Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp3016965imm; Sun, 1 Jul 2018 10:22:21 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfRR3DzJvCVhuvySbkVY/4i5l1GDIZWBgng1F3X5cPL+mFcJf9ShHeCfftB0uZelKtFUna0 X-Received: by 2002:a62:10c2:: with SMTP id 63-v6mr22378613pfq.229.1530465741445; Sun, 01 Jul 2018 10:22:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530465741; cv=none; d=google.com; s=arc-20160816; b=xmexBMgZHvHs29qDe7hfehQlTeMPzGxmyHIvHB96UOEB7q6zusElNrdW7yLMfTg1U+ tc0eqdIFycM8TncsCL6Q/ZdfJTWcIVo04+bwZtdfXTZT11ay0vhEgfm0854X+azozjOE zvwSnib3lzrxaFJTLTd3mM6zgXak3AqeEMaYgVP2HWcLn/6i1GFimEYZML/axHnUL+v0 WfK/aPkL/8/mou1WVd4QgsOBK69xb0s5F+ZRKKxJu6X8x7rh2oDc1QfVTmi8YXAwSjAO N8T9+9ghg89z21dC0Cv7vYbta8i5FWFXu56gvUKSwkKiwkgc2qS4Q3DkrvvDregNno6S NQBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=NY1ds3aJ+on14vDM8qa23ezal1wregqGhAvkHc6rFMA=; b=xEUPHsm8qCalVuDTNWsEv36O8gfsFlReG8AY5ItLNUkvIGvU4CKxMF6EhTIVaaqVxi +xB8msC4RphJKY4OvxUvBhUhTsrZ/pYmChJB5h65oaXCpl9iFI1pDrtwwiUmRUj0pLGQ mfcg1Fl1eeaNYPwSKzwd0LJQXcv+XUKzbT5Nv4o9jDCV71ZW+BfzW1ePOuqlEtE8zPlN 47N7OUL8gk8TziEq9JwbtzcQVxhwzsMsdEjTaP7rPgmsDA8WoQK6bgv1wT7b5fYX9aoA 0pM3WTH1ClBdel5NeA1RMM23R7fzWKc4Dc1hzwO5lb+4fxbga6/7MCLD2h9BuNSYJFeL /LCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XuhjUedT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c11-v6si12812126pgt.686.2018.07.01.10.22.06; Sun, 01 Jul 2018 10:22:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XuhjUedT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965964AbeGARVH (ORCPT + 99 others); Sun, 1 Jul 2018 13:21:07 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:33775 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932688AbeGARVC (ORCPT ); Sun, 1 Jul 2018 13:21:02 -0400 Received: by mail-pl0-f66.google.com with SMTP id 6-v6so6809868plb.0; Sun, 01 Jul 2018 10:21:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=NY1ds3aJ+on14vDM8qa23ezal1wregqGhAvkHc6rFMA=; b=XuhjUedT1UKtzYoiVZgD8kT1wQF8K32hgxhMIRPeqQPdpYBfDkmhdkBC66FfWhjhSs rvwuqUAW5iZSk0BOjhItYLy5HIJUCKCmnswmZ1MWbidYLBSWaB9RHU7fT2sBeOIuN/2m BEF1YGM+MWjq8i6NAa2hg8QXXpwLYcsbjUNbVFWuw+uk+q7EUSvMQU1t+pukrv13wwIF gHqqpHcRehOjfLG2G7FHwVlMO886It1FX0MShPtl4md4tQ+sHdYsUah2K2zKg0dlTbLh i9qHCwsmiWBVIqTESPFoqpUGFHqnEm0+hBAvw0qHBrBR5PkaRxnOk65Eilb5Uob9u427 jtVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=NY1ds3aJ+on14vDM8qa23ezal1wregqGhAvkHc6rFMA=; b=kaE/eMmZoPzgycE79UghrWpqCxG1D8Ol9NHqRVzriYHalJa+IrPh0VO43/JOxqMmZf 1cv3Vh9WRq7iKTlW36LYkPnBikUeL3cCpEdZpzpzl3wyL5kpjrtwVHoJCAN6/lsnZ3F/ IayoCFvwxnUH3v86HIQ2KPHKlC10pUSHbCWr22G87a9u7GbSEcAGqOlMa+ct6sUq9ol0 cFNRS7NFxZp2BZwfi6DBJtDiutAy/TXUt/bHYxShhIvhNZMss+nf2q+IBlS5gstK58MP Htj5FV4GLbBWsnCTyHxvRL+560Iczyn4ehuIYifhknF3jBmlKo6B3APl6cYV+cBeJDAq yzqQ== X-Gm-Message-State: APt69E1j9qSyWN9Er0ygDxvU4LGXEVkXOaQcBNt5+BV+OJUsBx6N4PBF aYHp15kZs4W51uRqQZ8q9MI= X-Received: by 2002:a17:902:8f86:: with SMTP id z6-v6mr18283615plo.38.1530465661484; Sun, 01 Jul 2018 10:21:01 -0700 (PDT) Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id 14-v6sm27794127pft.10.2018.07.01.10.20.59 