Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp23752imm; Wed, 5 Sep 2018 14:14:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdacncKPniGwxXgOIa2fbEB7dob2KyiMI/etmjaN4cQzm5W3e2HPW9+/FGgDRJvjCpjDvLQH X-Received: by 2002:a63:f:: with SMTP id 15-v6mr38795663pga.430.1536182069102; Wed, 05 Sep 2018 14:14:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536182069; cv=none; d=google.com; s=arc-20160816; b=kBjBxkt6Y1Hvs3T4C1gM92M4qGl1I9pxa4rinl8qSqpcFTjN2KKrSQUnHinJQyiF7B epCqpo3951ljFUnKc+zEa9ZjG6qzQrqwJYRPsAmxMTaxuOjupFw+FZAxz0lAedLOKBDE X8YYywwAYo5FX4CdeUQK4yuiT6hFYWxloMAXym1qNA6R1jscmAWsDAuZhHcq/YII/ZqS y7bX2rTRkwdORTT0YyYIeV9XEerpKDBSF9Qlgzi0S9/GIa1dTVjUyXJigPnU+qAD/ri7 2fTQcDpdMi+kU8XyBjuO/DuVNmq6c9r5pzJtDDJ3CIDOe2yngzQIatn/zJMTX9CpUTAe pPrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=OKsie9R6idiavEQFA9FzG93r8uZfFlPtlZcfLIjtdqs=; b=Ig4+CniaewessBweqcY0jv1eu0zDs0AX8M1iJ/19qwY32gSFl8xsvqAlyee4j406Al n/nobAyvqyEQjEHvCaonTYNnMnLNYus0sNC5DunDzXgupJBkoBoeo0WS639sYl7esXeK cHRLSxmUhPuTRF7BNi9mrUY9v6ZkQd6isi7uoFfe/PCKrC38s+jKbPv/5NknPKK1gE5R rYVvJlGPDaAKfTfgpg9TE2LHwjGjum5tJeelA83VJDXAgv/1LtMrvr4csC1MXB/+zuG2 yr0cxHJgNrHH3MdtwFLgM9TKlcjVKNjoHaduLFzOj3zqn6BK2jo9IlnmGUYAGTwsxvoj VlqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=bKa5W7Th; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u12-v6si3115194pgm.209.2018.09.05.14.14.12; Wed, 05 Sep 2018 14:14:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=bKa5W7Th; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727751AbeIFBmc (ORCPT + 99 others); Wed, 5 Sep 2018 21:42:32 -0400 Received: from mail-yw1-f68.google.com ([209.85.161.68]:38237 "EHLO mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727069AbeIFBmb (ORCPT ); Wed, 5 Sep 2018 21:42:31 -0400 Received: by mail-yw1-f68.google.com with SMTP id n21-v6so3235294ywh.5 for ; Wed, 05 Sep 2018 14:10:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OKsie9R6idiavEQFA9FzG93r8uZfFlPtlZcfLIjtdqs=; b=bKa5W7ThY9VKsL9/BZRzf23mnVpiITRCKunuyfyXaAjXo4JDPKw99Z/n1Rhng3CItn hLYM+wWgMlxnu2v40tAhArrsawosRJUsB0TgAGnJLT5oDl3nRfnQpqrWa58vPAMVoZZ+ 0b0YAfeIFXI0nGv6+bfqE+AFepEacOz9CutrU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OKsie9R6idiavEQFA9FzG93r8uZfFlPtlZcfLIjtdqs=; b=roi5l59DaT1mkxWIJOJpXY4f1e26a6TLrGpNbl1BCXfpNiiHyXeehBWE6r07nkNWWK TlZOq9MnXCHohpqEmYrE++bS20gsBSpfcnm2IhmMl6WqSDw0EQpmwv7+OTUf2TB951em 4BblOPtBXFv6h4gTp9XEVkX+joGgWUZFEhUuMclyauWgMAhKUY3vKtiJGNtENJ83oZzw 5cg2SD0+cHh981qW8mrFhVR7k5UaBrxCVcE8Cb5e2S2GvFyWIdIw/IJeRMwmnVXPR33b QpWUZzRlDx5TflfFU9Kcu76HOUAfjiC7ImJvOQkQGomN99OxXG6inHQ8yn4w6uPaCNsU mGsA== X-Gm-Message-State: APzg51CvMPYyFt6W663fspBr67jmtDQerUlQ/PFBh2TOArqPlz2rX7Fd 6YcJ6eUZx9fEmTgNjWguGd+bsLOx1xA= X-Received: by 2002:a81:288d:: with SMTP id o135-v6mr22178024ywo.171.1536181832455; Wed, 05 Sep 2018 14:10:32 -0700 (PDT) Received: from mail-yw1-f44.google.com (mail-yw1-f44.google.com. [209.85.161.44]) by smtp.gmail.com with ESMTPSA id k186-v6sm991604ywd.106.2018.09.05.14.10.32 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Sep 2018 14:10:32 -0700 (PDT) Received: by mail-yw1-f44.google.com with SMTP id z143-v6so3230364ywa.7 for ; Wed, 05 Sep 2018 14:10:32 -0700 (PDT) X-Received: by 2002:a0d:db10:: with SMTP id d16-v6mr22890053ywe.124.1536181520543; Wed, 05 Sep 2018 14:05:20 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Wed, 