linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Linux 3.6-rc5
@ 2012-09-09  0:18 Linus Torvalds
  2012-09-09  9:13 ` Romain Francoise
  0 siblings, 1 reply; 14+ messages in thread
From: Linus Torvalds @ 2012-09-09  0:18 UTC (permalink / raw)
  To: Linux Kernel Mailing List

Hey, we're back to the *regular* release schedule, with weekly -rc's and all.

So 3.6-rc5 is out there, and everything is looking fairly calm. Too
calm, in fact, I'm waiting for the other shoe to drop, when Greg
finally crawls his way out from under his mailbox after the kernel
summit and kayaking. I suspect a few other developers may also have
been quiet because of the kernel summit and related travel.

I have some more travel myself coming up, but if it stays this quiet
it will hopefully not even be noticeable.

Anyway, what's new? Not a whole lot, and what is there is really
spread pretty much all over, but we're back to the usual situation
with the bulk of it being drivers: sound, mmc, networking (both wired
and wireless), pci, video.

There's some ARM (and to a lesser degree powerpc) updates too, and
some cifs stuff. And random one-liners scattered pretty much all over.
The shortlog is appended, so scan over it just to get a feel for
things,

                    Linus

---


Alan Cox (1):
      dj: memory scribble in logi_dj

Alan Stern (1):
      HID: add NOGET quirk for Eaton Ellipse MAX UPS

Aleksander Morgado (1):
      net: qmi_wwan: new device: Foxconn/Novatel E396

Alex Shi (1):
      xen: fix logical error in tlb flushing

Alexey Khoroshilov (1):
      can: softing: Fix potential memory leak in softing_load_fw()

Amerigo Wang (1):
      netpoll: revert 6bdb7fe3104 and fix be_poll() instead

Andres Freund (1):
      HID: tpkbd: work even if the new Lenovo Keyboard driver is not configured

Andrew Lunn (1):
      ARM: Kirkwood: Fix 'SZ_1M' undeclared here for db88f6281-bp-setup.c

Anton Blanchard (4):
      powerpc: Update DSCR on all CPUs when writing sysfs dscr_default
      powerpc: Keep thread.dscr and thread.dscr_inherit in sync
      powerpc: Fix DSCR inheritance in copy_thread()
      powerpc: Restore correct DSCR in context switch

Artem Bityutskiy (1):
      UBI: fix a horrible memory deallocation bug

Axel Lin (3):
      gpio: mc9s08dz60: Fix build error if I2C=m
      gpio: em: Fix checking return value of irq_alloc_descs
      gpio: rdc321x: Prevent removal of modules exporting active GPIOs

Ben Hutchings (1):
      sfc: Fix reporting of IPv4 full filters through ethtool

Benjamin Herrenschmidt (1):
      powerpc: Don't use __put_user() in patch_instruction

Bin Liu (1):
      net: ethernet: fix kernel OOPS when remove davinci_mdio module

Bjorn Helgaas (1):
      PCI: Don't print anything while decoding is disabled

Bjørn Mork (1):
      net: qmi_wwan: add several new Gobi devices

Bo Shen (1):
      ARM: at91/dts: remove partial parameter in at91sam9g25ek.dts

Bruce Allan (1):
      e1000e: DoS while TSO enabled caused by link partner with small MSS

Bruno Prémont (1):
      fbcon: Fix bit_putcs() call to kmalloc(s, GFP_KERNEL)

Claudiu Manoil (1):
      gianfar: fix default tx vlan offload feature flag

Dan Carpenter (2):
      video: mb862xxfb: prevent divide by zero bug
      fddi: 64 bit bug in smt_add_para()

Daniel Mack (4):
      ALSA: snd-usb: Fix URB cancellation at stream start
      ALSA: snd-usb: restore delay information
      ALSA: snd-usb: fix calls to next_packet_size
      ALSA: snd-usb: fix cross-interface streaming devices

Dave Jones (1):
      Remove user-triggerable BUG from mpol_to_str

David Henningsson (1):
      ALSA: hda - Do not set GPIOs for speakers on IDT if there are no speakers

Dmitry Torokhov (1):
      Input: i8042 - add Gigabyte T1005 series netbooks to noloop table

Doug Anderson (1):
      mmc: dw_mmc: Disable low power mode if SDIO interrupts are used

Eric Dumazet (3):
      ipv4: properly update pmtu
      ipv4: take rt_uncached_lock only if needed
      ipv4: must use rcu protection while calling fib_lookup

Fengguang Wu (1):
      af_packet: match_fanout_group() can be static

Francesco Ruggeri (1):
      net: ipv4: ipmr_expire_timer causes crash when removing net namespace

Giuseppe CAVALLARO (2):
      stmmac: fix GMAC syn ID
      stmmac: fix a typo in the macro used to mask the mmc irq

Grazvydas Ignotas (1):
      OMAPFB: fix framebuffer console colors

Guenter Roeck (2):
      Input: edt-ft5x06 - fix build error when compiling wthout CONFIG_DEBUG_FS
      linux/kernel.h: Fix DIV_ROUND_CLOSEST to support negative dividends

Henrik Rydberg (1):
      HID: Only dump input if someone is listening

Hiroshi Doyu (4):
      ARM: dma-mapping: atomic_pool with struct page **pages
      ARM: dma-mapping: Refactor out to introduce __in_atomic_pool
      ARM: dma-mapping: Introduce __atomic_get_pages() for __iommu_get_pages()
      ARM: dma-mapping: IOMMU allocates pages from atomic_pool with GFP_ATOMIC

Huang Ying (4):
      PCI/PM: Enable D3/D3cold by default for most devices
      PCI/PM: Keep parent bridge active when probing device
      PCI/PM: Fix config reg access for D3cold and bridge suspending
      PCI/PM: Add ABI document for sysfs file d3cold_allowed

Ian Campbell (1):
      xen-netfront: use __pskb_pull_tail to ensure linear area is big
enough on RX

Ian Chen (1):
      mmc: card: Skip secure erase on MoviNAND; causes unrecoverable corruption.

