize, GFP_ATOMIC);
if (!buffer)
return -ENOMEM;
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
2018-10-19 16:57 [PATCH] crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned Loic
@ 2018-11-05 23:29 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2018-11-05 23:29 UTC (permalink / raw)
To: Loic; +Cc: stable, baijiaju1990, herbert
On Fri, Oct 19, 2018 at 06:57:26PM +0200, Loic wrote:
>Hello,
>
>Please picked up this patch for linux 4.4 and 4.9.
>Compiled/tested without problem.
>
>[ Upstream commit 9039f3ef446e9ffa200200c934f049add9e58426 ]
>
>From: Jia-Ju Bai <baijiaju1990@163.com>
>Date: Tue, 3 Oct 2017 10:25:22 +0800
>Subject: [PATCH] crypto: shash - Fix a sleep-in-atomic bug in
> shash_setkey_unaligned
>
>The SCTP program may sleep under a spinlock, and the function call path is:
>sctp_generate_t3_rtx_event (acquire the spinlock)
> sctp_do_sm
> sctp_side_effects
> sctp_cmd_interpreter
> sctp_make_init_ack
> sctp_pack_cookie
> crypto_shash_setkey
> shash_setkey_unaligned
> kmalloc(GFP_KERNEL)
>
>For the same reason, the orinoco driver may sleep in interrupt handler,
>and the function call path is:
>orinoco_rx_isr_tasklet
> orinoco_rx
> orinoco_mic
> crypto_shash_setkey
> shash_setkey_unaligned
> kmalloc(GFP_KERNEL)
>
>To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
>This bug is found by my static analysis tool and my code review.
>
>Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
>Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Queued for 4.4 and 4.9, thank you.
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-11-06 8:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-19 16:57 [PATCH] crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned Loic
2018-11-05 23:29 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox