Crypto oops in async_chainiv_do_postponed

Hi Brad:

On Thu, Aug 27, 2009 at 05:13:04PM -0500, Brad Bosch wrote:
> 
> I seem to have found a bug in chainiv.c.  The following oops occured
> while using blowfish and hmac-sha with UDP.  The patch (against
> 2.6.27.30) after the oops output below is an completely untested
> possible fix.  We will be testing this fix starting tomorrow.

Thanks for the detailed analysis and patch!

> The null dereference occurs when subreq is dereferenced in
> async_chainiv_do_postponed().  My guess is that the
> skcipher_givcrypt_request block has been freed and subsequently
> overwritten by the time the postponed request is processed.  This
> could happen if chainiv_givencrypt() returns anything other than
> -EINPROGRESS after postponing the request.  From what I can see, this
> could indeed happen since the same err field in async_chainiv_ctx is
> used both when the request is postponed and also when it is later
> processed by the worker thread.  Neither the lock, nor the
> CHAINIV_STATE_INUSE bit in ctx->state will prevent this race which
> results in the -EINPROGRESS err being overwritten between the time it
> is placed in ctx->err in async_chainiv_postpone_request() and when it
> is read back out in async_chainiv_schedule_work().  I am curious why
> this method of returning the error code was used in the first place.

Actually I think the problem is much less subtle than that :)

The problem is that whenever crypto_dequeue_request returns NULL,
chainiv will never see the NULL pointer because we end up converting
the pointer to skcipher_givcrypt_request which would have the value
(NULL - off) where off is non-zero.

Please let me know if this patch fixes the crash for you.

commit 0c7d400fafaeab6014504a6a6249f01bac7f7db4
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Sat Aug 29 20:44:04 2009 +1000

    crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test

    As struct skcipher_givcrypt_request includes struct crypto_request
    at a non-zero offset, testing for NULL after converting the pointer
    returned by crypto_dequeue_request does not work.  This can result
    in IPsec crashes when the queue is depleted.

    This patch fixes it by doing the pointer conversion only when the
    return value is non-NULL.  In particular, we create a new function
    __crypto_dequeue_request that does the pointer conversion.

    Reported-by: Brad Bosch <bradbosch@comcast.net>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,

Message ID	20090829104606.GA13141@gondor.apana.org.au
State	Not Applicable, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Sat, 29 Aug 2009 20:46:06 +1000 From: Herbert Xu <herbert@gondor.apana.org.au> To: Brad Bosch <bradbosch@comcast.net> Cc: linux-crypto@vger.kernel.org, netdev@vger.kernel.org Subject: Re: Crypto oops in async_chainiv_do_postponed Message-ID: <20090829104606.GA13141@gondor.apana.org.au> References: <19095.1264.682820.125602@waldo.imnotcreative.homeip.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <19095.1264.682820.125602@waldo.imnotcreative.homeip.net> User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk

Crypto oops in async_chainiv_do_postponed

Commit Message

Patch