Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 03:43:03 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/crypto
History
Rabin Vincent 3d53f1f716 crypto: af_alg - fix backlog handling 
commit 7e77bdebff5cb1e9876c561f69710b9ab8fa1f7e upstream.

If a request is backlogged, it's complete() handler will get called
twice: once with -EINPROGRESS, and once with the final error code.

af_alg's complete handler, unlike other users, does not handle the
-EINPROGRESS but instead always completes the completion that recvmsg()
is waiting on.  This can lead to a return to user space while the
request is still pending in the driver.  If userspace closes the sockets
before the requests are handled by the driver, this will lead to
use-after-frees (and potential crashes) in the kernel due to the tfm
having been freed.

The crashes can be easily reproduced (for example) by reducing the max
queue length in cryptod.c and running the following (from
http://www.chronox.de/libkcapi.html) on AES-NI capable hardware:

 $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \
    -k 00000000000000000000000000000000 \
    -p 00000000000000000000000000000000 >/dev/null & done

Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-01-08 09:58:17 -08:00
..
asymmetric_keys X.509: Remove certificate date checks 2013-12-04 10:57:33 -08:00
async_tx raid6test: use prandom_bytes() 2013-04-29 18:28:42 -07:00
842.c crypto: 842 - remove .cra_list initialization 2012-09-07 04:17:06 +08:00
ablkcipher.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
aead.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
aes_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
af_alg.c crypto: af_alg - fix backlog handling 2015-01-08 09:58:17 -08:00
ahash.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
algapi.c crypto: sanitize argument for format string 2013-07-13 11:42:26 -07:00
algboss.c crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
algif_hash.c Revert "net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST" 2013-12-20 07:45:12 -08:00
algif_skcipher.c crypto: algif - avoid excessive use of socket buffer in skcipher 2014-11-14 08:48:00 -08:00
ansi_cprng.c crypto: ansi_cprng - Fix off by one error in non-block size request 2013-11-29 11:11:40 -08:00
anubis.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
api.c crypto: api - Fix race condition in larval lookup 2013-09-26 17:18:01 -07:00
arc4.c crypto: arc4 - improve performance by using u32 for ctx and variables 2012-06-14 10:07:23 +08:00
authenc.c crypto: authenc - Find proper IV address in ablkcipher callback 2013-12-11 22:36:26 -08:00
authencesn.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
blkcipher.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
blowfish_common.c
blowfish_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
camellia_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
cast5_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast6_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast_common.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cbc.c
ccm.c crypto: ccm - Fix handling of zero plaintext when computing mac 2013-12-11 22:36:26 -08:00
chainiv.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
cipher.c
cmac.c crypto: add CMAC support to CryptoAPI 2013-04-25 21:01:47 +08:00
compress.c
crc32.c crypto: crc32 - add crc32 pclmulqdq implementation and wrappers for table implementation 2013-01-20 10:16:45 +11:00
crc32c.c crypto: crc32c should use library implementation 2012-03-23 16:58:38 -07:00
cryptd.c crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption 2012-10-24 21:21:18 +08:00
crypto_null.c crypto: crypto_null - use crypto_[un]register_algs 2012-08-01 17:47:24 +08:00
crypto_user.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-06-07 13:25:35 -07:00
ctr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
cts.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
deflate.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
des_generic.c crypto: des - use crypto_[un]register_algs 2012-08-01 17:47:24 +08:00
ecb.c
eseqiv.c
fcrypt.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
fips.c
gcm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-05-02 14:53:12 -07:00
gf128mul.c
ghash-generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
hmac.c
internal.h crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
Kconfig crypto: blowfish - disable AVX2 implementation 2013-06-05 16:33:23 +08:00
khazad.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
krng.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
lrw.c
lzo.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
Makefile crypto: add CMAC support to CryptoAPI 2013-04-25 21:01:47 +08:00
md4.c
md5.c
michael_mic.c
pcbc.c
pcompress.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
pcrypt.c crypto: pcrypt - Use the online cpumask as the default 2012-03-29 19:52:47 +08:00
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
salsa20_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
scatterwalk.c crypto: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:16 +08:00
seed.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
seqiv.c crypto: use ERR_CAST 2013-02-04 21:16:53 +08:00
serpent_generic.c crypto: serpent - use crypto_[un]register_algs 2012-08-01 17:47:25 +08:00
sha1_generic.c
sha256_generic.c crypto: sha256 - Expose SHA256 generic routine to be callable externally. 2013-04-03 09:06:31 +08:00
sha512_generic.c crypto: sha512 - Expose generic sha512 routine to be callable from other modules 2013-04-25 21:00:57 +08:00
shash.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
tcrypt.c crypto: tcrypt - add async cipher speed tests for blowfish 2013-04-25 21:09:03 +08:00
tcrypt.h crypto: ctr - make rfc3686 asynchronous block cipher 2013-01-08 07:03:04 +01:00
tea.c crypto: tea - use crypto_[un]register_algs 2012-08-01 17:47:24 +08:00
testmgr.c crypto: camellia - add AVX2/AES-NI/x86_64 assembler implementation of camellia cipher 2013-04-25 21:09:07 +08:00
testmgr.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-05-02 14:53:12 -07:00
tgr192.c crypto: tiger - use crypto_[un]register_shashes 2012-08-01 17:47:26 +08:00
twofish_common.c
twofish_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
vmac.c crypto: vmac - Make VMAC work when blocks aren't aligned 2012-10-15 22:33:20 +08:00
wp512.c crypto: whirlpool - use crypto_[un]register_shashes 2012-08-01 17:47:27 +08:00
xcbc.c
xor.c add further __init annotations to crypto/xor.c 2012-10-11 13:42:32 +11:00
xts.c
zlib.c