[Bug 2131904] Re: crypto: af_alg: sendmsg() on AF_ALG sockets for skcipher fails with EBUSY

Relevant testsuites passed, no new regression observed.

** Tags removed: verification-needed-bionic-linux verification-needed-xenial-linux
** Tags added: verification-done-bionic-linux verification-done-xenial-linux

** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2131904

Title:
crypto: af_alg: sendmsg() on AF_ALG sockets for skcipher fails with
EBUSY

Status in linux package in Ubuntu:
New
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Committed

Bug description:
[Impact]

The xenial and bionic backport of the fix for CVE-2025-39964 causes
sendmsg() to randomly fail with EBUSY if used on an AF_ALG socket for
skcipher.

Upstream 1b34cbbf4f011 ("crypto: af_alg - Disallow concurrent writes
in af_alg_sendmsg") introduces a new boolean field that guards write
access to sockets, in order to disallow concurrent write operations.
In case a socket is currently being written to, sendmsg() will return
EBUSY. However, the new field is never properly initialized for
skciper sockets, so the check may sometimes randomly fail if the
memory happens to not be zero. This causes tests that send data to a
skcipher via AF_ALG sockets to fail, for instance the af_alg02 test in
ubuntu_ltp:

tst_af_alg.c:252: TBROK: sendmsg(19, 0x7fdfd3170e20, 0) failed: EBUSY
(16)

In kernels newer than bionic, this behavior cannot be observed because
the memory of the struct is properly initialized to zero before it is
used. Specifically, this was fixed for a similar issue with another
field in 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init"), which is present in focal and newer.

[Fix]

Backport 21dfbcd1f5cbf ("crypto: algif_aead - fix uninitialized
ctx->init") to avoid using uninitialized fields of the socket
structure.

[Test Plan]

* Bionic: testsuite ubuntu_ltp, testcase: crypto:af_alg02

* Xenial: testsuite ubuntu_stress_smoke_test, testcase: af-alg

[Where problems could occur]

This fix changes the way parts of an AF_ALG socket for skcipher/aead
are initialized. Issues would be observed when interacting with
sockets for crypto algorithms like skcipher or aead.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2131904/+subscriptions