Bug 5194

Begin forwarded message:

Date: Tue, 6 Sep 2005 03:49:57 -0700
From: bugme-daemon@kernel-bugs.osdl.org
To: bugme-new@lists.osdl.org
Subject: [Bugme-new] [Bug 5194] New: IPSec related OOps in 2.6.13


http://bugzilla.kernel.org/show_bug.cgi?id=5194

           Summary: IPSec related OOps in 2.6.13
    Kernel Version: 2.6.13
            Status: NEW
          Severity: high
             Owner: acme@conectiva.com.br
         Submitter: olel@ans.pl


Most recent kernel where this bug did not occur: 2.6.12
Distribution: Slackware

Software Environment:

Linux gate 2.6.13 #1 Sat Sep 3 11:32:13 CEST 2005 i686 unknown

Gnu C                  3.3.5
Gnu make               3.80
binutils               2.15.92.0.2
util-linux             2.11z
mount                  2.11z
module-init-tools      3.1
e2fsprogs              1.35
reiserfsprogs          line
reiser4progs           line
Linux C Library        2.3.5
Dynamic linker (ldd)   2.3.5
Linux C++ Library      5.0.7
Procps                 3.1.8
Net-tools              1.60
Kbd                    1.08
Sh-utils               2.0
Modules Loaded

Problem Description:

Oops: 0000 [#1]
PREEMPT
Modules linked in:
CPU:    0
EIP:    0060:[<c01f562c>]    Not tainted VLI
EFLAGS: 00010216   (2.6.13)
EIP is at sha1_update+0x7c/0x160
eax: dce92e6c   ebx: 00000014   ecx: 00000005   edx: 00000104
esi: 907529d5   edi: dce92eb4   ebp: 907529d5   esp: c04c5c98
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c04c5000 task=c03eeb80)
Stack: dce92e74 dbe09db4 c04c5ca4 00000000 00000000 00000000 00000000 00000000
       00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
       00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
Call Trace:
 [<c01f39e0>] update+0x80/0xb0
 [<c01f4106>] crypto_hmac_update+0x26/0x40
 [<c036d370>] skb_icv_walk+0xf0/0x200
 [<c01f4071>] crypto_hmac_init+0xd1/0x140
 [<c0348a23>] esp_hmac_digest+0x93/0xf0
 [<c01f40e0>] crypto_hmac_update+0x0/0x40
 [<c01f3644>] cbc_encrypt+0x54/0x60
 [<c0347ecb>] esp_output+0x38b/0x4a0
 [<c0366e1a>] xfrm4_output+0x7a/0x1a0
 [<c031537b>] ip_forward+0x17b/0x2e0
 [<c03154e0>] ip_forward_finish+0x0/0x60
 [<c0313a96>] ip_rcv+0x266/0x520
 [<c0313f30>] ip_rcv_finish+0x0/0x2d0
 [<c02e5918>] netif_receive_skb+0x198/0x240
 [<c02e5a3f>] process_backlog+0x7f/0x100
 [<c02e5b4e>] net_rx_action+0x8e/0x1c0
 [<c011f7cd>] __do_softirq+0x8d/0xa0
 [<c0105493>] do_softirq+0x63/0x70
 =======================
 [<c011f8a8>] irq_exit+0x38/0x40
 [<c0105359>] do_IRQ+0x59/0x80
 [<c01035fe>] common_interrupt+0x1a/0x20
 [<c0241d07>] acpi_processor_idle+0x123/0x299
 [<c01009d8>] cpu_idle+0x48/0x60
 [<c044b7b7>] start_kernel+0x157/0x180
 [<c044b390>] unknown_bootoption+0x0/0x1b0
Code: 0f 86 f9 00 00 00 8b 84 24 60 01 00 00 bb 40 00 00 00 29 f3 81 fb ff 01 00
00 8d 7c 06 1c 0f 87 c4 00 00 00 89 d9 89 ee
c1 e9 02 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 84 24 60 01 00 00 8b b4 24
 <0>Kernel panic - not syncing: Fatal exception in interrupt


Steps to reproduce:
Setup IPsec & wait. Sometimes 30m, sometimes 5h.

