Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1356668imm; Wed, 20 Jun 2018 16:45:54 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJZH1PhfTXRsnD8T533oiUfDd5Boykv2x7zzLTsnflPw4k5BwXXM7C3AVZn5c02ViH0rTEH X-Received: by 2002:a17:902:b683:: with SMTP id c3-v6mr25904982pls.158.1529538354360; Wed, 20 Jun 2018 16:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529538354; cv=none; d=google.com; s=arc-20160816; b=GvFoKpUfc535LCAVcIQ0uzncEP7ofS0NrTyQMqlqPiX1T6U7vd75cN5DHWfwoxGhfB KOb70iZy2R1z1bu8puRZA8yrLp1S2+z0KnAydI8Shydj8pkILsnXI/hz/1FXgq91k4Z8 2JkQ7Lhf/0yDT/ZAzzea1mzftcBIOleV1dgAOXDJztVC5w8FkbsNTrL+0bB8+LOTPw7O lGn5ZfCYWfTSysg+kLSd24sKUCy8cvfoLW1vHTAHMGLTcjQpphDGcIL8bm5Ujyta9ta0 kyBD4OBy4F1DaETzkFEnnIPIahwWgzSSXtdQS2d58BA01ZCqd1LUaYlDZaBJlCmMJyjb pRCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=hmODcPiZ8sQhpo/WCFLhH69JLnaTXkKk1b/wq9Bn25U=; b=Mo10+b55rOeM9aN5/xVgbiqB7745M2QQRVgM+i6vYa1NROzHa8l4Nrc+8/zHioD/iH cinvJ9HrEAunS1bCKMauFDxnE+U4+rQ1B3/iCU9Te8LsmoTzl/tQEnWjAGmrSnxFff2p 3nFxN5NJL7IJx4jq5TaHrIasztSkLG56noMswUO0eR/fGOcboDjF3RAC7vN0EHWtAx5L +vXGINRv409dsZ4p9YAXrba27lOu6J7l3Yvdjab0t+SK+ukJLDyz71ue2cQ3lFeCG/x/ Y9Q5rilYsXNS4lBXUpkjD1m9M+a452+HZcl4ZKcBDjuTgw1T1sBBfHePeO90iNL6wqRE rqYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=L5oTdssf; dkim=fail header.i=@chromium.org header.s=google header.b=ePHzgvGn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j1-v6si3266135plk.257.2018.06.20.16.45.40; Wed, 20 Jun 2018 16:45:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=L5oTdssf; dkim=fail header.i=@chromium.org header.s=google header.b=ePHzgvGn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933179AbeFTXpC (ORCPT + 99 others); Wed, 20 Jun 2018 19:45:02 -0400 Received: from mail-yb0-f194.google.com ([209.85.213.194]:33146 "EHLO mail-yb0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933027AbeFTXo7 (ORCPT ); Wed, 20 Jun 2018 19:44:59 -0400 Received: by mail-yb0-f194.google.com with SMTP id e84-v6so521606ybb.0 for ; Wed, 20 Jun 2018 16:44:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hmODcPiZ8sQhpo/WCFLhH69JLnaTXkKk1b/wq9Bn25U=; b=L5oTdssf9Sfx9wEjKpRNqWlg9d+CY/DPTBEtDZ20I0fV7AC4OoQnZcKigG1c4cuZ9s YWhI1Evig9szOTHEkOnm048RFm3nKPxp0rnJbArDysqUcXfDrwUnvjJbE1lvAPpmOO3Z bwy7ikow8GIUCPyp4FTiPzjgOxvsd7f8EpaNQNEPBQIP6ADGTMCRynrGAeYZbfu8M3X8 LAtljrfqndkawxH6tGWqQ+mQ/nyJb4EniSwM0ptsKuMNrBNVDqwo1LuzsW9WLYlJCRHf h/E+qRDmFGXGQslCAxSiLpwcDlTFv3Vbswi/ANEzpj7ZFLUoRa5I1a4guQOZg8lOL4Sj 1U1A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hmODcPiZ8sQhpo/WCFLhH69JLnaTXkKk1b/wq9Bn25U=; b=ePHzgvGnd3rj7dxJoJ7uQOt+WtxGP5Pw+CyLQTc2b2jaTHze5Hd3nf22hfF+N6COYn GUhZpLOjGJPFZtSPsUvI5uiqkV/LFZX9pJbp4SfSBWcyYjjTJQwoiSpaP2ZJPTJfnTgt