| From 70d64c4abbc6a2a93fb6c0392fb07f90971a5c24 Mon Sep 17 00:00:00 2001 |
| From: Herbert Xu <herbert@gondor.apana.org.au> |
| Date: Thu, 27 Aug 2020 17:14:36 +1000 |
| Subject: [PATCH] crypto: af_alg - Work around empty control messages without |
| MSG_MORE |
| |
| commit c195d66a8a75c60515819b101975f38b7ec6577f upstream. |
| |
| The iwd daemon uses libell which sets up the skcipher operation with |
| two separate control messages. As the first control message is sent |
| without MSG_MORE, it is interpreted as an empty request. |
| |
| While libell should be fixed to use MSG_MORE where appropriate, this |
| patch works around the bug in the kernel so that existing binaries |
| continue to work. |
| |
| We will print a warning however. |
| |
| A separate issue is that the new kernel code no longer allows the |
| control message to be sent twice within the same request. This |
| restriction is obviously incompatible with what iwd was doing (first |
| setting an IV and then sending the real control message). This |
| patch changes the kernel so that this is explicitly allowed. |
| |
| Reported-by: Caleb Jorden <caljorden@hotmail.com> |
| Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...") |
| Cc: <stable@vger.kernel.org> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/crypto/af_alg.c b/crypto/af_alg.c |
| index 35e026ba2c7e..1d4b0157ee5d 100644 |
| --- a/crypto/af_alg.c |
| +++ b/crypto/af_alg.c |
| @@ -16,6 +16,7 @@ |
| #include <linux/module.h> |
| #include <linux/net.h> |
| #include <linux/rwsem.h> |
| +#include <linux/sched.h> |
| #include <linux/sched/signal.h> |
| #include <linux/security.h> |
| |
| @@ -847,9 +848,15 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, |
| } |
| |
| lock_sock(sk); |
| - if (ctx->init && (init || !ctx->more)) { |
| - err = -EINVAL; |
| - goto unlock; |
| + if (ctx->init && !ctx->more) { |
| + if (ctx->used) { |
| + err = -EINVAL; |
| + goto unlock; |
| + } |
| + |
| + pr_info_once( |
| + "%s sent an empty control message without MSG_MORE.\n", |
| + current->comm); |
| } |
| ctx->init = true; |
| |
| -- |
| 2.27.0 |
| |