Commit 7c1ecabc authored by Herbert Xu's avatar Herbert Xu Committed by Yi Yang
Browse files

crypto: api - Use work queue in crypto_destroy_instance 

mainline inclusion
from mainline-v6.6-rc1
commit 9ae4577b
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8J49F
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ae4577bc077a7e32c3c7d442c95bc76865c0f17



--------------------------------

The function crypto_drop_spawn expects to be called in process
context.  However, when an instance is unregistered while it still
has active users, the last user may cause the instance to be freed
in atomic context.

Fix this by delaying the freeing to a work queue.

Fixes: 6bfd4809 ("[CRYPTO] api: Added spawns")
Reported-by: default avatarFlorent Revest <revest@chromium.org>
Reported-by: default avatar <syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Tested-by: default avatarFlorent Revest <revest@chromium.org>
Acked-by: default avatarFlorent Revest <revest@chromium.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>

conflicts:
	crypto/algapi.c
	include/crypto/algapi.h

Signed-off-by: default avatarYi Yang <yiyang13@huawei.com>
parent d6bd8efe

crypto/algapi.c

+14 −2
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ 
#include <linux/rtnetlink.h>

#include <linux/slab.h>

#include <linux/string.h>

#include <linux/workqueue.h>



#include "internal.h"
@@ -87,15 +88,26 @@ static void crypto_free_instance(struct crypto_instance *inst) 
	inst->alg.cra_type->free(inst);

}



static void crypto_destroy_instance(struct crypto_alg *alg)

static void crypto_destroy_instance_workfn(struct work_struct *w)

{

	struct crypto_instance *inst = (void *)alg;

	struct crypto_instance *inst = container_of(w, struct crypto_instance,

						    free_work);

	struct crypto_template *tmpl = inst->tmpl;



	crypto_free_instance(inst);

	crypto_tmpl_put(tmpl);

}



static void crypto_destroy_instance(struct crypto_alg *alg)

{

	struct crypto_instance *inst = container_of(alg,

						    struct crypto_instance,

						    alg);



	INIT_WORK(&inst->free_work, crypto_destroy_instance_workfn);

	schedule_work(&inst->free_work);

}



static struct list_head *crypto_more_spawns(struct crypto_alg *alg,

					    struct list_head *stack,

					    struct list_head *top,

include/crypto/algapi.h

+3 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <linux/list.h>

#include <linux/kernel.h>

#include <linux/skbuff.h>

#include <linux/workqueue.h>



/*

 * Maximum values for blocksize and alignmask, used to allocate
@@ -52,6 +53,8 @@ struct crypto_instance { 
	struct crypto_template *tmpl;

	struct hlist_node list;



	struct work_struct free_work;



	void *__ctx[] CRYPTO_MINALIGN_ATTR;

};