| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Nov 2022 12:11:15 +0800
From: liulongfang <liulongfang@...wei.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
CC: <wangzhou1@...ilicon.com>, <linux-crypto@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] crypto/hisilicon: Add null judgment to the callback
interface
On 2022/11/10 11:20, Herbert Xu wrote:
> On Thu, Nov 10, 2022 at 10:03:53AM +0800, liulongfang wrote:
> .
>> This problem occurs in the application code of the encryption usage scenario
>> (unfortunately, these codes are not open to the public and cannot be given to you),
>
> Are you saying this requires out-of-tree kernel code to trigger?
>
Yes, this problem is triggered by application layer code,
but it happens on kernel driver code.
> Then you should fix that out-of-tree code.
>
When using crypto's skcipher series interfaces for encryption and decryption
services, User can use synchronous mode(by adjusting some skcipher interfaces,
here is to remove skcipher_request_set_callback()) or asynchronous mode,
but when using synchronous mode and the current asynchronous mode is loaded
it will cause a calltrace.
The current problem is that the interface of skcipher does not restrict users
to call functions in this way for encryption services.
If the current driver doesn't handle this, there is a possibility that some users
deliberately create this kind of problem to cause the kernel to crash.
> Thanks,
>
Powered by blists - more mailing lists