On Mon, Feb 5, 2018 at 6:40 PM, Kamil Konieczny <k.konieczny@xxxxxxxxxxxxxxxxxxx> wrote: > > In AES-ECB mode crypt is done with key only, so any use of IV > can cause kernel Oops, as reported by Anand Moon. > Fixed it by using IV only in AES-CBC and AES-CTR. > > Signed-off-by: Kamil Konieczny <k.konieczny@xxxxxxxxxxxxxxxxxxx> > Reported-by: Anand Moon <linux.amoon@xxxxxxxxx> > --- > Tested on Odroid XU4/HC1, kernel 4.15 with following command: > > fallocate -l 128MiB /tmp/test.bin > dd if=/dev/urandom of=/tmp/testkey.key bs=128 count=1 > sync > cryptsetup luksFormat --debug -q -d /tmp/testkey.key \ > --cipher aes-cbc-essiv:sha256 -h sha256 -s 128 /tmp/test.bin > > The original report by Anand Moon: > https://www.spinics.net/lists/linux-crypto/msg31180.html > > Oops reproduced with cryptsetup 2.0.0, kernel 4.15, > in .config in crypto API ECB support was turned off, and s5p-sss AES driver on. > > cryptsetup is using aes-ecb and has req->info in aes_ctx set to 0x10, > which caused Oops: > > [ 2078.683779] Internal error: Oops: 17 [#1] PREEMPT SMP ARM > [ 2078.689148] Modules linked in: algif_skcipher af_alg sd_mod sg > evdev uas usb_storage scsi_mod gpio_keys fbtft(C) spidev spi_s3c64xx > ipv6 > [ 2078.701377] CPU: 1 PID: 15 Comm: ksoftirqd/1 Tainted: G C > 4.15.0-rc9-xu4krck #1 > [ 2078.709861] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) > [ 2078.715932] PC is at memcpy+0x80/0x330 > [ 2078.719652] LR is at s5p_tasklet_cb+0x19c/0x328 > > drivers/crypto/s5p-sss.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) Fixes and cc-stable? Reviewed-by: Krzysztof Kozlowski <krzk@xxxxxxxxxx> Best regards, Krzysztof