On Fri, Nov 10, 2017 at 10:37:30PM +1100, Herbert Xu wrote: > On Mon, Nov 06, 2017 at 10:19:51PM -0800, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > > > On a non-preemptible kernel, if KEYCTL_DH_COMPUTE is called with the > > largest permitted inputs (16384 bits), the kernel spends 10+ seconds > > doing modular exponentiation in mpi_powm() without rescheduling. If all > > threads do it, it locks up the system. Moreover, it can cause > > rcu_sched-stall warnings. > > > > Notwithstanding the insanity of doing this calculation in kernel mode > > rather than in userspace, fix it by calling cond_resched() as each bit > > from the exponent is processed. It's still noninterruptible, but at > > least it's preemptible now. > > > > Cc: stable@xxxxxxxxxxxxxxx # v4.12+ > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > > Patch applied. Thanks. > -- If it's not too late can you fix the stable line to be just Cc: stable@xxxxxxxxxxxxxxx As Mat pointed out KEYCTL_DH_COMPUTE was actually introduced in v4.7. Also I think the code is also reachable through RSA by adding an x509 certificate using the "asymmetric" key type, although that appears to be limited to 4096-bit inputs rather than 16384 bits. Eric