Jaccon Bastiaansen (1):
      cs89x0 : packet reception not working

Jason Gerecke (1):
      Input: wacom - add support for EMR on Cintiq 24HD touch

Jesse Larrew (1):
      powerpc/vphn: Fix arch_update_cpu_topology() return value

Johannes Berg (2):
      iwlwifi: fix flow handler debug code
      iwlwifi: protect SRAM debugfs

Julia Lawall (7):
      drivers/net/wireless/ipw2x00/ipw2100.c: introduce missing initialization
      drivers/video/auo_k190x.c: drop kfree of devm_kzalloc's data
      ipvs: fix error return code
      netfilter: ctnetlink: fix error return code in init path
      netfilter: nfnetlink_log: fix error return code in init path
      net: ipv6: fix error return code
      net/xfrm/xfrm_state.c: fix error return code

Konrad Rzeszutek Wilk (2):
      xen/p2m: Fix one-off error in checking the P2M tree directory.
      xen/pciback: Fix proper FLR steps.

Kuninori Morimoto (5):
      ARM: shmobile: sh73a0: fixup RELOC_BASE of intca_irq_pins_desc
      ARM: shmobile: marzen: fixup smsc911x id for regulator
      ARM: shmobile: armadillo800eva: fixup: sound card detection order
      ARM: shmobile: mackerel: fixup usb module order
      ARM: shmobile: armadillo800eva: enable rw rootfs mount

Laurent Pinchart (2):
      ARM: mach-shmobile: armadillo800eva: Fix GPIO buttons descriptions
      ARM: mach-shmobile: armadillo800eva: Enable power button as wakeup source

Lauri Hintsala (2):
      mmc: mxs-mmc: fix deadlock in SDIO IRQ case
      mmc: mxs-mmc: fix deadlock caused by recursion loop

Linus Torvalds (1):
      Linux 3.6-rc5

Linus Walleij (1):
      ARM: gemini: fix the gemini build

Ludovic Desroches (4):
      ARM: at91: fix system timer irq issue due to sparse irq support
      ARM: at91: fix rtc-at91sam9 irq issue due to sparse irq support
      ARM: at91/feature-removal-schedule: delay at91_mci removal
      mmc: atmel-mci: not busy flag has also to be used for read operations

Marek Szyprowski (5):
      mm: cma: fix alignment requirements for contiguous regions
      ARM: relax conditions required for enabling Contiguous Memory Allocator
      ARM: DMA-Mapping: add function for setting coherent pool size
from platform code
      ARM: DMA-Mapping: print warning when atomic coherent allocation fails
      ARM: Kirkwood: increase atomic coherent pool size

Mark Asselstine (1):
      firmware: fix directory creation rule matching with make 3.82

Merav Sicron (2):
      bnx2x: Move netif_napi_add to the open call
      bnx2x: Correct the ndo_poll_controller call

Michael Grzeschik (1):
      Input: imx_keypad - reset the hardware before enabling

Michal Marek (1):
      link-vmlinux.sh: Fix stray "echo" in error message

Miklos Szeredi (1):
      uml: fix compile error in deliver_alarm()

Mikulas Patocka (1):
      Fix order of arguments to compat_put_time[spec|val]

Nicolas Ferre (1):
      ARM: at91/clock: fix PLLA overclock warning

Oliver Neukum (1):
      usbnet: fix deadlock in resume

Pablo Neira Ayuso (3):
      netlink: fix possible spoofing from non-root processes
      netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP
expectation
      netfilter: nf_conntrack: fix racy timer handling with reliable events

Patrick McHardy (1):
      netfilter: nfnetlink_log: fix NLA_PUT macro removal bug

Paul Cercueil (1):
      fbcon: prevent possible buffer overflow.

Paul Mackerras (3):
      powerpc: Give hypervisor decrementer interrupts their own handler
      powerpc/powernv: Always go into nap mode when CPU is offline
      powerpc: Make sure IPI handlers see data written by IPI senders

Paul Walmsley (1):
      mmc: omap: fix broken PIO mode

Pavel Roskin (1):
      ALSA: snd-usb: use list_for_each_safe for endpoint resources

Pavel Shilovsky (2):
      CIFS: Fix log messages in packet checking for SMB2
      CIFS: Fix cifs_do_create error hadnling

Rayagond Kokatanur (1):
      stmmac: add header inclusion protection

Ronny Hegewald (1):
      xen: Use correct masking in xen_swiotlb_alloc_coherent.

Seungwon Jeon (3):
      mmc: dw_mmc: amend using error interrupt status
      mmc: dw_mmc: correct mishandling error interrupt
      mmc: dw_mmc: fix error handling in PIO mode

Shawn Guo (1):
      mmc: sdhci-esdhc: break out early if clock is 0

Sonic Zhang (1):
      mmc: bfin_sdh: fix dma_desc_array build error

Steve French (2):
      CIFS: Protect i_nlink from being negative
      cifs: print error code if smb signature verification fails

Sven Schmitt (1):
      can: sja1000_platform: fix wrong flag IRQF_SHARED for interrupt sharing

Takashi Iwai (2):
      ALSA: hda - Avoid unnecessary parameter read for EPSS
      ALSA: hda - Don't trust codec EPSS bit for IDT 92HD83xx & co

Thierry Reding (1):
      gpio: Fix debug message in of_get_named_gpio_flags()

Thomas Huehn (1):
      ath5k: fix wrong max power per rate eeprom reads for 802.11a

Thomas Pedersen (1):
      mac80211: fix DS to MBSS address translation

Tomi Valkeinen (1):
      OMAPDSS: Fix SDI PLL locking

Vladimir Zapolskiy (1):
      brcm80211: smac: set interface down on reset

Yuchung Cheng (1):
      tcp: fix cwnd reduction for non-sack recovery

Yuval Mintz (1):
      bnx2x: fix 57840_MF pci id

xeb@mail.ru (1):
      l2tp: avoid to use synchronize_rcu in tunnel free function

