From patchwork Thu Aug 11 19:48:07 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kirill Marinushkin X-Patchwork-Id: 9275843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CBCE260780 for ; Thu, 11 Aug 2016 19:48:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BAF2E28786 for ; Thu, 11 Aug 2016 19:48:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AF6F028788; Thu, 11 Aug 2016 19:48:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C6D628786 for ; Thu, 11 Aug 2016 19:48:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932501AbcHKTsS (ORCPT ); Thu, 11 Aug 2016 15:48:18 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:33012 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932256AbcHKTsQ (ORCPT ); Thu, 11 Aug 2016 15:48:16 -0400 Received: by mail-wm0-f66.google.com with SMTP id o80so1182519wme.0; Thu, 11 Aug 2016 12:48:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Bb4Rhtd5ElXHGYJjfQYtaNhlv+QEWXFi6t0QsMhGx+k=; b=r55UBGX/EAo4C5Ylw/do7U30FN3dPLO1CkOmFXz4YB1SL7fNCugG/EgtXLoOEP2Cax 5YMaA0+uTx2eQcKVAlxDP8ZvMxq9gAwXMprZXIHXt9sxY3wgBe/xGEebQJNzQkVuPYF+ Db4rqtJmHkzaGZThCX4ffN7Tg1gokQ+xVxULagRscrEdKs5Oq9Qq50BBA2UiSS7ESpH4 s2H04vMFsHqQtcrWRBZ656CT+qnRm5AFkt3P3kp6h/FTeZsoHbaSKfvQqH8D2VBczPC+ vmk2Wnt69QA1mV7a3JbvjQ5cnqc4/WoSBhtj9fnaZgBrhFneJk3REs9IebS6zI7KAV0U SZoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Bb4Rhtd5ElXHGYJjfQYtaNhlv+QEWXFi6t0QsMhGx+k=; b=UxmFVvwqxc4ZwC8tyOV1XC+jmdKA0clXecHV1qhjotZ77z8BLUOp61iweA4el6VYii MbOUl0FvNWCBlFEeFyqwlb2oUbqYRpqPCPzOkFwiEuH+DgzHFtkX8pnmGi7vpLTSHhBa HrN2e5RQJMfzYM/jgi/bSeSlncoO+px0REdaBk2IDtryJFXwYcLv+FhS2DbQhHFyla/z mweDgw9zQ6Gls9Tu3XTMQ1JrTm2KiZUanoXKejgAFilxzfBBrU8vb1qax5NWIVAy7GjR Gm9rolZxGsZiwQavJQOINOJR2SONWRPppQUBHFgpbDOzNmtivvJkg91JAgEa9+20KqtR 7YxQ== X-Gm-Message-State: AEkooutAPBFJ4Pgy+YSToXx/YPemrScAnQw8jclSHFCtAucoC4xRHZsKduIfYcEfr3GnNw== X-Received: by 10.194.11.102 with SMTP id p6mr11454291wjb.104.1470944894533; Thu, 11 Aug 2016 12:48:14 -0700 (PDT) Received: from kirill-Lenovo-B570e.localdomain (x4e32d4cc.dyn.telefonica.de. [78.50.212.204]) by smtp.gmail.com with ESMTPSA id p83sm1251942wma.18.2016.08.11.12.48.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 11 Aug 2016 12:48:13 -0700 (PDT) From: Kirill Marinushkin To: dhowells@redhat.com Cc: k.marinushkin@gmail.com, zer0mem@yahoo.com, gregkh@linuxfoundation.org, serge@hallyn.com, james.l.morris@oracle.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: RE: [RFC][PATCH] KEYS: Sort out big_key initialisation Date: Thu, 11 Aug 2016 21:48:07 +0200 Message-Id: <1470944887-8869-1-git-send-email-k.marinushkin@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <10390.1469625815@warthog.procyon.org.uk> References: <10390.1469625815@warthog.procyon.org.uk> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP > The attached patch *might* fix the problem that's being seen. It certainly > fixes the init problem. I tested that the patch suggested in the original RFC works and really fixes the issue. The issue reproduses always with the reporter's configuration. After applying the patch suggested in the original RFC, big_key returns error code instead of crashing. Tested with: method suggested in the original report; method suggested in the original RFC; some other tests. Additionally below is a fix for dependency. After applying this patch big_key is created and read successfully. --- commit 69ed34b303f87a1a53470dd37149ac1573d79da2 Author: Kirill Marinushkin Date: Mon, 8 Aug 2016 23:19:32 +0200 KEYS: fix big_key dependency Signed-off-by: Kirill Marinushkin cc: David Howells cc: Peter Hlavaty cc: Greg KH cc: stable@vger.kernel.org --- security/keys/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keys/Kconfig b/security/keys/Kconfig index f826e87..8213221 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -44,7 +44,7 @@ config BIG_KEYS select CRYPTO select CRYPTO_AES select CRYPTO_ECB - select CRYPTO_RNG + select CRYPTO_ANSI_CPRNG help This option provides support for holding large keys within the kernel (for example Kerberos ticket caches). The data may be stored out to