Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
Fixes: 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@kernel.org ---
v2: keep the bitfields and just change the type, as suggested by Linus
include/crypto/if_alg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index 0c70f3a555750..107b797c33ecf 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -150,11 +150,11 @@ struct af_alg_ctx { struct crypto_wait wait;
size_t used; atomic_t rcvused;
- u32 more:1, + bool more:1, merge:1, enc:1, write:1, init:1;
base-commit: cec1e6e5d1ab33403b809f79cd20d6aff124ccfe
On Wed, 24 Sept 2025 at 13:19, Eric Biggers ebiggers@kernel.org wrote:
Fix this by restoring the bool type.
Applied directly since the end is nigh.
Linus
On Wed, Sep 24, 2025 at 01:18:22PM -0700, Eric Biggers wrote:
Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
Fixes: 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@kernel.org
v2: keep the bitfields and just change the type, as suggested by Linus
include/crypto/if_alg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for catching this and fixing it. I wish there was a warning for this. Gcc will warn if a constant like 2 is assigned to the bitfield, but there are no warnings if you assign an int to it.
Cheers,
linux-stable-mirror@lists.linaro.org
-
Eric Biggers -
Herbert Xu -
Linus Torvalds