Received: by 10.213.65.68 with SMTP id h4csp1361203imn; Wed, 14 Mar 2018 18:53:20 -0700 (PDT) X-Google-Smtp-Source: AG47ELvMC91muNPNOkXM5WlkNha1d0NjSThlsWJLI2BCLTB4Nf79B2H5QXTJKWix0vX7I2mb+iE1 X-Received: by 2002:a17:902:b095:: with SMTP id p21-v6mr5630500plr.235.1521078800540; Wed, 14 Mar 2018 18:53:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521078800; cv=none; d=google.com; s=arc-20160816; b=SHz31qRxh+baSpklkKk2I/bR6NM49t8/fcP7STe+6Xy3EDOwP0bVmv1kE7eA0oTCrv +QEnTUxxawwv1av3oNxdu+QnBYYPMI5Y/+EgH+K5c1Evlyp/x6Yn0SH14hOwnUBtPYRC BsoPAZpc2FCVQ/6jMZU+FLkH+9IpYY7HP3PgmiLdz3Z8nYnAoW8Ire8U/DVQmQCl3rLL KNYlBN2ttm5VLIfsZuuw6vDakwQwo85LSBeeIwBCr0A+Yg+V6L2Cap7Jn5fbo3Qxm0Mb LUQnqAz19xtsM5mwkDRMRSB1YQhwtXACEbmgaHgmqJ3F4Eay6T2OLFOD+J/v2i+ZY4aC L3QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=LwV6AisYl9ytSu3en+9dV0aANltLAbATCF63cQZ3GCs=; b=erJnRnVyePrViefaUj9tV/KrCjloNqjtccHYwvIhxKLSjOF8RVss6lBPcpwT+B+mpN Wi7X4B8LWcUAk874BBEY4UX+MO6ViYPJlzGZsSytO6GIKCAbx3glJx9lSlg7Nbr2Lc9Q 35ZSfEsvRuK+S8+yxEcVMEySJB8d4D09gB7NmXzVZGDsC2yHWNI+o3p3KAxXkJ44j3nH /VhryR8U3Sp7AdBZm5HY+IV+TFN4po9G0dt51Badx6RTaSZaCp5hCPdnsMR9Mmme2c89 jVQ0TPKh6FdHhqwFkhVS6A/MFkBehlgdqzCtfY4CSg1d/3pcYFhyKbHkIcJosn3Jc0Zi D/Ow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=g1gvuOLH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u136si2744420pgc.784.2018.03.14.18.53.06; Wed, 14 Mar 2018 18:53:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=g1gvuOLH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751711AbeCOBvp (ORCPT + 99 others); Wed, 14 Mar 2018 21:51:45 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:34332 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751480AbeCOBvn (ORCPT ); Wed, 14 Mar 2018 21:51:43 -0400 Received: by mail-pf0-f194.google.com with SMTP id j20so2244907pfi.1; Wed, 14 Mar 2018 18:51:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=LwV6AisYl9ytSu3en+9dV0aANltLAbATCF63cQZ3GCs=; b=g1gvuOLHHcoz+kDgRUkGsyuLtYtUxh9VkYyjfJiLGqfYZTyOkyjLlBvpTgfu2Vtxoc zL0r7nx2qUTfSHEbw2+FV7+NXm3sfDiZNqMI3/DqUCUAUKBsb5KKNBVWe16oD/2tzzkE 9yMk9FGQRUj+cGo5r3yBG+wZUBztk0HUAJPSD93MSvtuOZVc1Uezc07NF6J/Guoww8+M uSv6SVE9kCfLUz0jnQO+yzuU7a8zlmkogQ7RtxDQBWtBpd3X5M8VUm43n3+QGDdwA1ih 6FXykURocjPaEQtkas01tmO7r3EjedaN4wb8kqbkf7JwRBgmCS72dnh6QjpHIPt+V56x yRLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=LwV6AisYl9ytSu3en+9dV0aANltLAbATCF63cQZ3GCs=; b=Aq1Kka9tZRefHfHiXdueb/k2Ye17nr8pkH8bRINmCxZJOCbKjFFcBkvVKUb2xq0kY0 VGj1iLj1uJPa965hpileUOQPZKcsatwgC7bPjOvvhBsENrlpi85acGrQNWhex69DaLiG tuHv6RljR8b+rGUEL6rYUO4E1VrmJNO/FtVgQlY/+RalbzEA6VnfzVomC+0/jwHTAuPS bFF0pYts4x7kGMWqDT1MsYIS0u5gV1iEpEHlrXorp9JdA1WbKncaEFbyNYtP7ogkoLD3 jJp0WC3J5d3gDuDRUjdASqwE4lxvxTIGZ73NoMdGrJDp2x3blvUgmTXHjfDlXLDbhbzc m8YA== X-Gm-Message-State: AElRT7FCl02qnEcU8ZFyFguV8PHnJokoysmqOZPxkBAgOCl2Yk/coFAE 5PjJbJLLdMtkDrjsv8tq73IvrDU1 X-Received: by 10.98.198.146 with SMTP id x18mr6211444pfk.22.1521078702857; Wed, 14 Mar 2018 18:51:42 -0700 (PDT) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id 75sm7634697pfl.169.2018.03.14.18.51.41 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Mar 2018 18:51:41 -0700 (PDT) Date: Wed, 14 Mar 2018 18:51:39 -0700 From: Eric Biggers To: Tycho Andersen Cc: David Howells , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, James Morris , "Serge E. Hallyn" , "Jason A . Donenfeld" Subject: Re: [PATCH 1/2] big key: get rid of stack array allocation Message-ID: <20180315015139.GA641@zzz.localdomain> References: <20180313042907.29598-1-tycho@tycho.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180313042907.29598-1-tycho@tycho.ws> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 12, 2018 at 10:29:06PM -0600, Tycho Andersen wrote: > We're interested in getting rid of all of the stack allocated arrays in the > kernel [1]. This patch removes one in keys by switching to malloc/free. > Note that we use kzalloc, to avoid leaking the nonce. I'm not sure this is > really necessary, but extra paranoia seems prudent. > > Manually tested using the program from the add_key man page to trigger > big_key. > > [1]: https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Tycho Andersen > CC: David Howells > CC: James Morris > CC: "Serge E. Hallyn" > CC: Jason A. Donenfeld > --- > security/keys/big_key.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/security/keys/big_key.c b/security/keys/big_key.c > index fa728f662a6f..70f9f785c59d 100644 > --- a/security/keys/big_key.c > +++ b/security/keys/big_key.c > @@ -108,13 +108,18 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat > * an .update function, so there's no chance we'll wind up reusing the > * key to encrypt updated data. Simply put: one key, one encryption. > */ > - u8 zero_nonce[crypto_aead_ivsize(big_key_aead)]; > + u8 *zero_nonce; > + > + zero_nonce = kzalloc(crypto_aead_ivsize(big_key_aead), GFP_KERNEL); > + if (!zero_nonce) > + return -ENOMEM; > > aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL); > - if (!aead_req) > + if (!aead_req) { > + kfree(zero_nonce); > return -ENOMEM; > + } > > - memset(zero_nonce, 0, sizeof(zero_nonce)); > aead_request_set_crypt(aead_req, buf->sg, buf->sg, datalen, zero_nonce); > aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); > aead_request_set_ad(aead_req, 0); > @@ -131,6 +136,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat > error: > mutex_unlock(&big_key_aead_lock); > aead_request_free(aead_req); > + kzfree(zero_nonce); > return ret; A dynamic allocation here doesn't make sense -- the algorithm is hard-coded to AES-GCM, so the IV size is fixed. You should just include and use GCM_AES_IV_LEN. As a sanity check you can add 'BUG_ON(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_LEN' to big_key_init(). kzfree() also doesn't make sense since the nonce is not secret information. Thanks, Eric