Re: [CRYPTO 3/4] padlock: Driver for SHA1 / SHA256 algorithms

Sun, 09 Jul 2006 06:22:54 -0700 

Herbert Xu wrote:


Also, you shouldn't hold a tfm object for the lifetime of the module.
The fallback tfm should only be allocated in cra_init. 

Just tried being nasty to the kernel...


Test1: loaded padlock-sha, (that autoloaded sha1 and sha256), manually 
removed sha1 and set "alias sha1 off" in modprobe.conf. I.e. 
padlock_cra_init() must fail.


echo "add 1.2.3.4 10.20.30.40 ah 0x12345 -A hmac-sha1 \
        0x80a2a3d99cdf9fcb841618d654ab1c75e0f4e1b9;" | setkey -c


padlock_cra_init() correctly says fallback TFM couldn't be allocated and 
returns 1. However AH SA is created anyway and padlock-sha has one user. 
setkey -F segfaults, because in cra_exit() I assume the fallback tfm was 
not null and trying to free it. I never expected to get cra_exit() 
called when cra_init() failed.



Indeed I can check for valid fallback_tfm before freeing it but I *rely* 
on having it allocated from cra_init() in padlock_sha_bypass() anyway.


Bug in your code?


BTW Before applying your two last patches from 06/07/03 I got the 
attached attached Oops with setkey segfaulting. Then all subsequent 
setkey processes stay in D state. Not sure if it was treated by one of 
those patches.



Test 2: Now some cryptomgr complaints (should go to its own thread but 
/me is too lazy).



modprobe sha1 and the above setkey. lsmod shows 1 user of sha1. flushed 
SA and modprobed padlock-sha. setkey that AH SA again - lsmod again 
shows 1 user of sha1 and no users for padlock-sha! Strange...



It turns out that cryptomgr created hmac(sha1) from sha1-generic and 
doesn't update list (or create another higher-prio entry) after 
padlock-sha was inserted.


Another bug?

Michal

(dmesg output)
padlock: Fallback for 'sha1' is driver 'sha1-generic' (prio=0)
padlock: Fallback for 'sha256' is driver 'sha256-generic' (prio=0)
padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.
### Here I disabled sha1 with "alias sha1 off"
### and did setkey "add 1.2.3.4 10.20.30.40 esp 0x666 -E ... -A hmac-sha1 "...";
### Oops, I shouldn't....
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c01c8d8c
*pde = ma 00000000 pa fffff000
Oops: 0000 [#1]
Modules linked in: esp4 deflate zlib_deflate zlib_inflate twofish 
twofish_common serpent aes blowfish des crypto_null cryptomgr af_key 
padlock_sha nfs lockd nfs_acl sunrpc dm_mod loop
CPU:    0
EIP:    0061:[<c01c8d8c>]    Not tainted VLI
EFLAGS: 00010216   (2.6.16.13-xen-cryptodev #8) 
EIP is at vsnprintf+0x3c/0x580
eax: 00000000   ebx: c6c53b8c   ecx: 00000000   edx: 0000003c
esi: c6c53bc7   edi: 00000000   ebp: c6c53bec   esp: c6c53b30
ds: 007b   es: 007b   ss: 0069
Process setkey (pid: 1201, threadinfo=c6c53000 task=c12770b0)
Stack: <0>c11d7708 00000000 00000001 c12770b0 c01123a0 00100100 00200200 
0000003c 
       c6c53b8c c03595e0 c012447b c012447b 00000000 00000000 00000000 00000000 
       c6c53b8c 00000000 00000000 00000000 c01245c8 c6c53bec 00000000 00000000 
Call Trace:
 [<c01123a0>] default_wake_function+0x0/0x10
 [<c012447b>] call_usermodehelper_keys+0x10b/0x120
 [<c012447b>] call_usermodehelper_keys+0x10b/0x120
 [<c01245c8>] request_module+0x48/0xe0
 [<c0124490>] __call_usermodehelper+0x0/0x50
 [<c01b66f2>] crypto_alg_mod_lookup+0x72/0x250
 [<c01b690b>] crypto_alloc_tfm+0x1b/0x50
 [<cd0b41a4>] padlock_cra_init+0x14/0x70 [padlock_sha]
 [<c01b6012>] __crypto_alloc_tfm+0x102/0x140
 [<c01b6992>] crypto_spawn_tfm+0x52/0x70
 [<c01b830d>] crypto_hmac_init_tfm+0x2d/0x50
 [<c01b6012>] __crypto_alloc_tfm+0x102/0x140
 [<c01b6918>] crypto_alloc_tfm+0x28/0x50
 [<cd139bf2>] esp_init_state+0xc2/0x2b0 [esp4]
 [<c024a9d3>] xfrm_init_state+0x63/0x90
 [<cd13029e>] pfkey_add+0x7be/0x870 [af_key]
 [<c0151fc4>] __find_get_block+0x114/0x150
 [<cd12fae0>] pfkey_add+0x0/0x870 [af_key]
 [<cd12d9e0>] pfkey_sendmsg+0x3a0/0x440 [af_key]
 [<c01faa9e>] sock_sendmsg+0xae/0xe0
 [<c0127df0>] autoremove_wake_function+0x0/0x50
 [<c0111ec0>] __wake_up+0x30/0x70
 [<c01363ab>] get_page_from_freelist+0x1bb/0x390
 [<c01fad8c>] sockfd_lookup+0xc/0x80
 [<c01fb2f6>] sys_sendto+0x106/0x140
 [<c0136c07>] __alloc_pages+0x57/0x2d0
 [<c01fd3cb>] lock_sock+0xcb/0xe0
 [<c01c9a19>] copy_from_user+0x39/0x90
 [<c01fda05>] sock_set_timeout+0x35/0x90
 [<c01fdefe>] sock_setsockopt+0x7e/0x560
 [<c01fb363>] sys_send+0x33/0x40
 [<c01fc2e2>] sys_socketcall+0x142/0x280
 [<c010f080>] do_page_fault+0x0/0x83c
 [<c0104b29>] syscall_call+0x7/0xb
Code: 89 54 24 1c 89 4c 24 3c 0f 88 1b 05 00 00 8b 44 24 20 8b 54 24 1c 8d 74 
10 ff 48 39 c6 0f 82 e6 01 00 00 8b 44 24 3c 8b 5c 24 20 <0f> b6 00 84 c0 0f 84 
a8 04 00 00 89 f6 8d bc 27 00 00 00 00 31 
 
#### And it leaves all subsequent 'setkey's in D state :-(






















					Reply via email to