Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3077671imm;
        Mon, 16 Jul 2018 21:22:59 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpfUsrrhX0sE5MCt9NtYfGHGg7AOGk6aQoptDSXruHS2Lz+eOpnDVG3yOMbXMGJWsJapB2AV
X-Received: by 2002:a17:902:8f96:: with SMTP id z22-v6mr28087plo.190.1531801379439;
        Mon, 16 Jul 2018 21:22:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531801379; cv=none;
        d=google.com; s=arc-20160816;
        b=WomJzoICfbRq3mSEJxq5A6mychVPF9ACmRwmW4W3dgjkydKs+o/8K8MSi0MqA/Qyfo
         jT3EfZz+8GmloeT0roVKGwgY7mc+mg0Fjd7eTqoHX3GXN9NqVOGxj0Qz6IzkVKPFPmbC
         S9vtJaq5cWbTXwg5Teobyn2Xq+5s3jMw7/fMe5+O8MD1Ff0XA6dl3bb3L6722zUt/Iur
         AcS6KPGrxsww8NLQTcV9sT7/AZrm2Elkwmnj6wLNbwlSH0PFuize24uxSpvGfpREaI5G
         DwQwWFVxPuJHjyVbKyS+JxYWLsh3wvVxtOukHwII+c0kvHs+zB9dzPKfsVVZO4Z+nv3s
         juJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=;
        b=J76PXta5F3DfdlyDs3xVw21Zl50c3ifZSLa3SHTrmkRf3g8EEBR+S4rfs3zmP38hN3
         Fmw+yTaGCK8uDGqOTugLNnwyPhfMKl2GPW5sXsDoNi9ftjsUlfycCIvs0ttDYwQ4uW/N
         IVvBB/O7QQvH2Q+IWrhuiF2SsEcBUXaA5+Lph5l1OMMMci0KhnUQ4Jl/4QFLUxVMA/W7
         ZNgvQSutcWlkLw7CDx1XPKDA63/eL2g9YNOfIjsqCFncG7H4EQWCj28BXnTiWL2BIV/9
         FMmOZs8FRc3SEcv23E/9QDl5kmdM8YGOEDZM4t7gZGDnBJHMQNVQbnadKZcNGS1mZse6
         JqLw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=XQQKOAGq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p12-v6si12882635pls.53.2018.07.16.21.22.43;
        Mon, 16 Jul 2018 21:22:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=XQQKOAGq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729755AbeGQEwk (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Tue, 17 Jul 2018 00:52:40 -0400
Received: from mail-pf0-f195.google.com ([209.85.192.195]:39008 "EHLO
        mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727311AbeGQEwk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Jul 2018 00:52:40 -0400
Received: by mail-pf0-f195.google.com with SMTP id j8-v6so2737482pff.6
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jul 2018 21:22:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=;
        b=XQQKOAGqhVuqUwnAwIgQbZrwv28UgS7Du+ycYOqxDw2E/J/M9bUGXt9VitsDDrMonI
         VSSea6IYFmm2OxUaViLyYRDO04nelWXRXxin29NYNtqGJGY4RE8AmdGf/L2Mu0p/2A6A
         Ax3FuOMPHl/Hkz0biEofkxEm/W6wKvPWTKfYs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=;
        b=QLrOvYH5sm/SXIBIbcnw+M23oPm7WuAnqqNDdqF1F5I55FX5QEZEpIAn/bRseDy8TR
         DRACJGNXDzaHdBUe1HZ6d//GmKFhaHkdWr7zi+uBGQQ3vMpsSOTUTvWA40X6kaS6IpRh
         NHfj080OfIAZSoveSK1Qb+6DTxzoLCejYtpyztFxC7xwHODrUmynS6QWPNujqhvOMKiy
         q7t44SOMn5DmSqypcW4wR5Z5/1TLwZbwJL+1P7jfMIheMebZu5qeUmh8covnatqq+0QC
         b4gSIiOKebxk2mkFGLUfNcUBzJAzVsC9LK7M7cfwSo1/pf9pCB3R7fbenodMHUgKzlbg
         XwRg==
X-Gm-Message-State: AOUpUlFfw6DwfkLb7F12SDy+Fb2Pb0EKVBpDbhg2zoHMZrAnxcm0bivK
        4RbyfwVE6TSSZahP56Ajl7wMVQ==
X-Received: by 2002:a65:6455:: with SMTP id s21-v6mr14207pgv.394.1531801324742;
        Mon, 16 Jul 2018 21:22:04 -0700 (PDT)
Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id p11-v6sm72711991pfj.72.2018.07.16.21.21.57
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 16 Jul 2018 21:21:58 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     Herbert Xu <herbert@gondor.apana.org.au>
Cc:     Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
        Eric Biggers <ebiggers@google.com>,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        Alasdair Kergon <agk@redhat.com>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Lars Persson <larper@axis.com>,
        Mike Snitzer <snitzer@redhat.com>,
        Rabin Vincent <rabinv@axis.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        dm-devel@redhat.com, linux-kernel@vger.kernel.org
Subject: [PATCH v5 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK
Date:   Mon, 16 Jul 2018 21:21:50 -0700
Message-Id: <20180717042150.37761-12-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180717042150.37761-1-keescook@chromium.org>
References: <20180717042150.37761-1-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In the quest to remove all stack VLA usage from the kernel[1], this
caps the skcipher request size similar to other limits and adds a sanity
check at registration. Looking at instrumented tcrypt output, the largest
is for lrw:

	crypt: testing lrw(aes)
	crypto_skcipher_set_reqsize: 8
	crypto_skcipher_set_reqsize: 88
	crypto_skcipher_set_reqsize: 472

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/crypto/internal/skcipher.h | 1 +
 include/crypto/skcipher.h          | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index e42f7063f245..5035482cbe68 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -130,6 +130,7 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher(
 static inline void crypto_skcipher_set_reqsize(
 	struct crypto_skcipher *skcipher, unsigned int reqsize)
 {
+	BUG_ON(reqsize > SKCIPHER_MAX_REQSIZE);
 	skcipher->reqsize = reqsize;
 }
 
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 2f327f090c3e..c48e194438cf 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -139,9 +139,11 @@ struct skcipher_alg {
 	struct crypto_alg base;
 };
 
+#define SKCIPHER_MAX_REQSIZE	472
+
 #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \
 	char __##name##_desc[sizeof(struct skcipher_request) + \
-		crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR; \
+		SKCIPHER_MAX_REQSIZE] CRYPTO_MINALIGN_ATTR; \
 	struct skcipher_request *name = (void *)__##name##_desc
 
 /**
-- 
2.17.1