IV copy strategy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Herbert,

I just run in a bug which I caused. Actually I don't understand it at
all. The bad patch seems to be:

|75a8ae21dfd08f425b72906cc30b53103b2e5105 is first bad commit
| commit 75a8ae21dfd08f425b72906cc30b53103b2e5105
| Author: Sebastian Siewior <sebastian@xxxxxxxxxxxxx>
| Date:   Sun Oct 21 16:04:23 2007 +0800
| 
|     [CRYPTO] geode: use consistent IV copy

and the bug report is:

|=============================================================================
|BUG kmalloc-64: Poison overwritten
|-----------------------------------------------------------------------------
|
|INFO: 0xc21dc3a0-0xc21dc3af. First byte 0xe3 instead of 0x6b
|INFO: Allocated in blkcipher_walk_first+0xe0/0x1a9 age=1 cpu=0 pid=2569
|INFO: Freed in blkcipher_walk_done+0x19d/0x1b7 age=0 cpu=0 pid=2569
|INFO: Slab 0xc1043b80 used=4 fp=0xc21dc380 flags=0x400000c3
|INFO: Object 0xc21dc380 @offset=896 fp=0xc21dc7e0
|
|Bytes b4 0xc21dc370:  18 09 00 00 39 73 00 00 5a 5a 5a 5a 5a 5a 5a 5a ....9s..ZZZZZZZZ
|  Object 0xc21dc380:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
|  Object 0xc21dc390:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
|  Object 0xc21dc3a0:  e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a ãSw..y®¸'..-¾w..
|  Object 0xc21dc3b0:  6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk¥
| Redzone 0xc21dc3c0:  bb bb bb bb                                     »»»»
| Padding 0xc21dc3e8:  5a 5a 5a 5a 5a 5a 5a 5a                         ZZZZZZZZ
| [<c0150040>] check_bytes_and_report+0x8d/0xae
| [<c015029f>] check_object+0xbf/0x1b5
| [<c01b8131>] blkcipher_walk_first+0xe0/0x1a9
| [<c0150e97>] __slab_alloc+0x33a/0x433
| [<c01b8131>] blkcipher_walk_first+0xe0/0x1a9
| [<c0151b1f>] __kmalloc+0x7d/0xe8
| [<c01b8131>] blkcipher_walk_first+0xe0/0x1a9
| [<c01b8131>] blkcipher_walk_first+0xe0/0x1a9
| [<c01b8131>] blkcipher_walk_first+0xe0/0x1a9
| [<c015031e>] check_object+0x13e/0x1b5
| [<d00134e0>] geode_cbc_encrypt+0x32/0xca [geode_aes]
| [<c01510fb>] kfree+0xc0/0xca
|

I removed the write back of the IV 
    memcpy(walk.iv, op->iv, AES_IV_LENGTH);

and everything goes back to normal. I checked walk.iv and it doesn't
change, it is still the same pointer. Do you free the walk.iv in the
meantime or is there another BUG I don't see? The IV length is 16 bytes.
Currently I'm lost ...

Sebastian
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux