lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024052103-CVE-2023-52813-0704@gregkh>
Date: Tue, 21 May 2024 17:31:49 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2023-52813: crypto: pcrypt - Fix hungtask for PADATA_RESET

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix hungtask for PADATA_RESET

We found a hungtask bug in test_aead_vec_cfg as follows:

INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
 __switch_to+0x98/0xe0
 __schedule+0x6c4/0xf40
 schedule+0xd8/0x1b4
 schedule_timeout+0x474/0x560
 wait_for_common+0x368/0x4e0
 wait_for_completion+0x20/0x30
 wait_for_completion+0x20/0x30
 test_aead_vec_cfg+0xab4/0xd50
 test_aead+0x144/0x1f0
 alg_test_aead+0xd8/0x1e0
 alg_test+0x634/0x890
 cryptomgr_test+0x40/0x70
 kthread+0x1e0/0x220
 ret_from_fork+0x10/0x18
 Kernel panic - not syncing: hung_task: blocked tasks

For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.

The problem comes as following:
(padata_do_parallel)                 |
    rcu_read_lock_bh();              |
    err = -EINVAL;                   |   (padata_replace)
                                     |     pinst->flags |= PADATA_RESET;
    err = -EBUSY                     |
    if (pinst->flags & PADATA_RESET) |
        rcu_read_unlock_bh()         |
        return err

In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.

v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.

The Linux kernel CVE team has assigned CVE-2023-52813 to this issue.


Affected and fixed versions
===========================

	Fixed in 4.14.331 with commit fb2d3a50a8f2
	Fixed in 4.19.300 with commit 039fec48e062
	Fixed in 5.4.262 with commit c9c133469730
	Fixed in 5.10.202 with commit e97bf4ada7dd
	Fixed in 5.15.140 with commit 546c1796ad1e
	Fixed in 6.1.64 with commit c55fc098fd9d
	Fixed in 6.5.13 with commit e134f3aba98e
	Fixed in 6.6.3 with commit 372636debe85
	Fixed in 6.7 with commit 8f4f68e788c3

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52813
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	crypto/pcrypt.c
	kernel/padata.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818
	https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0
	https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7
	https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d
	https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316
	https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e
	https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf
	https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28
	https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