|
| 1 | +crypto: algif_aead - snapshot IV for async AEAD requests |
| 2 | + |
| 3 | +jira KERNEL-949 |
| 4 | +Rebuild_History Non-Buildable kernel-4.18.0-553.123.1.el8_10 |
| 5 | +commit-author Douya Le <ldy3087146292@gmail.com> |
| 6 | +commit 5aa58c3a572b3e3b6c786953339f7978b845cc52 |
| 7 | +Empty-Commit: Cherry-Pick Conflicts during history rebuild. |
| 8 | +Will be included in final tarball splat. Ref for failed cherry-pick at: |
| 9 | +ciq/ciq_backports/kernel-4.18.0-553.123.1.el8_10/5aa58c3a.failed |
| 10 | + |
| 11 | +AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during |
| 12 | +request processing. For async requests, later socket activity can |
| 13 | +update that shared state before the original request has fully |
| 14 | +completed, which can lead to inconsistent IV handling. |
| 15 | + |
| 16 | +Snapshot the IV into per-request storage when preparing the AEAD |
| 17 | +request, so in-flight operations no longer depend on mutable socket |
| 18 | +state. |
| 19 | + |
| 20 | +Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") |
| 21 | + Cc: stable@kernel.org |
| 22 | + Reported-by: Yuan Tan <yuantan098@gmail.com> |
| 23 | + Reported-by: Yifan Wu <yifanwucs@gmail.com> |
| 24 | + Reported-by: Juefei Pu <tomapufckgml@gmail.com> |
| 25 | + Reported-by: Xin Liu <bird@lzu.edu.cn> |
| 26 | +Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn> |
| 27 | + Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn> |
| 28 | + Tested-by: Yucheng Lu <kanolyc@gmail.com> |
| 29 | + Signed-off-by: Douya Le <ldy3087146292@gmail.com> |
| 30 | + Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> |
| 31 | + Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| 32 | +(cherry picked from commit 5aa58c3a572b3e3b6c786953339f7978b845cc52) |
| 33 | + Signed-off-by: Jonathan Maple <jmaple@ciq.com> |
| 34 | + |
| 35 | +# Conflicts: |
| 36 | +# crypto/algif_aead.c |
| 37 | +diff --cc crypto/algif_aead.c |
| 38 | +index d9946c4f70eb,cb651ab58d62..000000000000 |
| 39 | +--- a/crypto/algif_aead.c |
| 40 | ++++ b/crypto/algif_aead.c |
| 41 | +@@@ -97,13 -70,12 +97,20 @@@ static int _aead_recvmsg(struct socket |
| 42 | + struct sock *psk = ask->parent; |
| 43 | + struct alg_sock *pask = alg_sk(psk); |
| 44 | + struct af_alg_ctx *ctx = ask->private; |
| 45 | +++<<<<<<< HEAD |
| 46 | + + struct aead_tfm *aeadc = pask->private; |
| 47 | + + struct crypto_aead *tfm = aeadc->aead; |
| 48 | + + struct crypto_skcipher *null_tfm = aeadc->null_tfm; |
| 49 | + + unsigned int i, as = crypto_aead_authsize(tfm); |
| 50 | +++======= |
| 51 | ++ struct crypto_aead *tfm = pask->private; |
| 52 | ++ unsigned int as = crypto_aead_authsize(tfm); |
| 53 | ++ unsigned int ivsize = crypto_aead_ivsize(tfm); |
| 54 | +++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests) |
| 55 | + struct af_alg_async_req *areq; |
| 56 | + + struct af_alg_tsgl *tsgl, *tmp; |
| 57 | + struct scatterlist *rsgl_src, *tsgl_src = NULL; |
| 58 | ++ void *iv; |
| 59 | + int err = 0; |
| 60 | + size_t used = 0; /* [in] TX bufs to be en/decrypted */ |
| 61 | + size_t outlen = 0; /* [out] RX bufs produced by kernel */ |
| 62 | +@@@ -214,75 -187,13 +225,80 @@@ |
| 63 | + */ |
| 64 | + |
| 65 | + /* Use the RX SGL as source (and destination) for crypto op. */ |
