Bug in rsa-pkcs1pad in 6.1 and 5.15

Bug in rsa-pkcs1pad in 6.1 and 5.15

[Giovanni Cabiddu]

There is a missing backport in the stables 6.1.x and 5.15.x that
combined with a backported patch as a dependency in the QAT driver
causes a kernel crash at boot under certain conditions.

In 6.1/5.15, the function pkcs1pad_create() in rsa-pkcs1pad.c [1] sets the
reqsize of its akcipher_instance using the value in the akcipher_alg of
the selected akcipher implementation. This assumes that the reqsize
field has been set for the akcipher implementation when the akcipher_alg
has been instantiated. The reqsize field is then used to allocate to
allocate memory for pkcs1pad requests.

In commit 80e62ad58db0 ("crypto: qat - Use helper to set reqsize"), the
reqsize for the rsa implementation in the QAT driver is moved from being
set in the akcipher_alg to being set when the tfm is initialized. This
means that the implementation of rsa-pkcs1pad won’t allocate any space
for the akcipher request when using the QAT driver.

This issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not
set. When the crypto self-test is run, the correct value of the reqsize
is stored in the akcipher_alg in the qat driver by the first call to
akcipher_set_reqsize() and then when pkcs1pad_create() is executed, it
finds the correct value.

Options:
  1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
     reqsize") to both 6.1.x and 5.15.x trees.
  2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
     to set reqsize").
     In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
     In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7

Option #1 is preferred as the same problem might be impacting other
akcipher implementations besides QAT. Option #2 is just specific to the
QAT driver.

@Herbert, can you have a quick look in case I missed something? I tried
both options in 6.1.51 and they appear to resolve the problem.

Thanks,

[1] https://elixir.bootlin.com/linux/v6.1.51/source/crypto/rsa-pkcs1pad.c#L673

-- 
Giovanni

Re: Bug in rsa-pkcs1pad in 6.1 and 5.15

[Giovanni Cabiddu]

On Tue, Sep 05, 2023 at 11:41:24AM +0100, Cabiddu, Giovanni wrote:
> This issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not
> set.
Apologies, there was a mistake in my previous email.
The issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y, i.e.
the crypto selt-test is disabled.

Regards,

-- 
Giovanni

Re: Bug in rsa-pkcs1pad in 6.1 and 5.15

[Herbert Xu]

On Tue, Sep 05, 2023 at 11:41:14AM +0100, Giovanni Cabiddu wrote:
>
> Options:
>   1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
>      reqsize") to both 6.1.x and 5.15.x trees.
>   2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
>      to set reqsize").
>      In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
>      In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7
> 
> Option #1 is preferred as the same problem might be impacting other
> akcipher implementations besides QAT. Option #2 is just specific to the
> QAT driver.
> 
> @Herbert, can you have a quick look in case I missed something? I tried
> both options in 6.1.51 and they appear to resolve the problem.

Yes I think backporting the rsa-pkcs1pad would be the best way
forward.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: Bug in rsa-pkcs1pad in 6.1 and 5.15

[Giovanni Cabiddu]

On Wed, Sep 06, 2023 at 05:05:14PM +0800, Herbert Xu wrote:
> On Tue, Sep 05, 2023 at 11:41:14AM +0100, Giovanni Cabiddu wrote:
> >
> > Options:
> >   1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
> >      reqsize") to both 6.1.x and 5.15.x trees.
> >   2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
> >      to set reqsize").
> >      In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
> >      In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7
> > 
> > Option #1 is preferred as the same problem might be impacting other
> > akcipher implementations besides QAT. Option #2 is just specific to the
> > QAT driver.
> > 
> > @Herbert, can you have a quick look in case I missed something? I tried
> > both options in 6.1.51 and they appear to resolve the problem.
> 
> Yes I think backporting the rsa-pkcs1pad would be the best way
> forward.
Thanks Herbert.

Adding stable to the TO list. Would it be possible to cherry-pick the
following upstream commit

    5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set reqsize")

to both the 6.1.x and 5.15.x trees?

Thanks,

-- 
Giovanni

Re: Bug in rsa-pkcs1pad in 6.1 and 5.15

[Greg Kroah-Hartman]

On Wed, Sep 06, 2023 at 03:30:56PM +0100, Giovanni Cabiddu wrote:
> On Wed, Sep 06, 2023 at 05:05:14PM +0800, Herbert Xu wrote:
> > On Tue, Sep 05, 2023 at 11:41:14AM +0100, Giovanni Cabiddu wrote:
> > >
> > > Options:
> > >   1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set
> > >      reqsize") to both 6.1.x and 5.15.x trees.
> > >   2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper
> > >      to set reqsize").
> > >      In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc
> > >      In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7
> > > 
> > > Option #1 is preferred as the same problem might be impacting other
> > > akcipher implementations besides QAT. Option #2 is just specific to the
> > > QAT driver.
> > > 
> > > @Herbert, can you have a quick look in case I missed something? I tried
> > > both options in 6.1.51 and they appear to resolve the problem.
> > 
> > Yes I think backporting the rsa-pkcs1pad would be the best way
> > forward.
> Thanks Herbert.
> 
> Adding stable to the TO list. Would it be possible to cherry-pick the
> following upstream commit
> 
>     5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set reqsize")
> 
> to both the 6.1.x and 5.15.x trees?

Now queued up, thanks.

greg k-h