Public bug reported:
[Impact]
The xenial and bionic backport of the fix for CVE-2025-39964 causes
sendmsg() to randomly fail with EBUSY if used on an AF_ALG socket for
skcipher.
Upstream 1b34cbbf4f011 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") introduces a new boolean field that guards write access
to sockets, in order to disallow concurrent write operations. In case a
socket is currently being written to, sendmsg() will return EBUSY.
However, the new field is never properly initialized for skciper
sockets, so the check may sometimes randomly fail if the memory happens
to not be zero. This causes tests that send data to a skcipher via
AF_ALG sockets to fail, for instance the af_alg02 test in ubuntu_ltp:
tst_af_alg.c:252: TBROK: sendmsg(19, 0x7fdfd3170e20, 0) failed: EBUSY
(16)
In kernels newer than bionic, this behavior cannot be observed because
the memory of the struct is properly initialized to zero before it is
used. Specifically, this was fixed for a similar issue with another
field in 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init"), which is present in focal and newer.
[Fix]
Backport 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init") to avoid using uninitialized fields of the socket structure.
[Test Plan]
* Bionic: testsuite ubuntu_ltp, testcase: crypto:af_alg02
* Xenial: testsuite ubuntu_stress_smoke_test, testcase: af-alg
[Where problems could occur]
This fix changes the way parts of an AF_ALG socket for skcipher/aead are
initialized. Issues would be observed when interacting with sockets for
crypto algorithms like skcipher or aead.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Xenial)
Importance: Medium
Status: In Progress
** Affects: linux (Ubuntu Bionic)
Importance: Medium
Status: In Progress
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Xenial)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Description changed:
[Impact]
The xenial and bionic backport of the fix for CVE-2025-39964 causes
sendmsg() to randomly fail with EBUSY if used on an AF_ALG socket for
skcipher.
Upstream 1b34cbbf4f011 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") introduces a new boolean field that guards write access
to sockets, in order to disallow concurrent write operations. In case a
socket is currently being written to, sendmsg() will return EBUSY.
However, the new field is never properly initialized for skciper
sockets, so the check may sometimes randomly fail if the memory happens
to not be zero. This causes tests that send data to a skcipher via
- AF_ALG sockets to fail, for instance the af_alg02 test in ubuntu_ltp.
+ AF_ALG sockets to fail, for instance the af_alg02 test in ubuntu_ltp:
+
+ tst_af_alg.c:252: TBROK: sendmsg(19, 0x7fdfd3170e20, 0) failed: EBUSY
+ (16)
In kernels newer than bionic, this behavior cannot be observed because
the memory of the struct is properly initialized to zero before it is
used. Specifically, this was fixed for a similar issue with another
field in 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init"), which is present in focal and newer.
[Fix]
Backport 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init") to avoid using uninitialized fields of the socket structure.
[Test Plan]
* Bionic: testsuite ubuntu_ltp, testcase: crypto:af_alg02
* Xenial: testsuite ubuntu_stress_smoke_test, testcase: af-alg
[Where problems could occur]
This fix changes the way parts of an AF_ALG socket for skcipher/aead are
initialized. Issues would be observed when interacting with sockets for
crypto algorithms like skcipher or aead.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2131904
Title:
crypto: af_alg: sendmsg() on AF_ALG sockets for skcipher fails with
EBUSY
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2131904/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