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09  0:18 Linux 3.6-rc5 Linus Torvalds
@ 2012-09-09  9:13 ` Romain Francoise
  2012-09-09 12:54   ` Jussi Kivilinna
  2012-09-09 19:19   ` Herbert Xu
  0 siblings, 2 replies; 14+ messages in thread
From: Romain Francoise @ 2012-09-09  9:13 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Linux Kernel Mailing List, Linux Crypto Mailing List, Herbert Xu

Still seeing this BUG with -rc5, that I originally reported here:
http://marc.info/?l=linux-crypto-vger&m=134653220530264&w=2

[   26.362567] ------------[ cut here ]------------
[   26.362583] kernel BUG at crypto/scatterwalk.c:37!
[   26.362606] invalid opcode: 0000 [#1] SMP 
[   26.362622] Modules linked in: authenc xfrm6_mode_tunnel xfrm4_mode_tunnel cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 binfmt_misc deflate zlib_deflate ctr twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common camellia_generic camellia_x86_64 serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic glue_helper lrw xts gf128mul blowfish_generic blowfish_x86_64 blowfish_common cast5 des_generic cbc xcbc rmd160 sha512_generic sha1_ssse3 sha1_generic hmac crypto_null af_key xfrm_algo ip6table_filter ip6_tables xt_recent xt_LOG nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables hwmon_vid msr vhost_net macvtap macvlan tun loop bridge stp llc firewire_sbp2 fuse rc_dib0700_rc5 snd_hda_codec_hdmi dvb_usb_dib0700 dib7000m dib0090 dib8000 dib0070 dib7000p dib3000mc dibx000_common dvb_usb snd_hda_codec_realtek dvb_core rc_co
 re snd
_hda_intel snd_hda_codec snd_seq_midi snd_seq_midi_event snd_hwdep snd_pcm_oss snd_rawmidi snd_mixer_oss snd_seq snd_pcm snd_seq_device radeon snd_timer snd soundcore acpi_cpufreq mperf ttm processor drm_kms_helper thermal_sys mxm_wmi drm snd_page_alloc i2c_algo_bit i2c_i801 i2c_core lpc_ich button psmouse evdev coretemp serio_raw wmi pcspkr mei kvm_intel kvm ext4 crc16 jbd2 mbcache sha256_generic usb_storage uas dm_crypt dm_mod raid10 raid1 md_mod sg ata_generic sd_mod hid_generic crc_t10dif pata_marvell usbhid hid crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 aes_generic ablk_helper cryptd firewire_ohci microcode ahci firewire_core libahci crc_itu_t libata scsi_mod xhci_hcd ehci_hcd usbcore usb_common e1000e
[   26.371138] CPU 5 
[   26.371146] Pid: 3704, comm: cryptomgr_test Not tainted 3.6.0-rc5-ore #1                  /DP67BG
[   26.374095] RIP: 0010:[<ffffffff811d70d1>]  [<ffffffff811d70d1>] scatterwalk_start+0x11/0x20
[   26.375598] RSP: 0018:ffff88040d62b9d8  EFLAGS: 00010246
[   26.377067] RAX: 0000000000000000 RBX: ffff88040b6e3868 RCX: 0000000000000014
[   26.378567] RDX: 0000000000000020 RSI: ffff88040b6e3868 RDI: ffff88040d62b9e0
[   26.380028] RBP: 0000000000000020 R08: 0000000000000001 R09: ffff88040b6e39a8
[   26.381494] R10: ffffffffa06b4000 R11: ffff88040b6e39fc R12: 0000000000000014
[   26.383023] R13: 0000000000000001 R14: ffff88040b6e38f8 R15: 0000000000000000
[   26.384488] FS:  0000000000000000(0000) GS:ffff88041f540000(0000) knlGS:0000000000000000
[   26.385973] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   26.387581] CR2: 00007f54c282fbd0 CR3: 000000000180b000 CR4: 00000000000407e0
[   26.389057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.390547] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   26.392015] Process cryptomgr_test (pid: 3704, threadinfo ffff88040d62a000, task ffff88040ca3ab60)
[   26.393558] Stack:
[   26.395103]  ffffffff811d72fb ffff88040b6e3868 0000002000000000 ffff88040b6e3868
[   26.396622]  ffff88040b6e3800 ffff88040b6e3868 0000000000000020 ffff88040b6e3868
[   26.398163]  ffff88040919f440 ffff88040d62bcc8 ffffffffa07edaa0 ffff88040b6e3930
[   26.399643] Call Trace:
[   26.401112]  [<ffffffff811d72fb>] ? scatterwalk_map_and_copy+0x5b/0xd0
[   26.402714]  [<ffffffffa07edaa0>] ? crypto_authenc_genicv+0xa0/0x300 [authenc]
[   26.404274]  [<ffffffff811de5bb>] ? test_aead+0x58b/0xcd0
[   26.406082]  [<ffffffff811d4cb0>] ? crypto_mod_get+0x10/0x30
[   26.407704]  [<ffffffff811d57c3>] ? crypto_alloc_base+0x53/0xb0
[   26.409267]  [<ffffffffa01dd6e0>] ? cryptd_alloc_ablkcipher+0x80/0xc0 [cryptd]
[   26.410838]  [<ffffffff8113f3fd>] ? __kmalloc+0x20d/0x250
[   26.412364]  [<ffffffff811d6321>] ? crypto_spawn_tfm2+0x31/0x70
[   26.413938]  [<ffffffffa0066050>] ? ablk_init_common+0x10/0x30 [ablk_helper]
[   26.415448]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
[   26.416963]  [<ffffffff811d63a3>] ? crypto_spawn_tfm+0x43/0x90
[   26.418505]  [<ffffffff811d998e>] ? skcipher_geniv_init+0x1e/0x40
[   26.420046]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
[   26.421599]  [<ffffffff811d63a3>] ? crypto_spawn_tfm+0x43/0x90
[   26.423228]  [<ffffffff8113f3fd>] ? __kmalloc+0x20d/0x250
[   26.424788]  [<ffffffffa07ed359>] ? crypto_authenc_init_tfm+0x49/0xc0 [authenc]
[   26.426374]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
[   26.427999]  [<ffffffff811dedd8>] ? alg_test_aead+0x48/0xb0
[   26.429781]  [<ffffffff811dddee>] ? alg_test+0xfe/0x310
[   26.431503]  [<ffffffff8141de1a>] ? __schedule+0x2ba/0x700
[   26.433235]  [<ffffffff811dcb30>] ? cryptomgr_probe+0xb0/0xb0
[   26.434918]  [<ffffffff811dcb68>] ? cryptomgr_test+0x38/0x40
[   26.436524]  [<ffffffff8106fbb5>] ? kthread+0x85/0x90
[   26.436526]  [<ffffffff81427d44>] ? kernel_thread_helper+0x4/0x10
[   26.436527]  [<ffffffff8106fb30>] ? kthread_freezable_should_stop+0x60/0x60
[   26.436528]  [<ffffffff81427d40>] ? gs_change+0x13/0x13
[   26.436537] Code: 00 00 88 ff ff 48 c1 e0 0c 48 01 d0 8b 57 08 81 e2 ff 0f 00 00 48 01 d0 c3 90 48 89 37 8b 46 0c 85 c0 74 07 8b 46 08 89 47 08 c3 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 8b 47 08 48 8b 17 
[   26.436538] RIP  [<ffffffff811d70d1>] scatterwalk_start+0x11/0x20
[   26.436538]  RSP <ffff88040d62b9d8>
[   26.436544] ---[ end trace 1d0abbb65dcc723e ]---
[   26.436546] note: cryptomgr_test[3704] exited with preempt_count 1

