lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aPH7vuz7Z3dunQbk@gondor.apana.org.au>
Date: Fri, 17 Oct 2025 16:18:06 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Shivani Agarwal <shivani.agarwal@...adcom.com>
Cc: davem@...emloft.net, smueller@...onox.de, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, bcm-kernel-feedback-list@...adcom.com,
	ajay.kaher@...adcom.com, alexey.makhalov@...adcom.com,
	tapas.kundu@...adcom.com, vamsi-krishna.brahmajosyula@...adcom.com,
	srinidhi.rao@...adcom.com, stable@...r.kernel.org
Subject: Re: [PATCH v2] crypto: zero initialize memory allocated via
 sock_kmalloc

On Tue, Sep 23, 2025 at 11:01:48PM -0700, Shivani Agarwal wrote:
> Several crypto user API contexts and requests allocated with
> sock_kmalloc() were left uninitialized, relying on callers to
> set fields explicitly. This resulted in the use of uninitialized
> data in certain error paths or when new fields are added in the
> future.
> 
> The ACVP patches also contain two user-space interface files:
> algif_kpp.c and algif_akcipher.c. These too rely on proper
> initialization of their context structures.
> 
> A particular issue has been observed with the newly added
> 'inflight' variable introduced in af_alg_ctx by commit:
> 
>   67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests")
> 
> Because the context is not memset to zero after allocation,
> the inflight variable has contained garbage values. As a result,
> af_alg_alloc_areq() has incorrectly returned -EBUSY randomly when
> the garbage value was interpreted as true:
> 
>   https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209
> 
> The check directly tests ctx->inflight without explicitly
> comparing against true/false. Since inflight is only ever set to
> true or false later, an uninitialized value has triggered
> -EBUSY failures. Zero-initializing memory allocated with
> sock_kmalloc() ensures inflight and other fields start in a known
> state, removing random issues caused by uninitialized data.
> 
> Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations")
> Fixes: 5afdfd22e6ba ("crypto: algif_rng - add random number generator support")
> Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of duplicate code")
> Fixes: 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests")
> Cc: stable@...r.kernel.org
> Signed-off-by: Shivani Agarwal <shivani.agarwal@...adcom.com>
> ---
> Changes in v2:
> - Dropped algif_skcipher_export changes, The ctx->state will immediately
> be overwritten by crypto_skcipher_export.
> - No other changes.
> ---
>  crypto/af_alg.c     | 5 ++---
>  crypto/algif_hash.c | 3 +--
>  crypto/algif_rng.c  | 3 +--
>  3 files changed, 4 insertions(+), 7 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