Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp32273imm; Thu, 21 Jun 2018 13:21:59 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLrkaHhmYDRgYvRPsjUyyhcBYE2Ic0bcHsHoDLiA6+2S6Q/tpo4ms4LN9LyDiABZOYXYPvA X-Received: by 2002:a17:902:bb81:: with SMTP id m1-v6mr30042401pls.117.1529612519823; Thu, 21 Jun 2018 13:21:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529612519; cv=none; d=google.com; s=arc-20160816; b=j4rauCnjlu3ikgKHyY9cqESzqfgbio2CQk0W8hZV2wurBMO8qVGXY4Xde7Gd74rQXZ Ld/G7M/YTkwXxFx2hZ4/POgcExRzm9WUyACEXqjFkR+y+DZRSUfxz4AvMRzzpgnrg26l OLjqJ40b68yNBH4uNMAO/WLrQ9LqPmUoDsH7+ojJ0+HmezPzuAcxmH/FFWITqrGwGs5z EvkrxXJvl4CeV/FUaS0qiyiOhBQCeNmcoIsx8KD9lQIW11tiok5TCm4S2UHOywoXkPlx hVqly5v9b5qcqBI32OK3VDRrLmfXQ791+MiTHeRhm4C1wWf8YdaY/+ZjsJvSaoEVZIYg k4Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=AMlwUJiNmINznjP95pYnUa+y2ojcqDdqmTUqgIUWHvE=; b=U8rjWiEsl/ztMZgExpi1VIqRPjrofo97i/i07wJqhixeDkClmp+/ixbDhexWHkgNQm Ts9HD+B5Be1owTSj8+i8RJ78i+TY1n0HVw/9euTt32+MTpxZB2jxpKU82CB7MujlPNbk MZ0594UL3SVUujd2NAikKBoMHJGQXqfwWwbeoTKMW+DLW19HC3CDzpKVqCQc9fY+BnHg YRJ503NcYGwy7o5RRvad+KaEuwal6XS56ROIqKJPEuORbGK1z52eME/eBCEW7VfP3vFs iZubNcyWgfyxHHdkTm/4mQHhrCr4ys942v1N2wBPtn2PN+wGooQQEDwZ+YQieLgbmHpo GGFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=ggNeE2v8; dkim=fail header.i=@chromium.org header.s=google header.b="OZWe0G/z"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l28-v6si1538685pgu.415.2018.06.21.13.21.45; Thu, 21 Jun 2018 13:21:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=ggNeE2v8; dkim=fail header.i=@chromium.org header.s=google header.b="OZWe0G/z"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933451AbeFUUTq (ORCPT + 99 others); Thu, 21 Jun 2018 16:19:46 -0400 Received: from mail-yw0-f195.google.com ([209.85.161.195]:35749 "EHLO mail-yw0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933292AbeFUUTo (ORCPT ); Thu, 21 Jun 2018 16:19:44 -0400 Received: by mail-yw0-f195.google.com with SMTP id n82-v6so1162320ywc.2 for ; Thu, 21 Jun 2018 13:19:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=AMlwUJiNmINznjP95pYnUa+y2ojcqDdqmTUqgIUWHvE=; b=ggNeE2v88/eV23FYYjjFVY2VeehisaO5iC75Zv7uX1osbxXCkBJMWlxXdoFEER2MtY du5IBW87UmZmogUoSb2hCAxolQWNe3B5xL+xyoXNUFTn6ECTkmd6BARu0tc4W+G0+nna St+uAt046MIn8W0qV6JR5gyxglXTHy92tz/T7q2uCGxWxE5g+cK9f+0cAySh4Fk+bkjA L3IuMWIxTVSVgbVLTRa5FD/XMggpAIuhoozElXCZJAndVx7IkS5jjpCmX863z3cMvQF0 sgAXPWly3ZEoIYQYnjmlk8qF5aLShKkQzvAeo2pHx8nkHcd+GIr9a2BEyDkGcQp2hSwx en7w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=AMlwUJiNmINznjP95pYnUa+y2ojcqDdqmTUqgIUWHvE=; b=OZWe0G/zMGniMaUZ1CyJ1Th/PV4iqM94d0/EFMnlA/gqo36OK9jKwcJn/xLODPwlbT qk4GsLpIBz6CMm7YdXuC6qmhGwiVTklL6SN7YXd7biEXfJp11oL/4unVTPnMLQo+c2pM BzycPYcIZxuplvKiFNdSOPraxvAqGrsWQShh0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=AMlwUJiNmINznjP95pYnUa+y2ojcqDdqmTUqgIUWHvE=; b=Mjhg8HUEwZG6XCRjjEoo5xpOG7RlU7nRZVLAKp1yoNVi5CNXAWhz/oKtY+qFjgLVEf