5 Sep 2018 14:05:19 -0700 (PDT) In-Reply-To: References: <20180904181629.20712-1-keescook@chromium.org> <20180904181629.20712-3-keescook@chromium.org> From: Kees Cook Date: Wed, 5 Sep 2018 14:05:19 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK To: Ard Biesheuvel Cc: Herbert Xu , Eric Biggers , Gilad Ben-Yossef , Antoine Tenart , Boris Brezillon , Arnaud Ebalard , Corentin Labbe , Maxime Ripard , Chen-Yu Tsai , Christian Lamparter , Philippe Ombredanne , Jonathan Cameron , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , linux-arm-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 5, 2018 at 2:18 AM, Ard Biesheuvel wrote: > On 4 September 2018 at 20:16, Kees Cook wrote: >> In the quest to remove all stack VLA usage from the kernel[1], this >> caps the skcipher request size similar to other limits and adds a sanity >> check at registration. Looking at instrumented tcrypt output, the largest >> is for lrw: >> >> crypt: testing lrw(aes) >> crypto_skcipher_set_reqsize: 8 >> crypto_skcipher_set_reqsize: 88 >> crypto_skcipher_set_reqsize: 472 >> > > Are you sure this is a representative sampling? I haven't double > checked myself, but we have plenty of drivers for peripherals in > drivers/crypto that implement block ciphers, and they would not turn > up in tcrypt unless you are running on a platform that provides the > hardware in question. Hrm, excellent point. Looking at this again: The core part of the VLA is using this in the ON_STACK macro: static inline unsigned int crypto_skcipher_reqsize(struct crypto_skcipher *tfm) { return tfm->reqsize; } I don't find any struct crypto_skcipher .reqsize static initializers, and the initial reqsize is here: static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm) { ... skcipher->reqsize = crypto_ablkcipher_reqsize(ablkcipher) + sizeof(struct ablkcipher_request); with updates via crypto_skcipher_set_reqsize(). So I have to examine ablkcipher reqsize too: static inline unsigned int crypto_ablkcipher_reqsize( struct crypto_ablkcipher *tfm) { return crypto_ablkcipher_crt(tfm)->reqsize; } And of the crt_ablkcipher.reqsize assignments/initializers, I found: ablkcipher reqsize: 1 struct dcp_aes_req_ctx 8 struct atmel_tdes_reqctx 8 struct cryptd_blkcipher_request_ctx 8 struct mtk_aes_reqctx 8 struct omap_des_reqctx 8 struct s5p_aes_reqctx 8 struct sahara_aes_reqctx 8 struct stm32_cryp_reqctx 8 struct stm32_cryp_reqctx 16 struct ablk_ctx 24 struct atmel_aes_reqctx 48 struct omap_aes_reqctx 48 struct omap_aes_reqctx 48 struct qat_crypto_request 56 struct artpec6_crypto_request_context 64 struct chcr_blkcipher_req_ctx 80 struct spacc_req 80 struct virtio_crypto_sym_request 136 struct qce_cipher_reqctx 168 struct n2_request_context 328 struct ccp_des3_req_ctx 400 struct ccp_aes_req_ctx 536 struct hifn_request_context 992 struct cvm_req_ctx 2456 struct iproc_reqctx_s The base ablkcipher wrapper is: 80 struct ablkcipher_request And in my earlier skcipher wrapper analysis, lrw was the largest skcipher wrapper: 384 struct rctx iproc_reqctx_s is an extreme outlier, with cvm_req_ctx at a bit less than half. Making this a 2920 byte fixed array doesn't seem sensible at all (though that's what's already possible to use with existing SKCIPHER_REQUEST_ON_STACK users). What's the right path forward here? -Kees -- Kees Cook Pixel Security