Bug 206049
| Summary: | alg: skcipher: p8_aes_xts encryption unexpectedly succeeded on test vector "random: len=0 klen=64"; expected_error=-22, cfg="random: inplace may_sleep use_finup src_divs=[<flush>66.99%@+10, 33.1%@alignmask+1155] | ||
|---|---|---|---|
| Product: | Platform Specific/Hardware | Reporter: | Erhard F. (erhard_f) |
| Component: | PPC-64 | Assignee: | platform_ppc-64 |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | dja, michael |
| Priority: | P1 | ||
| Hardware: | PPC-64 | ||
| OS: | Linux | ||
| Kernel Version: | 5.4.7 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: |
dmesg (5.4.7, Talos II)
kernel .config (5.4.7, Talos II) |
||
Created attachment 286559 [details]
kernel .config (5.4.7, Talos II)
Hi Erhard, I'm having a look. Does this reproduce reliably/often? Or was it a one-off? Regards, Daniel Looks like other implementations check the size, can you try this:
diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c
index d59e736882f6..9fee1b1532a4 100644
--- a/drivers/crypto/vmx/aes_xts.c
+++ b/drivers/crypto/vmx/aes_xts.c
@@ -84,6 +84,9 @@ static int p8_aes_xts_crypt(struct skcipher_request *req, int enc)
u8 tweak[AES_BLOCK_SIZE];
int ret;
+ if (req->cryptlen < AES_BLOCK_SIZE)
+ return -EINVAL;
+
if (!crypto_simd_usable() || (req->cryptlen % XTS_BLOCK_SIZE) != 0) {
struct skcipher_request *subreq = skcipher_request_ctx(req);
(In reply to Daniel Axtens from comment #2) > Hi Erhard, > > I'm having a look. Does this reproduce reliably/often? Or was it a one-off? Hi Daniel, This shows up every time booting the Talos II. I have yet to try Michaels patch. Regards, Erhard (In reply to Michael Ellerman from comment #3) > Looks like other implementations check the size, can you try this: > > diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c > index d59e736882f6..9fee1b1532a4 100644 > --- a/drivers/crypto/vmx/aes_xts.c > +++ b/drivers/crypto/vmx/aes_xts.c > @@ -84,6 +84,9 @@ static int p8_aes_xts_crypt(struct skcipher_request *req, > int enc) > u8 tweak[AES_BLOCK_SIZE]; > int ret; > > + if (req->cryptlen < AES_BLOCK_SIZE) > + return -EINVAL; > + > if (!crypto_simd_usable() || (req->cryptlen % XTS_BLOCK_SIZE) != 0) { > struct skcipher_request *subreq = skcipher_request_ctx(req); Your patch fixed it, thanks! Applied it on top of kernel 5.4.8 and the p8_aes_xts error did not show up in subsequent reboots. Patch sent: https://patchwork.ozlabs.org/patch/1219350/ |
Created attachment 286557 [details] dmesg (5.4.7, Talos II) # dmesg | grep -i aes [ 5.589319] alg: skcipher: p8_aes_xts encryption unexpectedly succeeded on test vector "random: len=0 klen=64"; expected_error=-22, cfg="random: inplace may_sleep use_finup src_divs=[<flush>66.99%@+10, 33.1%@alignmask+1155]" # inxi -b System: Kernel: 5.4.7-gentoo ppc64 bits: 64 Console: tty 1 Distro: Gentoo Base System release 2.6 Machine: Type: PowerPC Device System: T2P9D01 REV 1.01 details: PowerNV T2P9D01 REV 1.01 rev: 2.2 (pvr 004e 1202) CPU: 32-Core: POWER9 altivec supported type: MCP speed: 2785 MHz min/max: 2154/3800 MHz Graphics: Device-1: Advanced Micro Devices [AMD/ATI] Caicos [Radeon HD 6450/7450/8450 / R5 230 OEM] driver: radeon v: kernel Device-2: ASPEED Graphics Family driver: N/A Device-3: NVIDIA GK208B [GeForce GT 710] driver: N/A Display: server: X.org 1.20.5 driver: radeon tty: 211x53 Message: Advanced graphics data unavailable in console for root. Network: Device-1: Broadcom and subsidiaries NetXtreme BCM5719 Gigabit Ethernet PCIe driver: tg3 Device-2: Broadcom and subsidiaries NetXtreme BCM5719 Gigabit Ethernet PCIe driver: tg3