From nobody Mon May 25 04:33:48 2026 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 635B73242CA for ; Mon, 18 May 2026 23:37:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779147436; cv=none; b=dOQDRIQyLpin7zA9uvUFjYw498prARUOQVREL1axWci//+Zf+Axjd/SKhhRoZgufrMPeFPkVb0LBdmSbeMPmtQddPvUA9QZCu49ALgW1N9lhZtufWARV/b84e9s+wzyR5qqrM582Cya20aa/HbNOb9g7Eot0QzVk1uLVXcNPNqg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779147436; c=relaxed/simple; bh=8TFc2YzkiapobSvWzVIWfZppi1wPCviN7yRGOLE1gB4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T8XjWbmBlrGtT+wLmfVCAd+1UR8kRu+cRRZwowxI050aliwS+eHVSNEJx3j8zy7qzQTWMTRy8aIAbkcsn1QTyGqgTjxwQaeOz276FyVitHagZ8+dzPX7rX/cogkRAo6gTR9JRCzby0HPI9/SJu6MdjwSjI/ZB0lniRlrUtQ2W7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qN7U3jbB; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qN7U3jbB" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-7bde9d73678so25473827b3.0 for ; Mon, 18 May 2026 16:37:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779147434; x=1779752234; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rd1rj9mGSGdgZZkSdF/f3J82IFvafL5ag4QbFxUPAis=; b=qN7U3jbBGtJQuaUe5JqfeWN9ftZfxYFYZNhLOt6VkIv81puK4/B4u0iclx/1mEaUR3 +nAoY9AzVegyRDY4Uatnjuvq7sZ0IHKQlefe9YSiLJd8wOYazqcvSLMU/vsMDWmzovEh zfx2Om/rHWVvUSsGHODP0MjCUOqNm8bdG0WauEKYABdhajJI1pqPx0X+LV8z2N+wC6i5 uUNCS2jexwMXf+6DeJyDsKy8JhQQKM3UH4ugb+TykA2BRLZV398QnypMa+DmY6x3547H RaKmeTb8LNoTM6GEmD3SS0pU+k30xM0qmIvC/re13DtANzobKrImk6ck7zZWUYlkpElZ GJ+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779147434; x=1779752234; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=rd1rj9mGSGdgZZkSdF/f3J82IFvafL5ag4QbFxUPAis=; b=rgkiq8rb+IOQL38lTUuk+BVlMwh61OspILLJ64JVPzlaPm/aG12IGgw7ZZcq4KnHcL roGbCZNxQUMh1/2Et04Gs0ImtWO2+V+vznHNz6CGT2HtODufSLyqDKBIRdWe4WE0JTXf ogg4syUKiChH6n1YCYwSDv3Mtwo5dD+zJ5G8FkiFrjsH5YMzSZcntMtJGx1eDlKiZDQV NjJJcPuTbPH+LGO8n/rS0P5coHAeJWfopJQbjzSzotg6paC/dx65+0dGi9I85HG2pBEB 26u03/6SqRQc0ia5s5Cs6eoxKuoLv6QSx+ZlUXAs7h56JTgnQO1zvgrE6ropGueEzHgX ndfw== X-Gm-Message-State: AOJu0Yy+zCR5+nrEHQFxOezFFwPeT7rr9/nARJEMJRNHoYmz79djJh1h ydg/F/D9NY30GyawcqSaWmnaSDMAoYfYVzuWgVZicr9Y8Zta36dkEdtu X-Gm-Gg: Acq92OHSC9I5M4vkTu+QscxBjkp+JevqaATGYHkRMOSqAFWAqy41JIgEk0w6JSKmIDy P0oMQ12Kf6/letkjeQq8MkUI4OQRdYrZhjUDTEs38g91/DOWbOMsji4JSAdBQno0m3ZkTj7xTrH PZgbwZQQKfI+QWV6pUML9cWolAiHj2M/LSCzQchY6eh0ztM6AhN+bDRZGsha4fxgZWixe2EOT4D QO9a/COL17HzjKcI5P3MQb84GGtY2l/AsugH+zpDFqIrw5plmSkbdQagGVTomYJNH4JjMKLgJ5J kSEqO3fXayRGX/cRgrXV3DqJqX29Y54ZWV3P3k0BO3vIJVEPZXWD+jwNXCVHLQGCKh4Ak3YyESL vAHfwLrnrdafXtax5qqQ8gaJwA2fDSC7JBJu7cYifusrCazVd6RUrBJadTGQngREuCWs/RhAUts PTHe5W3hdUVyJAqYRKXQMqaBghTCgk4L1khV7L/t1n24PJMXQzsZVZBBRs36kWwYAo7Ky2Q2UxN +Sxinl3wuVxCJD8DQM1FEjVPv69kuVq975ygiVJWEehRA8sFNH5drsu70UBtxqV0pdMipKhVSSW 5bR9hGWvpJM3vh0vaH5Ju95CMc8= X-Received: by 2002:a05:690c:397:b0:7bd:5cc4:2fa9 with SMTP id 00721157ae682-7c948ff04a2mr138475307b3.20.1779147434325; Mon, 18 May 2026 16:37:14 -0700 (PDT) Received: from maxbox.tailad2ea6.ts.net ([2603:6081:16f0:a980::18f1]) by smtp.gmail.com with ESMTPSA id 00721157ae682-7cc991c9b64sm29058637b3.1.2026.05.18.16.37.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 May 2026 16:37:14 -0700 (PDT) From: Max Clinton To: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org, herbert@gondor.apana.org.au, gregkh@linuxfoundation.org, davem@davemloft.net, security@kernel.org, stable@kernel.org, Max Clinton Subject: [PATCH] crypto: algif_skcipher - snapshot IV for async skcipher requests Date: Mon, 18 May 2026 19:35:39 -0400 Message-ID: <20260518233538.705966-2-maxtclinton@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" AF_ALG skcipher AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the skcipher request, so in-flight operations no longer depend on mutable socket state. This mirrors the algif_aead fix from commit 5aa58c3a572b ("crypto: algif_aead - snapshot IV for async AEAD requests"), which addressed the same shape of bug in the AEAD sibling subsystem. Tested on Debian Trixie 6.12.74+deb13+1-amd64 (unpatched) and on v6.12.86 + this patch via virtme-ng on the same host. Reproducer results: 10-14% race rate over 50000 iterations on the unpatched kernel against cryptd(cbc(aes-generic)); 0 races at 50000 and 200000 iterations on the patched kernel; 0 races at 200000 iterations on the unpatched kernel with the synchronous cbc(aes-generic) driver as a control case (confirming the race is gated on the async dispatch path). Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") Cc: stable@kernel.org Reported-by: Max Clinton Signed-off-by: Max Clinton --- crypto/algif_skcipher.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index ba0a17fd9..519ff8d17 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -23,6 +23,7 @@ * the RX SGL release. */ =20 +#include #include #include #include @@ -103,9 +104,11 @@ static int _skcipher_recvmsg(struct socket *sock, stru= ct msghdr *msg, struct af_alg_ctx *ctx =3D ask->private; struct crypto_skcipher *tfm =3D pask->private; unsigned int bs =3D crypto_skcipher_chunksize(tfm); + unsigned int ivsize =3D crypto_skcipher_ivsize(tfm); struct af_alg_async_req *areq; unsigned cflags =3D 0; int err =3D 0; + void *iv; size_t len =3D 0; =20 if (!ctx->init || (ctx->more && ctx->used < bs)) { @@ -116,10 +119,14 @@ static int _skcipher_recvmsg(struct socket *sock, str= uct msghdr *msg, =20 /* Allocate cipher request for current operation. */ areq =3D af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + - crypto_skcipher_reqsize(tfm)); + crypto_skcipher_reqsize(tfm) + ivsize); if (IS_ERR(areq)) return PTR_ERR(areq); =20 + iv =3D (u8 *)skcipher_request_ctx(&areq->cra_u.skcipher_req) + + crypto_skcipher_reqsize(tfm); + memcpy(iv, ctx->iv, ivsize); + /* convert iovecs of output buffers into RX SGL */ err =3D af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len); if (err) @@ -159,7 +166,7 @@ static int _skcipher_recvmsg(struct socket *sock, struc= t msghdr *msg, /* Initialize the crypto operation */ skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, - areq->first_rsgl.sgl.sgt.sgl, len, ctx->iv); + areq->first_rsgl.sgl.sgt.sgl, len, iv); =20 if (ctx->state) { err =3D crypto_skcipher_import(&areq->cra_u.skcipher_req, --=20 2.47.3