[v5,01/11] crypto: xcbc: Remove VLA usage

Message ID	20180717042150.37761-2-keescook@chromium.org (mailing list archive)
State	Not Applicable, archived
Delegated to:	Mike Snitzer
Headers	show Return-Path: <dm-devel-bounces@redhat.com> From: Kees Cook <keescook@chromium.org> To: Herbert Xu <herbert@gondor.apana.org.au> Date: Mon, 16 Jul 2018 21:21:40 -0700 Message-Id: <20180717042150.37761-2-keescook@chromium.org> In-Reply-To: <20180717042150.37761-1-keescook@chromium.org> References: <20180717042150.37761-1-keescook@chromium.org> Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com>, Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>, "Gustavo A. R. Silva" <gustavo@embeddedor.com>, Mike Snitzer <snitzer@redhat.com>, Eric Biggers <ebiggers@google.com>, qat-linux@intel.com, linux-kernel@vger.kernel.org, dm-devel@redhat.com, linux-crypto@vger.kernel.org, Lars Persson <larper@axis.com>, Tim Chen <tim.c.chen@linux.intel.com>, Alasdair Kergon <agk@redhat.com>, Rabin Vincent <rabinv@axis.com> Subject: [dm-devel] [PATCH v5 01/11] crypto: xcbc: Remove VLA usage Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com

Message ID

20180717042150.37761-2-keescook@chromium.org (mailing list archive)

State

Not Applicable, archived

Delegated to:

Mike Snitzer

Headers

From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 16 Jul 2018 21:21:40 -0700
Message-Id: <20180717042150.37761-2-keescook@chromium.org>
In-Reply-To: <20180717042150.37761-1-keescook@chromium.org>
References: <20180717042150.37761-1-keescook@chromium.org>
Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
	Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	Mike Snitzer <snitzer@redhat.com>,
	Eric Biggers <ebiggers@google.com>, qat-linux@intel.com,
	linux-kernel@vger.kernel.org, dm-devel@redhat.com,
	linux-crypto@vger.kernel.org, Lars Persson <larper@axis.com>,
	Tim Chen <tim.c.chen@linux.intel.com>, Alasdair Kergon <agk@redhat.com>, 
	Rabin Vincent <rabinv@axis.com>
Subject: [dm-devel] [PATCH v5 01/11] crypto: xcbc: Remove VLA usage
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dm-devel-bounces@redhat.com
Errors-To: dm-devel-bounces@redhat.com

Commit Message

Kees Cook July 17, 2018, 4:21 a.m. UTC

In the quest to remove all stack VLA usage from the kernel[1], this uses
the maximum blocksize and adds a sanity check. For xcbc, the blocksize
must always be 16, so use that, since it's already being enforced during
instantiation.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/xcbc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Herbert Xu July 17, 2018, 6:35 a.m. UTC | #1

On Mon, Jul 16, 2018 at 09:21:40PM -0700, Kees Cook wrote:
> In the quest to remove all stack VLA usage from the kernel[1], this uses
> the maximum blocksize and adds a sanity check. For xcbc, the blocksize
> must always be 16, so use that, since it's already being enforced during
> instantiation.
> 
> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  crypto/xcbc.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/xcbc.c b/crypto/xcbc.c
> index 25c75af50d3f..7aa03beed795 100644
> --- a/crypto/xcbc.c
> +++ b/crypto/xcbc.c
> @@ -57,6 +57,8 @@ struct xcbc_desc_ctx {
>  	u8 ctx[];
>  };
>  
> +#define XCBC_BLOCKSIZE	16
> +
>  static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
>  				     const u8 *inkey, unsigned int keylen)
>  {
> @@ -65,7 +67,10 @@ static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
>  	int bs = crypto_shash_blocksize(parent);
>  	u8 *consts = PTR_ALIGN(&ctx->ctx[0], alignmask + 1);
>  	int err = 0;
> -	u8 key1[bs];
> +	u8 key1[XCBC_BLOCKSIZE];
> +
> +	if (WARN_ON(bs > sizeof(key1)))
> +		return -EINVAL;

Please remove this.  You already checked it in xcbc_create.

In fact, you should just make bs XCBC_BLOCKSIZE unconditinoally
in this function.

Cheers,

diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af50d3f..7aa03beed795 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -57,6 +57,8 @@  struct xcbc_desc_ctx {
 	u8 ctx[];
 };
 
+#define XCBC_BLOCKSIZE	16
+
 static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
 				     const u8 *inkey, unsigned int keylen)
 {
@@ -65,7 +67,10 @@  static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
 	int bs = crypto_shash_blocksize(parent);
 	u8 *consts = PTR_ALIGN(&ctx->ctx[0], alignmask + 1);
 	int err = 0;
-	u8 key1[bs];
+	u8 key1[XCBC_BLOCKSIZE];
+
+	if (WARN_ON(bs > sizeof(key1)))
+		return -EINVAL;
 
 	if ((err = crypto_cipher_setkey(ctx->child, inkey, keylen)))
 		return err;
@@ -212,7 +217,7 @@  static int xcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
 		return PTR_ERR(alg);
 
 	switch(alg->cra_blocksize) {
-	case 16:
+	case XCBC_BLOCKSIZE:
 		break;
 	default:
 		goto out_put_alg;

[v5,01/11] crypto: xcbc: Remove VLA usage

Commit Message

Comments

Patch