| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKv+Gu9y_UDadH1Qu1b=rRmoagEjHj40Y3OHEredHxP5np_zrQ@mail.gmail.com>
Date: Tue, 13 Sep 2016 08:56:50 +0100
From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: liushuoran <liushuoran@...wei.com>, Xiakaixu <xiakaixu@...wei.com>,
"David S. Miller" <davem@...emloft.net>,
"Theodore Ts'o" <tytso@....edu>, Jaegeuk Kim <jaegeuk@...nel.org>,
"nhorman@...driver.com" <nhorman@...driver.com>,
"mh1@....fi" <mh1@....fi>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Wangbintian <bintian.wang@...wei.com>,
Huxinwei <huxinwei@...wei.com>,
"zhangzhibin (C)" <zhangzhibin.zhang@...wei.com>
Subject: Re: Kernel panic - encryption/decryption failed when open file on Arm64
On 13 September 2016 at 07:43, Herbert Xu <herbert@...dor.apana.org.au> wrote:
> On Mon, Sep 12, 2016 at 06:40:15PM +0100, Ard Biesheuvel wrote:
>>
>> So to me, it seems like we should be taking the blkcipher_next_slow()
>> path, which does a kmalloc() and bails with -ENOMEM if that fails.
>
> Indeed. This was broken a long time ago. It does seem to be
> fixed in the new skcipher_walk code but here is a patch to fix
> it for older kernels.
>
> ---8<---
> Subject: crypto: skcipher - Fix blkcipher walk OOM crash
>
> When we need to allocate a temporary blkcipher_walk_next and it
> fails, the code is supposed to take the slow path of processing
> the data block by block. However, due to an unrelated change
> we instead end up dereferencing the NULL pointer.
>
> This patch fixes it by moving the unrelated bsize setting out
> of the way so that we enter the slow path as inteded.
>
inteNded ^^^
> Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
> Cc: stable@...r.kernel.org
> Reported-by: xiakaixu <xiakaixu@...wei.com>
> Reported-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
>
This fixes the issue for me
Tested-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>
I will follow up with fixes for the ARM and arm64 CTR code shortly.
Thanks,
Ard.
> diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
> index 3699995..a832426 100644
> --- a/crypto/blkcipher.c
> +++ b/crypto/blkcipher.c
> @@ -233,6 +233,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
> return blkcipher_walk_done(desc, walk, -EINVAL);
> }
>
> + bsize = min(walk->walk_blocksize, n);
> +
> walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
> BLKCIPHER_WALK_DIFF);
> if (!scatterwalk_aligned(&walk->in, walk->alignmask) ||
> @@ -245,7 +247,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
> }
> }
>
> - bsize = min(walk->walk_blocksize, n);
> n = scatterwalk_clamp(&walk->in, n);
> n = scatterwalk_clamp(&walk->out, n);
>
> --
> Email: Herbert Xu <herbert@...dor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists