KASAN: wild-memory-access Write in scatterwalk_copychunks
77 views
Skip to first unread message
syzbot
Dec 10, 2017, 8:31:02 AM12/10/17
to da...@davemloft.net, her...@gondor.apana.org.au, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzkaller hit the following crash on
b9f242047f2185f762e952d8d773f6d01f3c2d20
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
C reproducer is attached
syzkaller reproducer is attached. See https://goo.gl/kgGztJ
for information about syzkaller reproducers
==================================================================
BUG: KASAN: wild-memory-access in memcpy include/linux/string.h:341 [inline]
BUG: KASAN: wild-memory-access in memcpy_dir crypto/scatterwalk.c:28
[inline]
BUG: KASAN: wild-memory-access in scatterwalk_copychunks+0x206/0x480
crypto/scatterwalk.c:43
Write of size 16 at addr 0005080000000000 by task syzkaller952806/3086
CPU: 1 PID: 3086 Comm: syzkaller952806 Not tainted 4.15.0-rc2+ #142
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
kasan_report_error mm/kasan/report.c:349 [inline]
kasan_report+0x13b/0x340 mm/kasan/report.c:409
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
memcpy+0x37/0x50 mm/kasan/kasan.c:303
memcpy include/linux/string.h:341 [inline]
memcpy_dir crypto/scatterwalk.c:28 [inline]
scatterwalk_copychunks+0x206/0x480 crypto/scatterwalk.c:43
blkcipher_done_slow crypto/blkcipher.c:81 [inline]
blkcipher_walk_done+0xa4b/0xde0 crypto/blkcipher.c:118
glue_ctr_crypt_128bit+0x597/0xc20 arch/x86/crypto/glue_helper.c:289
ctr_crypt+0x34/0x40 arch/x86/crypto/serpent_avx2_glue.c:168
__ablk_encrypt+0x1d1/0x2d0 crypto/ablk_helper.c:64
ablk_encrypt+0x23e/0x2c0 crypto/ablk_helper.c:84
skcipher_crypt_ablkcipher crypto/skcipher.c:714 [inline]
skcipher_decrypt_ablkcipher+0x312/0x420 crypto/skcipher.c:732
crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline]
chacha_decrypt crypto/chacha20poly1305.c:152 [inline]
poly_tail_continue+0x42a/0x6b0 crypto/chacha20poly1305.c:167
poly_tail+0x40f/0x520 crypto/chacha20poly1305.c:201
poly_cipherpad+0x33e/0x470 crypto/chacha20poly1305.c:231
poly_cipher+0x303/0x440 crypto/chacha20poly1305.c:262
poly_adpad+0x347/0x480 crypto/chacha20poly1305.c:292
poly_ad+0x25c/0x300 crypto/chacha20poly1305.c:316
poly_setkey+0x2fc/0x3e0 crypto/chacha20poly1305.c:343
poly_init+0x16c/0x1d0 crypto/chacha20poly1305.c:366
poly_genkey+0x422/0x590 crypto/chacha20poly1305.c:406
chachapoly_decrypt+0x73/0x90 crypto/chacha20poly1305.c:488
crypto_aead_decrypt include/crypto/aead.h:362 [inline]
_aead_recvmsg crypto/algif_aead.c:308 [inline]
aead_recvmsg+0x14a7/0x1bc0 crypto/algif_aead.c:329
sock_recvmsg_nosec net/socket.c:805 [inline]
sock_recvmsg+0xc9/0x110 net/socket.c:812
___sys_recvmsg+0x29b/0x630 net/socket.c:2207
__sys_recvmsg+0xe2/0x210 net/socket.c:2252
SYSC_recvmsg net/socket.c:2264 [inline]
SyS_recvmsg+0x2d/0x50 net/socket.c:2259
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x43ff39
RSP: 002b:00007ffe6f979678 EFLAGS: 00000217 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
RDX: 0000000000000000 RSI: 0000000020c0c000 RDI: 0000000000000004
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018a0
R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
==================================================================
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
b9f242047f2185f762e952d8d773f6d01f3c2d20
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
C reproducer is attached