cpcKu0zDMGixJpHzAR48kcFELxrmfS++6LKdgKP8WpGHYtLVVjdWngfCU1Lxi+nFm/gA VKzBSxIAgoalgOrdRPAa7QhCc2RWbe/Z1WV/CpsAqnJUZ1dLboZVzjAKqftGZPGtNPn2 //tM6qVNG9SRBk2LSsWbE/xdfOoxgfeCORzO5HHX9W21rO2ROTrYqzGG+qFoOpEeOO+d dXU0bBdExYx/eirl90ENtNzbITLR54PjIGsvk54BY8CY6fIGD4Q/mO+AOHIgrxYCbpga FK2A== X-Gm-Message-State: APt69E1JWguTmWmgnJql3tWX+LQGEq5xywsXQ1ZWGKeD2bw4PJf1viEW uxtUvw8elVl5qb/dSj3gxQMnl34MjFgTlhaa9j+lCA== X-Received: by 2002:a81:8743:: with SMTP id x64-v6mr12955434ywf.129.1529612383525; Thu, 21 Jun 2018 13:19:43 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d6c5:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 13:19:42 -0700 (PDT) In-Reply-To: <20180621023054.5jx5s3jzap3soe6e@gondor.apana.org.au> References: <20180620190408.45104-1-keescook@chromium.org> <20180620190408.45104-5-keescook@chromium.org> <20180621023054.5jx5s3jzap3soe6e@gondor.apana.org.au> From: Kees Cook Date: Thu, 21 Jun 2018 13:19:42 -0700 X-Google-Sender-Auth: aXPmKn77CFkyZMm7LuSXMqu5J9w Message-ID: Subject: Re: [PATCH 04/11] dm verity fec: Remove VLA usage To: Herbert Xu Cc: "Gustavo A. R. Silva" , Alasdair Kergon , Arnd Bergmann , Eric Biggers , Giovanni Cabiddu , Lars Persson , Mike Snitzer , Rabin Vincent , Tim Chen , "David S. Miller" , linux-crypto , qat-linux@intel.com, dm-devel@redhat.com, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 20, 2018 at 7:30 PM, Herbert Xu wrote: > On Wed, Jun 20, 2018 at 12:04:01PM -0700, Kees Cook wrote: >> In the quest to remove all stack VLA usage from the kernel[1], this >> uses the newly defined max digest size macro. Also adds a sanity-check >> at use-time. >> >> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com >> >> Signed-off-by: Kees Cook >> --- >> drivers/md/dm-verity-fec.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c >> index 684af08d0747..0dfcc52835bc 100644 >> --- a/drivers/md/dm-verity-fec.c >> +++ b/drivers/md/dm-verity-fec.c >> @@ -212,12 +212,15 @@ static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, >> struct dm_verity_fec_io *fio = fec_io(io); >> u64 block, ileaved; >> u8 *bbuf, *rs_block; >> - u8 want_digest[v->digest_size]; >> + u8 want_digest[AHASH_MAX_DIGESTSIZE]; >> unsigned n, k; >> >> if (neras) >> *neras = 0; >> >> + if (WARN_ON(v->digest_size < sizeof(want_digest))) >> + return -EINVAL; > > How about verifying digest_size in the ahash API when algorithms > are registered? That happens already in ahash_prepare_alg() (and see the tweak in patch 3 "crypto: ahash: Remove VLA usage"), but I wanted to keep these run-time checks to avoid any problems in the future of things change. As it's marked as "unlikely" internal to WARN_ON, this shouldn't have a performance impact. -Kees -- Kees Cook Pixel Security