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09  9:13 ` Romain Francoise
@ 2012-09-09 12:54   ` Jussi Kivilinna
  2012-09-09 14:23     ` Romain Francoise
  2012-09-09 15:35     ` Linus Torvalds
  2012-09-09 19:19   ` Herbert Xu
  1 sibling, 2 replies; 14+ messages in thread
From: Jussi Kivilinna @ 2012-09-09 12:54 UTC (permalink / raw)
  To: Romain Francoise
  Cc: Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List, Herbert Xu

Quoting Romain Francoise <romain@orebokech.com>:

> Still seeing this BUG with -rc5, that I originally reported here:
> http://marc.info/?l=linux-crypto-vger&m=134653220530264&w=2

Does reverting e46e9a46386bca8e80a6467b5c643dc494861896 help?

That commit added crypto selftest for authenc(hmac(sha1),cbc(aes)) in  
3.6, and probably made this bug visible (but not directly causing it).

-Jussi

>
> [   26.362567] ------------[ cut here ]------------
> [   26.362583] kernel BUG at crypto/scatterwalk.c:37!
> [   26.362606] invalid opcode: 0000 [#1] SMP
> [   26.362622] Modules linked in: authenc xfrm6_mode_tunnel  
> xfrm4_mode_tunnel cpufreq_conservative cpufreq_userspace  
> cpufreq_powersave cpufreq_stats xfrm_user xfrm4_tunnel tunnel4  
> ipcomp xfrm_ipcomp esp4 ah4 binfmt_misc deflate zlib_deflate ctr  
> twofish_generic twofish_avx_x86_64 twofish_x86_64_3way  
> twofish_x86_64 twofish_common camellia_generic camellia_x86_64  
> serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic glue_helper  
> lrw xts gf128mul blowfish_generic blowfish_x86_64 blowfish_common  
> cast5 des_generic cbc xcbc rmd160 sha512_generic sha1_ssse3  
> sha1_generic hmac crypto_null af_key xfrm_algo ip6table_filter  
> ip6_tables xt_recent xt_LOG nf_conntrack_ipv4 nf_defrag_ipv4  
> xt_state nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables  
> hwmon_vid msr vhost_net macvtap macvlan tun loop bridge stp llc  
> firewire_sbp2 fuse rc_dib0700_rc5 snd_hda_codec_hdmi dvb_usb_dib0700  
> dib7000m dib0090 dib8000 dib0070 dib7000p dib3000mc dibx000_common  
> dvb_usb snd_hda_codec_realtek dvb_core rc_co
>  re snd
> _hda_intel snd_hda_codec snd_seq_midi snd_seq_midi_event snd_hwdep  
> snd_pcm_oss snd_rawmidi snd_mixer_oss snd_seq snd_pcm snd_seq_device  
> radeon snd_timer snd soundcore acpi_cpufreq mperf ttm processor  
> drm_kms_helper thermal_sys mxm_wmi drm snd_page_alloc i2c_algo_bit  
> i2c_i801 i2c_core lpc_ich button psmouse evdev coretemp serio_raw  
> wmi pcspkr mei kvm_intel kvm ext4 crc16 jbd2 mbcache sha256_generic  
> usb_storage uas dm_crypt dm_mod raid10 raid1 md_mod sg ata_generic  
> sd_mod hid_generic crc_t10dif pata_marvell usbhid hid crc32c_intel  
> ghash_clmulni_intel aesni_intel aes_x86_64 aes_generic ablk_helper  
> cryptd firewire_ohci microcode ahci firewire_core libahci crc_itu_t  
> libata scsi_mod xhci_hcd ehci_hcd usbcore usb_common e1000e
> [   26.371138] CPU 5
> [   26.371146] Pid: 3704, comm: cryptomgr_test Not tainted  
> 3.6.0-rc5-ore #1                  /DP67BG
> [   26.374095] RIP: 0010:[<ffffffff811d70d1>]  [<ffffffff811d70d1>]  
> scatterwalk_start+0x11/0x20
> [   26.375598] RSP: 0018:ffff88040d62b9d8  EFLAGS: 00010246
> [   26.377067] RAX: 0000000000000000 RBX: ffff88040b6e3868 RCX:  
> 0000000000000014
> [   26.378567] RDX: 0000000000000020 RSI: ffff88040b6e3868 RDI:  
> ffff88040d62b9e0
> [   26.380028] RBP: 0000000000000020 R08: 0000000000000001 R09:  
> ffff88040b6e39a8
> [   26.381494] R10: ffffffffa06b4000 R11: ffff88040b6e39fc R12:  
> 0000000000000014
> [   26.383023] R13: 0000000000000001 R14: ffff88040b6e38f8 R15:  
> 0000000000000000
> [   26.384488] FS:  0000000000000000(0000) GS:ffff88041f540000(0000)  
