Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_samsung_gta4xl / 1371d1aac1d6b88b0aff31013be162b0caf13d26^! / .
commit1371d1aac1d6b88b0aff31013be162b0caf13d26[log] [tgz]
authorHerbert Xu <herbert@gondor.apana.org.au>Tue Nov 28 16:25:49 2023 +0800
committerVegard Nossum <vegard.nossum@oracle.com>Fri Feb 02 11:33:39 2024 +0000
tree606a8972ac30e91fce324fca4e33a71467f518d6
parent3d1343b49d7b745740609c97bbd1459fb05a2db8 [diff]
crypto: af_alg - Disallow multiple in-flight AIO requests

[ Upstream commit 67b164a871af1d736f131fd6fe78a610909f06f3 ]

Having multiple in-flight AIO requests results in unpredictable
output because they all share the same IV.  Fix this by only allowing
one request at a time.

Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to algif_aead")
Fixes: a596999b7ddf ("crypto: algif - change algif_skcipher to be asynchronous")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 19af0310c8767c993f2a5d5261e4df3f9f465ce1)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index da000a2..24de37a 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c

@@ -1060,9 +1060,13 @@
 void af_alg_free_resources(struct af_alg_async_req *areq)
 {
 	struct sock *sk = areq->sk;
+	struct af_alg_ctx *ctx;
 
 	af_alg_free_areq_sgls(areq);
 	sock_kfree_s(sk, areq, areq->areqlen);
+
+	ctx = alg_sk(sk)->private;
+	ctx->inflight = false;
 }
 EXPORT_SYMBOL_GPL(af_alg_free_resources);
 
@@ -1126,11 +1130,19 @@
 struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk,
 					   unsigned int areqlen)
 {
-	struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL);
+	struct af_alg_ctx *ctx = alg_sk(sk)->private;
+	struct af_alg_async_req *areq;
 
+	/* Only one AIO request can be in flight. */
+	if (ctx->inflight)
+		return ERR_PTR(-EBUSY);
+
+	areq = sock_kmalloc(sk, areqlen, GFP_KERNEL);
 	if (unlikely(!areq))
 		return ERR_PTR(-ENOMEM);
 
+	ctx->inflight = true;
+
 	areq->areqlen = areqlen;
 	areq->sk = sk;
 	areq->last_rsgl = NULL;

diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 2ea6a95..f803dc8 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h

@@ -146,6 +146,7 @@
  * @enc:		Cryptographic operation to be performed when
  *			recvmsg is invoked.
  * @len:		Length of memory allocated for this data structure.
+ * @inflight:		Non-zero when AIO requests are in flight.
  */
 struct af_alg_ctx {
 	struct list_head tsgl_list;
@@ -163,6 +164,8 @@
 	bool enc;
 
 	unsigned int len;
+
+	unsigned int inflight;
 };
 
 int af_alg_register_type(const struct af_alg_type *type);