lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 24 Aug 2018 09:00:00 -0400 (EDT)
From:   Mikulas Patocka <mpatocka@...hat.com>
To:     Herbert Xu <herbert@...dor.apana.org.au>
cc:     "David S. Miller" <davem@...emloft.net>,
        linux-crypto@...r.kernel.org, Mike Snitzer <msnitzer@...hat.com>,
        dm-devel@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: Deadlock when using crypto API for block devices



On Fri, 24 Aug 2018, Mikulas Patocka wrote:

> 
> 
> On Fri, 24 Aug 2018, Herbert Xu wrote:
> 
> > On Fri, Aug 24, 2018 at 07:06:32AM -0400, Mikulas Patocka wrote:
> > >
> > > A quick search through the crypto code shows that ahash_save_req and 
> > > seqiv_aead_encrypt return -ENOMEM.
> > > 
> > > Will you fix them?
> > 
> > These only trigger for unaligned buffers.  It would be much better
> > if dm-crypt can ensure that the input/output is properly unaligned
> > and if otherwise do the allocation in dm-crypt.
> 
> But we are relying here on an implementation detail and not on contract.
> 
> Mikulas

BTW. gcmaes_crypt_by_sg also contains GFP_ATOMIC and -ENOMEM, behind a 
pretty complex condition. Do you mean that this condition is part of the 
contract that the crypto API provides?

Should "req->src->offset + req->src->length < PAGE_SIZE" use "<=" instead? 
Because if the data ends up at page boundary, it will use the atomic 
allocation that can fail.

Mikulas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