On 10/29/21 5:21 PM, Nicolas Toromanoff wrote:
On Fri, 29 Oct 2021, Marek Vasut wrote:
On 10/29/21 3:54 PM, Nicolas Toromanoff wrote:
Erase key before finalizing request.
Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto
module")
Can you be a bit more specific in your commit messages ? That applies
to the entire patchset. It is absolutely impossible to tell what race
is fixed here or why it is fixed by exactly this change. This applies
to the entire series.
I'll send a v2 with better commit messages.
for this specific patch:
We reset the saved key before the crypto_finalize_*() call. Otherwise a
still pending crypto action could be ran with a wrong key = {0};
And while I am at it, does the CRYP finally pass at least the most
basic kernel boot time crypto tests or does running those still
overwrite kernel memory and/or completely crash or lock up the machine ?
All extra tests (finally) pass.
With a kernel config :
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
CONFIG_CRYPTO_DEV_STM32_CRYP=m
Can you also do a boot test with CRYP compiled into the kernel ?
I recall that is how the original bug was reported -- the machine
crashed completely on boot even before reaching userspace, or the kernel
crashed on memory corruption before reaching userspace.