On Fri, May 31, 2019 at 11:12:30AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Clear the CRYPTO_TFM_REQ_MAY_SLEEP flag when the chacha20poly1305 > operation is being continued from an async completion callback, since > sleeping may not be allowed in that context. > > This is basically the same bug that was recently fixed in the xts and > lrw templates. But, it's always been broken in chacha20poly1305 too. > This was found using syzkaller in combination with the updated crypto > self-tests which actually test the MAY_SLEEP flag now. > > Reproducer: > > python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind( > ("aead", "rfc7539(cryptd(chacha20-generic),poly1305-generic)"))' > > Kernel output: > > BUG: sleeping function called from invalid context at include/crypto/algapi.h:426 > in_atomic(): 1, irqs_disabled(): 0, pid: 1001, name: kworker/2:2 > [...] > CPU: 2 PID: 1001 Comm: kworker/2:2 Not tainted 5.2.0-rc2 #5 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014 > Workqueue: crypto cryptd_queue_worker > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x4d/0x6a lib/dump_stack.c:113 > ___might_sleep kernel/sched/core.c:6138 [inline] > ___might_sleep.cold.19+0x8e/0x9f kernel/sched/core.c:6095 > crypto_yield include/crypto/algapi.h:426 [inline] > crypto_hash_walk_done+0xd6/0x100 crypto/ahash.c:113 > shash_ahash_update+0x41/0x60 crypto/shash.c:251 > shash_async_update+0xd/0x10 crypto/shash.c:260 > crypto_ahash_update include/crypto/hash.h:539 [inline] > poly_setkey+0xf6/0x130 crypto/chacha20poly1305.c:337 > poly_init+0x51/0x60 crypto/chacha20poly1305.c:364 > async_done_continue crypto/chacha20poly1305.c:78 [inline] > poly_genkey_done+0x15/0x30 crypto/chacha20poly1305.c:369 > cryptd_skcipher_complete+0x29/0x70 crypto/cryptd.c:279 > cryptd_skcipher_decrypt+0xcd/0x110 crypto/cryptd.c:339 > cryptd_queue_worker+0x70/0xa0 crypto/cryptd.c:184 > process_one_work+0x1ed/0x420 kernel/workqueue.c:2269 > worker_thread+0x3e/0x3a0 kernel/workqueue.c:2415 > kthread+0x11f/0x140 kernel/kthread.c:255 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 > > Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539") > Cc: <stable@xxxxxxxxxxxxxxx> # v4.2+ > Cc: Martin Willi <martin@xxxxxxxxxxxxxx> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > crypto/chacha20poly1305.c | 30 +++++++++++++++++++----------- > 1 file changed, 19 insertions(+), 11 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt