Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp379514imm; Thu, 6 Sep 2018 04:05:15 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaRLIjcSJIrLAIQz/r/CBV1itZsIJSl4UJguAZJlNsKHx4IB7mXJKARpnqoBWKmnZkLupiy X-Received: by 2002:a63:7a45:: with SMTP id j5-v6mr2032513pgn.363.1536231915433; Thu, 06 Sep 2018 04:05:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536231915; cv=none; d=google.com; s=arc-20160816; b=LFOKLbtzOM3DPxmPg3WXay+hVE3KjyjBzVg5Ewfc50cmVgi36PAdcKtPx9NwW6Ftnr XhwP3v778yTm0gsVs36ZjqO1ejK0RfOIFL9rFa3zTNhW4v4JGc6oxAerbhRzfaX8JTV8 x1tLyXBepSBT79RcBrLjrrGLe8Sh7oqImRx6NyewT74lRd8XRahUEJpz3e7ga+A2iXFA 48h6JNvsi5bE+8siPZ/CtfM5KFrDJt/vvd9hkn9MkdNibaAXe573w1IqL1fr/vqxSw3k WsF2Sm7A0FLfx/3n+DZef/dGCie6hDI3AQxqvjaV49mMr9yEsUF1+znJ2r1ba8bkVaLA eOFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=iodYO2TRqtAkGkF7zX+I7S1Z9PpHoHgZJUuGTNyb6CI=; b=kEyPS1CqIagjNKUkBkr/SMpYJ5GfXwXUnTroSrjEhbxsMLasx6SXcRopL9TxXbTTzC 4WjpGIahVINCJwjS8pHKHzcCq25ZWwtvqWW6Cqp1cRIjHXeferqO10GO+U7w3gqfvodV Ly4Tj+HfftU9KZSmP1WJW91EkBgSkXi0C1BIwFCsWlGyEYmxiSjJDIsKghi+kT0YhnCp zg9KDZ1HZMrTRT6lyMcO5KSKfrR0+/b94h0lCDImQI8/R3m4uxgbvGumuEOhflvOFq5P rWgNPaMvcEbbgOICIuZxfrbYOd4EmOeylWzGhUCiZEcvNPAZVyF/9MGH36Yp6ypM3260 37Zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=I5awZiqW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r34-v6si4940694pgb.656.2018.09.06.04.05.00; Thu, 06 Sep 2018 04:05:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=I5awZiqW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728367AbeIFOER (ORCPT + 99 others); Thu, 6 Sep 2018 10:04:17 -0400 Received: from mail-it0-f68.google.com ([209.85.214.68]:36887 "EHLO mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728281AbeIFOEQ (ORCPT ); Thu, 6 Sep 2018 10:04:16 -0400 Received: by mail-it0-f68.google.com with SMTP id h20-v6so13277703itf.2 for ; Thu, 06 Sep 2018 02:29:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iodYO2TRqtAkGkF7zX+I7S1Z9PpHoHgZJUuGTNyb6CI=; b=I5awZiqWg6d3wrNwHBvZ0uoVikMNK+uVpuWlfCVAiuZnOt1yDTzqJJZQbM7yTyyyoE /ivppZU8CRc3erbppL/jDHxhqrYAxYgJadA9xrkF55tq6xBIxhzhfteu88VRs5eKYIxe gek4mWrP3bB0eRq0RWs4gBzeRbvsbpjzvUutE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iodYO2TRqtAkGkF7zX+I7S1Z9PpHoHgZJUuGTNyb6CI=; b=V441WEIpBtFLKmiRR0Kh+K8LnpD0DqPUbUFilCaxRtPS8lyO5/NWRUYADtj0vWR4+G WwwdtbA2kG4JxgqA3KGKNslSboOGAl/qL1ed8nqxKNhB/YYJ9jqENV5CpXM3Lgb34CHX Oh/kzc0N3fPYE1AgHy5zs+GssHnuxEewR2eDAcwPyqKh3WC9EmeGluPtT+8Ukik3YtF3 N3HVl+BgMZAW8ulKhxF8zFOIVxS8mHn9ZCHVP86+Lo4SdMsrl09QvzjxpfSpDBijLP+/ sE5/EoH6NYPCoRfY1pOjcp8GIr8USb0kq3V3YyXwCXdUGc9pYbEkMdgePIRSWc3xRuUy T2DQ== X-Gm-Message-State: APzg51DacQeNPONACQLbnhUjGt1tuZNIdAbti66Pkh3j8T/+0F9qNrxY xYY5mNbB4w542of54OsuBJPX+Q0F60hkmfdwvN1Pdg== X-Received: by 2002:a24:52cd:: with SMTP id d196-v6mr1797359itb.58.1536226181867; Thu, 06 Sep 2018 02:29:41 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:1c06:0:0:0:0:0 with HTTP; Thu, 6 Sep 2018 02:29:41 -0700 (PDT) In-Reply-To: <20180906085100.xcqqftgqg4sizkec@gondor.apana.org.au> References: <20180904181629.20712-1-keescook@chromium.org> <20180904181629.20712-3-keescook@chromium.org> <20180906085100.xcqqftgqg4sizkec@gondor.apana.org.au> From: Ard Biesheuvel Date: Thu, 6 Sep 2018 11:29:41 +0200 Message-ID: Subject: Re: [PATCH 2/2] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK To: Herbert Xu Cc: Gilad Ben-Yossef , Kees Cook , Eric Biggers , Antoine Tenart , Boris Brezillon , Arnaud Ebalard , Corentin Labbe , Maxime Ripard , Chen-Yu Tsai , Christian Lamparter , Philippe Ombredanne , Jonathan Cameron , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , linux-arm-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6 September 2018 at 10:51, Herbert Xu wrote: > On Thu, Sep 06, 2018 at 10:11:59AM +0200, Ard Biesheuvel wrote: >> >> That way, we will almost certainly oops on a NULL pointer dereference >> right after, but we at least the stack corruption. > > A crash is just as bad as a BUG_ON. > > Is this even a real problem? Do we have any users of this construct > that is using it on async algorithms? > Perhaps not, but it is not enforced atm. In any case, limiting the reqsize is going to break things, so that needs to occur based on the sync/async nature of the algo. That also means we'll corrupt the stack if we ever end up using SKCIPHER_REQUEST_ON_STACK() with an async algo whose reqsize is greater than the sync reqsize limit, so I do think some additional sanity check is appropriate.