[PATCH 4/8] crypto: stm32/cryp - fix race condition
Marek Vasut
marex at denx.de
Fri Oct 29 09:48:43 PDT 2021
On 10/29/21 5:21 PM, Nicolas Toromanoff wrote:
> On Fri, 29 Oct 2021, Marek Vasut wrote:
>
>> On 10/29/21 3:54 PM, Nicolas Toromanoff wrote:
>>> Erase key before finalizing request.
>>> Fixes: 9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto
>>> module")
>>
>> Can you be a bit more specific in your commit messages ? That applies
>> to the entire patchset. It is absolutely impossible to tell what race
>> is fixed here or why it is fixed by exactly this change. This applies
>> to the entire series.
>
> I'll send a v2 with better commit messages.
>
> for this specific patch:
> We reset the saved key before the crypto_finalize_*() call. Otherwise a
> still pending crypto action could be ran with a wrong key = {0};
>
>> And while I am at it, does the CRYP finally pass at least the most
>> basic kernel boot time crypto tests or does running those still
>> overwrite kernel memory and/or completely crash or lock up the machine ?
>
> All extra tests (finally) pass.
>
> With a kernel config :
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
> CONFIG_CRYPTO_DEV_STM32_CRYP=m
Can you also do a boot test with CRYP compiled into the kernel ?
I recall that is how the original bug was reported -- the machine
crashed completely on boot even before reaching userspace, or the kernel
crashed on memory corruption before reaching userspace.
More information about the linux-arm-kernel
mailing list