Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp7193096imm;
        Tue, 24 Jul 2018 09:54:46 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpfNbv0UcXkICB74MMvVf1luEhR7FeWegzNSZ2qBGMZUaqkdYkWmapay2+kzXg/2m+Dv6+2Z
X-Received: by 2002:a63:be05:: with SMTP id l5-v6mr16914020pgf.330.1532451286064;
        Tue, 24 Jul 2018 09:54:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532451286; cv=none;
        d=google.com; s=arc-20160816;
        b=i+NVlJ0Yc8ST9gB2RtZehITBavOgq6cXDMqZtDZ6DZODhfZDogNcnIiJda2EviDE9b
         K9AN/pkvvy/e+i0kRH/iM8DCnk+8biymKFWJJXbJSqHzPfaUQt+m88QTKM68Sk7iWvbJ
         wjEVejX4Q0J+RdWMQIIs/TO/edoE0pPWUxUsQbpDETnfiuc4Q2HoeSDosMfwN9JyXXx6
         s+vaBVQk8iJSB1oQVQYMK+vjEHSteeuIkUS1dy57/+HioSMixcgJV+P4GA3pXaoLecqO
         gUcxbILoLGJ5kTKVvw7VHtGNjKQeNUWV4JZTICM7/PPY8fWr0NddScwsG5SqrnAT4mp9
         Nk0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=;
        b=oU9jp5tg075WIqq7KTm+ZA3aqjvjOQv5MakSFc3gsxl6X9Rh/e+bsoCfPYw6YCH+UM
         bNu49jccPtyr2Pj5k2SanexbINDLN72CJmpfwCpDeVHJe3AgGlE31NQ881BhA+RGrUxm
         1sCctVJse/kP5GEH5cVmolSpT58WRc+wQOGxjdYcDDKMUV2dFc6R1Xxl+PkR7z69oFEV
         VZT7zegKANQNu1yEps7SVFHXJvsTNePZO015BAlqcneEKhqGX+uo3AP7m4ISWI7yEN1a
         /hR46MLMpx5/wOsIE11a1JFNjk9aYo6ivkOtarrxiW5p70ZWm7qMqfyeRYVvfu5xF1Yq
         Ldaw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=KhqlpwUh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x5-v6si12982553pgx.310.2018.07.24.09.54.31;
        Tue, 24 Jul 2018 09:54:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=KhqlpwUh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388455AbeGXR5F (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Tue, 24 Jul 2018 13:57:05 -0400
Received: from mail-pl0-f66.google.com ([209.85.160.66]:43082 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2388413AbeGXR5F (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Jul 2018 13:57:05 -0400
Received: by mail-pl0-f66.google.com with SMTP id x6-v6so333363plv.10
        for <linux-kernel@vger.kernel.org>; Tue, 24 Jul 2018 09:49:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=;
        b=KhqlpwUhL7SO6HAt68REzVNh23xMYyqwyRYxyfbREhsXYNLJpRRD4CxsLAi/G0ABEE
         nEQPzunKszHZy9EQghyS9betds9tNuabN8iDV1U+D0LkktZ9RLjo2pM9X/Ooshz8Kkwx
         DWOS2k/XX7IAe6UdMjR7A/dGV/sM2yx1YvS2w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=;
        b=erO3P6UfUxjUStudzmiPgA78TMNzbijRgUDjbOh/+BBnYs6ny8bpa7Z2E90OCSmFeo
         qmFmr/eMEDaJwCYuv6obNcmPMXUUpBNzLrL4dlXIPMZvR7oCNpggT5nECTaIw1/8hGHh
         QF2X4ZwdQT09swb5jF/4TT9XeEayzmGLWOroXVQJRE+/8tWY5p+xxlLxue8oV7IwgoB5
         QfwVnnHVVSq+cXg28bG0v4GnKywN/8rqOTIRRMHzC8SZsuQXz6t6KeXhHmO6oXzFWp2W
         T1W7FOPwUILyXVm6xawoD87avwikRlQr91Go66HEFKkxguWgqAIN4v4M+bEld/ulraxl
         3zOg==
X-Gm-Message-State: AOUpUlFqktCaWWp+Xv7+C2gqR2zelvNc1gnPEfT1TBmF+z8j8Ib1a4ja
        zOeT2oJrK3BaG1qqtW0vsRoefg==
X-Received: by 2002:a17:902:9b90:: with SMTP id y16-v6mr1180619plp.201.1532450983936;
        Tue, 24 Jul 2018 09:49:43 -0700 (PDT)
Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id v4-v6sm13314440pgr.36.2018.07.24.09.49.42
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 24 Jul 2018 09:49:42 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     Herbert Xu <herbert@gondor.apana.org.au>
Cc:     Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
        Eric Biggers <ebiggers@google.com>,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        Alasdair Kergon <agk@redhat.com>,
        Rabin Vincent <rabinv@axis.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        "Rafael J. Wysocki" <rjw@rjwysocki.net>,
        Pavel Machek <pavel@ucw.cz>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        Philipp Reisner <philipp.reisner@linbit.com>,
        Lars Ellenberg <lars.ellenberg@linbit.com>,
        Jens Axboe <axboe@kernel.dk>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Mike Snitzer <snitzer@redhat.com>,
        Paul Mackerras <paulus@samba.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        David Howells <dhowells@redhat.com>,
        Johannes Berg <johannes@sipsolutions.net>,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Jia-Ju Bai <baijiaju1990@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Will Deacon <will.deacon@arm.com>, dm-devel@redhat.com,
        linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org,
        drbd-dev@lists.linbit.com, linux-block@vger.kernel.org,
        qat-linux@intel.com, linux-ppp@vger.kernel.org,
        netdev@vger.kernel.org, devel@driverdev.osuosl.org,
        linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH v6 02/18] crypto: cbc: Remove VLA usage
Date:   Tue, 24 Jul 2018 09:49:20 -0700
Message-Id: <20180724164936.37477-3-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180724164936.37477-1-keescook@chromium.org>
References: <20180724164936.37477-1-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In the quest to remove all stack VLA usage from the kernel[1], this
uses the upper bounds on blocksize. Since this is always a cipher
blocksize, use the existing cipher max blocksize.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/crypto/cbc.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..47db0aac2ab9 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,9 @@ static inline int crypto_cbc_decrypt_inplace(
 	unsigned int bsize = crypto_skcipher_blocksize(tfm);
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
-	u8 last_iv[bsize];
+	u8 last_iv[MAX_CIPHER_BLOCKSIZE];
+
+	BUG_ON(bsize > sizeof(last_iv));
 
 	/* Start of the last block. */
 	src += nbytes - (nbytes & (bsize - 1)) - bsize;
-- 
2.17.1