Thread (34 messages) 34 messages, 8 authors, 2016-04-18

Re: Broken userspace crypto in linux-4.1.18

From: Thomas D. <hidden>
Date: 2016-02-17 23:50:03
Also in: stable

Hi

Willy Tarreau wrote:
quoted
Is there a dependency I missed in 4.1? I don't really see anything that
could have gone wrong there.
Or maybe Thomas can run a bisect ?
I cannot follow. I did a bisect between 4.1.7 and 4.1.8 as I have written
in my first mail. The bad commit was:
commit 0571ba52a19e18a1c20469454231eef681cb1310
Author: Herbert Xu
Date:   Wed Dec 30 11:47:53 2015 +0800

    crypto: af_alg - Disallow bind/setkey/... after accept(2)

    [ Upstream commit c840ac6af3f8713a71b4d2363419145760bd6044 ]

    Each af_alg parent socket obtained by socket(2) corresponds to a
    tfm object once bind(2) has succeeded.  An accept(2) call on that
    parent socket creates a context which then uses the tfm object.

    Therefore as long as any child sockets created by accept(2) exist
    the parent socket must not be modified or freed.

    This patch guarantees this by using locks and a reference count
    on the parent socket.  Any attempt to modify the parent socket will
    fail with EBUSY.

bisect log:
Bisecting: 114 revisions left to test after this (roughly 7 steps)
[3a1e81ad84e4d880b00ecf7ad8d03b9b772ddfa7] crypto: algif_hash - Fix race condition in hash_check_key
Bisecting: 56 revisions left to test after this (roughly 6 steps)
[d6341753c418d3699948290d8c0b9d9dc78bd209] udf: Prevent buffer overrun with multi-byte characters
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[13aedd784b84cb7d8a3bb835941d80e99f5c796e] dmaengine: dw: fix cyclic transfer setup
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[664ecf4f243bac17065cd9878790d40a592e2f3d] zram/zcomp: use GFP_NOIO to allocate streams
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[0571ba52a19e18a1c20469454231eef681cb1310] crypto: af_alg - Disallow bind/setkey/... after accept(2)
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[2c641f5b0c8e87d43235ce39890bcc4d0c7cd2fb] memcg: only free spare array when readers are done
Bisecting: 1 revision left to test after this (roughly 1 step)
[0e19e24c3fe0abde8e2c5f4543616a251ccea6bf] kernel/panic.c: turn off locks debug before releasing console lock
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[bc24ac15b0746172a8f603171352aa54abcf7c78] printk: do cond_resched() between lines while outputting to consoles
0571ba52a19e18a1c20469454231eef681cb1310 is the first bad commit

-Thomas
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help