From nobody Sat Jan 15 10:44:56 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 94B27195635E; Sat, 15 Jan 2022 10:44:59 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JbZYl00HPz3nm9; Sat, 15 Jan 2022 10:44:58 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642243499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OgK8ZTmrZW3mAtAiN8CzYQsqYfAmTgvjXnxnGgE+U5U=; b=yFtPRPoAdAMA4jJuEuHmh8IS2aRbPasfkAuiNicBn+2ZtaFf1NlBDpo3eK+vkpKxxKZdD1 7d4THgIJkQk+MLJg6bfZCfVyFIXhkIcdYV2eQEyhVlz0KcKstZGHtrBnjKLx/BfZ0Q6wIz s89qdJ4WKwrbDHi/OFanbcmnpW8525wAtCU3DZAvFamp0RhkSargA6tesDJLYlK/Av0+Us gM3Kbh9oZHr8glRpDJdljJ6fhj+SJtC0IUNSiWPJBuJ7EozVvMKeunltWJMYd+RSqTcFlu czmKOQBZAF/7RZjvhF1KtacE1djAdVLu/py5LFJLetvFnFLbphEGuS1EvcX4MQ== Received: from [172.24.42.13] (host-79-18-132-211.retail.telecomitalia.it [79.18.132.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 24C1F22C8F; Sat, 15 Jan 2022 10:44:58 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: <4996695a-2a56-eb77-4dcd-9c7ebe0efe7d@FreeBSD.org> Date: Sat, 15 Jan 2022 11:44:56 +0100 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: git: cfb7b942bed7 - main - cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers. Content-Language: en-US To: Mark Johnston Cc: John Baldwin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org References: <202201112238.20BMcBgx075881@gitrepo.freebsd.org> From: Guido Falsi In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642243499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OgK8ZTmrZW3mAtAiN8CzYQsqYfAmTgvjXnxnGgE+U5U=; b=MG1vFsu6Bb94Zc4akiyAAgDvTHwwJIEmBqI00nO7Yw/ITz/UHRWxGlB4+jphdA9g5APm42 NYjyFd9AQtk8hA81uCmojA5bn9OKxKvPu8tOGZ/E0PLpYHbuDEQGsbRolrICleF+GHNk4j knIo8+W8+PyKEnnfJgxR1fbHjH+3q+/9ThmzR9AodYAP31TAef60zc0M3QEDrdYAtJJelV a0v8DHNgUvt4gVQ0HcbFOuMwrLerItJYwXVYSHhnpj+8W55+GHgg+2rkkqsxYm+JDkNpuw VQLbT24h9LOacys6MhBpSjgh6vQZH+gsJ+2Q0QGbik/mP6IBk7fievpMzx1Vqw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642243499; a=rsa-sha256; cv=none; b=k25pfCODi+XrU3comIYNi7741mp6ub9e0H8MJ0ThBrLM64cexgdODkIRDEmY8ny6Yn4IQO n/uFpFlw2Ox7urLGZX6Z4kqiapC/vCE+/dyRi7IDRUCvedLXycfcd+MmzSS+gS8MCdeB2C tkvBWK7id6rMUA6hAZLcWGPeXBRnInCaCdi2U5d991hiI/qldervQR+nZhq2On8uzWcX7b 3KoEViDRb+GGscWxiaAZoBjYx7Sd5FmssY2KXY8sFZrOHabX++XUJqUnEm2XNqw3I3/3Tq Pl37lQU3l3Y8qDbKOmoBtJA7S2F0+VNujvlYh4CXSRG6iwwIhgZeLBno2d141w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On 15/01/22 01:26, Mark Johnston wrote: > On Fri, Jan 14, 2022 at 10:27:12PM +0100, Guido Falsi wrote: >> On 11/01/22 23:38, John Baldwin wrote: >>> The branch main has been updated by jhb: >>> >>> URL: https://cgit.FreeBSD.org/src/commit/?id=cfb7b942bed72cb798b869d2e36e0097dbd243b2 >>> >>> commit cfb7b942bed72cb798b869d2e36e0097dbd243b2 >>> Author: John Baldwin >>> AuthorDate: 2022-01-11 22:18:57 +0000 >>> Commit: John Baldwin >>> CommitDate: 2022-01-11 22:18:57 +0000 >>> >>> cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers. >>> >>> Reviewed by: markj >>> Sponsored by: The FreeBSD Foundation >>> Differential Revision: https://reviews.freebsd.org/D33531 >> >> Hi, >> >> I've just updated to recent head. I have a laptop using ZFS on geli >> setup and now it's unable to boot. >> >> I've seen the failure starting with git revision >> 3284f4925f697ad7cc2aa4761ff5cf6ce98fd623 (LRO: Don't merge ACK and >> non-ACK packets together - 01/13/22, 17:18) >> >> it's still there with revision fe453891d7ccc8e173d9293b67f5b4608c5378dd >> (01/14/22 11:00:08) >> >> While a kernel from the binary snapshot downloaded from mirrors compiled >> from revision ac413189f53524e489c900b3cfaa80a1552875ca (vfslist.c: >> initialize skipvfs variable 01/05/2022) is able to boot correctly. >> >> The machine panics as soon as it tries to work with geli, this is why I >> am replying to this commit message. I'm not completely sure this is the >> commit to blame, but it sure is related. >> >> I have not been able to save the backtrace to file, but the last two >> calls are to: >> >> crypto_cursor_segment() >> swcr_encdec() >> >> so it points to the last part of this patch. > > I think the problem is that crypto_cursor_segment() doesn't expect to be > called once the cursor is at the end of a buffer. It may or may not > perform an invalid memory access in that case, depending on the > underlying buffer type. > > Fixing it would complicate the cursor code, maybe it's better to just > change cryptosoft to avoid this scenario: > Thanks for the fast feedback and the patch. I've applied the patch and it fixes the issue for me. Now the laptop successfully boots off it's geli encrypted ZFS. I've also updated my other newer laptop and that one also works fine. Thanks again! > diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c > index 4d0f7d8718cc..45aa3f41c4b2 100644 > --- a/sys/opencrypto/cryptosoft.c > +++ b/sys/opencrypto/cryptosoft.c -- Guido Falsi