Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp176737rbb;
        Fri, 23 Feb 2024 16:52:35 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCUZCVIQyYBTbDs1KK1xSPjdnhwySUfdo047NNjJD28rinDWbLhD9I6Jk2pOBHeL+Q+clkr6/5nUN/T56bLEsiseWHm0OV1jyxuDXM2vZQ==
X-Google-Smtp-Source: AGHT+IFcjn8q1O8P4FiHAlaqWKYF78R287qbenWcNhcXF0qq5MJ3q7Nx3RMmX5TZ8u1Zp6quXvNb
X-Received: by 2002:a05:6870:c18c:b0:21e:e5db:7964 with SMTP id h12-20020a056870c18c00b0021ee5db7964mr1784697oad.23.1708735955565;
        Fri, 23 Feb 2024 16:52:35 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708735955; cv=pass;
        d=google.com; s=arc-20160816;
        b=FH3VW3koyigccadYMNkGe4OPOJI7bWh0Gp8aBI4iTm8fqOJiXSWgmPspktSDXsFwFN
         izf+8YniEMUcO/OpdqBgnSeKn2+jDPU+Q9Fgb+ncEECeDCwPuuvfBA4HMzJtCG94CNjp
         ChY2ufbve0Vzot/2nQXP8rl2Rt++E41Bv3C8opqrQrVgROGeWiREv28L9orz/RJ1/dig
         Y0v59KPvUFRLh2u4+r3eXP6gioNoJpjJd2hwebucZCSe1BsvRfgLv3Dl0cKb9SaRSRLY
         Li9LhBnyG29LwNAH7QNXrNvqxUJtyvqCsztOPtPr3KC9IiiHPBMwzquced+XGngA54J6
         rdJg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date;
        bh=Ilte8i/Rd6zRXe7SqUh2FG02yaZDJZXdo8tz5OMYRbU=;
        fh=o2DHb31comIgRootqrtDWWVMEx4ROOGkd84nYFQM7A8=;
        b=OppNCCkgeKOdHFF1kdamSAP/Wb8JoN7bI+2f48t7+suHzrprYyDTI6FemvY9vYBr4r
         eIOWm3+k7DpvmtBQT8x54qm1FfQiTdJ8UpJs6QSEyOnQ33kC2RhGwt2I//JS4wotjm+X
         lAs3ahQUp9j/oDxDoaT63nrG6+cpSatbYHAQF6I/BVgrl3ZditiIng5KTlGNVZq6CN9q
         AFDvdBilQIA2dEksIX6DRpDHujpocGK3YoFI0BTP0uZlPgmyWphNuoYkvQ8dkcRwhqDf
         lI4dYMM1kR8Cw5aSi48n6QnYE9a4M77KuqQPOmT+6gJKYFExwIDXDP+HxyB1atU1CFs7
         Oqew==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=gondor.apana.org.au dmarc=pass fromdomain=gondor.apana.org.au);
       spf=pass (google.com: domain of linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=REJECT sp=QUARANTINE dis=NONE) header.from=apana.org.au
Return-Path: <linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id h10-20020a63210a000000b005dc4b244601si122501pgh.522.2024.02.23.16.52.35
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 Feb 2024 16:52:35 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=gondor.apana.org.au dmarc=pass fromdomain=gondor.apana.org.au);
       spf=pass (google.com: domain of linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-2302-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=REJECT sp=QUARANTINE dis=NONE) header.from=apana.org.au
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 406FE289CA4
	for <linux.lists.archive@gmail.com>; Sat, 24 Feb 2024 00:52:35 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 8EF664A12;
	Sat, 24 Feb 2024 00:52:25 +0000 (UTC)
X-Original-To: linux-crypto@vger.kernel.org
Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7792EDF
	for <linux-crypto@vger.kernel.org>; Sat, 24 Feb 2024 00:52:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=144.6.53.87
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708735945; cv=none; b=UIT3EjIVG5HmvKgfKqDEhzUAvjeNDmeOCZMC2puckUIe5z35GzHTELQ9vYmPUupmQraJod5sxlvCTEwaWivtM/LGzEnNsKFC92N/NPR/LJE6nm/SMmRk2bq4HQcUzb4Kp3ShCZAq/PnEzqkfrp5azN5kcZbb2XioUKhfOHa4fmY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708735945; c=relaxed/simple;
	bh=8vhDjJ5NkpLiLsGAVlE3HsvYDjCj/cQOQxZHvhXzKak=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=WZBAvfPX0bM7n9DwFuDoyaRRUJyPaRAT8DEc9rXZqRUrsQLIR4/3DVUeOBwp08y8zzbLs+bkn+BaWaa1Y3bUPvs+NA/Bnpuk0usvUqbbICnTTm1RosxsIfH9KXjQVsho9rUTdTapZVy4+paDLLxgAEaStdW/LXac57KyUhBq5Yg=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gondor.apana.org.au; spf=pass smtp.mailfrom=gondor.apana.org.au; arc=none smtp.client-ip=144.6.53.87
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=gondor.apana.org.au
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gondor.apana.org.au
Received: from loth.rohan.me.apana.org.au ([192.168.167.2])
	by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
	id 1rdgH5-00HE05-Pr; Sat, 24 Feb 2024 08:52:20 +0800
Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Sat, 24 Feb 2024 08:52:34 +0800
Date: Sat, 24 Feb 2024 08:52:34 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Ard Biesheuvel <ardb+git@google.com>
Cc: linux-crypto@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
	syzbot+f1ceaa1a09ab891e1934@syzkaller.appspotmail.com,
	Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH v2] crypto: arm64/neonbs - fix out-of-bounds access on
 short input
Message-ID: <Zdk90hKLkPcb2NcD@gondor.apana.org.au>
References: <20240223132035.3174952-1-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240223132035.3174952-1-ardb+git@google.com>

On Fri, Feb 23, 2024 at 02:20:35PM +0100, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
> 
> The bit-sliced implementation of AES-CTR operates on blocks of 128
> bytes, and will fall back to the plain NEON version for tail blocks or
> inputs that are shorter than 128 bytes to begin with.
> 
> It will call straight into the plain NEON asm helper, which performs all
> memory accesses in granules of 16 bytes (the size of a NEON register).
> For this reason, the associated plain NEON glue code will copy inputs
> shorter than 16 bytes into a temporary buffer, given that this is a rare
> occurrence and it is not worth the effort to work around this in the asm
> code.
> 
> The fallback from the bit-sliced NEON version fails to take this into
> account, potentially resulting in out-of-bounds accesses. So clone the
> same workaround, and use a temp buffer for short in/outputs.
> 
> Fixes: fc074e130051 ("crypto: arm64/aes-neonbs-ctr - fallback to plain NEON for final chunk")
> Reported-by: syzbot+f1ceaa1a09ab891e1934@syzkaller.appspotmail.com
> Reviewed-by: Eric Biggers <ebiggers@google.com>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/arm64/crypto/aes-neonbs-glue.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt