1. 17 Jan, 2018 1 commit
    • Eric Biggers's avatar
      crypto: algapi - fix NULL dereference in crypto_remove_spawns() · 3752d2fb
      Eric Biggers authored
      commit 9a006742 upstream.
      
      syzkaller triggered a NULL pointer dereference in crypto_remove_spawns()
      via a program that repeatedly and concurrently requests AEADs
      "authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)"
      through AF_ALG, where the hashes are requested as "untested"
      (CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this
      causes the template to be instantiated for every request).
      
      Although AF_ALG users really shouldn't be able to request an "untested"
      algorithm, the NULL pointer dereference is actually caused by a
      longstanding race condition where crypto_remove_spawns() can encounter
      an instance which has had spawn(s) "grabbed" but hasn't yet been
      registered, resulting in ->cra_users still being NULL.
      
      We probably should properly initialize ->cra_users earlier, but that
      would require updating many templates individually.  For now just fix
      the bug in a simple way that can easily be backported: make
      crypto_remove_spawns() treat a NULL ->cra_users list as empty.
      Reported-by: 's avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: 's avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3752d2fb
  2. 09 Feb, 2017 1 commit
  3. 01 Jul, 2016 1 commit
  4. 25 Jan, 2016 1 commit
  5. 23 Nov, 2015 1 commit
  6. 20 Oct, 2015 1 commit
    • Herbert Xu's avatar
      crypto: api - Only abort operations on fatal signal · 3fc89adb
      Herbert Xu authored
      Currently a number of Crypto API operations may fail when a signal
      occurs.  This causes nasty problems as the caller of those operations
      are often not in a good position to restart the operation.
      
      In fact there is currently no need for those operations to be
      interrupted by user signals at all.  All we need is for them to
      be killable.
      
      This patch replaces the relevant calls of signal_pending with
      fatal_signal_pending, and wait_for_completion_interruptible with
      wait_for_completion_killable, respectively.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      3fc89adb
  7. 14 Jul, 2015 2 commits
  8. 03 Jun, 2015 1 commit
  9. 13 May, 2015 1 commit
    • Herbert Xu's avatar
      crypto: api - Add crypto_grab_spawn primitive · d6ef2f19
      Herbert Xu authored
      This patch adds a new primitive crypto_grab_spawn which is meant
      to replace crypto_init_spawn and crypto_init_spawn2.  Under the
      new scheme the user no longer has to worry about reference counting
      the alg object before it is subsumed by the spawn.
      
      It is pretty much an exact copy of crypto_grab_aead.
      
      Prior to calling this function spawn->frontend and spawn->inst
      must have been set.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      d6ef2f19
  10. 26 Apr, 2015 1 commit
  11. 23 Apr, 2015 2 commits
  12. 21 Apr, 2015 1 commit
  13. 16 Apr, 2015 1 commit
  14. 10 Apr, 2015 2 commits
    • Stephan Mueller's avatar
      crypto: api - remove instance when test failed · 9c521a20
      Stephan Mueller authored
      A cipher instance is added to the list of instances unconditionally
      regardless of whether the associated test failed. However, a failed
      test implies that during another lookup, the cipher instance will
      be added to the list again as it will not be found by the lookup
      code.
      
      That means that the list can be filled up with instances whose tests
      failed.
      
      Note: tests only fail in reality in FIPS mode when a cipher is not
      marked as fips_allowed=1. This can be seen with cmac(des3_ede) that does
      not have a fips_allowed=1. When allocating the cipher, the allocation
      fails with -ENOENT due to the missing fips_allowed=1 flag (which
      causes the testmgr to return EINVAL). Yet, the instance of
      cmac(des3_ede) is shown in /proc/crypto. Allocating the cipher again
      fails again, but a 2nd instance is listed in /proc/crypto.
      
      The patch simply de-registers the instance when the testing failed.
      Signed-off-by: 's avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      9c521a20
    • Herbert Xu's avatar
      crypto: api - Move alg ref count init to crypto_check_alg · e9b8e5be
      Herbert Xu authored
      We currently initialise the crypto_alg ref count in the function
      __crypto_register_alg.  As one of the callers of that function
      crypto_register_instance needs to obtain a ref count before it
      calls __crypto_register_alg, we need to move the initialisation
      out of there.
      
      Since both callers of __crypto_register_alg call crypto_check_alg,
      this is the logical place to perform the initialisation.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: 's avatarStephan Mueller <smueller@chronox.de>
      e9b8e5be
  15. 03 Apr, 2015 2 commits
  16. 22 Dec, 2014 1 commit
  17. 26 Nov, 2014 1 commit
  18. 03 Jul, 2014 1 commit
    • Jarod Wilson's avatar
      crypto: fips - only panic on bad/missing crypto mod signatures · 002c77a4
      Jarod Wilson authored
      Per further discussion with NIST, the requirements for FIPS state that
      we only need to panic the system on failed kernel module signature checks
      for crypto subsystem modules. This moves the fips-mode-only module
      signature check out of the generic module loading code, into the crypto
      subsystem, at points where we can catch both algorithm module loads and
      mode module loads. At the same time, make CONFIG_CRYPTO_FIPS dependent on
      CONFIG_MODULE_SIG, as this is entirely necessary for FIPS mode.
      
      v2: remove extraneous blank line, perform checks in static inline
      function, drop no longer necessary fips.h include.
      
