On Fri, Nov 29, 2019 at 04:40:24PM +0800, Herbert Xu wrote: > On Wed, Nov 27, 2019 at 11:14:52AM -0800, Eric Biggers wrote: > > > > I tried applying the following patches and running syzkaller again: > > > > padata: Remove unused padata_remove_cpu > > padata: Remove broken queue flushing > > crypto: pcrypt - Fix user-after-free on module unload > > [v3] crypto: pcrypt - Avoid deadlock by using per-instance padata queues > > > > This time I got a crypto self-test failure when > > "pcrypt(pcrypt(rfc4106-gcm-aesni))" was instantiated: > > > > [ 2220.165113] alg: aead: pcrypt(pcrypt(rfc4106-gcm-aesni)) encryption corrupted request struct on test vector 0, cfg="uneven misaligned splits, may sleep" > > [ 2220.170295] alg: aead: changed 'req->base.flags' > > [ 2220.171799] Kernel panic - not syncing: alg: self-tests for pcrypt(pcrypt(rfc4106-gcm-aesni)) (rfc4106(gcm(aes))) failed in panic_on_fail mode! > > > > So the algorithm is not preserving aead_request::base.flags. > > Thanks for the report. This is a preexisting bug in pcrypt. Here > is a patch for it. > > ---8<--- > We should not be modifying the original request's MAY_SLEEP flag > upon completion. It makes no sense to do so anyway. > > Reported-by: Eric Biggers <ebiggers@xxxxxxxxxx> > Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto...") > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c > index 543792e0ebf0..2f6f81183e45 100644 > --- a/crypto/pcrypt.c > +++ b/crypto/pcrypt.c > @@ -63,7 +63,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err) > struct padata_priv *padata = pcrypt_request_padata(preq); > > padata->info = err; > - req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; > > padata_do_serial(padata); > } Tested-by: Eric Biggers <ebiggers@xxxxxxxxxx>