On Fri, Nov 29, 2019 at 04:40:24PM +0800, Herbert Xu wrote:
> On Wed, Nov 27, 2019 at 11:14:52AM -0800, Eric Biggers wrote:
> >
> > I tried applying the following patches and running syzkaller again:
> >
> > padata: Remove unused padata_remove_cpu
> > padata: Remove broken queue flushing
> > crypto: pcrypt - Fix user-after-free on module unload
> > [v3] crypto: pcrypt - Avoid deadlock by using per-instance padata queues
> >
> > This time I got a crypto self-test failure when
> > "pcrypt(pcrypt(rfc4106-gcm-aesni))" was instantiated:
> >
> > [ 2220.165113] alg: aead: pcrypt(pcrypt(rfc4106-gcm-aesni)) encryption corrupted request struct on test vector 0, cfg="uneven misaligned splits, may sleep"
> > [ 2220.170295] alg: aead: changed 'req->base.flags'
> > [ 2220.171799] Kernel panic - not syncing: alg: self-tests for pcrypt(pcrypt(rfc4106-gcm-aesni)) (rfc4106(gcm(aes))) failed in panic_on_fail mode!
> >
> > So the algorithm is not preserving aead_request::base.flags.
>
> Thanks for the report. This is a preexisting bug in pcrypt. Here
> is a patch for it.
>
> ---8<---
> We should not be modifying the original request's MAY_SLEEP flag
> upon completion. It makes no sense to do so anyway.
>
> Reported-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto...")
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>
> diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
> index 543792e0ebf0..2f6f81183e45 100644
> --- a/crypto/pcrypt.c
> +++ b/crypto/pcrypt.c
> @@ -63,7 +63,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err)
> struct padata_priv *padata = pcrypt_request_padata(preq);
>
> padata->info = err;
> - req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
>
> padata_do_serial(padata);
> }
Tested-by: Eric Biggers <ebiggers@xxxxxxxxxx>