syzkaller reproducer is attached. See https://goo.gl/kgGztJ
for information about syzkaller reproducers
==================================================================
BUG: KASAN: wild-memory-access in memcpy include/linux/string.h:341 [inline]
BUG: KASAN: wild-memory-access in memcpy_dir crypto/scatterwalk.c:28
[inline]
BUG: KASAN: wild-memory-access in scatterwalk_copychunks+0x206/0x480
crypto/scatterwalk.c:43
Write of size 16 at addr 0005080000000000 by task syzkaller952806/3086
CPU: 1 PID: 3086 Comm: syzkaller952806 Not tainted 4.15.0-rc2+ #142
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
kasan_report_error mm/kasan/report.c:349 [inline]
kasan_report+0x13b/0x340 mm/kasan/report.c:409
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
memcpy+0x37/0x50 mm/kasan/kasan.c:303
memcpy include/linux/string.h:341 [inline]
memcpy_dir crypto/scatterwalk.c:28 [inline]
scatterwalk_copychunks+0x206/0x480 crypto/scatterwalk.c:43
blkcipher_done_slow crypto/blkcipher.c:81 [inline]
blkcipher_walk_done+0xa4b/0xde0 crypto/blkcipher.c:118
glue_ctr_crypt_128bit+0x597/0xc20 arch/x86/crypto/glue_helper.c:289
ctr_crypt+0x34/0x40 arch/x86/crypto/serpent_avx2_glue.c:168
__ablk_encrypt+0x1d1/0x2d0 crypto/ablk_helper.c:64
ablk_encrypt+0x23e/0x2c0 crypto/ablk_helper.c:84
skcipher_crypt_ablkcipher crypto/skcipher.c:714 [inline]
skcipher_decrypt_ablkcipher+0x312/0x420 crypto/skcipher.c:732
crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline]
chacha_decrypt crypto/chacha20poly1305.c:152 [inline]
poly_tail_continue+0x42a/0x6b0 crypto/chacha20poly1305.c:167
poly_tail+0x40f/0x520 crypto/chacha20poly1305.c:201
poly_cipherpad+0x33e/0x470 crypto/chacha20poly1305.c:231
poly_cipher+0x303/0x440 crypto/chacha20poly1305.c:262
poly_adpad+0x347/0x480 crypto/chacha20poly1305.c:292
poly_ad+0x25c/0x300 crypto/chacha20poly1305.c:316
poly_setkey+0x2fc/0x3e0 crypto/chacha20poly1305.c:343
poly_init+0x16c/0x1d0 crypto/chacha20poly1305.c:366
poly_genkey+0x422/0x590 crypto/chacha20poly1305.c:406
chachapoly_decrypt+0x73/0x90 crypto/chacha20poly1305.c:488
crypto_aead_decrypt include/crypto/aead.h:362 [inline]
_aead_recvmsg crypto/algif_aead.c:308 [inline]
aead_recvmsg+0x14a7/0x1bc0 crypto/algif_aead.c:329
sock_recvmsg_nosec net/socket.c:805 [inline]
sock_recvmsg+0xc9/0x110 net/socket.c:812
___sys_recvmsg+0x29b/0x630 net/socket.c:2207
__sys_recvmsg+0xe2/0x210 net/socket.c:2252
SYSC_recvmsg net/socket.c:2264 [inline]
SyS_recvmsg+0x2d/0x50 net/socket.c:2259
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x43ff39
RSP: 002b:00007ffe6f979678 EFLAGS: 00000217 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
RDX: 0000000000000000 RSI: 0000000020c0c000 RDI: 0000000000000004
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018a0
R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
==================================================================
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Eric Biggers
Dec 11, 2017, 3:17:09 PM12/11/17
to linux-...@vger.kernel.org, Herbert Xu, Martin Willi, Steffen Klassert, linux-...@vger.kernel.org, syzkall...@googlegroups.com, da...@davemloft.net, Eric Biggers, sta...@vger.kernel.org
From: Eric Biggers <ebig...@google.com>
If the rfc7539 template was instantiated with a hash algorithm with
digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
subsequent memory, including 'cryptlen'. This caused a crash during
crypto_skcipher_decrypt().
