From patchwork Mon Oct 20 07:59:26 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 39025
Return-Path: <patchwork-forward+bncBDYNJBOFRECBBZUBSORAKGQEJ7UDZPA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f71.google.com (mail-la0-f71.google.com
 [209.85.215.71])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 78CE5202DB
 for <linaro@patches.linaro.org>; Mon, 20 Oct 2014 07:59:35 +0000 (UTC)
Received: by mail-la0-f71.google.com with SMTP id gi9sf2151966lab.2
 for <linaro@patches.linaro.org>; Mon, 20 Oct 2014 00:59:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:mime-version:in-reply-to:references
 :date:message-id:subject:from:to:cc:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe:content-type;
 bh=lPbFBnn/SmptsGqICoFZwbZEWcn/Y7BgMRWBdAWQ3Xo=;
 b=PeO3VFQb3tlvW/rmsySsJy8U9Y72WOhl4B8SvCKN5+g4Mn8tI65f3ulr70kv0Gtjmj
 Tzu4rf/maABh8kaIFPbE2HQTo7D9QKbiNsvf4O1RjygJxMY1XSDZOyG40q3VYmq3jojI
 uHwvb+bqlLvLVtQ7+vYpMrY/2VoGifeqK+V0T521R5+2EfcX7NmQjKITYWmlBKJXjb9s
 U9kQ+cPjIhgi/MHy/nb0Ci1ToiM3wl1EvAt1g64SHQ7j/EhEXqAGkD7G5EIt+73jsuw0
 ZBh9gq/jPOix98GYgayPCP90+Yjg9XCyR0nmTMfxscCAFZDPTzAoZj9yetjuZ5FYmkCH
 KXzw==
X-Gm-Message-State: ALoCoQnt1udtoAb0pBHQCnHvMmVpYXM8z+bG4xkCuzblLt9vxPzTYG2AOx3fjlUoCj52GkqKvmGW
X-Received: by 10.152.29.134 with SMTP id k6mr187429lah.9.1413791974212;
 Mon, 20 Oct 2014 00:59:34 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.5.199 with SMTP id u7ls408196lau.10.gmail; Mon, 20 Oct
 2014 00:59:34 -0700 (PDT)
X-Received: by 10.152.243.8 with SMTP id wu8mr25540404lac.21.1413791973125; 
 Mon, 20 Oct 2014 00:59:33 -0700 (PDT)
Received: from mail-lb0-f177.google.com (mail-lb0-f177.google.com.
 [209.85.217.177]) by mx.google.com with ESMTPS id
 qy3si13218002lbb.3.2014.10.20.00.59.33
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 20 Oct 2014 00:59:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.177 as permitted sender) client-ip=209.85.217.177; 
Received: by mail-lb0-f177.google.com with SMTP id w7so3309277lbi.8
 for <patchwork-forward@linaro.org>;
 Mon, 20 Oct 2014 00:59:32 -0700 (PDT)
X-Received: by 10.112.77.74 with SMTP id q10mr17181857lbw.66.1413791972915; 
 Mon, 20 Oct 2014 00:59:32 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.84.229 with SMTP id c5csp260040lbz;
 Mon, 20 Oct 2014 00:59:32 -0700 (PDT)
X-Received: by 10.68.68.164 with SMTP id x4mr25737026pbt.102.1413791971389; 
 Mon, 20 Oct 2014 00:59:31 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 xk1si7147093pab.121.2014.10.20.00.59.30 for <patch@linaro.org>;
 Mon, 20 Oct 2014 00:59:31 -0700 (PDT)
Received-SPF: none (google.com: linux-crypto-owner@vger.kernel.org does not
 designate permitted sender hosts) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1752623AbaJTH73 (ORCPT <rfc822;patch@linaro.org>);
 Mon, 20 Oct 2014 03:59:29 -0400
Received: from mail-lb0-f173.google.com ([209.85.217.173]:34954 "EHLO
 mail-lb0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1752621AbaJTH73 (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Mon, 20 Oct 2014 03:59:29 -0400
Received: by mail-lb0-f173.google.com with SMTP id 10so3381783lbg.4
 for <linux-crypto@vger.kernel.org>;
 Mon, 20 Oct 2014 00:59:27 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.152.45.105 with SMTP id l9mr25786670lam.69.1413791967390; 
 Mon, 20 Oct 2014 00:59:27 -0700 (PDT)
Received: by 10.112.84.67 with HTTP; Mon, 20 Oct 2014 00:59:26 -0700 (PDT)
In-Reply-To: <20141020071454.GA4084@cucamonga.audible.transient.net>
References: <20141020071454.GA4084@cucamonga.audible.transient.net>
Date: Mon, 20 Oct 2014 09:59:26 +0200
Message-ID: <CAKv+Gu9UwbUHd0X7=vTJ6ebj4pcGjQKZMAWCjaNcS0AFk+7tZg@mail.gmail.com>
Subject: Re: 3.17 regression; alg: skcipher: Chunk test 1 failed on encryption
 at page 0 for ecb-aes-padlock
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Jamie Heilman <jamie@audible.transient.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
 "David S. Miller" <davem@davemloft.net>,
 "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: ard.biesheuvel@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.177 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>

