From: Ard Biesheuvel Subject: Re: KASAN: use-after-free Read in sha512_ctx_mgr_resubmit Date: Tue, 28 Aug 2018 01:01:00 +0200 Message-ID: References: <00000000000072d64d05737b6b8c@google.com> <20180820073119.GA14931@sol.localdomain> <20180822062036.mdq4q5o5zdzuxh7s@gondor.apana.org.au> <1535411336.3516.2.camel@megha-Z97X-UD7-TH> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Herbert Xu , Eric Biggers , Tim Chen , "David S. Miller" , syzbot , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , syzkaller-bugs , "the arch/x86 maintainers" To: Megha Dey Return-path: In-Reply-To: <1535411336.3516.2.camel@megha-Z97X-UD7-TH> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On 28 August 2018 at 01:08, Megha Dey wrote: > On Wed, 2018-08-22 at 14:20 +0800, Herbert Xu wrote: >> On Tue, Aug 21, 2018 at 02:43:56PM +0200, Ard Biesheuvel wrote: >> > >> > I agree. The code is obviously broken in a way that would have been >> > noticed if it were in wide use, and it is too complicated for mere >> > mortals to fix or maintain. I suggest we simply remove it for now, and >> > if anyone wants to reintroduce it, we can review the code *and* the >> > justification for the approach from scratch (in which case we should >> > consider factoring out the algo agnostics plumbing in a way that >> > allows it to be reused by other architectures as well) >> >> I agree too. Could one of you guys send me a patch to remove >> them? >> > > Hi, > > We are working on a fix to solve these corner cases. > Great. thanks. But it would also be helpful if you could try and answer the questions raised by Eric: - in which cases does this driver result in a speedup? - how should we tune the flush delay to prevent pathological performance regressions? - is it still safe in the post-Spectre era of computing to aggregate hash input from different sources (which may be different users altogether) and process them as a single source of input?