Skip to content

Commit 6e2d583

Browse files
committed
crypto: algif_aead - snapshot IV for async AEAD requests
jira KERNEL-949 Rebuild_History Non-Buildable kernel-4.18.0-553.123.1.el8_10 commit-author Douya Le <ldy3087146292@gmail.com> commit 5aa58c3 Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-4.18.0-553.123.1.el8_10/5aa58c3a.failed AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state. Fixes: d887c52 ("crypto: algif_aead - overhaul memory management") Cc: stable@kernel.org Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Yifan Wu <yifanwucs@gmail.com> Reported-by: Juefei Pu <tomapufckgml@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn> Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn> Tested-by: Yucheng Lu <kanolyc@gmail.com> Signed-off-by: Douya Le <ldy3087146292@gmail.com> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 5aa58c3) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # crypto/algif_aead.c
1 parent ad16369 commit 6e2d583

1 file changed

Lines changed: 145 additions & 0 deletions

File tree

Lines changed: 145 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,145 @@
1+
crypto: algif_aead - snapshot IV for async AEAD requests
2+
3+
jira KERNEL-949
4+
Rebuild_History Non-Buildable kernel-4.18.0-553.123.1.el8_10
5+
commit-author Douya Le <ldy3087146292@gmail.com>
6+
commit 5aa58c3a572b3e3b6c786953339f7978b845cc52
7+
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
8+
Will be included in final tarball splat. Ref for failed cherry-pick at:
9+
ciq/ciq_backports/kernel-4.18.0-553.123.1.el8_10/5aa58c3a.failed
10+
11+
AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during
12+
request processing. For async requests, later socket activity can
13+
update that shared state before the original request has fully
14+
completed, which can lead to inconsistent IV handling.
15+
16+
Snapshot the IV into per-request storage when preparing the AEAD
17+
request, so in-flight operations no longer depend on mutable socket
18+
state.
19+
20+
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
21+
Cc: stable@kernel.org
22+
Reported-by: Yuan Tan <yuantan098@gmail.com>
23+
Reported-by: Yifan Wu <yifanwucs@gmail.com>
24+
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
25+
Reported-by: Xin Liu <bird@lzu.edu.cn>
26+
Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
27+
Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
28+
Tested-by: Yucheng Lu <kanolyc@gmail.com>
29+
Signed-off-by: Douya Le <ldy3087146292@gmail.com>
30+
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
31+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
32+
(cherry picked from commit 5aa58c3a572b3e3b6c786953339f7978b845cc52)
33+
Signed-off-by: Jonathan Maple <jmaple@ciq.com>
34+
35+
# Conflicts:
36+
# crypto/algif_aead.c
37+
diff --cc crypto/algif_aead.c
38+
index d9946c4f70eb,cb651ab58d62..000000000000
39+
--- a/crypto/algif_aead.c
40+
+++ b/crypto/algif_aead.c
41+
@@@ -97,13 -70,12 +97,20 @@@ static int _aead_recvmsg(struct socket
42+
struct sock *psk = ask->parent;
43+
struct alg_sock *pask = alg_sk(psk);
44+
struct af_alg_ctx *ctx = ask->private;
45+
++<<<<<<< HEAD
46+
+ struct aead_tfm *aeadc = pask->private;
47+
+ struct crypto_aead *tfm = aeadc->aead;
48+
+ struct crypto_skcipher *null_tfm = aeadc->null_tfm;
49+
+ unsigned int i, as = crypto_aead_authsize(tfm);
50+
++=======
51+
+ struct crypto_aead *tfm = pask->private;
52+
+ unsigned int as = crypto_aead_authsize(tfm);
53+
+ unsigned int ivsize = crypto_aead_ivsize(tfm);
54+
++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests)
55+
struct af_alg_async_req *areq;
56+
+ struct af_alg_tsgl *tsgl, *tmp;
57+
struct scatterlist *rsgl_src, *tsgl_src = NULL;
58+
+ void *iv;
59+
int err = 0;
60+
size_t used = 0; /* [in] TX bufs to be en/decrypted */
61+
size_t outlen = 0; /* [out] RX bufs produced by kernel */
62+
@@@ -214,75 -187,13 +225,80 @@@
63+
*/
64+
65+
/* Use the RX SGL as source (and destination) for crypto op. */
66+
- rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
67+
+ rsgl_src = areq->first_rsgl.sgl.sg;
68+
+
69+
+ if (ctx->enc) {
70+
+ /*
71+
+ * Encryption operation - The in-place cipher operation is
72+
+ * achieved by the following operation:
73+
+ *
74+
+ * TX SGL: AAD || PT
75+
+ * | |
76+
+ * | copy |
77+
+ * v v
78+
+ * RX SGL: AAD || PT || Tag
79+
+ */
80+
+ err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
81+
+ areq->first_rsgl.sgl.sg, processed);
82+
+ if (err)
83+
+ goto free;
84+
+ af_alg_pull_tsgl(sk, processed, NULL, 0);
85+
+ } else {
86+
+ /*
87+
+ * Decryption operation - To achieve an in-place cipher
88+
+ * operation, the following SGL structure is used:
89+
+ *
90+
+ * TX SGL: AAD || CT || Tag
91+
+ * | | ^
92+
+ * | copy | | Create SGL link.
93+
+ * v v |
94+
+ * RX SGL: AAD || CT ----+
95+
+ */
96+
+
97+
+ /* Copy AAD || CT to RX SGL buffer for in-place operation. */
98+
+ err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
99+
+ areq->first_rsgl.sgl.sg, outlen);
100+
+ if (err)
101+
+ goto free;
102+
103+
- memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);
104+
+ /* Create TX SGL for tag and chain it to RX SGL. */
105+
+ areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
106+
+ processed - as);
107+
+ if (!areq->tsgl_entries)
108+
+ areq->tsgl_entries = 1;
109+
+ areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
110+
+ areq->tsgl_entries),
111+
+ GFP_KERNEL);
112+
+ if (!areq->tsgl) {
113+
+ err = -ENOMEM;
114+
+ goto free;
115+
+ }
116+
+ sg_init_table(areq->tsgl, areq->tsgl_entries);
117+
+
118+
+ /* Release TX SGL, except for tag data and reassign tag data. */
119+
+ af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
120+
+
121+
+ /* chain the areq TX SGL holding the tag with RX SGL */
122+
+ if (usedpages) {
123+
+ /* RX SGL present */
124+
+ struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
125+
+
126+
+ sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
127+
+ sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
128+
+ areq->tsgl);
129+
+ } else
130+
+ /* no RX SGL present (e.g. authentication only) */
131+
+ rsgl_src = areq->tsgl;
132+
+ }
133+
134+
/* Initialize the crypto operation */
135+
++<<<<<<< HEAD
136+
+ aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
137+
+ areq->first_rsgl.sgl.sg, used, ctx->iv);
138+
++=======
139+
+ aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
140+
+ areq->first_rsgl.sgl.sgt.sgl, used, iv);
141+
++>>>>>>> 5aa58c3a572b (crypto: algif_aead - snapshot IV for async AEAD requests)
142+
aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
143+
aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
144+
145+
* Unmerged path crypto/algif_aead.c

0 commit comments

Comments
 (0)