| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250709005954.155842-1-ebiggers@kernel.org>
Date: Tue, 8 Jul 2025 17:59:54 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: linux-crypto@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
Suman Kumar Chakraborty <suman.kumar.chakraborty@...el.com>,
Eric Biggers <ebiggers@...nel.org>,
stable@...r.kernel.org
Subject: [PATCH] crypto: acomp - Fix CFI failure due to type punning
To avoid a crash when control flow integrity is enabled, make the
workspace ("stream") free function use a consistent type, and call it
through a function pointer that has that same type.
Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp")
Cc: stable@...r.kernel.org
Signed-off-by: Eric Biggers <ebiggers@...nel.org>
---
crypto/deflate.c | 7 ++++++-
crypto/zstd.c | 7 ++++++-
include/crypto/internal/acompress.h | 5 +----
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/crypto/deflate.c b/crypto/deflate.c
index fe8e4ad0fee10..21404515dc77e 100644
--- a/crypto/deflate.c
+++ b/crypto/deflate.c
@@ -46,13 +46,18 @@ static void *deflate_alloc_stream(void)
ctx->stream.workspace = ctx->workspace;
return ctx;
}
+static void deflate_free_stream(void *ctx)
+{
+ kvfree(ctx);
+}
+
static struct crypto_acomp_streams deflate_streams = {
.alloc_ctx = deflate_alloc_stream,
- .cfree_ctx = kvfree,
+ .free_ctx = deflate_free_stream,
};
static int deflate_compress_one(struct acomp_req *req,
struct deflate_stream *ds)
{
diff --git a/crypto/zstd.c b/crypto/zstd.c
index 657e0cf7b9524..ff5f596a4ea7e 100644
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@@ -52,13 +52,18 @@ static void *zstd_alloc_stream(void)
ctx->wksp_size = wksp_size;
return ctx;
}
+static void zstd_free_stream(void *ctx)
+{
+ kvfree(ctx);
+}
+
static struct crypto_acomp_streams zstd_streams = {
.alloc_ctx = zstd_alloc_stream,
- .cfree_ctx = kvfree,
+ .free_ctx = zstd_free_stream,
};
static int zstd_init(struct crypto_acomp *acomp_tfm)
{
int ret = 0;
diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h
index ffffd88bbbad3..2d97440028ffd 100644
--- a/include/crypto/internal/acompress.h
+++ b/include/crypto/internal/acompress.h
@@ -61,14 +61,11 @@ struct crypto_acomp_stream {
};
struct crypto_acomp_streams {
/* These must come first because of struct scomp_alg. */
void *(*alloc_ctx)(void);
- union {
- void (*free_ctx)(void *);
- void (*cfree_ctx)(const void *);
- };
+ void (*free_ctx)(void *);
struct crypto_acomp_stream __percpu *streams;
struct work_struct stream_work;
cpumask_t stream_want;
};
base-commit: 181698af38d3f93381229ad89c09b5bd0496661a
--
2.50.1
Powered by blists - more mailing lists