From: Jan Stancek Subject: Re: [bug] sha1-avx2 and read beyond Date: Fri, 23 Jun 2017 04:48:51 -0400 (EDT) Message-ID: <1943517473.41520875.1498207731142.JavaMail.zimbra@redhat.com> References: <1950313665.4516034.1493507041652.JavaMail.zimbra@redhat.com> <502554512.20705544.1495630017500.JavaMail.zimbra@redhat.com> <20170623084330.GA30353@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Tim Chen , linux-crypto@vger.kernel.org, ilya albrekht , maxim locktyukhin , ronen zohar , mouli@linux.intel.com, minipli@googlemail.com, hpa@linux.intel.com, marex@denx.de To: Herbert Xu Return-path: Received: from mx1.redhat.com ([209.132.183.28]:38488 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753713AbdFWIsx (ORCPT ); Fri, 23 Jun 2017 04:48:53 -0400 In-Reply-To: <20170623084330.GA30353@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: ----- Original Message ----- > On Wed, May 24, 2017 at 08:46:57AM -0400, Jan Stancek wrote: > > > > > > ----- Original Message ----- > > > Hi, > > > > > > I'm seeing rare crashes during NFS cthon with krb5 auth. After > > > some digging I arrived at potential problem with sha1-avx2. > > > > Adding more sha1_avx2 experts to CC. > > > > > > > > Problem appears to be that sha1_transform_avx2() reads beyond > > > number of blocks you pass, if it is an odd number. It appears > > > to try read one block more. This creates a problem if it falls > > > beyond a page and there's nothing there. > > > > As noted in my reply, worst case appears to be read ahead > > of up to 3 SHA1 blocks beyond end of data: > > http://marc.info/?l=linux-crypto-vger&m=149373371023377 > > > > +----------+---------+---------+---------+ > > | 2*SHA1_BLOCK_SIZE | 2*SHA1_BLOCK_SIZE | > > +----------+---------+---------+---------+ > > ^ page boundary > > ^ data end > > > > It is still reproducible with 4.12-rc2. > > Can someone from Intel please look into this? Otherwise we'll have > to disable sha-avx2. So I take it my workaround patch [1] is not acceptable in short-term as well? [1] http://marc.info/?l=linux-crypto-vger&m=149373371023377 Regards, Jan