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Rusty Russell <rusty@rustcorp.com.au>
      CC: Stephan Mueller <stephan.mueller@atsec.com>
      Signed-off-by: 's avatarJarod Wilson <jarod@redhat.com>
      Acked-by: 's avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      002c77a4
  19. 03 Jul, 2013 1 commit
  20. 28 Feb, 2013 1 commit
    • Sasha Levin's avatar
      hlist: drop the node parameter from iterators · b67bfe0d
      Sasha Levin authored
      I'm not sure why, but the hlist for each entry iterators were conceived
      
              list_for_each_entry(pos, head, member)
      
      The hlist ones were greedy and wanted an extra parameter:
      
              hlist_for_each_entry(tpos, pos, head, member)
      
      Why did they need an extra pos parameter? I'm not quite sure. Not only
      they don't really need it, it also prevents the iterator from looking
      exactly like the list iterator, which is unfortunate.
      
      Besides the semantic patch, there was some manual work required:
      
       - Fix up the actual hlist iterators in linux/list.h
       - Fix up the declaration of other iterators based on the hlist ones.
       - A very small amount of places were using the 'node' parameter, this
       was modified to use 'obj->member' instead.
       - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
       properly, so those had to be fixed up manually.
      
      The semantic patch which is mostly the work of Peter Senna Tschudin is here:
      
      @@
      iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
      
      type T;
      expression a,c,d,e;
      identifier b;
      statement S;
      @@
      
      -T b;
          <+... when != b
      (
      hlist_for_each_entry(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue(a,
      - b,
      c) S
      |
      hlist_for_each_entry_from(a,
      - b,
      c) S
      |
      hlist_for_each_entry_rcu(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_rcu_bh(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue_rcu_bh(a,
      - b,
      c) S
      |
      for_each_busy_worker(a, c,
      - b,
      d) S
      |
      ax25_uid_for_each(a,
      - b,
      c) S
      |
      ax25_for_each(a,
      - b,
      c) S
      |
      inet_bind_bucket_for_each(a,
      - b,
      c) S
      |
      sctp_for_each_hentry(a,
      - b,
      c) S
      |
      sk_for_each(a,
      - b,
      c) S
      |
      sk_for_each_rcu(a,
      - b,
      c) S
      |
      sk_for_each_from
      -(a, b)
      +(a)
      S
      + sk_for_each_from(a) S
      |
      sk_for_each_safe(a,
      - b,
      c, d) S
      |
      sk_for_each_bound(a,
      - b,
      c) S
      |
      hlist_for_each_entry_safe(a,
      - b,
      c, d, e) S
      |
      hlist_for_each_entry_continue_rcu(a,
      - b,
      c) S
      |
      nr_neigh_for_each(a,
      - b,
      c) S
      |
      nr_neigh_for_each_safe(a,
      - b,
      c, d) S
      |
      nr_node_for_each(a,
      - b,
      c) S
      |
      nr_node_for_each_safe(a,
      - b,
      c, d) S
      |
      - for_each_gfn_sp(a, c, d, b) S
      + for_each_gfn_sp(a, c, d) S
      |
      - for_each_gfn_indirect_valid_sp(a, c, d, b) S
      + for_each_gfn_indirect_valid_sp(a, c, d) S
      |
      for_each_host(a,
      - b,
      c) S
      |
      for_each_host_safe(a,
      - b,
      c, d) S
      |
      for_each_mesh_entry(a,
      - b,
      c, d) S
      )
          ...+>
      
      [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
      [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
      [akpm@linux-foundation.org: checkpatch fixes]
      [akpm@linux-foundation.org: fix warnings]
      [akpm@linux-foudnation.org: redo intrusive kvm changes]
      Tested-by: 's avatarPeter Senna Tschudin <peter.senna@gmail.com>
      Acked-by: 's avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: 's avatarSasha Levin <sasha.levin@oracle.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      b67bfe0d
  21. 04 Feb, 2013 1 commit
  22. 22 Jun, 2012 1 commit
    • Herbert Xu's avatar
      crypto: algapi - Move larval completion into algboss · 39871037
      Herbert Xu authored
      It has been observed that sometimes the crypto allocation code
      will get stuck for 60 seconds or multiples thereof.  This is
      usually caused by an algorithm failing to pass the self-test.
      
      If an algorithm fails to be constructed, we will immediately notify
      all larval waiters.  However, if it succeeds in construction, but
      then fails the self-test, we won't notify anyone at all.
      
      This patch fixes this by merging the notification in the case
      where the algorithm fails to be constructed with that of the
      the case where it pases the self-test.  This way regardless of
      what happens, we'll give the larval waiters an answer.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      39871037
  23. 26 Jan, 2012 1 commit
  24. 09 Nov, 2011 1 commit
  25. 21 Oct, 2011 3 commits
  26. 03 May, 2010 1 commit
  27. 30 Mar, 2010 1 commit
    • Tejun Heo's avatar
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo authored
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: 's avatarTejun Heo <tj@kernel.org>
      Guess-its-ok-by: 's avatarChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  28. 16 Feb, 2010 1 commit
  29. 31 Aug, 2009 1 commit
    • Herbert Xu's avatar
      crypto: api - Do not displace newly registered algorithms · 2bf29016
      Herbert Xu authored
      We have a mechanism where newly registered algorithms of a higher
      priority can displace existing instances that use a different
      implementation of the same algorithm with a lower priority.
      
      Unfortunately the same mechanism can cause a newly registered
      algorithm to displace itself if it depends on an existing version
      of the same algorithm.
      
      This patch fixes this by keeping all algorithms that the newly
      reigstered algorithm depends on, thus protecting them from being
      removed.
      Signed-off-by: 's avatarHerbert Xu <herbert@gondor.apana.org.au>
      2bf29016
  30. 29 Aug, 2009 1 commit
  31. 09 Jul, 2009 1 commit
  32. 08 Jul, 2009 2 commits
  33. 07 Jul, 2009 1 commit