From patchwork Wed Mar 21 14:39:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Palethorpe X-Patchwork-Id: 888884 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.com Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 405ss86n85z9ry1 for ; Thu, 22 Mar 2018 01:39:55 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 332FC3E755E for ; Wed, 21 Mar 2018 15:39:52 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-6.smtp.seeweb.it (in-6.smtp.seeweb.it [IPv6:2001:4b78:1:20::6]) by picard.linux.it (Postfix) with ESMTP id 6FE003E754C for ; Wed, 21 Mar 2018 15:39:49 +0100 (CET) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-6.smtp.seeweb.it (Postfix) with ESMTPS id 98D05140186F for ; Wed, 21 Mar 2018 15:39:48 +0100 (CET) Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 46C83AF1C; Wed, 21 Mar 2018 14:39:48 +0000 (UTC) From: Richard Palethorpe To: ltp@lists.linux.it Date: Wed, 21 Mar 2018 15:39:27 +0100 Message-Id: <20180321143927.12156-4-rpalethorpe@suse.com> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180321143927.12156-1-rpalethorpe@suse.com> References: <20180321143927.12156-1-rpalethorpe@suse.com> X-Virus-Scanned: clamav-milter 0.99.2 at in-6.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-6.smtp.seeweb.it Cc: Richard Palethorpe , nstange@suse.de, ebiggers@google.com Subject: [LTP] [PATCH v2 3/3] Add pcrypt_aead01 CVE-2017-18075 X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Richard Palethorpe --- runtest/crypto | 1 + runtest/cve | 1 + testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/Makefile | 22 +++++++++ testcases/kernel/crypto/pcrypt_aead01.c | 85 +++++++++++++++++++++++++++++++++ 5 files changed, 110 insertions(+) create mode 100644 runtest/crypto create mode 100644 testcases/kernel/crypto/.gitignore create mode 100644 testcases/kernel/crypto/Makefile create mode 100644 testcases/kernel/crypto/pcrypt_aead01.c diff --git a/runtest/crypto b/runtest/crypto new file mode 100644 index 000000000..e5ba61e5e --- /dev/null +++ b/runtest/crypto @@ -0,0 +1 @@ +pcrypt_aead01 pcrypt_aead01 diff --git a/runtest/cve b/runtest/cve index 8b7cbe539..15fa02bc8 100644 --- a/runtest/cve +++ b/runtest/cve @@ -32,3 +32,4 @@ cve-2017-5754 meltdown cve-2017-17052 cve-2017-17052 cve-2017-16939 cve-2017-16939 cve-2017-17053 cve-2017-17053 +cve-2017-18075 pcrypt_aead01 diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore new file mode 100644 index 000000000..fafe5c972 --- /dev/null +++ b/testcases/kernel/crypto/.gitignore @@ -0,0 +1 @@ +pcrypt_aead01 diff --git a/testcases/kernel/crypto/Makefile b/testcases/kernel/crypto/Makefile new file mode 100644 index 000000000..76f9308c2 --- /dev/null +++ b/testcases/kernel/crypto/Makefile @@ -0,0 +1,22 @@ +# Copyright (c) 2017 Linux Test Project +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it would be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +top_srcdir ?= ../../.. + +include $(top_srcdir)/include/mk/testcases.mk + +CFLAGS += -D_GNU_SOURCE + +include $(top_srcdir)/include/mk/generic_leaf_target.mk diff --git a/testcases/kernel/crypto/pcrypt_aead01.c b/testcases/kernel/crypto/pcrypt_aead01.c new file mode 100644 index 000000000..8053b33e4 --- /dev/null +++ b/testcases/kernel/crypto/pcrypt_aead01.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2018 SUSE + * Author: Nicolai Stange + * LTP conversion: Richard Palethorpe + * + * Originally found by syzkaller: + * https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + * + * Test for CVE-2017-5754 - pcrypt mishandles freeing instances. + * + * The test works by adding and then removing pcrypt-AEAD instances. + * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances. + * + * If the bug is present then this will probably crash the kernel, but also + * sometimes the test simply times out. + */ + +#include +#include + +#include "tst_test.h" +#include "tst_safe_net.h" +#include "tst_taint.h" +#include "tst_crypto.h" + +#define ATTEMPTS 10000 +#define DEL_RETRY_COUNT 1000 + +static struct tst_crypto_session ses; + +void setup(void) +{ + tst_crypto_open(&ses); +} + +void run(void) +{ + int i; + struct crypto_user_alg a = { + .cru_driver_name = "pcrypt(authenc(hmac(sha256-generic),cbc(aes-generic)))", + .cru_type = CRYPTO_ALG_TYPE_AEAD, + .cru_mask = CRYPTO_ALG_TYPE_MASK, + }; + + for (i = 0; i < ATTEMPTS; ++i) { + TEST(tst_crypto_add_alg(&ses, &a)); + if (TEST_RETURN && TEST_RETURN == -ENOENT) { + tst_brk(TCONF | TRERRNO, + "pcrypt, hmac, sha256, cbc or aes not supported"); + } + if (TEST_RETURN && TEST_RETURN != -EEXIST) + tst_brk(TBROK | TRERRNO, "add_alg"); + + TEST(tst_crypto_del_alg(&ses, &a, DEL_RETRY_COUNT)); + if (TEST_RETURN) + tst_brk(TBROK | TRERRNO, "del_alg"); + } + + tst_res(TPASS, "Nothing bad appears to have happened"); +} + +void cleanup(void) +{ + tst_crypto_close(&ses); +} + +static struct tst_test test = { + .setup = setup, + .test_all = run, + .cleanup = cleanup, + .needs_root = 1, +};