lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <b1f74213800152dbd91fa2649b82c182058c295f6c1c15799a5b5871aa5ced48@mail.kernel.org>
Date: Tue, 20 Jan 2026 19:13:44 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: git@...ielhodges.dev,bpf@...r.kernel.org
Cc: ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,vadim.fedorenko@...ux.dev,song@...nel.org,yatsenko@...a.com,martin.lau@...ux.dev,eddyz87@...il.com,haoluo@...gle.com,jolsa@...nel.org,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,yonghong.song@...ux.dev,herbert@...dor.apana.org.au,davem@...emloft.net,linux-crypto@...r.kernel.org,linux-kernel@...r.kernel.org,linux-kselftest@...r.kernel.org,git@...ielhodges.dev,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH bpf-next v5 3/7] crypto: Add BPF signature algorithm type registration module

> diff --git a/crypto/bpf_crypto_sig.c b/crypto/bpf_crypto_sig.c
> new file mode 100644
> index 000000000000..1d6521a066be
> --- /dev/null
> +++ b/crypto/bpf_crypto_sig.c

[ ... ]

> +static const struct bpf_crypto_type bpf_crypto_sig_type = {
> +	.alloc_tfm	= bpf_crypto_sig_alloc_tfm,
> +	.free_tfm	= bpf_crypto_sig_free_tfm,
> +	.has_algo	= bpf_crypto_sig_has_algo,
> +	.get_flags	= bpf_crypto_sig_get_flags,
> +	.setkey		= bpf_crypto_sig_setkey,
> +	.verify		= bpf_crypto_sig_verify,
> +	.owner		= THIS_MODULE,
> +	.type_id	= BPF_CRYPTO_TYPE_SIG,
> +	.name		= "sig",
> +};

The bpf_crypto_sig_type struct does not set .ivsize or .statesize callbacks.
In bpf_crypto_ctx_create() in kernel/bpf/crypto.c, there is an unconditional
call:

    ctx->siv_len = type->ivsize(ctx->tfm) + type->statesize(ctx->tfm);

If a BPF program creates a crypto context with type="sig", this will call
NULL function pointers and crash the kernel.

I see this is fixed later in the series by commit 76d771a64b50 ("bpf: Add
hash kfunc for cryptographic hashing") which adds NULL checks:

    if (type->ivsize && type->statesize)
        ctx->siv_len = type->ivsize(ctx->tfm) + type->statesize(ctx->tfm);

Should this fix be folded into this commit to avoid the intermediate crash?

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21183820118

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