> knlGS:0000000000000000
> [   26.385973] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [   26.387581] CR2: 00007f54c282fbd0 CR3: 000000000180b000 CR4:  
> 00000000000407e0
> [   26.389057] DR0: 0000000000000000 DR1: 0000000000000000 DR2:  
> 0000000000000000
> [   26.390547] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:  
> 0000000000000400
> [   26.392015] Process cryptomgr_test (pid: 3704, threadinfo  
> ffff88040d62a000, task ffff88040ca3ab60)
> [   26.393558] Stack:
> [   26.395103]  ffffffff811d72fb ffff88040b6e3868 0000002000000000  
> ffff88040b6e3868
> [   26.396622]  ffff88040b6e3800 ffff88040b6e3868 0000000000000020  
> ffff88040b6e3868
> [   26.398163]  ffff88040919f440 ffff88040d62bcc8 ffffffffa07edaa0  
> ffff88040b6e3930
> [   26.399643] Call Trace:
> [   26.401112]  [<ffffffff811d72fb>] ? scatterwalk_map_and_copy+0x5b/0xd0
> [   26.402714]  [<ffffffffa07edaa0>] ?  
> crypto_authenc_genicv+0xa0/0x300 [authenc]
> [   26.404274]  [<ffffffff811de5bb>] ? test_aead+0x58b/0xcd0
> [   26.406082]  [<ffffffff811d4cb0>] ? crypto_mod_get+0x10/0x30
> [   26.407704]  [<ffffffff811d57c3>] ? crypto_alloc_base+0x53/0xb0
> [   26.409267]  [<ffffffffa01dd6e0>] ?  
> cryptd_alloc_ablkcipher+0x80/0xc0 [cryptd]
> [   26.410838]  [<ffffffff8113f3fd>] ? __kmalloc+0x20d/0x250
> [   26.412364]  [<ffffffff811d6321>] ? crypto_spawn_tfm2+0x31/0x70
> [   26.413938]  [<ffffffffa0066050>] ? ablk_init_common+0x10/0x30  
> [ablk_helper]
> [   26.415448]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
> [   26.416963]  [<ffffffff811d63a3>] ? crypto_spawn_tfm+0x43/0x90
> [   26.418505]  [<ffffffff811d998e>] ? skcipher_geniv_init+0x1e/0x40
> [   26.420046]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
> [   26.421599]  [<ffffffff811d63a3>] ? crypto_spawn_tfm+0x43/0x90
> [   26.423228]  [<ffffffff8113f3fd>] ? __kmalloc+0x20d/0x250
> [   26.424788]  [<ffffffffa07ed359>] ?  
> crypto_authenc_init_tfm+0x49/0xc0 [authenc]
> [   26.426374]  [<ffffffff811d56f9>] ? __crypto_alloc_tfm+0xf9/0x170
> [   26.427999]  [<ffffffff811dedd8>] ? alg_test_aead+0x48/0xb0
> [   26.429781]  [<ffffffff811dddee>] ? alg_test+0xfe/0x310
> [   26.431503]  [<ffffffff8141de1a>] ? __schedule+0x2ba/0x700
> [   26.433235]  [<ffffffff811dcb30>] ? cryptomgr_probe+0xb0/0xb0
> [   26.434918]  [<ffffffff811dcb68>] ? cryptomgr_test+0x38/0x40
> [   26.436524]  [<ffffffff8106fbb5>] ? kthread+0x85/0x90
> [   26.436526]  [<ffffffff81427d44>] ? kernel_thread_helper+0x4/0x10
> [   26.436527]  [<ffffffff8106fb30>] ?  
> kthread_freezable_should_stop+0x60/0x60
> [   26.436528]  [<ffffffff81427d40>] ? gs_change+0x13/0x13
> [   26.436537] Code: 00 00 88 ff ff 48 c1 e0 0c 48 01 d0 8b 57 08 81  
> e2 ff 0f 00 00 48 01 d0 c3 90 48 89 37 8b 46 0c 85 c0 74 07 8b 46 08  
> 89 47 08 c3 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 8b 47 08  
> 48 8b 17
> [   26.436538] RIP  [<ffffffff811d70d1>] scatterwalk_start+0x11/0x20
> [   26.436538]  RSP <ffff88040d62b9d8>
> [   26.436544] ---[ end trace 1d0abbb65dcc723e ]---
> [   26.436546] note: cryptomgr_test[3704] exited with preempt_count 1
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>




^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 12:54   ` Jussi Kivilinna
@ 2012-09-09 14:23     ` Romain Francoise
  2012-09-09 15:35     ` Linus Torvalds
  1 sibling, 0 replies; 14+ messages in thread
From: Romain Francoise @ 2012-09-09 14:23 UTC (permalink / raw)
  To: Jussi Kivilinna
  Cc: Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List, Herbert Xu

Jussi Kivilinna <jussi.kivilinna@mbnet.fi> writes:

> Does reverting e46e9a46386bca8e80a6467b5c643dc494861896 help?

It does, thanks.