EodLZrNqWEYWfH+3QHhMxPdSG5YwsHSODQusE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=hmODcPiZ8sQhpo/WCFLhH69JLnaTXkKk1b/wq9Bn25U=; b=gSLDMUze8xzixUzX/FOeG13eGpL4SmR8HdKpY3rqZfSyZHU0CaZBZcEEz5sIQG3TjM OAfHIaC7PDCdeoZ/o673oKqaxUPVDZb0JOSWMYKusGFR1HJ4OLthMIhgKPRjAW8dvD4d 6OyUjiWqxRynWPexQLqw84oUYYmimzDk/W1+116Ijp7ApjPQmMlTVDrTlzz0FJHA19Fy V07N1qkM2gbug1z8ZfmD/SsWRDQ/cs3JQAYqheLwCQgwTaZjcfFRjq6dkVWTZ53IqR4u 4mTlSpb7ZfPfpnSryvWo+/Lk4RzDsUXIWZQQ1Dge19hFbnxWS07YP1M9JPvTjjP5YCtm hDOA== X-Gm-Message-State: APt69E1MKLg0no1vphuHB1B3VTr5Bn+h+KuaBH4ko9ALX5tVi2S15Icn 751nNTSWzygH7ZIQWM5uXqiq5u4pjAcWt0cpCpp+IQ== X-Received: by 2002:a25:be4e:: with SMTP id d14-v6mr1117562ybm.309.1529538299061; Wed, 20 Jun 2018 16:44:59 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d6c5:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 16:44:58 -0700 (PDT) In-Reply-To: <20180620233342.GB111712@gmail.com> References: <20180620190408.45104-1-keescook@chromium.org> <20180620190408.45104-5-keescook@chromium.org> <20180620233342.GB111712@gmail.com> From: Kees Cook Date: Wed, 20 Jun 2018 16:44:58 -0700 X-Google-Sender-Auth: hPYLL_gAXASZJ97s9Q4mQJQvk-A Message-ID: Subject: Re: [dm-devel] [PATCH 04/11] dm verity fec: Remove VLA usage To: Eric Biggers Cc: Herbert Xu , Giovanni Cabiddu , Arnd Bergmann , Eric Biggers , Mike Snitzer , "Gustavo A. R. Silva" , qat-linux@intel.com, LKML , dm-devel@redhat.com, linux-crypto , Lars Persson , Tim Chen , "David S. Miller" , Alasdair Kergon , Rabin Vincent Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 20, 2018 at 4:33 PM, Eric Biggers wrote: > On Wed, Jun 20, 2018 at 12:04:01PM -0700, Kees Cook wrote: >> In the quest to remove all stack VLA usage from the kernel[1], this >> uses the newly defined max digest size macro. Also adds a sanity-check >> at use-time. >> >> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com >> >> Signed-off-by: Kees Cook >> --- >> drivers/md/dm-verity-fec.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c >> index 684af08d0747..0dfcc52835bc 100644 >> --- a/drivers/md/dm-verity-fec.c >> +++ b/drivers/md/dm-verity-fec.c >> @@ -212,12 +212,15 @@ static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, >> struct dm_verity_fec_io *fio = fec_io(io); >> u64 block, ileaved; >> u8 *bbuf, *rs_block; >> - u8 want_digest[v->digest_size]; >> + u8 want_digest[AHASH_MAX_DIGESTSIZE]; >> unsigned n, k; >> >> if (neras) >> *neras = 0; >> >> + if (WARN_ON(v->digest_size < sizeof(want_digest))) >> + return -EINVAL; >> + > > This is backwards; it should be 'v->digest_size > sizeof(want_digest)'. Yikes. Thank you for catching that! I will fix in v2. -Kees -- Kees Cook Pixel Security