On 20 October 2014 09:14, Jamie Heilman <jamie@audible.transient.net> wrote:
> I get this new failure w/3.17.0 on my system with a VIA Esther
> processor:
>
> alg: skcipher: Chunk test 1 failed on encryption at page 0 for ecb-aes-padlock
> 00000000: 71 73 f7 db 24 93 21 6d 61 1e bb 63 42 79 db 64
> 00000010: 6f 82 c0 ca a3 9b fa 0b d9 08 c7 4a 90 ae 8f 5f
> 00000020: 5e 06 f0 5f 31 51 18 37 45 d7 ca 3a fd 6c 3f e1
> 00000030: dd 8d 22 65 2b 00 50 ce ba 28 67 d7 ce 0e 0d ea
> 00000040: 78 69 7f ae 8f 8b 69 37 75 e0 dc 96 e0 b7 f4 09
> 00000050: cb 6d a2 fb da af 09 f8 81 82 27 fa 45 9c 29 a4
> 00000060: 22 8b 78 69 5b 46 f9 39 1b cc f9 1d 09 eb bc 5c
> 00000070: 41 72 51 97 1d 07 49 a0 1b 8e 65 4b b2 6a 12 03
> 00000080: 6a 60 95 ac bd ac 1a 64 de 5a a5 f0 83 2f cb ca
> 00000090: 22 74 a6 6c 9b 73 ce 3f e1 8b 22 17 59 0c 47 89
> 000000a0: 33 a1 d6 47 03 19 4f a8 67 69 f0 5b f0 20 ad 06
> 000000b0: 27 81 92 d8 c5 ba 98 12 be 24 b5 2f 75 02 c2 ad
> 000000c0: 12 2f 07 32 ee 39 af 64 05 8f b3 d4 eb 1b 46 6e
> 000000d0: d9 21 f9 c4 b7 c9 45 68 b4 a1 74 9f 82 47 eb cc
> 000000e0: bd 0a 14 95 0f 8b a8 2f 4b 1b a7 bf 82 a6 43 0c
> 000000f0: b9 39 4a a8 10 6f 50 7b 25 fb 26 81 e0 2f f0 96
> 00000100: 8d 8b ac 92 0f f6 ed 64 63 29 4c 8e 18 13 c5 bf
> 00000110: fc a0 d9 bf 7c 3a 0e 29 6f d1 6c 6f a5 da bf b1
> 00000120: 30 ea 44 2d c3 8f 16 e1 66 fa a3 21 3e fc 13 ca
> 00000130: f0 f6 f0 59 bd 8f 38 50 31 cb 69 3f 96 15 d6 f5
> 00000140: ae ff f6 aa 41 85 4c 10 58 e3 f9 44 e6 28 da 9a
> 00000150: dc 6a 80 34 73 97 1b c5 ca 26 16 77 0e 60 ab 89
> 00000160: 0f 04 27 bd ce 3e 71 b4 a0 d7 22 7e db eb 24 70
> 00000170: 42 71 51 78 70 b3 e0 3d 84 8e 8d 7b d0 6d ea 92
> 00000180: 11 08 42 4f e5 ad 26 92 d2 00 ae a8 e3 4b 37 47
> 00000190: 22 c1 95 c1 63 7f cb 03 f3 e3 d7 9d 60 c7 bc ea
> 000001a0: 35 a2 fd 45 52 39 13 6f c1 53 f3 53 df 33 84 d7
> 000001b0: d2 c8 37 b0 75 e3 41 46 b3 c7 83 2e 8a bb a4 e5
> 000001c0: 7f 3c fd 8b eb ea 63 bd b7 46 e7 bf 09 9c 0d 0f
> 000001d0: 33 84 aa 1c 8d 29 b4 ac 4f ad e6 89
>
> I've bisected this to 3b9b8fe0ade1ee84ee4058261d2e39a1f283704b so ...
> perhaps intended in terms of uncovering problems.  Seems to have
> identified something in my case at any rate.
>
> Attached is my full 3.17.0 dmesg, kernel config, and /proc/crypto contents
> (the only difference between 3.16 and 3.17 for the latter being the
> selftest value for ecb-aes-padlock which used to be "passed" with 3.16
> and earlier.)
>
> Let me know if you need anything else.
>

Interesting. I don't have access to the hardware, but I found
something interesting in the driver related to the prefetch size
(ecb_fetch_bytes) of ECB versus CBC (Note that the CBC selftest
passes)
So perhaps this might solve the bug, could you please test it?


It will basically instruct the crypto layer not to pass fewer than 2
blocks at a time until there is really no other way, i.e., until the
input is exhausted.

diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c
index 633ba945e153..2834f0b23713 100644
--- a/drivers/crypto/padlock-aes.c
+++ b/drivers/crypto/padlock-aes.c
@@ -351,7 +351,7 @@ static int ecb_aes_encrypt(struct blkcipher_desc *desc,
        padlock_reset_key(&ctx->cword.encrypt);

        blkcipher_walk_init(&walk, dst, src, nbytes);
-       err = blkcipher_walk_virt(desc, &walk);
+       err = blkcipher_walk_virt_block(desc, &walk, ecb_fetch_bytes);

        ts_state = irq_ts_save();
        while ((nbytes = walk.nbytes)) {
@@ -380,7 +380,7 @@ static int ecb_aes_decrypt(struct blkcipher_desc *desc,
        padlock_reset_key(&ctx->cword.decrypt);

        blkcipher_walk_init(&walk, dst, src, nbytes);
-       err = blkcipher_walk_virt(desc, &walk);
+       err = blkcipher_walk_virt_block(desc, &walk, ecb_fetch_bytes);

        ts_state = irq_ts_save();
        while ((nbytes = walk.nbytes)) {