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 12:54   ` Jussi Kivilinna
  2012-09-09 14:23     ` Romain Francoise
@ 2012-09-09 15:35     ` Linus Torvalds
  2012-09-09 18:53       ` Herbert Xu
  1 sibling, 1 reply; 14+ messages in thread
From: Linus Torvalds @ 2012-09-09 15:35 UTC (permalink / raw)
  To: Jussi Kivilinna
  Cc: Romain Francoise, Linux Kernel Mailing List,
	Linux Crypto Mailing List, Herbert Xu

On Sun, Sep 9, 2012 at 5:54 AM, Jussi Kivilinna
<jussi.kivilinna@mbnet.fi> wrote:
>
> Does reverting e46e9a46386bca8e80a6467b5c643dc494861896 help?
>
> That commit added crypto selftest for authenc(hmac(sha1),cbc(aes)) in 3.6,
> and probably made this bug visible (but not directly causing it).

So Romain said it does - where do we go from here? Revert testing it,
or fix the authenc() case? I'd prefer the fix..

                 Linus

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 15:35     ` Linus Torvalds
@ 2012-09-09 18:53       ` Herbert Xu
  2012-09-09 20:54         ` Jussi Kivilinna
  0 siblings, 1 reply; 14+ messages in thread
From: Herbert Xu @ 2012-09-09 18:53 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: Jussi Kivilinna, Romain Francoise, Linux Kernel Mailing List,
	Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 08:35:56AM -0700, Linus Torvalds wrote:
> On Sun, Sep 9, 2012 at 5:54 AM, Jussi Kivilinna
> <jussi.kivilinna@mbnet.fi> wrote:
> >
> > Does reverting e46e9a46386bca8e80a6467b5c643dc494861896 help?
> >
> > That commit added crypto selftest for authenc(hmac(sha1),cbc(aes)) in 3.6,
> > and probably made this bug visible (but not directly causing it).
> 
> So Romain said it does - where do we go from here? Revert testing it,
> or fix the authenc() case? I'd prefer the fix..

I'm working on this right now.  If we don't get anywhere in a
couple of days we can revert the test vector patch.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09  9:13 ` Romain Francoise
  2012-09-09 12:54   ` Jussi Kivilinna
@ 2012-09-09 19:19   ` Herbert Xu
  2012-09-09 20:09     ` Mathias Krause
  2012-09-09 20:26     ` Jussi Kivilinna
  1 sibling, 2 replies; 14+ messages in thread
From: Herbert Xu @ 2012-09-09 19:19 UTC (permalink / raw)
  To: Romain Francoise
  Cc: Linus Torvalds, Linux Kernel Mailing List, Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 11:13:02AM +0200, Romain Francoise wrote:
> Still seeing this BUG with -rc5, that I originally reported here:
> http://marc.info/?l=linux-crypto-vger&m=134653220530264&w=2
> 
> [   26.362567] ------------[ cut here ]------------
> [   26.362583] kernel BUG at crypto/scatterwalk.c:37!
> [   26.362606] invalid opcode: 0000 [#1] SMP 
> [   26.362622] Modules linked in: authenc xfrm6_mode_tunnel xfrm4_mode_tunnel cpufreq_conservative cpufreq_userspace cpufreq_powersave cpufreq_stats xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 binfmt_misc deflate zlib_deflate ctr twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common camellia_generic camellia_x86_64 serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic glue_helper lrw xts gf128mul blowfish_generic blowfish_x86_64 blowfish_common cast5 des_generic cbc xcbc rmd160 sha512_generic sha1_ssse3 sha1_generic hmac crypto_null af_key xfrm_algo ip6table_filter ip6_tables xt_recent xt_LOG nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables hwmon_vid msr vhost_net macvtap macvlan tun loop bridge stp llc firewire_sbp2 fuse rc_dib0700_rc5 snd_hda_codec_hdmi dvb_usb_dib0700 dib7000m dib0090 dib8000 dib0070 dib7000p dib3000mc dibx000_common dvb_usb snd_hda_codec_realtek dvb_core rc_co
>  re snd
> _hda_intel snd_hda_codec snd_seq_midi snd_seq_midi_event snd_hwdep snd_pcm_oss snd_rawmidi snd_mixer_oss snd_seq snd_pcm snd_seq_device radeon snd_timer snd soundcore acpi_cpufreq mperf ttm processor drm_kms_helper thermal_sys mxm_wmi drm snd_page_alloc i2c_algo_bit i2c_i801 i2c_core lpc_ich button psmouse evdev coretemp serio_raw wmi pcspkr mei kvm_intel kvm ext4 crc16 jbd2 mbcache sha256_generic usb_storage uas dm_crypt dm_mod raid10 raid1 md_mod sg ata_generic sd_mod hid_generic crc_t10dif pata_marvell usbhid hid crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 aes_generic ablk_helper cryptd firewire_ohci microcode ahci firewire_core libahci crc_itu_t libata scsi_mod xhci_hcd ehci_hcd usbcore usb_common e1000e

Can you try blacklisting/not loading sha1_ssse3 and aesni_intel
to see which one of them is causing this crash? Of course if you
can still reproduce this without loading either of them that would
also be interesting to know.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 19:19   ` Herbert Xu
@ 2012-09-09 20:09     ` Mathias Krause
  2012-09-09 21:00       ` Herbert Xu
  2012-09-09 20:26     ` Jussi Kivilinna
  1 sibling, 1 reply; 14+ messages in thread
From: Mathias Krause @ 2012-09-09 20:09 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Romain Francoise, Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 12:19:58PM -0700, Herbert Xu wrote:
> On Sun, Sep 09, 2012 at 11:13:02AM +0200, Romain Francoise wrote:
> > Still seeing this BUG with -rc5, that I originally reported here:
> > http://marc.info/?l=linux-crypto-vger&m=134653220530264&w=2
> > 
> > [   26.362567] ------------[ cut here ]------------
> > [   26.362583] kernel BUG at crypto/scatterwalk.c:37!
> > [   26.362606] invalid opcode: 0000 [#1] SMP 
> 
> Can you try blacklisting/not loading sha1_ssse3 and aesni_intel
> to see which one of them is causing this crash? Of course if you
> can still reproduce this without loading either of them that would
> also be interesting to know.

