| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.02.1808240854010.15479@file01.intranet.prod.int.rdu2.redhat.com>
Date: Fri, 24 Aug 2018 09:00:00 -0400 (EDT)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Herbert Xu <herbert@...dor.apana.org.au>
cc: "David S. Miller" <davem@...emloft.net>,
linux-crypto@...r.kernel.org, Mike Snitzer <msnitzer@...hat.com>,
dm-devel@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: Deadlock when using crypto API for block devices
On Fri, 24 Aug 2018, Mikulas Patocka wrote:
>
>
> On Fri, 24 Aug 2018, Herbert Xu wrote:
>
> > On Fri, Aug 24, 2018 at 07:06:32AM -0400, Mikulas Patocka wrote:
> > >
> > > A quick search through the crypto code shows that ahash_save_req and
> > > seqiv_aead_encrypt return -ENOMEM.
> > >
> > > Will you fix them?
> >
> > These only trigger for unaligned buffers. It would be much better
> > if dm-crypt can ensure that the input/output is properly unaligned
> > and if otherwise do the allocation in dm-crypt.
>
> But we are relying here on an implementation detail and not on contract.
>
> Mikulas
BTW. gcmaes_crypt_by_sg also contains GFP_ATOMIC and -ENOMEM, behind a
pretty complex condition. Do you mean that this condition is part of the
contract that the crypto API provides?
Should "req->src->offset + req->src->length < PAGE_SIZE" use "<=" instead?
Because if the data ends up at page boundary, it will use the atomic
allocation that can fail.
Mikulas
Powered by blists - more mailing lists