Re: Fw: IPsec/crypto kernel panic in 2.6.[456]

From: Christophe Saout
Date: Fri May 21 2004 - 20:08:02 EST

Next message: Paul Serice: "[PATCH] isofs meta-data beyond 4GB"
Previous message: Nick Piggin: "Re: Random file I/O regressions in 2.6 [patch+results]"
In reply to: Christophe Saout: "Re: IPsec/crypto kernel panic in 2.6.[456]"
Next in thread: Christophe Saout: "Re: Fw: IPsec/crypto kernel panic in 2.6.[456]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 20, 2004 at 08:10:49AM -0700, David S. Miller wrote:

> > > erp, unprivileged users can oops the box? Is anyone looking into
> > > this?
> >
> > I hope Christophe can, as he can also verify that the original problem
> > remains fixed.
>
> James is travelling today, and if Christophe doesn't get to it I'll
> dig into this today.

I've no idea what's going on there. I found two small problems but they
don't explain the Oops.

It looks like dst points into nirvana.

The two problems I found:

After calling scatterwalk_copychunks walk_in might point to the next
page which will break scatterwalk_samebuf (in this case src_p should
point to tmp_src anyway and scatterwalk_samembuf returns 0).

scatterwalk_samebuf should also check for equal offsets inside the
page (just bad for performance in some cases).

Both don't explain the Oops and shouldn't corrupt data,

--- linux-2.6.6/crypto/cipher.c 2004-05-10 04:32:37.000000000 +0200
+++ linux/crypto/cipher.c 2004-05-20 13:07:39.000000000 +0200
@@ -68,19 +68,20 @@

for(;;) {
u8 *src_p, *dst_p;
+ int in_place;

scatterwalk_map(&walk_in, 0);
scatterwalk_map(&walk_out, 1);
src_p = scatterwalk_whichbuf(&walk_in, bsize, tmp_src);
dst_p = scatterwalk_whichbuf(&walk_out, bsize, tmp_dst);
+ in_place = scatterwalk_samebuf(&walk_in, &walk_out,
+ src_p, dst_p);

nbytes -= bsize;

scatterwalk_copychunks(src_p, &walk_in, bsize, 0);

- prfn(tfm, dst_p, src_p, crfn, enc, info,
- scatterwalk_samebuf(&walk_in, &walk_out,
- src_p, dst_p));
+ prfn(tfm, dst_p, src_p, crfn, enc, info, in_place);

scatterwalk_done(&walk_in, 0, nbytes);

--- linux-2.6.6/crypto/scatterwalk.h 2004-05-10 04:33:20.000000000 +0200
+++ linux/crypto/scatterwalk.h 2004-05-20 13:02:44.000000000 +0200
@@ -38,6 +38,7 @@
void *src_p, void *dst_p)
{
return walk_in->page == walk_out->page &&
+ walk_in->offset == walk_out->offset &&
walk_in->data == src_p && walk_out->data == dst_p;
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Serice: "[PATCH] isofs meta-data beyond 4GB"
Previous message: Nick Piggin: "Re: Random file I/O regressions in 2.6 [patch+results]"
In reply to: Christophe Saout: "Re: IPsec/crypto kernel panic in 2.6.[456]"
Next in thread: Christophe Saout: "Re: Fw: IPsec/crypto kernel panic in 2.6.[456]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]