On 20 October 2014 09:14, Jamie Heilman <jamie@xxxxxxxxxxxxxxxxxxxxx> wrote: > I get this new failure w/3.17.0 on my system with a VIA Esther > processor: > > alg: skcipher: Chunk test 1 failed on encryption at page 0 for ecb-aes-padlock > 00000000: 71 73 f7 db 24 93 21 6d 61 1e bb 63 42 79 db 64 > 00000010: 6f 82 c0 ca a3 9b fa 0b d9 08 c7 4a 90 ae 8f 5f > 00000020: 5e 06 f0 5f 31 51 18 37 45 d7 ca 3a fd 6c 3f e1 > 00000030: dd 8d 22 65 2b 00 50 ce ba 28 67 d7 ce 0e 0d ea > 00000040: 78 69 7f ae 8f 8b 69 37 75 e0 dc 96 e0 b7 f4 09 > 00000050: cb 6d a2 fb da af 09 f8 81 82 27 fa 45 9c 29 a4 > 00000060: 22 8b 78 69 5b 46 f9 39 1b cc f9 1d 09 eb bc 5c > 00000070: 41 72 51 97 1d 07 49 a0 1b 8e 65 4b b2 6a 12 03 > 00000080: 6a 60 95 ac bd ac 1a 64 de 5a a5 f0 83 2f cb ca > 00000090: 22 74 a6 6c 9b 73 ce 3f e1 8b 22 17 59 0c 47 89 > 000000a0: 33 a1 d6 47 03 19 4f a8 67 69 f0 5b f0 20 ad 06 > 000000b0: 27 81 92 d8 c5 ba 98 12 be 24 b5 2f 75 02 c2 ad > 000000c0: 12 2f 07 32 ee 39 af 64 05 8f b3 d4 eb 1b 46 6e > 000000d0: d9 21 f9 c4 b7 c9 45 68 b4 a1 74 9f 82 47 eb cc > 000000e0: bd 0a 14 95 0f 8b a8 2f 4b 1b a7 bf 82 a6 43 0c > 000000f0: b9 39 4a a8 10 6f 50 7b 25 fb 26 81 e0 2f f0 96 > 00000100: 8d 8b ac 92 0f f6 ed 64 63 29 4c 8e 18 13 c5 bf > 00000110: fc a0 d9 bf 7c 3a 0e 29 6f d1 6c 6f a5 da bf b1 > 00000120: 30 ea 44 2d c3 8f 16 e1 66 fa a3 21 3e fc 13 ca > 00000130: f0 f6 f0 59 bd 8f 38 50 31 cb 69 3f 96 15 d6 f5 > 00000140: ae ff f6 aa 41 85 4c 10 58 e3 f9 44 e6 28 da 9a > 00000150: dc 6a 80 34 73 97 1b c5 ca 26 16 77 0e 60 ab 89 > 00000160: 0f 04 27 bd ce 3e 71 b4 a0 d7 22 7e db eb 24 70 > 00000170: 42 71 51 78 70 b3 e0 3d 84 8e 8d 7b d0 6d ea 92 > 00000180: 11 08 42 4f e5 ad 26 92 d2 00 ae a8 e3 4b 37 47 > 00000190: 22 c1 95 c1 63 7f cb 03 f3 e3 d7 9d 60 c7 bc ea > 000001a0: 35 a2 fd 45 52 39 13 6f c1 53 f3 53 df 33 84 d7 > 000001b0: d2 c8 37 b0 75 e3 41 46 b3 c7 83 2e 8a bb a4 e5 > 000001c0: 7f 3c fd 8b eb ea 63 bd b7 46 e7 bf 09 9c 0d 0f > 000001d0: 33 84 aa 1c 8d 29 b4 ac 4f ad e6 89 > > I've bisected this to 3b9b8fe0ade1ee84ee4058261d2e39a1f283704b so ... > perhaps intended in terms of uncovering problems. Seems to have > identified something in my case at any rate. > > Attached is my full 3.17.0 dmesg, kernel config, and /proc/crypto contents > (the only difference between 3.16 and 3.17 for the latter being the > selftest value for ecb-aes-padlock which used to be "passed" with 3.16 > and earlier.) > > Let me know if you need anything else. > Interesting. I don't have access to the hardware, but I found something interesting in the driver related to the prefetch size (ecb_fetch_bytes) of ECB versus CBC (Note that the CBC selftest passes) So perhaps this might solve the bug, could you please test it? diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c index 633ba945e153..2834f0b23713 100644 --- a/drivers/crypto/padlock-aes.c +++ b/drivers/crypto/padlock-aes.c @@ -351,7 +351,7 @@ static int ecb_aes_encrypt(struct blkcipher_desc *desc, padlock_reset_key(&ctx->cword.encrypt); blkcipher_walk_init(&walk, dst, src, nbytes); - err = blkcipher_walk_virt(desc, &walk); + err = blkcipher_walk_virt_block(desc, &walk, ecb_fetch_bytes); ts_state = irq_ts_save(); while ((nbytes = walk.nbytes)) { @@ -380,7 +380,7 @@ static int ecb_aes_decrypt(struct blkcipher_desc *desc, padlock_reset_key(&ctx->cword.decrypt); blkcipher_walk_init(&walk, dst, src, nbytes); - err = blkcipher_walk_virt(desc, &walk); + err = blkcipher_walk_virt_block(desc, &walk, ecb_fetch_bytes); ts_state = irq_ts_save(); while ((nbytes = walk.nbytes)) { It will basically instruct the crypto layer not to pass fewer than 2 blocks at a time until there is really no other way, i.e., until the input is exhausted. -- Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html