linux/crypto
Pavel Skripkin 080aa61e37 crypto: fix uninit-value in af_alg_free_resources
Syzbot was able to trigger use of uninitialized memory in
af_alg_free_resources.

Bug is caused by missing initialization of rsgl->sgl.need_unpin before
adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl
is left with uninitialized need_unpin which is read during clean up

BUG: KMSAN: uninit-value in af_alg_free_sg crypto/af_alg.c:545 [inline]
BUG: KMSAN: uninit-value in af_alg_free_areq_sgls crypto/af_alg.c:778 [inline]
BUG: KMSAN: uninit-value in af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117
 af_alg_free_sg crypto/af_alg.c:545 [inline]
 af_alg_free_areq_sgls crypto/af_alg.c:778 [inline]
 af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117
 _skcipher_recvmsg crypto/algif_skcipher.c:144 [inline]
...

Uninit was created at:
 slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
 slab_alloc_node mm/slub.c:3470 [inline]
 __kmem_cache_alloc_node+0x536/0x8d0 mm/slub.c:3509
 __do_kmalloc_node mm/slab_common.c:984 [inline]
 __kmalloc+0x121/0x3c0 mm/slab_common.c:998
 kmalloc include/linux/slab.h:586 [inline]
 sock_kmalloc+0x128/0x1c0 net/core/sock.c:2683
 af_alg_alloc_areq+0x41/0x2a0 crypto/af_alg.c:1188
 _skcipher_recvmsg crypto/algif_skcipher.c:71 [inline]

