| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+ZO8ExkhjwHzEMwzDY_UGS8yEGY5b4CCyYt-UQ9jWFtcQ@mail.gmail.com> Date: Tue, 12 Jan 2016 19:10:21 +0100 From: Dmitry Vyukov <dvyukov@...gle.com> To: syzkaller <syzkaller@...glegroups.com> Cc: "David S. Miller" <davem@...emloft.net>, linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Sasha Levin <sasha.levin@...cle.com>, Eric Dumazet <edumazet@...gle.com> Subject: Re: crypto: ablk_decrypt causes BUG in scatterwalk On Tue, Jan 12, 2016 at 6:09 PM, Dmitry Vyukov <dvyukov@...gle.com> wrote: > I can _not_ reproduce it on clean upstream tree, nor on > git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git. > I probably messed up something with the unmerged fixes during my rebase. > Sorry. Wait, no. I can reproduce it on git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master (cd7e98414462b9db70067ac29896c58210b13b69). The difference was in .config. Below is my config grep CRYPTO. Please try to reproduce it with this config. CONFIG_BLK_DEV_CRYPTOLOOP=y CONFIG_RTLLIB_CRYPTO_CCMP=m CONFIG_RTLLIB_CRYPTO_TKIP=m CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_CRYPTO_SKEIN is not set CONFIG_CRYPTO=y CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_BLKCIPHER=y CONFIG_CRYPTO_BLKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_PCOMP=y CONFIG_CRYPTO_PCOMP2=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_RSA=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=y # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_NULL2=y CONFIG_CRYPTO_PCRYPT=y CONFIG_CRYPTO_WORKQUEUE=y CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_MCRYPTD=y CONFIG_CRYPTO_AUTHENC=y # CONFIG_CRYPTO_TEST is not set CONFIG_CRYPTO_ABLK_HELPER=y CONFIG_CRYPTO_GLUE_HELPER_X86=y CONFIG_CRYPTO_CCM=y CONFIG_CRYPTO_GCM=y CONFIG_CRYPTO_CHACHA20POLY1305=y CONFIG_CRYPTO_SEQIV=y CONFIG_CRYPTO_ECHAINIV=y CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTR=y CONFIG_CRYPTO_CTS=y CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_LRW=y CONFIG_CRYPTO_PCBC=y CONFIG_CRYPTO_XTS=y CONFIG_CRYPTO_KEYWRAP=y CONFIG_CRYPTO_CMAC=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_XCBC=y CONFIG_CRYPTO_VMAC=y CONFIG_CRYPTO_CRC32C=y CONFIG_CRYPTO_CRC32C_INTEL=y CONFIG_CRYPTO_CRC32=y CONFIG_CRYPTO_CRC32_PCLMUL=y CONFIG_CRYPTO_CRCT10DIF=y CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y CONFIG_CRYPTO_GHASH=y CONFIG_CRYPTO_POLY1305=y CONFIG_CRYPTO_POLY1305_X86_64=y CONFIG_CRYPTO_MD4=y CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MICHAEL_MIC=y CONFIG_CRYPTO_RMD128=y CONFIG_CRYPTO_RMD160=y CONFIG_CRYPTO_RMD256=y CONFIG_CRYPTO_RMD320=y CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=y CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_SHA1_MB=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_TGR192=y CONFIG_CRYPTO_WP512=y CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=y CONFIG_CRYPTO_AES_NI_INTEL=y CONFIG_CRYPTO_ANUBIS=y CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_BLOWFISH=y CONFIG_CRYPTO_BLOWFISH_COMMON=y CONFIG_CRYPTO_BLOWFISH_X86_64=y CONFIG_CRYPTO_CAMELLIA=y CONFIG_CRYPTO_CAMELLIA_X86_64=y CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y CONFIG_CRYPTO_CAST_COMMON=y CONFIG_CRYPTO_CAST5=y CONFIG_CRYPTO_CAST5_AVX_X86_64=y CONFIG_CRYPTO_CAST6=y CONFIG_CRYPTO_CAST6_AVX_X86_64=y CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_DES3_EDE_X86_64=y CONFIG_CRYPTO_FCRYPT=y CONFIG_CRYPTO_KHAZAD=y CONFIG_CRYPTO_SALSA20=y CONFIG_CRYPTO_SALSA20_X86_64=y CONFIG_CRYPTO_CHACHA20=y CONFIG_CRYPTO_CHACHA20_X86_64=y CONFIG_CRYPTO_SEED=y CONFIG_CRYPTO_SERPENT=y CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y CONFIG_CRYPTO_SERPENT_AVX_X86_64=y CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y CONFIG_CRYPTO_TEA=y CONFIG_CRYPTO_TWOFISH=y CONFIG_CRYPTO_TWOFISH_COMMON=y CONFIG_CRYPTO_TWOFISH_X86_64=y CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_ZLIB=y CONFIG_CRYPTO_LZO=y CONFIG_CRYPTO_842=y CONFIG_CRYPTO_LZ4=y CONFIG_CRYPTO_LZ4HC=y CONFIG_CRYPTO_ANSI_CPRNG=y CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_DRBG_HMAC=y # CONFIG_CRYPTO_DRBG_HASH is not set # CONFIG_CRYPTO_DRBG_CTR is not set CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_AEAD=y CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_HW=y # CONFIG_CRYPTO_DEV_PADLOCK is not set # CONFIG_CRYPTO_DEV_CCP is not set # CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set # CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set > On Tue, Jan 12, 2016 at 5:27 PM, Dmitry Vyukov <dvyukov@...gle.com> wrote: >> On Tue, Jan 12, 2016 at 2:23 PM, Dmitry Vyukov <dvyukov@...gle.com> wrote: >>> On Tue, Jan 12, 2016 at 2:16 PM, Herbert Xu <herbert@...dor.apana.org.au> wrote: >>>> On Tue, Jan 12, 2016 at 10:27:44AM +0100, Dmitry Vyukov wrote: >>>>> Hello, >>>>> >>>>> The following program cause BUG in scatterwalk: >>>> >>>> Weird, I can't reproduce the crash. Can you perhaps convert this to >>>> a non-racy reproduction, possibly by using strace to find the order >>>> of execution that leads to the crash? >>> >>> >>> Concurrent execution seems to be important to reproduce the crash. I >>> wasn't able to reproduce it in single-threaded mode. >>> Try to run it in a tight parallel loop for some time. >> >> >> I've extracted another reproducer: >> https://gist.githubusercontent.com/dvyukov/94aed45494edf1dff0a8/raw/a31f439fdcdd8a8905235a9bce6e5863ca8ccf68/gistfile1.txt >> >> I don't know whether there is a simpler way to run a reproducer in a >> tight parallel loop, but I use: >> $ go get golang.org/x/tools/cmd/stress >> $ GOPATH/bin/stress -p 16 ./a.out >> >> It triggers the BUG within seconds for me.
Powered by blists - more mailing lists