From nobody Sun Feb 8 22:50:36 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13ADDC001DF for ; Wed, 2 Aug 2023 17:10:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232989AbjHBRKB (ORCPT ); Wed, 2 Aug 2023 13:10:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232590AbjHBRJr (ORCPT ); Wed, 2 Aug 2023 13:09:47 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0452B30F1 for ; Wed, 2 Aug 2023 10:09:36 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-314417861b9so50468f8f.0 for ; Wed, 02 Aug 2023 10:09:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1690996175; x=1691600975; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9JXyrEikc3QRlWp5ZDjTpySdvtRjTtey3fpa/M0v9NY=; b=geuk+efyXZZ7bJlsEuhZfXB544jaiq13WtOYQ6V5CYcHjBb8P/eXLF5AwO0V+qSh8A lq7n9a+FxHXrJy9SaszDJzeDo2R6OQ8roA4Bus4J9eYKE8jEiNL13YWPWr65cmNvMlp4 NbsBhU91qq33U40eqEa8UeOs3GBNeoSXSo4ME= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690996175; x=1691600975; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9JXyrEikc3QRlWp5ZDjTpySdvtRjTtey3fpa/M0v9NY=; b=jPUsJxX+h9LP9CIN60lHY1/TKJwNbr0bBHxVH6ZG/SaJJICQg2jaGSZ0FdGt5jtdaQ Fu4EvjzUTELjd5rSWJ/WTQ40pRhALOQ3yMkXe3D0mMFvs/IP5vmP9kzM0cg/PXUUGzV5 i+i0dJdUwnx3MEIcrJGldvgQqS4tENVeVsKMgLBfXP1aZvtv+nyjNgYG7JZY/zbv9fa9 85Bx6NcshnQXl6Ts89Xr2y41F/TR3qlbgcP/dnVrmacwl8SytRPM+K0Eo23/XkxnJ15c zBQPdK58cYU3zRS/pq5dH/J4YxJULSIgcqs69blIavxcEq49to5eZ/lJXF72fTtMMWhC hWfw== X-Gm-Message-State: ABy/qLY4FepTTVZTEO0FOCDQahJX6t5PoB/hB4GsyVL9WFmMnKPRcP4h ciDWN19AD4eZgl6PzGuxWJZrmw== X-Google-Smtp-Source: APBJJlEHrrXECtPdvO8iK3tMF69agBXEGUdVPex6vTfKSLGX0OejbkIg0UJ3blbMa5bYKZ6k1f1rvA== X-Received: by 2002:adf:fc90:0:b0:317:6cca:a68a with SMTP id g16-20020adffc90000000b003176ccaa68amr5572520wrr.41.1690996174731; Wed, 02 Aug 2023 10:09:34 -0700 (PDT) Received: from revest.zrh.corp.google.com ([2a00:79e0:9d:6:4fa6:1e54:d09:5ba3]) by smtp.gmail.com with ESMTPSA id s1-20020a5d4ec1000000b003063db8f45bsm19508396wrv.23.2023.08.02.10.09.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:09:33 -0700 (PDT) From: Florent Revest To: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org Cc: herbert@gondor.apana.org.au, davem@davemloft.net, hillf.zj@alibaba-inc.com, marcelo.leitner@gmail.com, lucien.xin@gmail.com, Florent Revest , syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com, syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com Subject: [RFC 1/1] crypto: Defer transforms destruction to a worker function Date: Wed, 2 Aug 2023 19:09:23 +0200 Message-ID: <20230802170923.1151605-2-revest@chromium.org> X-Mailer: git-send-email 2.41.0.585.gd2178a4bd4-goog In-Reply-To: <20230802170923.1151605-1-revest@chromium.org> References: <20230802170923.1151605-1-revest@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Currently, crypto spawns can be freed in a softirq context (eg: from sctp socket destruction's rcu callbacks). In that context, grabbing the crypto_alg_sem is dangerous and makes CONFIG_DEBUG_ATOMIC_SLEEP scream. Defer transform destruction to a worker function so they don't use that semaphore in a softirq. Reported-by: syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dd769eed29cc42d75e2a3 Reported-by: syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D610ec0671f51e838436e Signed-off-by: Florent Revest --- crypto/api.c | 26 ++++++++++++++++++-------- include/linux/crypto.h | 3 +++ 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/crypto/api.c b/crypto/api.c index b9cc0c906efe..f877251954d5 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -640,6 +640,21 @@ void *crypto_alloc_tfm_node(const char *alg_name, } EXPORT_SYMBOL_GPL(crypto_alloc_tfm_node); =20 +void crypto_destroy_tfm_workfn(struct work_struct *w) +{ + struct crypto_alg *alg; + struct crypto_tfm *tfm; + + tfm =3D container_of(w, struct crypto_tfm, free_work); + alg =3D tfm->__crt_alg; + + if (!tfm->exit && alg->cra_exit) + alg->cra_exit(tfm); + crypto_exit_ops(tfm); + crypto_mod_put(alg); + kfree_sensitive(tfm->to_free); +} + /* * crypto_destroy_tfm - Free crypto transform * @mem: Start of tfm slab @@ -650,20 +665,15 @@ EXPORT_SYMBOL_GPL(crypto_alloc_tfm_node); */ void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm) { - struct crypto_alg *alg; - if (IS_ERR_OR_NULL(mem)) return; =20 if (!refcount_dec_and_test(&tfm->refcnt)) return; - alg =3D tfm->__crt_alg; =20 - if (!tfm->exit && alg->cra_exit) - alg->cra_exit(tfm); - crypto_exit_ops(tfm); - crypto_mod_put(alg); - kfree_sensitive(mem); + tfm->to_free =3D