Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp3004683imm; Sun, 1 Jul 2018 10:07:14 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc241f7kE6X+Vnmn/+bJ5vTKXPrKJHyxFd0o3nTVY8g/+DZ95SCaqWYXEh8ki9vQiSvk5Qr X-Received: by 2002:a62:104e:: with SMTP id y75-v6mr22265576pfi.109.1530464834366; Sun, 01 Jul 2018 10:07:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530464834; cv=none; d=google.com; s=arc-20160816; b=niYu4MEez1k/InA4IKe8I5Ogo0Xxtopdt8zkObSGZTCLC04R3MCQWO+2iKcQ/ynaFU R+eswXxiO735rbGxFNsqgRwrxlStp/zW4jrCa4SNmy7KegQyS7bXHBQJtE6XviUpiI94 VEUZu1J7kJp6G9HS7rp0qNyusenXrlWKuo3Vg0v6uBZ97str6qOSlQjneRZVB1i7y5Th 3ujVw0QkiJGWcOkv6Lu4UCCc5xd5tQaDQASbzkOFh/dsbNP93LJicYmnzLZN0po9rHmG PPK6yF7DnbmMIcz3K7lEqcTK4MY6tDHTTGHs1FERprbGm54MY42QpYBnrWqFn4GYSCAg NQ3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=8XFHVqQJumXHMdiabsqInOElStobXUDH3ocPWki42zM=; b=EIPMtyyodLSNwrkpLg3NyHjkdRt5A9z1ODXN8qwUIFweAm1fmYMAAk/Lmj4X9pXVR/ o0SyXV1gnnP+pAEfzlsG4FqDtzpuyuIFcnaj0ZYAt56uxlAfSjLgknsBYmUlZaMujHLD FzKZYIWvhIxWZ8p4xHLRUK7OTAol7eUhTItg7LkwyJpt2lFN7C6bydKWXr8l0nIRfNWB WgVDcO0FGCRGcBeQhEB4ImwSIjHHGsVVj5oVgDtbeo9ptKiEVCsTNG3SiVZEgQ8R908w ub6k4lZ+qPjukyGlzkakVu3Xj2d5o6ar37hrDu+z5Iqfchw/MCw1z8iDzfdfLFFMJ149 AESA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=bxax1jf1; dkim=fail header.i=@chromium.org header.s=google header.b=QJaFb9Rf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f66-v6si13949362plb.103.2018.07.01.10.06.59; Sun, 01 Jul 2018 10:07:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=bxax1jf1; dkim=fail header.i=@chromium.org header.s=google header.b=QJaFb9Rf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965134AbeGARFK (ORCPT + 99 others); Sun, 1 Jul 2018 13:05:10 -0400 Received: from mail-yb0-f195.google.com ([209.85.213.195]:42383 "EHLO mail-yb0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753592AbeGARFB (ORCPT ); Sun, 1 Jul 2018 13:05:01 -0400 Received: by mail-yb0-f195.google.com with SMTP id i3-v6so4298196ybl.9 for ; Sun, 01 Jul 2018 10:05:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=8XFHVqQJumXHMdiabsqInOElStobXUDH3ocPWki42zM=; b=bxax1jf11oeJWP/1EfEBwnZlivmYMa2ZMhHEnKlzDMkzWQdxxhzQkHZII2EJXjlD/w 7LzxxwDcbKiMUYRo90EbrBxu73b85IhwfGT+UTxOt3rXMoUc9TawGs9rgw2jEBPRtKpB 2JykqPqiYdMl2A/Nvcxj7MnvtMfyMph/SwAB12b6CQ06gGqgFhe/jBfjjsjzcAm7UuFD 9wgC/4qFMwcFiW4Fess427ioXQqtzCdAnm6r4a0Nqznn7uD2aIOMiyvTKpEC785leHlV oe+TYIS8HPmhGQgDNqC3zw0UO5zDU85lN9+z2kawktR0T0dqwfhdEk72rGzF6ZuuhBoU ld/Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=8XFHVqQJumXHMdiabsqInOElStobXUDH3ocPWki42zM=; b=QJaFb9RfK/IS/T8IpCMEc3LRmBVMS8AFBbyazouRjGGWdOq2Q48vPQAnSiPq5b5FeW by5g9LW7zY7jxsqBEPOYlKXkFi1gHbeRPpftYHbakGRNnihKj9ItVShoJ3HMmb+8tOFD 225pc3sMmlNSF/GxauQyNYMlVDzjYDQZ5oSd8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=8XFHVqQJumXHMdiabsqInOElStobXUDH3ocPWki42zM=; b=QHZM9ZT/8m2M1zKLt80JLDkZ9xzlc+jDriZSHLktz4iQixfprqDjUqUgc0+me2+6D1 R3knn4UpnDYBh0DB95Oww4EpmKtmYptMjduzPH3DG4WpVFuqeQgmX1ak04dFkbgLueFA 2bNHz22rIOtZ4jqjP/ClR8QGK3IVoGZ0uJvnfUPPRp80hYNFFlS7FltjBgOyOInPc+4h