From: Corentin Labbe <clabbe.montjoie@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, linux-arm-kernel@lists.infradead.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH] crypto: authenc - Fix sleep in atomic context in decrypt_tail
Date: Thu, 27 Jan 2022 14:34:41 +0100 [thread overview]
Message-ID: <YfKfcRCOgCzYNLRG@Red> (raw)
In-Reply-To: <Yee2oKxPSLaYY31N@gondor.apana.org.au>
Le Wed, Jan 19, 2022 at 05:58:40PM +1100, Herbert Xu a écrit :
> On Tue, Jan 18, 2022 at 08:52:53AM +0100, Corentin Labbe wrote:
> >
> > With my patch, I got:
> > [ 38.515668] BUG: sleeping function called from invalid context at crypto/skcipher.c:482
> > [ 38.523708] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 84, name: 1c15000.crypto-
> > [ 38.532176] preempt_count: 200, expected: 0
> > [ 38.536381] CPU: 6 PID: 84 Comm: 1c15000.crypto- Not tainted 5.16.0-next-20220115-00124-g13473e8fac33-dirty #116
> > [ 38.546551] Hardware name: Allwinner A83t board
> > [ 38.551100] unwind_backtrace from show_stack+0x10/0x14
> > [ 38.556358] show_stack from dump_stack_lvl+0x40/0x4c
> > [ 38.561428] dump_stack_lvl from __might_resched+0x118/0x154
> > [ 38.567107] __might_resched from skcipher_walk_virt+0xe8/0xec
> > [ 38.572955] skcipher_walk_virt from crypto_cbc_decrypt+0x2c/0x170
> > [ 38.579147] crypto_cbc_decrypt from crypto_skcipher_decrypt+0x38/0x5c
> > [ 38.585680] crypto_skcipher_decrypt from authenc_verify_ahash_done+0x18/0x34
> > [ 38.592825] authenc_verify_ahash_done from crypto_finalize_request+0x6c/0xe4
> > [ 38.599974] crypto_finalize_request from sun8i_ss_hash_run+0x73c/0xb98
> > [ 38.606602] sun8i_ss_hash_run from crypto_pump_work+0x1a8/0x330
> > [ 38.612616] crypto_pump_work from kthread_worker_fn+0xa8/0x1c4
> > [ 38.618550] kthread_worker_fn from kthread+0xf0/0x110
> > [ 38.623701] kthread from ret_from_fork+0x14/0x2c
> > [ 38.628414] Exception stack(0xc2247fb0 to 0xc2247ff8)
> > [ 38.633468] 7fa0: 00000000 00000000 00000000 00000000
> > [ 38.641640] 7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> > [ 38.649809] 7fe0:i 00000000 00000000 00000000 00000000 00000013 00000000
> >
> > This is when testing hmac(sha1) on my crypto driver sun8i-ss and crypto testing authenc(hmac-sha1-sun8i-ss,cbc(aes-generic)).
> >
> > Do you have any idea to better fix my issue ?
>
> This backtrace is caused by a bug in authenc:
>
> ---8<---
> The function crypto_authenc_decrypt_tail discards its flags
> argument and always relies on the flags from the original request
> when starting its sub-request.
>
> This is clearly wrong as it may cause the SLEEPABLE flag to be
> set when it shouldn't.
>
> Fixes: 92d95ba91772 ("crypto: authenc - Convert to new AEAD interface")
> Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/crypto/authenc.c b/crypto/authenc.c
> index 670bf1a01d00..17f674a7cdff 100644
> --- a/crypto/authenc.c
> +++ b/crypto/authenc.c
> @@ -253,7 +253,7 @@ static int crypto_authenc_decrypt_tail(struct aead_request *req,
> dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
>
> skcipher_request_set_tfm(skreq, ctx->enc);
> - skcipher_request_set_callback(skreq, aead_request_flags(req),
> + skcipher_request_set_callback(skreq, flags,
> req->base.complete, req->base.data);
> skcipher_request_set_crypt(skreq, src, dst,
> req->cryptlen - authsize, req->iv);
> --
This fixes my issue.
