Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp517188imm; Thu, 6 Sep 2018 06:14:49 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZ1MLMCFOO8owFe8y6lJD2Sd3Nu6cZjwrgaVEUrglOsfXwt7/DaHQAEwv7PVvBwIvqainOl X-Received: by 2002:a17:902:7683:: with SMTP id m3-v6mr2574142pll.255.1536239689528; Thu, 06 Sep 2018 06:14:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536239689; cv=none; d=google.com; s=arc-20160816; b=xPN/RKNsKOrFwbup2r3zzLE0wpDXQd9daTqPH3guQMQy6jxIGWMP+Ke6Z1RF19vSr4 f/NlNjAD26lSnliSZASz3A44qRD0mCj57qTqKWKwTlMaf4R3XKIup11vsODveDRau1bj C2lkOVeYFDQRipXdXrlWFOYTeJFPWyk/OPqLIHe84+bdGlEKxDvoMwYW+XriYXcy8uqt iohRWZ65FroFFZt8PPGdn/IDRqpVR8WOMivwlUNlS+o0TpXW2Oui+Qi6YP4uvo24AjxT OiwNb/NJiIvBBhU8I71TXIUDNfP4SGi1MMQeCRCcFIhdgrx0NN1M9R6SKD2LjpH8wuR7 0zYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=13ZurGpQ2DDG3s4/eQzSN0ae0YDJwgxtC2lv/k6GKoQ=; b=Azi5sKQ6G2WzJXutfk1xXh3IBRHh6jdFcH8G+d4OowmpfTe4K7r/jlMbKqgn6oTqVm kb1NIldgUJSYLCS8XlVDm9i132sGSsPk4kOq3duh54o7kY2YEolEhwgBUNU2gTWpMPAa 7KNei20UY3KQxc1I99ShpGXF1vF8ftuEr5ti6C3QRVkNZBtxpeAIAY/2ZNqjdPmz22FD rX5pHbbU09C7u31OiaYc/Chd5snnmJbofrEvsYAd5OrD9Y4+uZ+226YlbXnhwJhVCHhT 0xROhf5GQnJ5JKD0/36hAWnVnrhknBbsbJaVPmx/R/EQpRxdsG05EOnjAwk6CsWqNfBu tW5g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1-v6si5321206pli.469.2018.09.06.06.14.34; Thu, 06 Sep 2018 06:14:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729071AbeIFRrt (ORCPT + 99 others); Thu, 6 Sep 2018 13:47:49 -0400 Received: from orcrist.hmeau.com ([104.223.48.154]:42002 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727708AbeIFRrt (ORCPT ); Thu, 6 Sep 2018 13:47:49 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1fxu4m-00064A-LX; Thu, 06 Sep 2018 21:12:00 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1fxu4b-000820-4F; Thu, 06 Sep 2018 21:11:49 +0800 Date: Thu, 6 Sep 2018 21:11:49 +0800 From: Herbert Xu To: Ard Biesheuvel Cc: Gilad Ben-Yossef , Kees Cook , Eric Biggers , Antoine Tenart , Boris Brezillon , Arnaud Ebalard , Corentin Labbe , Maxime Ripard , Chen-Yu Tsai , Christian Lamparter , Philippe Ombredanne , Jonathan Cameron , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , linux-arm-kernel Subject: Re: [PATCH 2/2] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Message-ID: <20180906131149.ge2db74nxffs2tbz@gondor.apana.org.au> References: <20180904181629.20712-1-keescook@chromium.org> <20180904181629.20712-3-keescook@chromium.org> <20180906085100.xcqqftgqg4sizkec@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 06, 2018 at 11:29:41AM +0200, Ard Biesheuvel wrote: > > Perhaps not, but it is not enforced atm. > > In any case, limiting the reqsize is going to break things, so that > needs to occur based on the sync/async nature of the algo. That also > means we'll corrupt the stack if we ever end up using > SKCIPHER_REQUEST_ON_STACK() with an async algo whose reqsize is > greater than the sync reqsize limit, so I do think some additional > sanity check is appropriate. I'd prefer compile-time based checks. Perhaps we can introduce a wrapper around crypto_skcipher, say crypto_skcipher_sync which could then be used by SKCIPHER_REQUEST_ON_STACK to ensure that only sync algorithms can use this construct. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt