lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Jul 2016 23:05:05 +0200
From:	Nicolai Stange <nicstange@...il.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	Nicolai Stange <nicstange@...il.com>
Subject: lib/mpi: BUG: sleeping function called from invalid context on next-20160726

Hi,

with linux-next-20160726, I get this:

 BUG: sleeping function called from invalid context at /mnt/scratch/nic/linux-next/mm/slab.h:388
 in_atomic(): 1, irqs_disabled(): 0, pid: 369, name: systemd-udevd
 no locks held by systemd-udevd/369.
 CPU: 2 PID: 369 Comm: systemd-udevd Not tainted 4.7.0-rc1+ #248
 Hardware name: Dell Inc. Latitude E6540/0725FP, BIOS A10 06/26/2014
  0000000000000286 00000000899a9b52 ffff88003f53b8f8 ffffffff814472d5
  ffff8800c0752680 ffffffff81c557d8 ffff88003f53b920 ffffffff810dfba9
  ffffffff81c557d8 0000000000000184 0000000000000000 ffff88003f53b948
 Call Trace:
  [<ffffffff814472d5>] dump_stack+0x86/0xc1
  [<ffffffff810dfba9>] ___might_sleep+0x179/0x230
  [<ffffffff810dfca9>] __might_sleep+0x49/0x80
  [<ffffffff8125f1f1>] kmem_cache_alloc_trace+0x1d1/0x2e0
  [<ffffffff81479b20>] ? mpi_alloc+0x20/0x80
  [<ffffffff81479b20>] mpi_alloc+0x20/0x80
  [<ffffffff81477475>] mpi_read_raw_from_sgl+0xd5/0x1e0
  [<ffffffff813e99f6>] rsa_verify+0x66/0x100
  [<ffffffff813ea1be>] pkcs1pad_verify+0xae/0xf0
  [<ffffffff81404889>] public_key_verify_signature+0x1f9/0x290
  [<ffffffff81404935>] public_key_verify_signature_2+0x15/0x20
  [<ffffffff8140458c>] verify_signature+0x3c/0x50
  [<ffffffff8140680d>] pkcs7_validate_trust+0x11d/0x230
  [<ffffffff811eb132>] verify_pkcs7_signature+0xa2/0x150
  [<ffffffff8115747d>] mod_verify_sig+0xdd/0x130
  [<ffffffff811541cc>] load_module+0x16c/0x2970
  [<ffffffff8128b95b>] ? vfs_read+0x11b/0x130
  [<ffffffff81292342>] ? kernel_read_file+0x152/0x170
  [<ffffffff81156c66>] SYSC_finit_module+0xe6/0x120
  [<ffffffff81156cbe>] SyS_finit_module+0xe/0x10
  [<ffffffff81003fe7>] do_syscall_64+0x67/0x190
  [<ffffffff8189ab3f>] entry_SYSCALL64_slow_path+0x25/0x25



Reason is 127827b9c295 ("lib/mpi: Do not do sg_virt") which makes
mpi_read_raw_from_sgl() calling mpi_alloc() while having a sg entry
mapped via kmap_atomic() and thus, preemption disabled.

I would have sent a patch, but there is another point which puzzles me
in mpi_read_raw_from_sgl():

  [...]
  const u8 *buff;
  [...]
  sg_miter_start(&miter, sgl, ents, SG_MITER_ATOMIC | SG_MITER_FROM_SG);

  lzeros = 0;
  len = 0;
  while (nbytes > 0) {
  	while (len && !*buff) {
  		lzeros++;
  		len--;
  		buff++;
  	}


Thus, buff isn't initialized before its first use? Or am I misreading
something here?

Thanks,

Nicolai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