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Thanks
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Corentin Labbe <clabbe.montjoie@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, linux-arm-kernel@lists.infradead.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH] crypto: authenc - Fix sleep in atomic context in decrypt_tail
Date: Thu, 27 Jan 2022 14:34:41 +0100 [thread overview]
Message-ID: <YfKfcRCOgCzYNLRG@Red> (raw)
In-Reply-To: <Yee2oKxPSLaYY31N@gondor.apana.org.au>
Le Wed, Jan 19, 2022 at 05:58:40PM +1100, Herbert Xu a écrit :
> On Tue, Jan 18, 2022 at 08:52:53AM +0100, Corentin Labbe wrote:
> >
> > With my patch, I got:
> > [ 38.515668] BUG: sleeping function called from invalid context at crypto/skcipher.c:482
> > [ 38.523708] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 84, name: 1c15000.crypto-
> > [ 38.532176] preempt_count: 200, expected: 0
> > [ 38.536381] CPU: 6 PID: 84 Comm: 1c15000.crypto- Not tainted 5.16.0-next-20220115-00124-g13473e8fac33-dirty #116
> > [ 38.546551] Hardware name: Allwinner A83t board
> > [ 38.551100] unwind_backtrace from show_stack+0x10/0x14
> > [ 38.556358] show_stack from dump_stack_lvl+0x40/0x4c
> > [ 38.561428] dump_stack_lvl from __might_resched+0x118/0x154
> > [ 38.567107] __might_resched from skcipher_walk_virt+0xe8/0xec
> > [ 38.572955] skcipher_walk_virt from crypto_cbc_decrypt+0x2c/0x170
> > [ 38.579147] crypto_cbc_decrypt from crypto_skcipher_decrypt+0x38/0x5c
> > [ 38.585680] crypto_skcipher_decrypt from authenc_verify_ahash_done+0x18/0x34
> > [ 38.592825] authenc_verify_ahash_done from crypto_finalize_request+0x6c/0xe4
> > [ 38.599974] crypto_finalize_request from sun8i_ss_hash_run+0x73c/0xb98
> > [ 38.606602] sun8i_ss_hash_run from crypto_pump_work+0x1a8/0x330
> > [ 38.612616] crypto_pump_work from kthread_worker_fn+0xa8/0x1c4
> > [ 38.618550] kthread_worker_fn from kthread+0xf0/0x110
> > [ 38.623701] kthread from ret_from_fork+0x14/0x2c
> > [ 38.628414] Exception stack(0xc2247fb0 to 0xc2247ff8)
> > [ 38.633468] 7fa0: 00000000 00000000 00000000 00000000
> > [ 38.641640] 7fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> > [ 38.649809] 7fe0:i 00000000 00000000 00000000 00000000 00000013 00000000
> >
> > This is when testing hmac(sha1) on my crypto driver sun8i-ss and crypto testing authenc(hmac-sha1-sun8i-ss,cbc(aes-generic)).
> >
> > Do you have any idea to better fix my issue ?
>
> This backtrace is caused by a bug in authenc:
>
> ---8<---
> The function crypto_authenc_decrypt_tail discards its flags
> argument and always relies on the flags from the original request
> when starting its sub-request.
>
> This is clearly wrong as it may cause the SLEEPABLE flag to be
> set when it shouldn't.
>
> Fixes: 92d95ba91772 ("crypto: authenc - Convert to new AEAD interface")
> Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/crypto/authenc.c b/crypto/authenc.c
> index 670bf1a01d00..17f674a7cdff 100644
> --- a/crypto/authenc.c
> +++ b/crypto/authenc.c
> @@ -253,7 +253,7 @@ static int crypto_authenc_decrypt_tail(struct aead_request *req,
> dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
>
> skcipher_request_set_tfm(skreq, ctx->enc);
> - skcipher_request_set_callback(skreq, aead_request_flags(req),
> + skcipher_request_set_callback(skreq, flags,
> req->base.complete, req->base.data);
> skcipher_request_set_crypt(skreq, src, dst,
> req->cryptlen - authsize, req->iv);
> --
This fixes my issue.
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Thanks
next prev parent reply other threads:[~2022-01-27 13:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 9:47 crypto: BUG: spinlock recursion when doing iperf over ipsec with crypto hardware device Corentin Labbe
2022-01-11 9:47 ` Corentin Labbe
2022-01-12 12:07 ` Corentin Labbe
2022-01-12 12:07 ` Corentin Labbe
2022-01-14 4:14 ` Herbert Xu
2022-01-14 4:14 ` Herbert Xu
2022-01-14 4:23 ` Herbert Xu
2022-01-14 4:23 ` Herbert Xu
2022-01-14 7:12 ` Corentin Labbe
2022-01-14 7:12 ` Corentin Labbe
2022-01-18 7:52 ` Corentin Labbe
2022-01-18 7:52 ` Corentin Labbe
2022-01-19 6:58 ` [PATCH] crypto: authenc - Fix sleep in atomic context in decrypt_tail Herbert Xu
2022-01-19 6:58 ` Herbert Xu
2022-01-27 13:34 ` Corentin Labbe [this message]
2022-01-27 13:34 ` Corentin Labbe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YfKfcRCOgCzYNLRG@Red \
--to=clabbe.montjoie@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.