On Mon, May 8, 2017 at 2:00 PM, Stephan Müller <smueller@xxxxxxxxxx> wrote: > Am Montag, 8. Mai 2017, 08:30:13 CEST schrieb Harsh Jain: > > Hi Harsh, >> >> Confusing, I have to dig more for DRBG. Actually we observed following >> panic in Chcr (Chelsio) when drgb is enabled and Panic trace points >> some thing wrong >> with drgb modules. Any idea what are possible reason for this. > > Just to confirm: are you using the latest kernel? No, I tried on 4.9.13. Will let you know the behavior with latest kernel. The bug you are referring to > happens in the drbg_kcapi_sym_ctr called by the update operation to process > seed material. This function had a bug in it where I used stack buffer. This > is now repaced with heap buffer: > > 5102981212454998d549273ff9847f19e97a1794 > > I am yet wondering why a __list_add is called that causes the bug. In the DRBG > code path seen below, I am not seeing any list_add calls. >> >> alg: No test for authenc(digest_null,rfc3686(ctr(aes))) >> (authenc(digest_null-generic,rfc3686-ctr-aes-chcr)) >> alg: No test for seqiv(authenc(digest_null,rfc3686(ctr(aes)))) >> (seqiv(authenc(digest_null-generic,rfc3686-ctr-aes-chcr))) >> alg: No test for fips(ansi_cprng) (fips_ansi_cprng) >> BUG: unable to handle kernel NULL pointer dereference at (null) >> IP: [<ffffffff81317c66>] __list_add+0x26/0xd0 >> PGD 0 >> Oops: 0000 [#1] SMP >> Modules linked in: drbg(+) ansi_cprng seqiv xfrm6_mode_tunnel >> xfrm4_mode_tunnel xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 >> af_key cbc ccm ctr ghash_generic gf128mul ghash_clmulni_intel cryptd >> gcm sha512_ssse3 sha512_generic chcr(OE) cxgb4(OE) authenc netconsole >> configfs xt_nat iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 >> nf_nat_ipv4 nf_nat nf_conntrack ip_tables nfsd lockd grace nfs_acl >> auth_rpcgss sunrpc ipv6 crc_ccitt vfat fat joydev iTCO_wdt >> iTCO_vendor_support mxm_wmi pcspkr sg i2c_i801 i2c_smbus lpc_ich >> mfd_core shpchp xhci_pci xhci_hcd igb i2c_algo_bit i2c_core ptp >> pps_core ioatdma dca ipmi_si ipmi_msghandler wmi acpi_cpufreq acpi_pad >> dm_mod(E) ext4(E) mbcache(E) jbd2(E) sd_mod(E) ahci(E) libahci(E) >> [last unloaded: scsi_transport_fc] >> CPU: 9 PID: 3672 Comm: cryptomgr_test Tainted: G OE 4.9.13 #2 >> Hardware name: Supermicro X10DRi/X10DRi, BIOS 2.0 12/28/2015 >> task: ffff88103b418a00 task.stack: ffffc90008a7c000 >> RIP: 0010:[<ffffffff81317c66>] [<ffffffff81317c66>] __list_add+0x26/0xd0 >> RSP: 0018:ffffc90008a7f8c8 EFLAGS: 00010046 >> RAX: 0000000000000000 RBX: ffffc90008a7f920 RCX: 0000000000000001 >> RDX: ffff88103c8b5ef0 RSI: 0000000000000000 RDI: ffffc90008a7f920 >> RBP: ffffc90008a7f8f8 R08: 0000000000000000 R09: ffff8810053200b0 >> R10: ffff88103caf3100 R11: 0000000000000020 R12: ffff88103c8b5ef0 >> R13: 0000000000000000 R14: ffff88103b418a00 R15: 7fffffffffffffff >> FS: 0000000000000000(0000) GS:ffff88107f440000(0000) knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 0000000000000000 CR3: 0000000001c07000 CR4: 00000000001406e0 >> Stack: >> ffffc90008a7f8e8 0000000000000246 ffff88103caf3040 ffff88103c8b5ee0 >> ffff88103c8b5ee8 ffffc90008a7f908 ffffc90008a7f968 ffffffff81654c02 >> 0000000000000001 ffff88103b418a00 ffffffff81097370 0000000000000000 >> Call Trace: >> [<ffffffff81654c02>] wait_for_completion_interruptible+0xc2/0x130 >> [<ffffffff81097370>] ? try_to_wake_up+0x240/0x240 >> [<ffffffffa02582fb>] drbg_kcapi_sym_ctr+0xeb/0x150 [drbg] >> [<ffffffffa0259560>] drbg_ctr_update+0x1b0/0x2a0 [drbg] >> [<ffffffffa0259bd2>] drbg_seed+0x1a2/0x2e0 [drbg] >> [<ffffffffa025a6ef>] ? drbg_init_sym_kernel+0x13f/0x200 [drbg] >> [<ffffffffa025aa62>] drbg_instantiate+0x52/0x1e0 [drbg] >> [<ffffffff811ca2ee>] ? __kmalloc+0xee/0x1d0 >> [<ffffffff812a873d>] ? crypto_create_tfm+0x3d/0xd0 >> [<ffffffffa025acbc>] drbg_kcapi_seed+0xcc/0x118 [drbg] >> [<ffffffff812a87a1>] ? crypto_create_tfm+0xa1/0xd0 >> [<ffffffff812bb48d>] crypto_rng_reset+0x5d/0x80 >> [<ffffffff812b5197>] drbg_cavs_test+0xf7/0x370 >> [<ffffffff810a3018>] ? dequeue_task_fair+0x68/0x420 >> [<ffffffff8109ccd5>] ? pick_next_task_idle+0x45/0x50 >> [<ffffffff812b547b>] alg_test_drbg+0x6b/0xa0 >> [<ffffffff812b18d5>] alg_test+0x145/0x350 >> [<ffffffff812b0ad0>] ? cryptomgr_probe+0xd0/0xd0 >> [<ffffffff812b0ad0>] ? cryptomgr_probe+0xd0/0xd0 >> [<ffffffff812b0b15>] cryptomgr_test+0x45/0x50 >> [<ffffffff8108a5ed>] kthread+0xcd/0xf0 >> [<ffffffff8109503e>] ? schedule_tail+0x1e/0xc0 >> [<ffffffff8108a520>] ? __kthread_init_worker+0x40/0x40 >> [<ffffffff81657bd2>] ret_from_fork+0x22/0x30 >> Code: 00 00 00 00 00 55 48 89 e5 48 83 ec 30 48 89 5d e8 4c 89 65 f0 >> 48 89 fb 4c 89 6d f8 4c 8b 42 08 49 89 f5 49 89 d4 49 39 f0 75 31 <4d> >> 8b 45 00 4d 39 c4 75 6f 4c 39 e3 74 45 4c 39 eb 74 40 49 89 >> RIP [<ffffffff81317c66>] __list_add+0x26/0xd0 >> RSP <ffffc90008a7f8c8> >> CR2: 0000000000000000 >> ---[ end trace fbf11c880e8c4c52 ]--- > > Ciao > Stephan