[Drbd-dev] drbd-svn can't handle modular hmac, and crashes if hash can't be found

Mark Glines mark at glines.org
Mon Jan 15 08:52:01 CET 2007


Lars Ellenberg wrote:
>> 2.  If the hash algorithm itself isn't available (like sha1.ko wasn't loaded yet), crypto_alloc_hash() returns 
>> -ENOENT.  It does not return NULL, which is what the drbd code currently checks for.  This leads to crashes later.
> 
> right... we know 't was unfinished code,
> but checked in anyways, to get it going.

FYI, it's working here on 2.6.20-rc4 (PPC) with CONFIG_CRYPTO_HMAC and 
CONFIG_CRYPTO_SHA1 both configured as modules.  So now I'm watching my 
new cluster sync up for the first time:

drbd0: Writing meta data super block now.
drbd0: conn( WFConnection -> WFReportParams )
drbd0: Handshake successful: DRBD Network Protocol version 85
drbd0: Peer authenticated usind 20 bytes of 'sha1' HMAC
drbd0: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapS ) 
pdsk( DUnknown -> Inconsistent )
drbd0: Writing meta data super block now.
drbd0: conn( WFBitMapS -> SyncSource )
drbd0: Began resync as SyncSource (will sync 9775216 KB [2443804 bits set]).


>> P.S.  Since drbd no longer requires any exported symbols from the hmac/hash module, is there any reason to check 
>> CONFIG_CRYPTO_HMAC at all?  A simpler check on CONFIG_CRYPTO to make sure the basic API exists should be all you 
>> need...
> 
> we build against older kernels as well,
> and as long as debian, suse, redhat & co have their
> vendor kernels the way they are, this probably needs to stay this way.
> we should be able to relax it for builds against newer kernels, though.

Makes sense.  Thanks again!

Mark



More information about the drbd-dev mailing list