• Eric Biggers's avatar
    crypto: chacha20poly1305 - fix atomic sleep when using async algorithm · 7545b6c2
    Eric Biggers authored
    Clear the CRYPTO_TFM_REQ_MAY_SLEEP flag when the chacha20poly1305
    operation is being continued from an async completion callback, since
    sleeping may not be allowed in that context.
    
    This is basically the same bug that was recently fixed in the xts and
    lrw templates.  But, it's always been broken in chacha20poly1305 too.
    This was found using syzkaller in combination with the updated crypto
    self-tests which actually test the MAY_SLEEP flag now.
    
    Reproducer:
    
        python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(
        	       ("aead", "rfc7539(cryptd(chacha20-generic),poly1305-generic)"))'
    
    Kernel output:
    
        BUG: sleeping function called from invalid context at include/crypto/algapi.h:426
        in_atomic(): 1, irqs_disabled(): 0, pid: 1001, name: kworker/2:2
        [...]
        CPU: 2 PID: 1001 Comm: kworker/2:2 Not tainted 5.2.0-rc2 #5
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
        Workqueue: crypto cryptd_queue_worker
        Call Trace:
         __dump_stack lib/dump_stack.c:77 [inline]
         dump_stack+0x4d/0x6a lib/dump_stack.c:113
         ___might_sleep kernel/sched/core.c:6138 [inline]
         ___might_sleep.cold.19+0x8e/0x9f kernel/sched/core.c:6095
         crypto_yield include/crypto/algapi.h:426 [inline]
         crypto_hash_walk_done+0xd6/0x100 crypto/ahash.c:113
         shash_ahash_update+0x41/0x60 crypto/shash.c:251
         shash_async_update+0xd/0x10 crypto/shash.c:260
         crypto_ahash_update include/crypto/hash.h:539 [inline]
         poly_setkey+0xf6/0x130 crypto/chacha20poly1305.c:337
         poly_init+0x51/0x60 crypto/chacha20poly1305.c:364
         async_done_continue crypto/chacha20poly1305.c:78 [inline]
         poly_genkey_done+0x15/0x30 crypto/chacha20poly1305.c:369
         cryptd_skcipher_complete+0x29/0x70 crypto/cryptd.c:279
         cryptd_skcipher_decrypt+0xcd/0x110 crypto/cryptd.c:339
         cryptd_queue_worker+0x70/0xa0 crypto/cryptd.c:184
         process_one_work+0x1ed/0x420 kernel/workqueue.c:2269
         worker_thread+0x3e/0x3a0 kernel/workqueue.c:2415
         kthread+0x11f/0x140 kernel/kthread.c:255
         ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
    
    Fixes: 71ebc4d1 ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
    Cc: <stable@vger.kernel.org> # v4.2+
    Cc: Martin Willi <martin@strongswan.org>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    7545b6c2
chacha20poly1305.c 19.4 KB