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote:
> 
> Problem Description:
> 
> Oops: 0000 [#1]
> PREEMPT
> Modules linked in:
> CPU:    0
> EIP:    0060:[<c01f562c>]    Not tainted VLI
> EFLAGS: 00010216   (2.6.13)
> EIP is at sha1_update+0x7c/0x160

Thanks for the report.  Matt LaPlante had exactly the same problem
a couple of days ago.  I've tracked down now to my broken crypto
cipher wrapper functions which will step over a page boundary if
it's not aligned correctly.


[CRYPTO] Fix boundary check in standard multi-block cipher processors

The boundary check in the standard multi-block cipher processors are
broken when nbytes is not a multiple of bsize.  In those cases it will
always process an extra block.

This patch corrects the check so that it processes at most nbytes of data.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,

On Tue, 6 Sep 2005, Herbert Xu wrote:

> On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote:
>>
>> Problem Description:
>>
>> Oops: 0000 [#1]
>> PREEMPT
>> Modules linked in:
>> CPU:    0
>> EIP:    0060:[<c01f562c>]    Not tainted VLI
>> EFLAGS: 00010216   (2.6.13)
>> EIP is at sha1_update+0x7c/0x160
>
> Thanks for the report.  Matt LaPlante had exactly the same problem
> a couple of days ago.  I've tracked down now to my broken crypto
> cipher wrapper functions which will step over a page boundary if
> it's not aligned correctly.
>
>
> [CRYPTO] Fix boundary check in standard multi-block cipher processors

Thanks. Patched my kernel, recompiled and waiting. So far it is OK,

Should this patch be merged into 2.6.13.1?

Best regards,

                         Krzysztof Ol

Reply-To: laplam@rpi.edu

Patch worked like a charm here, no more kernel panics! Excellent work, many
thanks for the quick fix...more people should have such a work ethic.

Cheers,
Matt

> -----Original Message-----
> From: linux-kernel-owner@vger.kernel.org [mailto:linux-kernel-
> owner@vger.kernel.org] On Behalf Of Herbert Xu
> Sent: Tuesday, September 06, 2005 8:20 AM
> To: Andrew Morton
> Cc: netdev@vger.kernel.org; olel@ans.pl; bugme-daemon@kernel-
> bugs.osdl.org; Matt LaPlante; Linux Kernel Mailing List; David S. Miller
> Subject: Re: Fw: [Bugme-new] [Bug 5194] New: IPSec related OOps in 2.6.13
> 
> On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote:
> >
> > Problem Description:
> >
> > Oops: 0000 [#1]
> > PREEMPT
> > Modules linked in:
> > CPU:    0
> > EIP:    0060:[<c01f562c>]    Not tainted VLI
> > EFLAGS: 00010216   (2.6.13)
> > EIP is at sha1_update+0x7c/0x160
> 
> Thanks for the report.  Matt LaPlante had exactly the same problem
> a couple of days ago.  I've tracked down now to my broken crypto
> cipher wrapper functions which will step over a page boundary if
> it's not aligned correctly.
> 
> 
> [CRYPTO] Fix boundary check in standard multi-block cipher processors
> 
> The boundary check in the standard multi-block cipher processors are
> broken when nbytes is not a multiple of bsize.  In those cases it will
> always process an extra block.
> 
> This patch corrects the check so that it processes at most nbytes of data.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On Tue, 6 Sep 2005, Herbert Xu wrote:

> On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote:
>>
>> Problem Description:
>>
>> Oops: 0000 [#1]
>> PREEMPT
>> Modules linked in:
>> CPU:    0
>> EIP:    0060:[<c01f562c>]    Not tainted VLI
>> EFLAGS: 00010216   (2.6.13)
>> EIP is at sha1_update+0x7c/0x160
>
> Thanks for the report.  Matt LaPlante had exactly the same problem
> a couple of days ago.  I've tracked down now to my broken crypto
> cipher wrapper functions which will step over a page boundary if
> it's not aligned correctly.

This bug is resolved. I believe we can close it.

Best regards,


 			Krzysztof Ol