On Fri, 29 Oct 2021, Marek Vasut wrote:
On 10/29/21 3:54 PM, Nicolas Toromanoff wrote:
Erase key before finalizing request.
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto
module")
Can you be a bit more specific in your commit messages ? That applies to the
entire patchset. It is absolutely impossible to tell what race is fixed here
or why it is fixed by exactly this change. This applies to the entire series.
I'll send a v2 with better commit messages.
for this specific patch:
We reset the saved key before the crypto_finalize_*() call. Otherwise a
still pending crypto action could be ran with a wrong key = {0};
And while I am at it, does the CRYP finally pass at least the most basic
kernel boot time crypto tests or does running those still overwrite kernel
memory and/or completely crash or lock up the machine ?
All extra tests (finally) pass.
With a kernel config :
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
CONFIG_CRYPTO_DEV_STM32_CRYP=m
while(true) do ; modprobe stm32-cryp && modprobe -r stm32-cryp ; done
ran a whole day without a crash, nor a detected error.
--
Nicolas.