From: Jan Stancek <jstancek@redhat.com>
Subject: Re: [bug] sha1-avx2 and read beyond
Date: Fri, 23 Jun 2017 04:48:51 -0400 (EDT)
Message-ID: <1943517473.41520875.1498207731142.JavaMail.zimbra@redhat.com>
References: <1950313665.4516034.1493507041652.JavaMail.zimbra@redhat.com> <502554512.20705544.1495630017500.JavaMail.zimbra@redhat.com> <20170623084330.GA30353@gondor.apana.org.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: Tim Chen <tim.c.chen@linux.intel.com>,
        linux-crypto@vger.kernel.org,
        ilya albrekht <ilya.albrekht@intel.com>,
        maxim locktyukhin <maxim.locktyukhin@intel.com>,
        ronen zohar <ronen.zohar@intel.com>, mouli@linux.intel.com,
        minipli@googlemail.com, hpa@linux.intel.com, marex@denx.de
To: Herbert Xu <herbert@gondor.apana.org.au>
Return-path: <linux-crypto-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:38488 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753713AbdFWIsx (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 23 Jun 2017 04:48:53 -0400
In-Reply-To: <20170623084330.GA30353@gondor.apana.org.au>
Sender: linux-crypto-owner@vger.kernel.org
List-ID: <linux-crypto.vger.kernel.org>



----- Original Message -----
> On Wed, May 24, 2017 at 08:46:57AM -0400, Jan Stancek wrote:
> > 
> > 
> > ----- Original Message -----
> > > Hi,
> > > 
> > > I'm seeing rare crashes during NFS cthon with krb5 auth. After
> > > some digging I arrived at potential problem with sha1-avx2.
> > 
> > Adding more sha1_avx2 experts to CC.
> > 
> > > 
> > > Problem appears to be that sha1_transform_avx2() reads beyond
> > > number of blocks you pass, if it is an odd number. It appears
> > > to try read one block more. This creates a problem if it falls
> > > beyond a page and there's nothing there.
> > 
> > As noted in my reply, worst case appears to be read ahead
> > of up to 3 SHA1 blocks beyond end of data:
> >   http://marc.info/?l=linux-crypto-vger&m=149373371023377
> > 
> >  +----------+---------+---------+---------+
> >  | 2*SHA1_BLOCK_SIZE  | 2*SHA1_BLOCK_SIZE |
> >  +----------+---------+---------+---------+
> >             ^ page boundary
> >     ^ data end
> > 
> > It is still reproducible with 4.12-rc2.
> 
> Can someone from Intel please look into this? Otherwise we'll have
> to disable sha-avx2.

So I take it my workaround patch [1] is not acceptable in
short-term as well?

[1] http://marc.info/?l=linux-crypto-vger&m=149373371023377

Regards,
Jan