evm: Check also if *tfm is an error pointer in init_desc()

robertosassu · mimizohar · commit 53de3b080d5e · 2020-05-07T21:30:58.000-04:00
This patch avoids a kernel panic due to accessing an error pointer set by crypto_alloc_shash(). It occurs especially when there are many files that require an unsupported algorithm, as it would increase the likelihood of the following race condition: Task A: *tfm = crypto_alloc_shash() <= error pointer Task B: if (*tfm == NULL) <= *tfm is not NULL, use it Task B: rc = crypto_shash_init(desc) <= panic Task A: *tfm = NULL This patch uses the IS_ERR_OR_NULL macro to determine whether or not a new crypto context must be created. Cc: stable@vger.kernel.org Fixes: d46eb36 ("evm: crypto hash replaced by shash") Co-developed-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
@@ -91,7 +91,7 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo)
 		algo = hash_algo_name[hash_algo];
 	}
 
-	if (*tfm == NULL) {
+	if (IS_ERR_OR_NULL(*tfm)) {
 		mutex_lock(&mutex);
 		if (*tfm)
 			goto out;

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo)`
`91`	`91`	`algo = hash_algo_name[hash_algo];`
`92`	`92`	`}`
`93`	`93`
`94`		`- if (*tfm == NULL) {`
	`94`	`+ if (IS_ERR_OR_NULL(*tfm)) {`
`95`	`95`	`mutex_lock(&mutex);`
`96`	`96`	`if (*tfm)`
`97`	`97`	`goto out;`