It happens with the C variants of SHA1 and AES, too. You can easily
trigger the bug with Steffen's crconf[1]:

$ crconf add alg "authenc(hmac(sha1-generic),cbc(aes-generic))" type 3

So the problem is likely not related to sha1-ssse3.ko or aesni-intel.ko.


Regards,
Mathias

[1] http://sourceforge.net/projects/crconf/

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 19:19   ` Herbert Xu
  2012-09-09 20:09     ` Mathias Krause
@ 2012-09-09 20:26     ` Jussi Kivilinna
  1 sibling, 0 replies; 14+ messages in thread
From: Jussi Kivilinna @ 2012-09-09 20:26 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Romain Francoise, Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List

Quoting Herbert Xu <herbert@gondor.apana.org.au>:

>
> Can you try blacklisting/not loading sha1_ssse3 and aesni_intel
> to see which one of them is causing this crash? Of course if you
> can still reproduce this without loading either of them that would
> also be interesting to know.

This triggers with aes-x86_64 and sha1_generic (and sha256 & sha512)  
too, with following test added to tcrypt:
         case 46:
                 ret += tcrypt_test("authenc(hmac(sha1),cbc(aes))");
                 ret += tcrypt_test("authenc(hmac(sha256),cbc(aes))");
                 ret += tcrypt_test("authenc(hmac(sha512),cbc(aes))");
                 break;

-Jussi

>
> Thanks,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>




^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 18:53       ` Herbert Xu
@ 2012-09-09 20:54         ` Jussi Kivilinna
  2012-09-09 21:01           ` Herbert Xu
  0 siblings, 1 reply; 14+ messages in thread
From: Jussi Kivilinna @ 2012-09-09 20:54 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Linus Torvalds, Romain Francoise, Linux Kernel Mailing List,
	Linux Crypto Mailing List

Quoting Herbert Xu <herbert@gondor.apana.org.au>:

> On Sun, Sep 09, 2012 at 08:35:56AM -0700, Linus Torvalds wrote:
>> On Sun, Sep 9, 2012 at 5:54 AM, Jussi Kivilinna
>> <jussi.kivilinna@mbnet.fi> wrote:
>> >
>> > Does reverting e46e9a46386bca8e80a6467b5c643dc494861896 help?
>> >
>> > That commit added crypto selftest for authenc(hmac(sha1),cbc(aes)) in 3.6,
>> > and probably made this bug visible (but not directly causing it).
>>
>> So Romain said it does - where do we go from here? Revert testing it,
>> or fix the authenc() case? I'd prefer the fix..
>
> I'm working on this right now.  If we don't get anywhere in a
> couple of days we can revert the test vector patch.
>

It seems that authenc is chaining empty assoc scatterlist, which causes
BUG_ON(!sg->length) set off in crypto/scatterwalk.c.

Following fixes the bug and self-test passes, but not sure if it's correct
(note, copy-paste to 'broken' email client, most likely does not apply etc):

diff --git a/crypto/authenc.c b/crypto/authenc.c
index 5ef7ba6..2373af5 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -336,7 +336,7 @@ static int crypto_authenc_genicv(struct  
aead_request *req, u8 *iv,
                 cryptlen += ivsize;
         }

-       if (sg_is_last(assoc)) {
+       if (req->assoclen > 0 && sg_is_last(assoc)) {
                 authenc_ahash_fn = crypto_authenc_ahash;
                 sg_init_table(asg, 2);
                 sg_set_page(asg, sg_page(assoc), assoc->length,  
assoc->offset);


Also does crypto_authenc_iverify() need same fix?

-Jussi

> Cheers,
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
>
>




^ permalink raw reply related	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 20:09     ` Mathias Krause
@ 2012-09-09 21:00       ` Herbert Xu
  2012-09-09 21:09         ` Mathias Krause
  2012-09-10 17:18         ` Romain Francoise
  0 siblings, 2 replies; 14+ messages in thread
From: Herbert Xu @ 2012-09-09 21:00 UTC (permalink / raw)
  To: Mathias Krause
  Cc: Romain Francoise, Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 10:09:10PM +0200, Mathias Krause wrote:
>
> It happens with the C variants of SHA1 and AES, too. You can easily
> trigger the bug with Steffen's crconf[1]:
> 
> $ crconf add alg "authenc(hmac(sha1-generic),cbc(aes-generic))" type 3
> 
> So the problem is likely not related to sha1-ssse3.ko or aesni-intel.ko.

Thanks! I think this patch should fix the problem.  Can someone
please confirm this?

crypto: authenc - Fix crash with zero-length assoc data

The authenc code doesn't deal with zero-length associated data
correctly and ends up constructing a zero-length sg entry which
causes a crash when it's fed into the crypto system.

This patch fixes this by avoiding the code-path that triggers
the SG construction if we have no associated data.

This isn't the most optimal fix as it means that we'll end up
using the fallback code-path even when we could still execute
the digest function.  However, this isn't a big deal as nobody
but the test path would supply zero-length associated data.

