Hello all, I'm sorry for late reply (I was out of office for a month). It's been a while since we touched this code. We are going to do our best to support it. I'll be back to the office earlier next week and will figure out the fix ASAP. Best Regards, Ilya Albrekht -----Original Message----- From: Tim Chen [mailto:tim.c.chen@xxxxxxxxxxxxxxx] Sent: Friday, June 23, 2017 9:39 AM To: Jan Stancek; Herbert Xu; megha.dey@xxxxxxxxxxxxxxx Cc: linux-crypto@xxxxxxxxxxxxxxx; Albrekht, Ilya; Locktyukhin, Maxim; Zohar, Ronen; mouli@xxxxxxxxxxxxxxx; minipli@xxxxxxxxxxxxxx; hpa@xxxxxxxxxxxxxxx; marex@xxxxxxx Subject: Re: [bug] sha1-avx2 and read beyond On 06/23/2017 01:48 AM, Jan Stancek wrote: > > > ----- Original Message ----- >> On Wed, May 24, 2017 at 08:46:57AM -0400, Jan Stancek wrote: >>> >>> >>> ----- Original Message ----- >>>> Hi, >>>> >>>> I'm seeing rare crashes during NFS cthon with krb5 auth. After some >>>> digging I arrived at potential problem with sha1-avx2. >>> >>> Adding more sha1_avx2 experts to CC. >>> >>>> >>>> Problem appears to be that sha1_transform_avx2() reads beyond >>>> number of blocks you pass, if it is an odd number. It appears to >>>> try read one block more. This creates a problem if it falls beyond >>>> a page and there's nothing there. >>> >>> As noted in my reply, worst case appears to be read ahead of up to 3 >>> SHA1 blocks beyond end of data: >>> http://marc.info/?l=linux-crypto-vger&m=149373371023377 >>> >>> +----------+---------+---------+---------+ >>> | 2*SHA1_BLOCK_SIZE | 2*SHA1_BLOCK_SIZE | >>> +----------+---------+---------+---------+ >>> ^ page boundary >>> ^ data end >>> >>> It is still reproducible with 4.12-rc2. >> >> Can someone from Intel please look into this? Otherwise we'll have to >> disable sha-avx2. > > So I take it my workaround patch [1] is not acceptable in short-term > as well? > > [1] http://marc.info/?l=linux-crypto-vger&m=149373371023377 > > Regards, > Jan > Megha, Can you take a look at this issue? Thanks. Tim