lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 Jul 2016 13:29:17 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Nicolai Stange <nicstange@...il.com>
Cc:	linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: lib/mpi: BUG: sleeping function called from invalid context on
 next-20160726

On Wed, Jul 27, 2016 at 11:05:05PM +0200, Nicolai Stange wrote:
> 
> with linux-next-20160726, I get this:
> 
>  BUG: sleeping function called from invalid context at /mnt/scratch/nic/linux-next/mm/slab.h:388

Does this patch help?
 
> I would have sent a patch, but there is another point which puzzles me
> in mpi_read_raw_from_sgl():
> 
>   [...]
>   const u8 *buff;
>   [...]
>   sg_miter_start(&miter, sgl, ents, SG_MITER_ATOMIC | SG_MITER_FROM_SG);
> 
>   lzeros = 0;
>   len = 0;
>   while (nbytes > 0) {
>   	while (len && !*buff) {
>   		lzeros++;
>   		len--;
>   		buff++;
>   	}
> 
> 
> Thus, buff isn't initialized before its first use? Or am I misreading
> something here?

On the first entry len is zero therefore we will go to the end of the
loop and initialise buff.  Anyway, it will no longer be as confusing
with this patch applied.

Thanks,

---8<---
Subject: lib/mpi: Fix SG miter leak

In mpi_read_raw_from_sgl we may leak the SG miter resouces after
reading the leading zeroes.  This patch fixes this by stopping the
iteration once the leading zeroes have been read.

Fixes: 127827b9c295 ("lib/mpi: Do not do sg_virt")
Reported-by: Nicolai Stange <nicstange@...il.com>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index c6272ae..5a0f75a 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
@@ -363,6 +363,9 @@ MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int nbytes)
 		lzeros = 0;
 	}
 
+	miter.consumed = lzeros;
+	sg_miter_stop(&miter);
+
 	nbytes -= lzeros;
 	nbits = nbytes * 8;
 	if (nbits > MAX_EXTERN_MPI_BITS) {
@@ -390,7 +393,10 @@ MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int nbytes)
 	z = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB;
 	z %= BYTES_PER_MPI_LIMB;
 
-	for (;;) {
+	while (sg_miter_next(&miter)) {
+		buff = miter.addr;
+		len = miter.length;
+
 		for (x = 0; x < len; x++) {
 			a <<= 8;
 			a |= *buff++;
@@ -400,12 +406,6 @@ MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int nbytes)
 			}
 		}
 		z += x;
-
-		if (!sg_miter_next(&miter))
-			break;
-
-		buff = miter.addr;
-		len = miter.length;
 	}
 
 	return val;
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