From: Matt LaPlante <kernel1@cyberdogtech.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Sascha Biberhofer <biberhofer@inode.at>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
netdev@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Oops in authenc: 2.6.26.3
Date: Thu, 21 Aug 2008 08:08:11 -0500 [thread overview]
Message-ID: <20080821080811.8a834a46.kernel1@cyberdogtech.com> (raw)
In-Reply-To: <20080821083615.GA1971@gondor.apana.org.au>
On Thu, 21 Aug 2008 18:36:15 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Thu, Aug 21, 2008 at 07:02:25AM +0000, Sascha Biberhofer wrote:
> > I have the same problem on my system, starting with the release of
> > 2.6.26. Shortly afterwards I've had the same problem with the 2.6.25
> > series starting with 2.6.25.12. I've looked up the changes between
> > 2.6.25.11 and .12 and found commit
> > c2bd04d8040a91fe2ee2e9fee1a6562ca9792249 (it's commit
> > 872ac8743cb400192a9fce4ba2d3ffd7bb309685 in the 2.6.26 series).
> > Reverting the commit seems to solve the problem here, I've been running
> > a 2.6.25.12 kernel without this commit for some weeks now.
> > In case it's important: I'm using an IPSec ESP transport with AES-256
> > and sha-256 auth.
>
> Sorry, I was skimping on memory and ended up calling a clobbered
> function pointer.
>
> This patch should fix it.
>
> crypto: authenc - Avoid using clobbered request pointer
>
> Authenc works in two stages for encryption, it first encrypts and
> then computes an ICV. The context memory of the request is used
> by both operations. The problem is that when an asynchronous
> encryption completes, we will compute the ICV and then reread the
> context memory of the encryption to get the original request.
>
> It just happens that we have a buffer of 16 bytes in front of the
> request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger
> the bug. However, any attempt to uses a larger ICV instantly kills
> the machine when the first asynchronous encryption is completed.
>
> This patch fixes this by saving the request pointer before we start
> the ICV computation.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Matt LaPlante <kernel1@cyberdogtech.com>
Thanks for the quick fix!
--
Matt LaPlante
next prev parent reply other threads:[~2008-08-21 13:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-21 1:32 Oops in authenc: 2.6.26.3 Matt LaPlante
2008-08-21 3:31 ` Andrew Morton
2008-08-21 7:02 ` Sascha Biberhofer
2008-08-21 8:36 ` Herbert Xu
2008-08-21 13:08 ` Matt LaPlante [this message]
2008-08-21 14:56 ` Henrique de Moraes Holschuh
2008-08-21 22:13 ` Herbert Xu
2008-08-22 9:05 ` Sascha Biberhofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080821080811.8a834a46.kernel1@cyberdogtech.com \
--to=kernel1@cyberdogtech.com \
--cc=akpm@linux-foundation.org \
--cc=biberhofer@inode.at \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.