Re: [dm-devel] Crash in crypto mcryptd

2016-12-05 Thread Tim Chen 
On Thu, 2016-12-01 at 23:06 -0800, Eric Biggers wrote:
> On Thu, Dec 01, 2016 at 05:47:02PM -0800, Tim Chen wrote:
> > 
> > On Thu, 2016-12-01 at 19:00 -0500, Mikulas Patocka wrote:
> > > 
> > > Hi
> > > 
> > > There is a bug in mcryptd initialization.
> > > 
> > > This is a test module that tries various hash algorithms. When you load 
> > > the module with "insmod test.ko 'alg=mcryptd(md5)'", the machine crashes.
> > I don't think your test setup is right.  The mcryptd supports only 
> > multi-buffer
> > algorithm.  I don't think there is such an implementation for md5.
> > 
> > Please refer to arch/x86/crypto/sha1-mb 
> > multi-buffer implementation of sha1 to see the proper
> > setup and usage with mcryptd.  You can also run tcrypt test to
> > exercise this code.
> > 
> > Tim
> No, mcryptd must not crash the kernel if it's passed the wrong algorithm.

That's true.  We should detect the case when mcryptd is being passed invalid
argument and not crash.  We'll take a look at it.

Tim


--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Re: [dm-devel] Crash in crypto mcryptd

2016-12-02 Thread Tim Chen 
On Thu, 2016-12-01 at 19:00 -0500, Mikulas Patocka wrote:
> Hi
> 
> There is a bug in mcryptd initialization.
> 
> This is a test module that tries various hash algorithms. When you load 
> the module with "insmod test.ko 'alg=mcryptd(md5)'", the machine crashes.

I don't think your test setup is right.  The mcryptd supports only multi-buffer
algorithm.  I don't think there is such an implementation for md5.

Please refer to arch/x86/crypto/sha1-mb 
multi-buffer implementation of sha1 to see the proper
setup and usage with mcryptd.  You can also run tcrypt test to
exercise this code.

Tim

> 
> Mikulas
> 
> 
> #include 
> #include 
> #include 
> 
> static char *alg = "md5";
> 
> module_param_named(alg, alg, charp, 0444);
> MODULE_PARM_DESC(alg, "the algorith to test");
> 
> static bool sync = true;
> 
> module_param_named(sync, sync, bool, 0444);
> MODULE_PARM_DESC(alg, "sync flag");
> 
> static int __init dump_init(void)
> {
>     struct crypto_shash *h;
>     char key[4];
>     int r;
>     printk("testing algorithm '%s'\n", alg);
>     h = crypto_alloc_shash(alg, 0, sync ? CRYPTO_ALG_ASYNC : 0);
>     if (IS_ERR(h)) {
>     printk("error %d\n", (int)PTR_ERR(h));
>     return PTR_ERR(h);
>     }
>     printk("setting key\n");
>     r = crypto_shash_setkey(h, key, sizeof key);
>     if (r)
>     printk("setkey: %d\n", r);
>     crypto_free_shash(h);
>     printk("module loaded\n");
>     return 0;
> }
> 
> static void __exit dump_exit(void)
> {
>     printk("dump exit\n");
> }
> 
> module_init(dump_init)
> module_exit(dump_exit)
> MODULE_LICENSE("GPL");
> 
> 
> [898029.802035] BUG: unable to handle kernel NULL pointer dereference at  
>  
> (null)
> [898029.806060] IP: [] md5_final+0xad/0x210 [md5]
> [898029.808156] PGD 11a5d8067 [898029.809051] PUD 11a491067 
> PMD 0 [898029.810280] 
> [898029.810904] Oops: 0002 [#1] PREEMPT SMP
> [898029.812239] Modules linked in: md5 testdump(O+) mcryptd uvesafb 
> cfbfillrect cfbimgblt cn cfbcopyarea fbcon bitblit fbcon_rotate fbcon_ccw 
> fbcon_ud fbcon_cw softcursor fb fbdev font ipv6 binfmt_misc mousedev 
> af_packet psmouse pcspkr virtio_net virtio_balloon button ext4 crc16 jbd2 
> mbcache dm_mod virtio_blk evdev virtio_pci virtio_ring virtio
> [898029.817178] CPU: 9 PID: 187 Comm: kworker/9:1 Tainted: G   O
> 4.9.0-rc7+ #6
> [898029.818066] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [898029.818732] Workqueue: crypto mcryptd_queue_worker [mcryptd]
> [898029.819394] task: 88011aa2bd80 task.stack: 88011848
> [898029.820077] RIP: 0010:[]  [] 
> md5_final+0xad/0x210 [md5]
> [898029.821050] RSP: 0018:880118483d48  EFLAGS: 00010286
> [898029.821661] RAX: 04b2008fd98c1dd4 RBX: 880119cd7f28 RCX: 
> 980980e9
> [898029.822464] RDX: 7e42f8ec980980e9 RSI: ef1c4f74 RDI: 
> 880119cd7f30
> [898029.823293] RBP: 880118483d68 R08: 1b99d513 R09: 
> 
> [898029.824117] R10:  R11: b8b56373 R12: 
> 880119cd7f18
> [898029.824944] R13:  R14: 880119cd7f38 R15: 
> a01ee43c
> [898029.825776] FS:  () GS:88011fd2() 
> knlGS:
> [898029.826712] CS:  0010 DS:  ES:  CR0: 80050033
> [898029.827376] CR2:  CR3: 00011a6c9000 CR4: 
> 06a0
> [898029.828204] Stack:
> [898029.828452]  880119cd7f18 88011fd3bb00  
> 880119cd7e00
> [898029.829351]  880118483da0 8119f281 880119cd7f18 
> 88011fd3bb00
> [898029.830242]  88011fd3bae0 880119cd7e00 a01ee43c 
> 880119cd7ec8
> [898029.831141] Call Trace:
> [898029.831460]  [] ? crypto_shash_final+0x31/0xb0
> [898029.832151]  [] ? mcryptd_queue_worker+0x1c/0x190 
> [mcryptd]
> [898029.832980]  [] ? shash_ahash_finup+0x73/0x80
> [898029.833672]  [] ? __switch_to+0x27f/0x460
> [898029.834305]  [] ? mcryptd_hash_digest+0x4f/0x80 
> [mcryptd]
> [898029.835125]  [] ? mcryptd_queue_worker+0x47/0x190 
> [mcryptd]
> [898029.835963]  [] ? process_one_work+0x1bf/0x3f0
> [898029.836681]  [] ? worker_thread+0x42/0x4c0
> [898029.837362]  [] ? process_one_work+0x3f0/0x3f0
> [898029.838045]  [] ? process_one_work+0x3f0/0x3f0
> [898029.838739]  [] ? kthread+0xb9/0xd0
> [898029.839318]  [] ? kthread_park+0x70/0x70
> [898029.839959]  [] ? ret_from_fork+0x25/0x30
> [898029.840594] Code: 14 c5 00 00 00 00 48 c1 e8 1d 41 89 44 24 5c 41 89 
> 54 24 58 e8 45 ea 0e e1 49 8b 44 24 10 49 8b 54 24 18 48 8d 7b 08 48 83 e7 
> f8 <49> 89 45 00 49 89 55 08 31 c0 49 c7 44 24 10 00 00 00 00 48 c7 
> [898029.843633] RIP  [] md5_final+0xad/0x210 [md5]
> [898029.844354]  RSP 
> [898029.844769] CR2: 
> [898029.845166] ---[ end trace 2ecde0bf66717337 ]---
> 

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel