Received: by 10.213.65.68 with SMTP id h4csp130363imn;
        Mon, 12 Mar 2018 21:30:54 -0700 (PDT)
X-Google-Smtp-Source: AG47ELt9mM/TMQ9zIEB3P0zB4lHXZPNGIZFUE0CkWkCUMV8k0u2iCAVRJ8EVyQ2FPtRnx4Xri+Mf
X-Received: by 10.101.100.144 with SMTP id e16mr8751611pgv.315.1520915454114;
        Mon, 12 Mar 2018 21:30:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520915454; cv=none;
        d=google.com; s=arc-20160816;
        b=mG7Cu3bolCRTBmtXowgaK7NB1P3Oy4DUifqZ59r5OLiy+g/hChG4wxysyupXCcKKxF
         rihPiTFsfCweAdy3yWFiTwNHJfIAkddH30m5+/JnMLSOn2EvQLiLXiBA5Z+pSIlHAYzG
         RicAAhHQjC5rz2C9oltgITZsqYxGlaca/wU+LlMavVrXyg8HK/5o7hapl5C5E3fle64X
         24EjTXrAHzaf3CSeyCBbHkitRFf6UKLV9OmdcPU439iYPyyKf+WAduI+tIKrqK/ZYA2G
         QmSNTIDXPFtjcOyPMXkdxdCZAjE6TA3BzrzGhjDLZDBx9ul7wvnoeQ0gLiwSlFOPYyd7
         YIcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=3m64m4812TaCibAtDMzmJiivBFzUMendi6gNta4oOlM=;
        b=Nd9tQvrs40Fs8zqpSzivJWBF9YnM8rfmIt195VcrOCHANm1RwA0xgo4Fi+y2LlrDhj
         n3SsgVWT9KBqkerHq3+A9TsDwaHMjspvbFs3eaSbDkB0q22QWbd4P0E4ij7XschmfN4u
         Oi+l+oKRW0am0hlc9sPsgh8PaT8QxVBNHHd+e8/Uc/ENNo0BU1e+f0N0e94YB/GhRAVC
         a4ODGBKL7twFVp6XA3fzsnDZbb2xaayTCEsM8QH2BZWS2s0PXaM10EFaVfYjCeoXBwhs
         T9RXCMgvtiNoBYf4WqllRAe/xbbQHDJ9yS+oGDQudKvSigZkU0LU/Zql1VsFAgHpl4cU
         yL3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=dX53qXgS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 69-v6si323912pla.390.2018.03.12.21.30.39;
        Mon, 12 Mar 2018 21:30:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=dX53qXgS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751517AbeCME3h (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Tue, 13 Mar 2018 00:29:37 -0400
Received: from mail-it0-f67.google.com ([209.85.214.67]:56191 "EHLO
        mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751460AbeCME3e (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Mar 2018 00:29:34 -0400
Received: by mail-it0-f67.google.com with SMTP id n136so14003951itg.5
        for <linux-kernel@vger.kernel.org>; Mon, 12 Mar 2018 21:29:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id;
        bh=3m64m4812TaCibAtDMzmJiivBFzUMendi6gNta4oOlM=;
        b=dX53qXgS9TcZ6CNNZmciKy75wBUsc2aH8yXs5PJpAtsRj+1PKO5d7luQh/0w0eoiE+
         y8nG5ZwngBgBpKMse1i1/a/wEJUF9fuYOTykSdEeG53nFBrARlLTxtR+5RKBDXWWFuhF
         EhtGtjBm+3wfVWW+O6JHg725/OpDYydua77GmkwqYhv8WgqcPPqtH5LWTHaC8ERMy6sp
         gbSfjobX0ybS/cbRGg394oPBDaxPhbgEFpVkDl8Xa+LaXty6J7f73YKTNfaKWHw0hSl1
         ImREio0UIv0h2qhwMm+FmLGxmxh07KNDpvgP9/PZm61RINVP5ehbVC3f8aWcjEhbBy+x
         iwmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=3m64m4812TaCibAtDMzmJiivBFzUMendi6gNta4oOlM=;
        b=P8Gcy7O/oimnDZwYf6mv/yEqiFaIY/7T7H8Ekr1p8raUKa/bT4JRrKwccoFxFF25Wr
         4xDIfR1pnA9ln8sRvAcHKkUJJbhFBz0/BhVHH/bYp6rikv9KVxL5JO3Rst271fXM0xMC
         Cs7kOjov64+TIXD6PwTVyk27vHYvBSIPjkd4u2SpfSrutZN9D7jiATG/EqY1DWaGW3Ls
         suUyZhkh+lPXCg7Lof1kJ0wFE0fnu+SURpOK4M/xQSPXjXswJpdJaL3voJCV2Ys37PmU
         rnmICyPHEILWfx/km5IpQQwLBGRiqyC8uSl6Eq2ORCrI71k8uYsElR/7xo6V4LwLJ1EC
         ioJw==
X-Gm-Message-State: AElRT7HRixifhz8TnohlKSdmjKEJJ95fkpQjzlTH/h74cI9ufzZMVEcI
        CSsfbh91ANh2lK2h0/uvDQzxRg==
X-Received: by 10.36.46.22 with SMTP id i22mr10919635ita.59.1520915373317;
        Mon, 12 Mar 2018 21:29:33 -0700 (PDT)
Received: from localhost.localdomain ([8.24.24.129])
        by smtp.gmail.com with ESMTPSA id z67sm6279356ioz.37.2018.03.12.21.29.32
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 12 Mar 2018 21:29:32 -0700 (PDT)
From:   Tycho Andersen <tycho@tycho.ws>
To:     David Howells <dhowells@redhat.com>
Cc:     keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Tycho Andersen <tycho@tycho.ws>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        "Jason A . Donenfeld" <Jason@zx2c4.com>
Subject: [PATCH 1/2] big key: get rid of stack array allocation
Date:   Mon, 12 Mar 2018 22:29:06 -0600
Message-Id: <20180313042907.29598-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.15.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

We're interested in getting rid of all of the stack allocated arrays in the
kernel [1]. This patch removes one in keys by switching to malloc/free.
Note that we use kzalloc, to avoid leaking the nonce. I'm not sure this is
really necessary, but extra paranoia seems prudent.

Manually tested using the program from the add_key man page to trigger
big_key.

[1]: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: David Howells <dhowells@redhat.com>
CC: James Morris <jmorris@namei.org>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: Jason A. Donenfeld <Jason@zx2c4.com>
---
 security/keys/big_key.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index fa728f662a6f..70f9f785c59d 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -108,13 +108,18 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
 	 * an .update function, so there's no chance we'll wind up reusing the
 	 * key to encrypt updated data. Simply put: one key, one encryption.
 	 */
-	u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
+	u8 *zero_nonce;
+
+	zero_nonce = kzalloc(crypto_aead_ivsize(big_key_aead), GFP_KERNEL);
+	if (!zero_nonce)
+		return -ENOMEM;
 
 	aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
-	if (!aead_req)
+	if (!aead_req) {
+		kfree(zero_nonce);
 		return -ENOMEM;
+	}
 
-	memset(zero_nonce, 0, sizeof(zero_nonce));
 	aead_request_set_crypt(aead_req, buf->sg, buf->sg, datalen, zero_nonce);
 	aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
 	aead_request_set_ad(aead_req, 0);
@@ -131,6 +136,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
 error:
 	mutex_unlock(&big_key_aead_lock);
 	aead_request_free(aead_req);
+	kzfree(zero_nonce);
 	return ret;
 }
 
-- 
2.15.1