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 01 Jul 2018 10:21:00 -0700 (PDT) Date: Sun, 1 Jul 2018 10:20:58 -0700 From: Eric Biggers To: Kees Cook Cc: Herbert Xu , Giovanni Cabiddu , Arnd Bergmann , Eric Biggers , Mike Snitzer , "Gustavo A. R. Silva" , qat-linux@intel.com, LKML , dm-devel@redhat.com, linux-crypto , Lars Persson , Tim Chen , "David S. Miller" , Alasdair Kergon , Rabin Vincent Subject: Re: [dm-devel] [PATCH v3 9/9] crypto: shash: Remove VLA usage in unaligned hashing Message-ID: <20180701172058.GA26715@sol.localdomain> References: <20180629002843.31095-1-keescook@chromium.org> <20180629002843.31095-10-keescook@chromium.org> <20180630070301.GA1706@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.0 (2018-05-17) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 01, 2018 at 10:04:59AM -0700, Kees Cook wrote: > On Sat, Jun 30, 2018 at 12:03 AM, Eric Biggers wrote: > > On Thu, Jun 28, 2018 at 05:28:43PM -0700, Kees Cook wrote: > >> @@ -88,11 +81,13 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, > >> unsigned long alignmask = crypto_shash_alignmask(tfm); > >> unsigned int unaligned_len = alignmask + 1 - > >> ((unsigned long)data & alignmask); > >> - u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)] > >> - __aligned_largest; > >> + u8 ubuf[MAX_ALGAPI_ALIGNMASK + 1]; > >> u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); > >> int err; > >> > >> + if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf))) > >> + return -EINVAL; > >> + > > > > How is 'ubuf' guaranteed to be large enough? You removed the __aligned > > attribute, so 'ubuf' can have any alignment. So the aligned pointer 'buf' may > > be as high as '&ubuf[alignmask]'. Then, up to 'alignmask' bytes of data will be > > copied into 'buf'... resulting in up to '2 * alignmask' bytes needed in 'ubuf'. > > But you've only guaranteed 'alignmask + 1' bytes. > > Hm, good point. Adding __aligned(MAX_ALGAPI_ALIGNMASK + 1) looks to > fix this, yes? > > Also, if __aligned() is used here, can't PTR_ALIGN() be dropped? (I > think you pointed this out earlier.) Sure, I'm just not sure whether __aligned() with such a large alignment is guaranteed to work on stack variables on all architectures. See e.g. https://patchwork.kernel.org/patch/9507697/. > > Also, is "unaligned_len" being calculated correctly? Let's say > alignmask is 63. If data is binary ...111111, then unaligned_len will > be 64 - 63 == 1, which is fine: we copy 1 byte out, bump the address > by 1, and we're happily aligned to ...000000. If data is ...000000, > then unaligned_len will be 64. But it should be 0. Shouldn't this be: > > unsigned int unaligned_len; > > unaligned_len = (unsigned long)data & alignmask; > if (unaligned_len) > unaligned_len = alignmask + 1 - unaligned_len; > > And then ubuf only needs to be MAX_ALGAPI_ALIGNMASK, without the +1? shash_update_unaligned() is only called when 'data & alignmask'. Similarly with shash_final_unaligned(). Though, calculating 'unaligned_len' could be simplified to unsigned int unaligned_len = -(unsigned long)data & alignmask; which works either way. - Eric