Fixes: c1abe6f570 ("crypto: af_alg: Use extract_iter_to_sg() to create scatterlists")
Reported-and-tested-by: syzbot+cba21d50095623218389@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=cba21d50095623218389
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-08-18 18:30:09 +08:00
..
asymmetric_keys KEYS: asymmetric: Fix error codes 2023-07-07 14:16:47 +10:00
async_tx async_tx: fix kernel-doc notation warnings 2023-03-24 18:22:28 +08:00
842.c
acompress.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
adiantum.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
aead.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
aegis128-core.c
aegis128-neon-inner.c crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis128-neon.c crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis-neon.h crypto: aegis128-neon - add header for internal prototypes 2023-05-24 18:12:33 +08:00
aegis.h
aes_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
aes_ti.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
af_alg.c crypto: fix uninit-value in af_alg_free_resources 2023-08-18 18:30:09 +08:00
ahash.c crypto: hash - Make crypto_ahash_alg helper available 2023-05-12 18:48:01 +08:00
akcipher.c crypto: akcipher - Do not copy dst if it is NULL 2023-06-27 17:59:52 +08:00
algapi.c crypto: engine - fix crypto_queue backlog handling 2023-04-28 17:50:43 +08:00
algboss.c crypto: algboss - compile out test-related code when tests disabled 2022-11-25 17:39:18 +08:00
algif_aead.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
algif_hash.c crypto: algif_hash - Fix race between MORE and non-MORE sends 2023-07-08 22:48:42 +10:00
algif_rng.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
algif_skcipher.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
ansi_cprng.c
anubis.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
api.c crypto: api - Add __crypto_alloc_tfmgfp 2023-06-23 16:15:36 +08:00
arc4.c
aria_generic.c crypto: x86/aria - do not use magic number offsets of aria_ctx 2023-01-06 17:15:47 +08:00
authenc.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
authencesn.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
blake2b_generic.c
blowfish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
blowfish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
camellia_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast5_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast6_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
cast_common.c
cbc.c
ccm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
cfb.c
chacha20poly1305.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
chacha_generic.c
cipher.c crypto: cipher - On clone do crypto_mod_get() 2023-06-23 16:15:36 +08:00
cmac.c crypto: cmac - Add support for cloning 2023-05-24 18:12:33 +08:00
compress.c
compress.h crypto: acomp - Count error stats differently 2023-03-14 17:06:42 +08:00
crc32_generic.c
crc32c_generic.c
crc64_rocksoft_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c crypto: cryptd - Add support for cloning hashes 2023-04-20 18:20:04 +08:00
crypto_engine.c crypto: engine - fix crypto_queue backlog handling 2023-04-28 17:50:43 +08:00
crypto_null.c
crypto_user_base.c
crypto_user_stat.c crypto: rng - Count error stats differently 2023-03-14 17:06:42 +08:00
ctr.c
cts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
curve25519-generic.c
deflate.c
des_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
dh_helper.c
dh.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
drbg.c crypto: drbg - Only fail when jent is unavailable in FIPS mode 2023-04-06 16:18:53 +08:00
ecb.c
ecc_curve_defs.h
ecc.c crypto: ecc - Silence sparse warning 2023-02-14 13:39:33 +08:00
ecdh_helper.c
ecdh.c
ecdsa.c
ecdsasignature.asn1
echainiv.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c
essiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
fcrypt.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
fips.c crypto: fips - simplify one-level sysctl registration for crypto_sysctl_table 2023-03-17 11:16:44 +08:00
gcm.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
geniv.c
ghash-generic.c
hash_info.c
hash.h crypto: hash - Add crypto_clone_ahash/shash 2023-04-20 18:20:04 +08:00
hctr2.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
hmac.c crypto: hmac - Add missing blank line 2023-06-16 20:30:35 +08:00
internal.h crypto: sig - Fix verify call 2023-06-27 15:40:24 +08:00
jitterentropy-kcapi.c crypto: jitter - add interface for gathering of raw entropy 2023-05-12 18:48:01 +08:00
jitterentropy-testing.c crypto: jitter - add interface for gathering of raw entropy 2023-05-12 18:48:01 +08:00
jitterentropy.c crypto: jitter - correct health test during initialization 2023-06-02 18:21:32 +08:00
jitterentropy.h crypto: jitter - add interface for gathering of raw entropy 2023-05-12 18:48:01 +08:00
Kconfig crypto: sig - Add interface for sign/verify 2023-06-23 16:15:36 +08:00
kdf_sp800108.c crypto: kdf - silence noisy self-test 2022-11-25 17:39:18 +08:00
keywrap.c
khazad.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
kpp.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
lrw.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile crypto: sig - Add interface for sign/verify 2023-06-23 16:15:36 +08:00
md4.c
md5.c
michael_mic.c
nhpoly1305.c
ofb.c
pcbc.c
pcrypt.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
poly1305_generic.c
polyval-generic.c
proc.c crypto: proc - Print fips status 2023-02-14 13:39:33 +08:00
ripemd.h
rmd160.c
rng.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
rsa_helper.c
rsa-pkcs1pad.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
rsa.c crypto: rsa - allow only odd e and restrict value in FIPS mode 2023-06-23 16:15:36 +08:00
rsaprivkey.asn1
rsapubkey.asn1
scatterwalk.c
scompress.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
seed.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
seqiv.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
serpent_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c crypto: shash - Allow cloning on algorithms with no init_tfm 2023-05-24 18:12:33 +08:00
sig.c crypto: sig - Fix verify call 2023-06-27 15:40:24 +08:00
simd.c
skcipher.c crypto: api - Fix CRYPTO_USER checks for report function 2023-05-02 18:22:24 +08:00
sm2.c KEYS: asymmetric: Move sm2 code into x509_public_key 2023-06-23 16:15:37 +08:00
sm2signature.asn1
sm3_generic.c
sm3.c
sm4_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
sm4.c
streebog_generic.c
tcrypt.c crypto: api - Move low-level functions into algapi.h 2023-04-14 18:59:34 +08:00
tcrypt.h crypto: tcrypt - include larger key sizes in RFC4106 benchmark 2023-01-20 18:29:31 +08:00
tea.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
testmgr.c crypto: testmgr - Add some test vectors for cmac(camellia) 2023-04-20 18:20:04 +08:00
testmgr.h crypto: testmgr - Add some test vectors for cmac(camellia) 2023-04-20 18:20:04 +08:00
twofish_common.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
twofish_generic.c crypto: Prepare to move crypto_tfm_ctx 2022-12-02 18:12:40 +08:00
vmac.c
wp512.c crypto: wp512 - disable kmsan checks in wp512_process_buffer() 2022-12-30 22:56:27 +08:00
xcbc.c
xctr.c
xor.c
xts.c crypto: api - Use data directly in completion function 2023-02-13 18:35:14 +08:00
xxhash_generic.c
zstd.c