On Wed, Sep 24, 2025 at 01:18:22PM -0700, Eric Biggers wrote:
Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
Fixes: 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@kernel.org
v2: keep the bitfields and just change the type, as suggested by Linus
include/crypto/if_alg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for catching this and fixing it. I wish there was a warning for this. Gcc will warn if a constant like 2 is assigned to the bitfield, but there are no warnings if you assign an int to it.
Cheers,