lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <370458fcfbbd452381ad0f8787293455@rohde-schwarz.com>
Date: Thu, 15 Aug 2024 09:38:36 +0000
From: VanGiang Nguyen <vangiang.nguyen@...de-schwarz.com>
To: "steffen.klassert@...unet.com" <steffen.klassert@...unet.com>,
	"daniel.m.jordan@...cle.com" <daniel.m.jordan@...cle.com>
CC: "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [PATCH v2] padata: use integer wrap around to prevent deadlock on
 seq_nr overflow

When submitting more than 2^32 padata objects to padata_do_serial, the
current sorting implementation incorrectly sorts padata objects with
overflowed seq_nr, causing them to be placed before existing objects in
the reorder list. This leads to a deadlock in the serialization process
as padata_find_next cannot match padata->seq_nr and pd->processed
because the padata instance with overflowed seq_nr will be selected
next.

To fix this, we use an unsigned integer wrap around to correctly sort
padata objects in scenarios with integer overflow.

Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")

Co-developed-by: Christian Gafert <christian.gafert@...de-schwarz.com>
Signed-off-by: Christian Gafert <christian.gafert@...de-schwarz.com>
Co-developed-by: Max Ferger <max.ferger@...de-schwarz.com>
Signed-off-by: Max Ferger <max.ferger@...de-schwarz.com>
Signed-off-by: Van Giang Nguyen <vangiang.nguyen@...de-schwarz.com>
Acked-by: Daniel Jordan <daniel.m.jordan@...cle.com>
---
v2: include Fixes tag and Daniel's Acked-by tag
v1: https://lore.kernel.org/a16995232eda4d39812f4bd94d9fb846@rohde-schwarz.com
 kernel/padata.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/padata.c b/kernel/padata.c
index 53f4bc912712..222bccd0c96b 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata)
 	/* Sort in ascending order of sequence number. */
 	list_for_each_prev(pos, &reorder->list) {
 		cur = list_entry(pos, struct padata_priv, list);
-		if (cur->seq_nr < padata->seq_nr)
+		/* Compare by difference to consider integer wrap around */
+		if ((signed int)(cur->seq_nr - padata->seq_nr) < 0)
 			break;
 	}
 	list_add(&padata->list, pos);
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