| 66 | + - rsgl_src = areq->first_rsgl.sgl.sgt.sgl; |
| 67 | + + rsgl_src = areq->first_rsgl.sgl.sg; |
| 68 | + + |
| 69 | + + if (ctx->enc) { |
| 70 | + + /* |
| 71 | + + * Encryption operation - The in-place cipher operation is |
| 72 | + + * achieved by the following operation: |
| 73 | + + * |
| 74 | + + * TX SGL: AAD || PT |
| 75 | + + * | | |
| 76 | + + * | copy | |
| 77 | + + * v v |
| 78 | + + * RX SGL: AAD || PT || Tag |
| 79 | + + */ |
| 80 | + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
| 81 | + + areq->first_rsgl.sgl.sg, processed); |
| 82 | + + if (err) |
| 83 | + + goto free; |
| 84 | + + af_alg_pull_tsgl(sk, processed, NULL, 0); |
| 85 | + + } else { |
| 86 | + + /* |
| 87 | + + * Decryption operation - To achieve an in-place cipher |
| 88 | + + * operation, the following SGL structure is used: |
| 89 | + + * |
| 90 | + + * TX SGL: AAD || CT || Tag |
| 91 | + + * | | ^ |
| 92 | + + * | copy | | Create SGL link. |
| 93 | + + * v v | |
| 94 | + + * RX SGL: AAD || CT ----+ |
| 95 | + + */ |
| 96 | + + |
| 97 | + + /* Copy AAD || CT to RX SGL buffer for in-place operation. */ |
| 98 | + + err = crypto_aead_copy_sgl(null_tfm, tsgl_src, |
| 99 | + + areq->first_rsgl.sgl.sg, outlen); |
| 100 | + + if (err) |
| 101 | + + goto free; |
| 102 | + |
| 103 | + - memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen); |
| 104 | + + /* Create TX SGL for tag and chain it to RX SGL. */ |
| 105 | + + areq->tsgl_entries = af_alg_count_tsgl(sk, processed, |
| 106 | + + processed - as); |
| 107 | + + if (!areq->tsgl_entries) |
| 108 | + + areq->tsgl_entries = 1; |
| 109 | + + areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl), |
| 110 | + + areq->tsgl_entries), |
| 111 | + + GFP_KERNEL); |
| 112 | + + if (!areq->tsgl) { |
| 113 | + + err = -ENOMEM; |
| 114 | + + goto free; |
| 115 | + + } |
| 116 | + + sg_init_table(areq->tsgl, areq->tsgl_entries); |
| 117 | + + |
| 118 | + + /* Release TX SGL, except for tag data and reassign tag data. */ |
| 119 | + + af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); |
| 120 | + + |
| 121 | + + /* chain the areq TX SGL holding the tag with RX SGL */ |
| 122 | + + if (usedpages) { |
| 123 | + + /* RX SGL present */ |
| 124 | + + struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; |
| 125 | + + |
| 126 | + + sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); |
| 127 | + + sg_chain(sgl_prev->sg, sgl_prev->npages + 1, |
| 128 | + + areq->tsgl); |
| 129 | + + } else |
| 130 | + + /* no RX SGL present (e.g. authentication only) */ |
| 131 | + + rsgl_src = areq->tsgl; |
| 132 | + + } |
| 133 | + |
| 134 | + /* Initialize the crypto operation */ |
| 135 | +++<<<<<<< HEAD |
| 136 | + + aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src, |
| 137 | + + areq->first_rsgl.sgl.sg, used, ctx->iv); |
| 138 | +++======= |
| 139 | ++ aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src, |
| 140 | ++ areq->first_rsgl.sgl.sgt.sgl, used, iv); |
| 141 | +++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests) |
| 142 | + aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); |
| 143 | + aead_request_set_tfm(&areq->cra_u.aead_req, tfm); |
| 144 | + |
| 145 | +* Unmerged path crypto/algif_aead.c |
0 commit comments