aLaC/K7kw+lZzsR9VKPHvl7DtSdyqje9rH2/XhS6wtkxvS9fvYf+qIrC7SQaeMsv4gVc Dbsgo4hb40uoE9h/HK9jmudghmJZcIMOdgpxycyRjflGsB8F4i5UYZHR16eOJAnlCpXc xfKw== X-Gm-Message-State: APt69E3Iiy9Zz255W61FgFMoXjh0VM6eD4n9A0dn8WJ4LsLiC8rRPZYd YNCeeU7fANVSlwXCIXxZ19OWqmiwjLHkeUh6bkStYA== X-Received: by 2002:a25:ce8e:: with SMTP id x136-v6mr1113299ybe.118.1530464700355; Sun, 01 Jul 2018 10:05:00 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f51:0:0:0:0:0 with HTTP; Sun, 1 Jul 2018 10:04:59 -0700 (PDT) In-Reply-To: <20180630070301.GA1706@sol.localdomain> References: <20180629002843.31095-1-keescook@chromium.org> <20180629002843.31095-10-keescook@chromium.org> <20180630070301.GA1706@sol.localdomain> From: Kees Cook Date: Sun, 1 Jul 2018 10:04:59 -0700 X-Google-Sender-Auth: wrvIhcpnoHVeAw2bOsB76kMKo1k Message-ID: Subject: Re: [dm-devel] [PATCH v3 9/9] crypto: shash: Remove VLA usage in unaligned hashing To: Eric Biggers Cc: Herbert Xu , Giovanni Cabiddu , Arnd Bergmann , Eric Biggers , Mike Snitzer , "Gustavo A. R. Silva" , qat-linux@intel.com, LKML , dm-devel@redhat.com, linux-crypto , Lars Persson , Tim Chen , "David S. Miller" , Alasdair Kergon , Rabin Vincent Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 30, 2018 at 12:03 AM, Eric Biggers wrote: > On Thu, Jun 28, 2018 at 05:28:43PM -0700, Kees Cook wrote: >> @@ -88,11 +81,13 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, >> unsigned long alignmask = crypto_shash_alignmask(tfm); >> unsigned int unaligned_len = alignmask + 1 - >> ((unsigned long)data & alignmask); >> - u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)] >> - __aligned_largest; >> + u8 ubuf[MAX_ALGAPI_ALIGNMASK + 1]; >> u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); >> int err; >> >> + if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf))) >> + return -EINVAL; >> + > > How is 'ubuf' guaranteed to be large enough? You removed the __aligned > attribute, so 'ubuf' can have any alignment. So the aligned pointer 'buf' may > be as high as '&ubuf[alignmask]'. Then, up to 'alignmask' bytes of data will be > copied into 'buf'... resulting in up to '2 * alignmask' bytes needed in 'ubuf'. > But you've only guaranteed 'alignmask + 1' bytes. Hm, good point. Adding __aligned(MAX_ALGAPI_ALIGNMASK + 1) looks to fix this, yes? Also, if __aligned() is used here, can't PTR_ALIGN() be dropped? (I think you pointed this out earlier.) Also, is "unaligned_len" being calculated correctly? Let's say alignmask is 63. If data is binary ...111111, then unaligned_len will be 64 - 63 == 1, which is fine: we copy 1 byte out, bump the address by 1, and we're happily aligned to ...000000. If data is ...000000, then unaligned_len will be 64. But it should be 0. Shouldn't this be: unsigned int unaligned_len; unaligned_len = (unsigned long)data & alignmask; if (unaligned_len) unaligned_len = alignmask + 1 - unaligned_len; And then ubuf only needs to be MAX_ALGAPI_ALIGNMASK, without the +1? -Kees -- Kees Cook Pixel Security