android_kernel_xiaomi_sm8350/crypto
Daniel Jordan af51aa2b85 crypto: pcrypt - Delay write to padata->info
[ Upstream commit 68b6dea802cea0dbdd8bd7ccc60716b5a32a5d8a ]

These three events can race when pcrypt is used multiple times in a
template ("pcrypt(pcrypt(...))"):

  1.  [taskA] The caller makes the crypto request via crypto_aead_encrypt()
  2.  [kworkerB] padata serializes the inner pcrypt request
  3.  [kworkerC] padata serializes the outer pcrypt request

3 might finish before the call to crypto_aead_encrypt() returns in 1,
resulting in two possible issues.

First, a use-after-free of the crypto request's memory when, for
example, taskA writes to the outer pcrypt request's padata->info in
pcrypt_aead_enc() after kworkerC completes the request.

Second, the outer pcrypt request overwrites the inner pcrypt request's
return code with -EINPROGRESS, making a successful request appear to
fail.  For instance, kworkerB writes the outer pcrypt request's
padata->info in pcrypt_aead_done() and then taskA overwrites it
in pcrypt_aead_enc().

Avoid both situations by delaying the write of padata->info until after
the inner crypto request's return code is checked.  This prevents the
use-after-free by not touching the crypto request's memory after the
next-inner crypto request is made, and stops padata->info from being
overwritten.

Fixes: 5068c7a883 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper")
Reported-by: syzbot+b187b77c8474f9648fae@syzkaller.appspotmail.com
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-17 09:48:40 +01:00
..
asymmetric_keys crypto: asym_tpm: correct zero out potential secrets 2021-01-12 20:16:17 +01:00
async_tx
842.c
ablkcipher.c
acompress.c
adiantum.c
aead.c
aegis128-core.c
aegis128-neon-inner.c
aegis128-neon.c
aegis.h
aes_generic.c
aes_ti.c
af_alg.c crypto: af_alg - avoid undefined behavior accessing salg_name 2020-12-30 11:51:00 +01:00
ahash.c
akcipher.c
algapi.c
algboss.c
algif_aead.c crypto: algif_aead - Do not set MAY_BACKLOG on the async path 2020-10-29 09:57:29 +01:00
algif_hash.c
algif_rng.c
algif_skcipher.c crypto: algif_skcipher - EBUSY on aio should be an error 2020-10-29 09:57:30 +01:00
ansi_cprng.c
anubis.c
api.c crypto: api - check for ERR pointers in crypto_destroy_tfm() 2021-05-11 14:04:05 +02:00
arc4.c
authenc.c
authencesn.c
blkcipher.c
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast5_generic.c
cast6_generic.c crypto: x86 - Regularize glue function prototypes 2021-03-20 10:39:47 +01:00
cast_common.c
cbc.c
ccm.c
cfb.c
chacha20poly1305.c
chacha_generic.c
cipher.c
cmac.c
compress.c
crc32_generic.c
crc32c_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c
cts.c
deflate.c
des_generic.c
dh_helper.c
dh.c
drbg.c
ecb.c
ecc_curve_defs.h
ecc.c
ecc.h
ecdh_helper.c crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() 2021-03-04 10:26:25 +01:00
ecdh.c crypto: ecdh - avoid buffer overflow in ecdh_set_secret() 2021-01-12 20:16:17 +01:00
echainiv.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c
essiv.c
fcrypt.c
fips.c
gcm.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h
jitterentropy-kcapi.c
jitterentropy.c
Kconfig crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency 2021-11-17 09:48:36 +01:00
keywrap.c
khazad.c
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile
md4.c
md5.c
memneq.c
michael_mic.c
nhpoly1305.c
ofb.c
pcbc.c
pcrypt.c crypto: pcrypt - Delay write to padata->info 2021-11-17 09:48:40 +01:00
poly1305_generic.c
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-05-11 14:04:15 +02:00
rsa_helper.c
rsa-pkcs1pad.c
rsa.c
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c crypto: x86 - Regularize glue function prototypes 2021-03-20 10:39:47 +01:00
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:53:13 +02:00
simd.c
skcipher.c
sm3_generic.c
sm4_generic.c
streebog_generic.c
tcrypt.c crypto: tcrypt - avoid signed overflow in byte count 2021-03-07 12:20:46 +01:00
tcrypt.h
tea.c
testmgr.c
testmgr.h
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c
xts.c
xxhash_generic.c
zstd.c