Fix it by, when instantiating the template, requiring that the
underlying hash algorithm has the digest size expected for Poly1305.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "rfc7539(chacha20,sha256)",
};
unsigned char buf[32] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
reqfd = accept(algfd, 0, 0);
write(reqfd, buf, 16);
read(reqfd, buf, 16);
}
Reported-by: syzbot <syzk...@googlegroups.com>
Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Cc: <sta...@vger.kernel.org> # v4.2+
Signed-off-by: Eric Biggers <ebig...@google.com>
---
crypto/chacha20poly1305.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index db1bc3147bc4..600afa99941f 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
algt->mask));
if (IS_ERR(poly))
return PTR_ERR(poly);
+ poly_hash = __crypto_hash_alg_common(poly);
+
+ err = -EINVAL;
+ if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
+ goto out_put_poly;
err = -ENOMEM;
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
@@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
ctx = aead_instance_ctx(inst);
ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
- poly_hash = __crypto_hash_alg_common(poly);
err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
aead_crypto_instance(inst));
if (err)
--
2.15.1.424.g9478a66081-goog
If the rfc7539 template was instantiated with a hash algorithm with
digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
subsequent memory, including 'cryptlen'. This caused a crash during
crypto_skcipher_decrypt().
Fix it by, when instantiating the template, requiring that the
underlying hash algorithm has the digest size expected for Poly1305.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "rfc7539(chacha20,sha256)",
};
unsigned char buf[32] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
reqfd = accept(algfd, 0, 0);
write(reqfd, buf, 16);
read(reqfd, buf, 16);
}
Reported-by: syzbot <syzk...@googlegroups.com>
Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Cc: <sta...@vger.kernel.org> # v4.2+
Signed-off-by: Eric Biggers <ebig...@google.com>
---
crypto/chacha20poly1305.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index db1bc3147bc4..600afa99941f 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
algt->mask));
if (IS_ERR(poly))
return PTR_ERR(poly);
+ poly_hash = __crypto_hash_alg_common(poly);
+
+ err = -EINVAL;
+ if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
+ goto out_put_poly;
err = -ENOMEM;
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
@@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb,
ctx = aead_instance_ctx(inst);
ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
- poly_hash = __crypto_hash_alg_common(poly);
err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
aead_crypto_instance(inst));
if (err)
--
2.15.1.424.g9478a66081-goog
Herbert Xu
Dec 22, 2017, 3:34:33 AM12/22/17
to Eric Biggers, linux-...@vger.kernel.org, Martin Willi, Steffen Klassert, linux-...@vger.kernel.org, syzkall...@googlegroups.com, da...@davemloft.net, Eric Biggers, sta...@vger.kernel.org
--
Email: Herbert Xu <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Eric Biggers
Dec 22, 2017, 12:25:01 PM12/22/17
to syzbot, da...@davemloft.net, her...@gondor.apana.org.au, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Sun, Dec 10, 2017 at 05:31:01AM -0800, syzbot wrote:
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is merged into any tree, reply to this email with:
> #syz fix: exact-commit-title
> If you want to test a patch for this bug, please reply with:
> #syz test: git://repo/address.git branch
> and provide the patch inline or as an attachment.
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.
#syz fix: crypto: chacha20poly1305 - validate the digest size
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is merged into any tree, reply to this email with:
> #syz fix: exact-commit-title
> If you want to test a patch for this bug, please reply with:
> #syz test: git://repo/address.git branch
> and provide the patch inline or as an attachment.
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.
Reply all
Reply to author
Forward
0 new messages