diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2023-11-28 16:25:49 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-25 14:33:32 -0800 |
commit | 19af0310c8767c993f2a5d5261e4df3f9f465ce1 (patch) | |
tree | e4a72c94e4acaea06aa1bb7f6f922ecb502fd22f | |
parent | 063f6c37b06c115b1d8336d5dac7ea4f7c9ffe53 (diff) | |
download | linux-stable-19af0310c8767c993f2a5d5261e4df3f9f465ce1.tar.gz linux-stable-19af0310c8767c993f2a5d5261e4df3f9f465ce1.tar.bz2 linux-stable-19af0310c8767c993f2a5d5261e4df3f9f465ce1.zip |
crypto: af_alg - Disallow multiple in-flight AIO requests
[ Upstream commit 67b164a871af1d736f131fd6fe78a610909f06f3 ]
Having multiple in-flight AIO requests results in unpredictable
output because they all share the same IV. Fix this by only allowing
one request at a time.
Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to algif_aead")
Fixes: a596999b7ddf ("crypto: algif - change algif_skcipher to be asynchronous")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | crypto/af_alg.c | 14 | ||||
-rw-r--r-- | include/crypto/if_alg.h | 3 |
2 files changed, 16 insertions, 1 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c index d0276a4ed987..914496b184a9 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1032,9 +1032,13 @@ EXPORT_SYMBOL_GPL(af_alg_sendpage); void af_alg_free_resources(struct af_alg_async_req *areq) { struct sock *sk = areq->sk; + struct af_alg_ctx *ctx; af_alg_free_areq_sgls(areq); sock_kfree_s(sk, areq, areq->areqlen); + + ctx = alg_sk(sk)->private; + ctx->inflight = false; } EXPORT_SYMBOL_GPL(af_alg_free_resources); @@ -1098,11 +1102,19 @@ EXPORT_SYMBOL_GPL(af_alg_poll); struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, unsigned int areqlen) { - struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); + struct af_alg_ctx *ctx = alg_sk(sk)->private; + struct af_alg_async_req *areq; + + /* Only one AIO request can be in flight. */ + if (ctx->inflight) + return ERR_PTR(-EBUSY); + areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); if (unlikely(!areq)) return ERR_PTR(-ENOMEM); + ctx->inflight = true; + areq->areqlen = areqlen; areq->sk = sk; areq->last_rsgl = NULL; diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index 11f107df78dc..2c1748dc6640 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -141,6 +141,7 @@ struct af_alg_async_req { * @enc: Cryptographic operation to be performed when * recvmsg is invoked. * @len: Length of memory allocated for this data structure. + * @inflight: Non-zero when AIO requests are in flight. */ struct af_alg_ctx { struct list_head tsgl_list; @@ -158,6 +159,8 @@ struct af_alg_ctx { bool enc; unsigned int len; + + unsigned int inflight; }; int af_alg_register_type(const struct af_alg_type *type); |