| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Dec 2021 10:54:32 +0800
From: Yujie Liu <yujie.liu@...el.com>
To: Stephan Müller <smueller@...onox.de>
CC: Herbert Xu <herbert@...dor.apana.org.au>,
Mat Martineau <mathew.j.martineau@...ux.intel.com>,
LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
<lkp@...ts.01.org>, <lkp@...el.com>,
"Sang, Oliver" <oliver.sang@...el.com>
Subject: Re: [security] d3b04a4398:
WARNING:at_crypto/kdf_sp800108.c:#crypto_kdf108_init
Hi Stephan,
On 12/5/2021 6:21 PM, Stephan Müller wrote:
> Am Dienstag, 30. November 2021, 09:04:19 CET schrieb kernel test robot:
>
> Hi,
>
> ...
>>
>>
>> +------------------------------------------------------+------------+-------
>> -----+
>> | | d792134423 |
>> | | d3b04a4398 |
>>
>> +------------------------------------------------------+------------+-------
>> -----+
>> | boot_successes | 14 | 0
>> | | boot_failures | 0 |
>> | 16 | WARNING:at_crypto/kdf_sp800108.c:#crypto_kdf108_init | 0
>> | | 16 | EIP:crypto_kdf108_init
>> | | 0 | 16 |
>> +------------------------------------------------------+------------+-------
>> -----+
>>
>>
>> If you fix the issue, kindly add following tag
>> Reported-by: kernel test robot <oliver.sang@...el.com>
>>
>>
>> [ 18.648980][ T1] WARNING: CPU: 0 PID: 1 at crypto/kdf_sp800108.c:138
>> crypto_kdf108_init (crypto/kdf_sp800108.c:136) [ 18.649900][ T1]
>> Modules linked in:
>
> The issue is that the self-test fails for 16 out of 30 times, i.e. it is kind
> of random when it happens or not.
+------------------------------------------------------+------------+------------+
| | d792134423 | d3b04a4398 |
+------------------------------------------------------+------------+------------+
| boot_successes | 14 | 0 |
| boot_failures | 0 | 16 |
| WARNING:at_crypto/kdf_sp800108.c:#crypto_kdf108_init | 0 | 16 |
| EIP:crypto_kdf108_init | 0 | 16 |
+------------------------------------------------------+------------+------------+
This table shows that we have tested commit d3b04a4398("security: DH - use KDF
implementation from crypto API") for several runs of boot test in qemu but got
100% bad result. We have also tested its parent commit (i.e. commit d792134423
"security: DH - remove dead code for zero padding") and all the runs got 100%
good result. So this is not a random issue.
>
> I am unable to reproduce it with i386 and clang-13. I can also not reproduce
> it with GCC.
We have tested the i386 kernel built by gcc-9 or clang-14, and confirmed both
of them can reproduce this issue reliably.
Please be sure to follow the reproduce steps in original report mail. The full
reproduce log is attached.
>
> Nor do I see an obvious issue in the code that points to either uninitizlized
> memory or otherwise could affect the test result.
the dmesg warning introduced by commit d3b04a4398 is:
[ 11.061347][ T1] alg: kdf: could not allocate hash handle for hmac(sha256)
[ 11.061744][ T1] ------------[ cut here ]------------
[ 11.062032][ T1] alg: self-tests for CTR-KDF (hmac(sha256)) failed (rc=-12)
[ 11.062454][ T1] WARNING: CPU: 0 PID: 1 at crypto/kdf_sp800108.c:136 crypto_kdf108_init+0xec/0x107
[ 11.062959][ T1] Modules linked in:
[ 11.063164][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc1-13186-gd3b04a4398fe #1
[ 11.063624][ T1] EIP: crypto_kdf108_init+0xec/0x107
...
We noticed that commit d3b04a4398 added "select CONFIG_CRYPTO_KDF800108_CTR" in
security/keys/Kconfig, so we speculate that this issue may have connection with
other code controlled by this config, not limited to the code introduced in
this commit. In other words, this is more likely a "For your reference" report.
Regards,
Yujie
View attachment "reproduce.log" of type "text/plain" (50918 bytes)
Powered by blists - more mailing lists