Reported-by: Romain Francoise <romain@orebokech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/authenc.c b/crypto/authenc.c
index 5ef7ba6..d0583a4 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -336,7 +336,7 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
 		cryptlen += ivsize;
 	}
 
-	if (sg_is_last(assoc)) {
+	if (req->assoclen && sg_is_last(assoc)) {
 		authenc_ahash_fn = crypto_authenc_ahash;
 		sg_init_table(asg, 2);
 		sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset);
@@ -490,7 +490,7 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv,
 		cryptlen += ivsize;
 	}
 
-	if (sg_is_last(assoc)) {
+	if (req->assoclen && sg_is_last(assoc)) {
 		authenc_ahash_fn = crypto_authenc_ahash;
 		sg_init_table(asg, 2);
 		sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset);

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply related	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 20:54         ` Jussi Kivilinna
@ 2012-09-09 21:01           ` Herbert Xu
  0 siblings, 0 replies; 14+ messages in thread
From: Herbert Xu @ 2012-09-09 21:01 UTC (permalink / raw)
  To: Jussi Kivilinna
  Cc: Linus Torvalds, Romain Francoise, Linux Kernel Mailing List,
	Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 11:54:04PM +0300, Jussi Kivilinna wrote:
>
> It seems that authenc is chaining empty assoc scatterlist, which causes
> BUG_ON(!sg->length) set off in crypto/scatterwalk.c.
> 
> Following fixes the bug and self-test passes, but not sure if it's correct
> (note, copy-paste to 'broken' email client, most likely does not apply etc):

Yes this should fix the crash.
 
> Also does crypto_authenc_iverify() need same fix?

Right it does too.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 21:00       ` Herbert Xu
@ 2012-09-09 21:09         ` Mathias Krause
  2012-09-10 17:18         ` Romain Francoise
  1 sibling, 0 replies; 14+ messages in thread
From: Mathias Krause @ 2012-09-09 21:09 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Mathias Krause, Romain Francoise, Linus Torvalds,
	Linux Kernel Mailing List, Linux Crypto Mailing List

On Sun, Sep 09, 2012 at 02:00:00PM -0700, Herbert Xu wrote:
> On Sun, Sep 09, 2012 at 10:09:10PM +0200, Mathias Krause wrote:
> >
> > It happens with the C variants of SHA1 and AES, too. You can easily
> > trigger the bug with Steffen's crconf[1]:
> > 
> > $ crconf add alg "authenc(hmac(sha1-generic),cbc(aes-generic))" type 3
> > 
> > So the problem is likely not related to sha1-ssse3.ko or aesni-intel.ko.
> 
> Thanks! I think this patch should fix the problem.  Can someone
> please confirm this?
> 
> crypto: authenc - Fix crash with zero-length assoc data
> 
> The authenc code doesn't deal with zero-length associated data
> correctly and ends up constructing a zero-length sg entry which
> causes a crash when it's fed into the crypto system.
> 
> This patch fixes this by avoiding the code-path that triggers
> the SG construction if we have no associated data.
> 
> This isn't the most optimal fix as it means that we'll end up
> using the fallback code-path even when we could still execute
> the digest function.  However, this isn't a big deal as nobody
> but the test path would supply zero-length associated data.
> 
> Reported-by: Romain Francoise <romain@orebokech.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Looks good to me.

> 
> diff --git a/crypto/authenc.c b/crypto/authenc.c
> index 5ef7ba6..d0583a4 100644
> --- a/crypto/authenc.c
> +++ b/crypto/authenc.c
> @@ -336,7 +336,7 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
>  		cryptlen += ivsize;
>  	}
>  
> -	if (sg_is_last(assoc)) {
> +	if (req->assoclen && sg_is_last(assoc)) {
>  		authenc_ahash_fn = crypto_authenc_ahash;
>  		sg_init_table(asg, 2);
>  		sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset);
> @@ -490,7 +490,7 @@ static int crypto_authenc_iverify(struct aead_request *req, u8 *iv,
>  		cryptlen += ivsize;
>  	}
>  
> -	if (sg_is_last(assoc)) {
> +	if (req->assoclen && sg_is_last(assoc)) {
>  		authenc_ahash_fn = crypto_authenc_ahash;
>  		sg_init_table(asg, 2);
>  		sg_set_page(asg, sg_page(assoc), assoc->length, assoc->offset);
> 

Tested-by: Mathias Krause <minipli@googlemail.com>


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: Linux 3.6-rc5
  2012-09-09 21:00       ` Herbert Xu
  2012-09-09 21:09         ` Mathias Krause
@ 2012-09-10 17:18         ` Romain Francoise
  1 sibling, 0 replies; 14+ messages in thread
From: Romain Francoise @ 2012-09-10 17:18 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Mathias Krause, Linus Torvalds, Linux Kernel Mailing List,
	Linux Crypto Mailing List

Herbert Xu <herbert@gondor.apana.org.au> writes:

> Thanks! I think this patch should fix the problem.  Can someone
> please confirm this?

Works for me as well, thanks!

> crypto: authenc - Fix crash with zero-length assoc data
>
> The authenc code doesn't deal with zero-length associated data
> correctly and ends up constructing a zero-length sg entry which
> causes a crash when it's fed into the crypto system.
>
> This patch fixes this by avoiding the code-path that triggers
> the SG construction if we have no associated data.
>
> This isn't the most optimal fix as it means that we'll end up
> using the fallback code-path even when we could still execute
> the digest function.  However, this isn't a big deal as nobody
> but the test path would supply zero-length associated data.
>
> Reported-by: Romain Francoise <romain@orebokech.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Feel free to change this to:

Reported-and-tested-by: Romain Francoise <romain@orebokech.com>

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2012-09-10 17:18 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-09-09  0:18 Linux 3.6-rc5 Linus Torvalds
2012-09-09  9:13 ` Romain Francoise
2012-09-09 12:54   ` Jussi Kivilinna
2012-09-09 14:23     ` Romain Francoise
2012-09-09 15:35     ` Linus Torvalds
2012-09-09 18:53       ` Herbert Xu
2012-09-09 20:54         ` Jussi Kivilinna
2012-09-09 21:01           ` Herbert Xu
2012-09-09 19:19   ` Herbert Xu
2012-09-09 20:09     ` Mathias Krause
2012-09-09 21:00       ` Herbert Xu
2012-09-09 21:09         ` Mathias Krause
2012-09-10 17:18         ` Romain Francoise
2012-09-09 20:26     ` Jussi Kivilinna

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).