From: Matt LaPlante <kernel1@cyberdogtech.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Sascha Biberhofer <biberhofer@inode.at>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
netdev@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Oops in authenc: 2.6.26.3
Date: Thu, 21 Aug 2008 08:08:11 -0500 [thread overview]
Message-ID: <20080821080811.8a834a46.kernel1@cyberdogtech.com> (raw)
In-Reply-To: <20080821083615.GA1971@gondor.apana.org.au>
On Thu, 21 Aug 2008 18:36:15 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Thu, Aug 21, 2008 at 07:02:25AM +0000, Sascha Biberhofer wrote:
> > I have the same problem on my system, starting with the release of
> > 2.6.26. Shortly afterwards I've had the same problem with the 2.6.25
> > series starting with 2.6.25.12. I've looked up the changes between
> > 2.6.25.11 and .12 and found commit
> > c2bd04d8040a91fe2ee2e9fee1a6562ca9792249 (it's commit
> > 872ac8743cb400192a9fce4ba2d3ffd7bb309685 in the 2.6.26 series).
> > Reverting the commit seems to solve the problem here, I've been running
> > a 2.6.25.12 kernel without this commit for some weeks now.
> > In case it's important: I'm using an IPSec ESP transport with AES-256
> > and sha-256 auth.
>
> Sorry, I was skimping on memory and ended up calling a clobbered
> function pointer.
>
> This patch should fix it.
>
> crypto: authenc - Avoid using clobbered request pointer
>
> Authenc works in two stages for encryption, it first encrypts and
> then computes an ICV. The context memory of the request is used
> by both operations. The problem is that when an asynchronous
> encryption completes, we will compute the ICV and then reread the
> context memory of the encryption to get the original request.
>
> It just happens that we have a buffer of 16 bytes in front of the
> request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger
> the bug. However, any attempt to uses a larger ICV instantly kills
> the machine when the first asynchronous encryption is completed.
>
> This patch fixes this by saving the request pointer before we start
> the ICV computation.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Matt LaPlante <kernel1@cyberdogtech.com>
Thanks for the quick fix!
--
Matt LaPlante
next prev parent reply other threads:[~2008-08-21 13:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080820203245.ea01ff39.kernel1@cyberdogtech.com>
2008-08-21 3:31 ` Oops in authenc: 2.6.26.3 Andrew Morton
[not found] ` <20080821070225.GA31894@aeris>
2008-08-21 8:36 ` Herbert Xu
2008-08-21 13:08 ` Matt LaPlante [this message]
2008-08-21 14:56 ` Henrique de Moraes Holschuh
2008-08-21 22:13 ` Herbert Xu
2008-08-22 9:05 ` Sascha Biberhofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080821080811.8a834a46.kernel1@cyberdogtech.com \
--to=kernel1@cyberdogtech.com \
--cc=akpm@linux-foundation.org \
--cc=biberhofer@inode.at \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).