Re: [PATCH v2] crypto: algif_skcipher - snapshot IV for async skcipher requests
From: Herbert Xu
Date: Thu Jun 11 2026 - 01:34:40 EST
On Mon, Jun 01, 2026 at 03:29:27PM -0400, Max Clinton wrote:
> AF_ALG skcipher AIO requests currently use the socket-wide IV buffer
> during request processing. For async requests, later socket activity
> can update that shared state before the original request has fully
> completed, which can lead to inconsistent IV handling.
>
> Snapshot the IV into per-request storage when preparing the skcipher
> request, so in-flight operations no longer depend on mutable socket
> state.
>
> This mirrors the algif_aead fix from commit 5aa58c3a572b ("crypto:
> algif_aead - snapshot IV for async AEAD requests"), which addressed
> the same shape of bug in the AEAD sibling subsystem.
>
> Tested on Debian Trixie 6.12.74+deb13+1-amd64 (unpatched) and on
> v6.12.86 + this patch via virtme-ng on the same host. Reproducer
> results: 10-14% race rate over 50000 iterations on the unpatched
> kernel against cryptd(cbc(aes-generic)); 0 races at 50000 and
> 200000 iterations on the patched kernel; 0 races at 200000
> iterations on the unpatched kernel with the synchronous
> cbc(aes-generic) driver as a control case (confirming the race is
> gated on the async dispatch path).
>
> Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
> Cc: stable@xxxxxxxxxx
> Suggested-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Max Clinton <maxtclinton@xxxxxxxxx>
> ---
> Changes since v1:
> - Drop unneeded <crypto/internal/skcipher.h> include (Herbert).
> - Rewrite iv pointer computation as (areq + 1) + reqsize per
> Herbert's suggestion.
>
> crypto/algif_skcipher.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
Given that AIO support has just been removed this patch is no
longer necessary:
commit fcc77d33a34cf271702e8daafb6c593e4626776d
Author: Demi Marie Obenour <demiobenour@xxxxxxxxx>
Date: Sat May 23 15:43:02 2026 -0400
net: Remove support for AIO on sockets
Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt