Re: [bug] sha1-avx2 and read beyond

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/30/2017 01:04 AM, Jan Stancek wrote:
> Hi,
> 
> I'm seeing rare crashes during NFS cthon with krb5 auth. After
> some digging I arrived at potential problem with sha1-avx2.
> 
> Problem appears to be that sha1_transform_avx2() reads beyond
> number of blocks you pass, if it is an odd number. It appears
> to try read one block more.

It's not just odd vs even number of blocks. It appears to be
doing read ahead (in size of 2 blocks). For example,
for data starting at page offset 1 with length 3967, it still
crashes on access to subsequent page.

Patch below fixes it for me, but it feels more like workaround.

Regards,
Jan

diff --git a/arch/x86/crypto/sha1_ssse3_glue.c b/arch/x86/crypto/sha1_ssse3_glue.c
index fc61739150e7..736128267715 100644
--- a/arch/x86/crypto/sha1_ssse3_glue.c
+++ b/arch/x86/crypto/sha1_ssse3_glue.c
@@ -212,10 +212,41 @@ static bool avx2_usable(void)
 static void sha1_apply_transform_avx2(u32 *digest, const char *data,
 				unsigned int rounds)
 {
+	const char *last;
+	unsigned int rounds_avx2;
+
 	/* Select the optimal transform based on data block size */
-	if (rounds >= SHA1_AVX2_BLOCK_OPTSIZE)
-		sha1_transform_avx2(digest, data, rounds);
-	else
+	if (rounds < SHA1_AVX2_BLOCK_OPTSIZE)
+		goto avx;
+
+	/*
+	 * sha1_transform_avx2() can read ahead couple blocks, which
+	 * can cause problems if it crosses page boundary and next
+	 * page doesn't exist. It operates on even number of blocks.
+	 * Code below checks for worst case, where it can access
+	 * up to 3 consecutive blocks after data end. In that case
+	 * sha1_transform_avx2() is passed 3 blocks less and rest
+	 * of data is handled by sha1_transform_avx().
+	 *
+	 * +----------+---------+---------+---------+
+	 *   2x SHA1_BLOCK_SIZE | 2*SHA1_BLOCK_SIZE
+	 * +----------+---------+---------+---------+
+	 *    ^ data end
+	 */
+	last = data + (rounds + 3) * SHA1_BLOCK_SIZE - 1;
+	if (offset_in_page(last) >= 3 * SHA1_BLOCK_SIZE) {
+		rounds_avx2 = rounds;
+	} else {
+		rounds_avx2 = rounds - 3;
+		if (rounds_avx2 < SHA1_AVX2_BLOCK_OPTSIZE)
+			goto avx;
+	}
+
+	sha1_transform_avx2(digest, data, rounds_avx2);
+	data += SHA1_BLOCK_SIZE * rounds_avx2;
+	rounds -= rounds_avx2;
+avx:
+	if (rounds)
 		sha1_transform_avx(digest, data, rounds);
 }




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux