From owner-freebsd-security@freebsd.org Tue Aug 21 03:07:07 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDD4B1086ED3 for ; Tue, 21 Aug 2018 03:07:07 +0000 (UTC) (envelope-from bowwave2000@gmail.com) Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5EB5E8F8E2 for ; Tue, 21 Aug 2018 03:07:07 +0000 (UTC) (envelope-from bowwave2000@gmail.com) Received: by mail-pg1-x52d.google.com with SMTP id v66-v6so6426562pgb.10 for ; Mon, 20 Aug 2018 20:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=nCsTkx+y3tuLMTXZQEDuad2ouHh254VFHfxoZBHNUOE=; b=Xd6aA0owAiqmDDtHNT31EqAbJAdnjek/zIPApK77VkB1wpyl7GutrCSZt9WFtn/HAr 4JN57QIWEPjnBZJlF4XCFOjUXUd8/uiHIqW6kT5nfrNhAiL0DM7gZe5cGJmAeiUAQ1Z/ jBxnWt90XGoyPB2EA5oT6RabPQVO8CGPyin38lqAXmG6s32rLdeB5ifmiJilFzHUrXHB NO5f4hkuwvsrepC2MIgzPgLMpBgaq60rNglFS5r0a+qkG87Oh+xHbiKaKvQ7wxqxg7PG JS1FQhjRGqYHP3AkYYIpaipiQD6gkUI6KPTlW5YbgPSaW99aBqyb0ZbuvEleKPDOTbEq 7qKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=nCsTkx+y3tuLMTXZQEDuad2ouHh254VFHfxoZBHNUOE=; b=A/5j4fUORh5HU2Adee3nmkClfPBtSXBoFtVfnN0+Jkij31EkPZ6BaEmJQlI917xp25 K9Abxn0gb33L0RMLkS2ziT/oGVVC7I6eBW+GIofqkZXjQhXq/obUIrYjZNh6HRC2j+lU QnYn2vVfbq60jPxs0QpoRgU5Q5Ej/lDeTGQwT87h7HxGVmjbxq0gamsVyBX5vp8x1yXM 3KmVnkTughKbmhj49jXIYBjlUgDXG4x33RoOQLV5pafe0vM1pGcMEzCF3go+ZgcrLkE5 hgQOTF4RDYYS/luYSIg2wLdN0qe9o26FJlwrChL0h8ZAPKoQqfLo/V97ENFogu+LoyJg CVcA== X-Gm-Message-State: AOUpUlEWA6yQGepJB27WY2KP40Qu04rYVHv9GRPJ5D+IO0LYqViT2jjB eAjmKuJyuFtjgMRLgJP7tscW9sEm X-Google-Smtp-Source: AA+uWPzxRq0k4aut8kDhjMYKjVmN7EGtfW2RH5AhSSmu7e2goaM+ASG8t9abCrA0NHCadz95U/1D1g== X-Received: by 2002:a63:d916:: with SMTP id r22-v6mr45453749pgg.381.1534820826273; Mon, 20 Aug 2018 20:07:06 -0700 (PDT) Received: from [192.168.101.84] (c-76-126-1-36.hsd1.ca.comcast.net. [76.126.1.36]) by smtp.gmail.com with ESMTPSA id n22-v6sm20609208pfj.68.2018.08.20.20.07.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Aug 2018 20:07:05 -0700 (PDT) From: bowwave Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Corruption seen from OCF after applying FreeBSD-SA-18:07.lazyfpu. Message-Id: <250A8BA1-0E7E-4CF9-875B-A41ABADE86CB@gmail.com> Date: Mon, 20 Aug 2018 20:07:04 -0700 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.3445.9.1) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2018 03:07:08 -0000 We have a product that uses OCF to encrypt disk blocks. Since applying = the FreeBSD-SA-18:07.lazyfpu patch we are seeing occasional corruption. = The amount of corrupted data is always less than the request size and is = always a multiple of the AES block size. Retrying the operation always = succeeds leading to the conclusion that this seems to be a locking = issue. The only thing so far that we can come up with is that this seems = to result from either the OCF layer itself or the AES-NI driver below = it. Looking for suggestions about where to proceed next. From owner-freebsd-security@freebsd.org Tue Aug 21 08:12:07 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74141108D1A0 for ; Tue, 21 Aug 2018 08:12:07 +0000 (UTC) (envelope-from kib@freebsd.org) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E803D7859E for ; Tue, 21 Aug 2018 08:12:06 +0000 (UTC) (envelope-from kib@freebsd.org) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id w7L8BoNA032452 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 21 Aug 2018 11:11:53 +0300 (EEST) (envelope-from kib@freebsd.org) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w7L8BoNA032452 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id w7L8BoeM032451; Tue, 21 Aug 2018 11:11:50 +0300 (EEST) (envelope-from kib@freebsd.org) X-Authentication-Warning: tom.home: kostik set sender to kib@freebsd.org using -f Date: Tue, 21 Aug 2018 11:11:50 +0300 From: Konstantin Belousov To: bowwave Cc: freebsd-security@freebsd.org Subject: Re: Corruption seen from OCF after applying FreeBSD-SA-18:07.lazyfpu. Message-ID: <20180821081150.GU2340@kib.kiev.ua> References: <250A8BA1-0E7E-4CF9-875B-A41ABADE86CB@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <250A8BA1-0E7E-4CF9-875B-A41ABADE86CB@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-Mailman-Approved-At: Tue, 21 Aug 2018 10:54:34 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2018 08:12:07 -0000 On Mon, Aug 20, 2018 at 08:07:04PM -0700, bowwave wrote: > > We have a product that uses OCF to encrypt disk blocks. Since > applying the FreeBSD-SA-18:07.lazyfpu patch we are seeing occasional > corruption. The amount of corrupted data is always less than the > request size and is always a multiple of the AES block size. Retrying > the operation always succeeds leading to the conclusion that this > seems to be a locking issue. The only thing so far that we can come > up with is that this seems to result from either the OCF layer itself > or the AES-NI driver below it. Looking for suggestions about where to > proceed next. > Most likely you need r336683, merged as r336963 to stable/11 and r337245 to stable/10. Some day there will be an EN.