mem; + INIT_WORK(&tfm->free_work, crypto_destroy_tfm_workfn); + queue_work(system_unbound_wq, &tfm->free_work); } EXPORT_SYMBOL_GPL(crypto_destroy_tfm); =20 diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 31f6fee0c36c..34ff2e1dca2b 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -430,6 +430,9 @@ struct crypto_tfm { =09 struct crypto_alg *__crt_alg; =20 + struct work_struct free_work; + void *to_free; + void *__crt_ctx[] CRYPTO_MINALIGN_ATTR; }; =20 --=20 2.41.0.585.gd2178a4bd4-goog From nobody Sun Feb 8 22:50:36 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF609C0015E for ; Thu, 3 Aug 2023 10:00:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235210AbjHCKAU (ORCPT ); Thu, 3 Aug 2023 06:00:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235158AbjHCJ7l (ORCPT ); Thu, 3 Aug 2023 05:59:41 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 305FC3A9A; Thu, 3 Aug 2023 02:59:36 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1qRV7A-003BTH-4d; Thu, 03 Aug 2023 17:59:29 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Thu, 03 Aug 2023 17:59:28 +0800 Date: Thu, 3 Aug 2023 17:59:28 +0800 From: Herbert Xu To: Florent Revest Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, davem@davemloft.net, hillf.zj@alibaba-inc.com, marcelo.leitner@gmail.com, lucien.xin@gmail.com Subject: crypto: api - Use work queue in crypto_destroy_instance Message-ID: References: <20230802170923.1151605-1-revest@chromium.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20230802170923.1151605-1-revest@chromium.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Wed, Aug 02, 2023 at 07:09:22PM +0200, Florent Revest wrote: >=20 > I found that the following program reliably reproduces a "BUG: sleeping f= unction > called from invalid context" backtrace in crypto code: Great detective work! And thanks for cc'ing me :) This is definitely a bug in the Crypto API. Although it's hard to trigger because you need to unregister the instance before the last user frees it in atomic context. The fact that it triggers for your test program probably means that we're not creating the template correctly and it gets unregistered as soon as it's created. As to the fix I think we should move the work into crypto_destroy_instance since that's the function that is being called from atomic context and then does something that should only be done from process context. So here's my patch based on your work: Acked-by: Florent Revest Reported-by: Florent Revest Reported-by: syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com Reported-by: syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com Tested-by: Florent Revest ---8<--- The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue. Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") Reported-by: Florent Revest Reported-by: syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com Reported-by: syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com Signed-off-by: Herbert Xu diff --git a/crypto/algapi.c b/crypto/algapi.c index 5e7cd603d489..4fe95c448047 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -17,6 +17,7 @@ #include #include #include +#include =20 #include "internal.h" =20 @@ -74,15 +75,26 @@ static void crypto_free_instance(struct crypto_instance= *inst) inst->alg.cra_type->free(inst); } =20 -static void crypto_destroy_instance(struct crypto_alg *alg) +static void crypto_destroy_instance_workfn(struct work_struct *w) { - struct crypto_instance *inst =3D (void *)alg; + struct crypto_instance *inst =3D container_of(w, struct crypto_instance, + free_work); struct crypto_template *tmpl =3D inst->tmpl; =20 crypto_free_instance(inst); crypto_tmpl_put(tmpl); } =20 +static void crypto_destroy_instance(struct crypto_alg *alg) +{ + struct crypto_instance *inst =3D container_of(alg, + struct crypto_instance, + alg); + + INIT_WORK(&inst->free_work, crypto_destroy_instance_workfn); + schedule_work(&inst->free_work); +} + /* * This function adds a spawn to the list secondary_spawns which * will be used at the end of crypto_remove_spawns to unregister diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 6156161b181f..ca86f4c6ba43 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -12,6 +12,7 @@ #include #include #include +#include =20 /* * Maximum values for blocksize and alignmask, used to allocate @@ -82,6 +83,8 @@ struct crypto_instance { struct crypto_spawn *spawns; }; =20 + struct work_struct free_work; + void *__ctx[] CRYPTO_MINALIGN_ATTR; }; =20 --=20 Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt