From: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
Sasha Levin <sashal@kernel.org>, <linux-crypto@vger.kernel.org>
Cc: <qat-linux@intel.com>, <stable@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Bug in rsa-pkcs1pad in 6.1 and 5.15
Date: Tue, 5 Sep 2023 11:41:14 +0100 [thread overview]
Message-ID: <ZPcFyp4jdE3uSeqW@gcabiddu-mobl1.ger.corp.intel.com> (raw)
There is a missing backport in the stables 6.1.x and 5.15.x that
combined with a backported patch as a dependency in the QAT driver
causes a kernel crash at boot under certain conditions.
In 6.1/5.15, the function pkcs1pad_create() in rsa-pkcs1pad.c [1] sets the
reqsize of its akcipher_instance using the value in the akcipher_alg of
the selected akcipher implementation. This assumes that the reqsize
field has been set for the akcipher implementation when the akcipher_alg
has been instantiated. The reqsize field is then used to allocate to
allocate memory for pkcs1pad requests.
In commit 80e62ad58db0 ("crypto: qat - Use helper to set reqsize"), the
reqsize for the rsa implementation in the QAT driver is moved from being
set in the akcipher_alg to being set when the tfm is initialized. This
means that the implementation of rsa-pkcs1pad won’t allocate any space
for the akcipher request when using the QAT driver.
This issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not
set. When the crypto self-test is run, the correct value of the reqsize
is stored in the akcipher_alg in the qat driver by the first call to
akcipher_set_reqsize() and then when pkcs1pad_create() is executed, it
finds the correct value.
Options:
1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
reqsize") to both 6.1.x and 5.15.x trees.
2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
to set reqsize").
In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7
Option #1 is preferred as the same problem might be impacting other
akcipher implementations besides QAT. Option #2 is just specific to the
QAT driver.
@Herbert, can you have a quick look in case I missed something? I tried
both options in 6.1.51 and they appear to resolve the problem.
Thanks,
[1] https://elixir.bootlin.com/linux/v6.1.51/source/crypto/rsa-pkcs1pad.c#L673
--
Giovanni
next reply other threads:[~2023-09-05 16:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-05 10:41 Giovanni Cabiddu [this message]
2023-09-05 12:23 ` Bug in rsa-pkcs1pad in 6.1 and 5.15 Giovanni Cabiddu
2023-09-06 9:05 ` Herbert Xu
2023-09-06 14:30 ` Giovanni Cabiddu
2023-09-07 10:15 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZPcFyp4jdE3uSeqW@gcabiddu-mobl1.ger.corp.intel.com \
--to=giovanni.cabiddu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox