lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 29 Aug 2019 10:58:19 -0500
From:   Eric Biggers <ebiggers@...nel.org>
To:     Christophe Leroy <christophe.leroy@....fr>
Cc:     linux-crypto@...r.kernel.org,
        Herbert Xu <herbert@...dor.apana.org.au>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 13/15] crypto: testmgr - convert hash testing to use
 testvec_configs

On Thu, Aug 29, 2019 at 05:32:46PM +0200, Christophe Leroy wrote:
> Hi Eric,
> 
> 
> Le 01/02/2019 à 08:51, Eric Biggers a écrit :
> > From: Eric Biggers <ebiggers@...gle.com>
> > 
> > Convert alg_test_hash() to use the new test framework, adding a list of
> > testvec_configs to test by default.  When the extra self-tests are
> > enabled, randomly generated testvec_configs are tested as well.
> > 
> > This improves hash test coverage mainly because now all algorithms have
> > a variety of data layouts tested, whereas before each algorithm was
> > responsible for declaring its own chunked test cases which were often
> > missing or provided poor test coverage.  The new code also tests both
> > the MAY_SLEEP and !MAY_SLEEP cases and buffers that cross pages.
> > 
> > This already found bugs in the hash walk code and in the arm32 and arm64
> > implementations of crct10dif.
> > 
> > I removed the hash chunked test vectors that were the same as
> > non-chunked ones, but left the ones that were unique.
> > 
> > Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> > ---
> >   crypto/testmgr.c | 795 ++++++++++++++++++++---------------------------
> >   crypto/testmgr.h | 107 +------
> >   2 files changed, 352 insertions(+), 550 deletions(-)
> > 
> > diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> > index 7638090ff1b0a..96aa268ff4184 100644
> > --- a/crypto/testmgr.c
> > +++ b/crypto/testmgr.c
> 
> [...]
> 
> 
> > -static int __test_hash(struct crypto_ahash *tfm,
> > -		       const struct hash_testvec *template, unsigned int tcount,
> > -		       enum hash_test test_type, const int align_offset)
> > +static int test_hash_vec_cfg(const char *driver,
> > +			     const struct hash_testvec *vec,
> > +			     unsigned int vec_num,
> > +			     const struct testvec_config *cfg,
> > +			     struct ahash_request *req,
> > +			     struct test_sglist *tsgl,
> > +			     u8 *hashstate)
> >   {
> > -	const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
> > -	size_t digest_size = crypto_ahash_digestsize(tfm);
> > -	unsigned int i, j, k, temp;
> > -	struct scatterlist sg[8];
> > -	char *result;
> > -	char *key;
> > -	struct ahash_request *req;
> > -	struct crypto_wait wait;
> > -	void *hash_buff;
> > -	char *xbuf[XBUFSIZE];
> > -	int ret = -ENOMEM;
> > -
> > -	result = kmalloc(digest_size, GFP_KERNEL);
> > -	if (!result)
> > -		return ret;
> > -	key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
> > -	if (!key)
> > -		goto out_nobuf;
> > -	if (testmgr_alloc_buf(xbuf))
> > -		goto out_nobuf;
> > +	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> > +	const unsigned int alignmask = crypto_ahash_alignmask(tfm);
> > +	const unsigned int digestsize = crypto_ahash_digestsize(tfm);
> > +	const unsigned int statesize = crypto_ahash_statesize(tfm);
> > +	const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
> > +	const struct test_sg_division *divs[XBUFSIZE];
> > +	DECLARE_CRYPTO_WAIT(wait);
> > +	struct kvec _input;
> > +	struct iov_iter input;
> > +	unsigned int i;
> > +	struct scatterlist *pending_sgl;
> > +	unsigned int pending_len;
> > +	u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
> 
> Before this patch, result was allocated with kmalloc().
> Now, result is in the stack. Is there a reason for this change ?
> 
> Due to this change, the talitos driver fails when using CONFIG_VMAP_STACK,
> because result is not dma-able anymore.
> 

Yes, moving 'result' to the stack simplified the code slightly and also helps
detect buggy drivers that assume that 'result' is DMA-able.  Note that some
"real" API users also put 'result' on the stack, as the API allows it.
This is not new; the only new thing is that the tests now test it.

> 
> How should this be fixed ?
> 

Take a look at how other drivers have fixed this issue in the past, e.g.
commit c19650d6ea9 ("crypto: caam - fix DMA mapping of stack memory").
Seems that you need to DMA into a temporary buffer.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