From patchwork Thu Sep 6 22:58:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10591283 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AF0E313AC for ; Thu, 6 Sep 2018 22:59:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 519A72B14D for ; Thu, 6 Sep 2018 22:59:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 44E872B195; Thu, 6 Sep 2018 22:59:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D62802B14D for ; Thu, 6 Sep 2018 22:59:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=+0Wubf4086S8mgn4EGMu83B74Yt6rH8Pcj4WIeSfbUE=; b=u88 P9sAS1gMlHX7Ca3YwPilCki5R6K5enNvxF1sSNvK8p4tiqReAnI1b+u2jdBhvDDruzD5tfKmacFzP H51csAJnUEYvJav0a8pUvui5H26oLxxa/NV9jpgebsQNAEiKISt4brXZepG1Ei0Gs67ZhbzhfbdhH gX646sqpiHKNGyHXWklfvoL2DXHCvSNCqSyNIFf6gQQkA5zH58181u1SCkNzrWVKvR2UySWbfQw+j muLlKrEdTPGx0pgEuEyIcyiUmdG1lkAaF2AuBiVpe/YIyz+S7Dqd/R0dyj3BeCGG8ufhbsDU0fuGG CN8sMnidozIX5ISjZUPCHAIABWdeAsQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3FH-0005Yl-Ur; Thu, 06 Sep 2018 22:59:27 +0000 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fy3F4-0005U8-7W for linux-arm-kernel@lists.infradead.org; Thu, 06 Sep 2018 22:59:24 +0000 Received: by mail-pg1-x544.google.com with SMTP id y4-v6so5954491pgp.9 for ; Thu, 06 Sep 2018 15:59:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=54lVbIo1lDuCzb67uTyjPcUEOxnRHWhERg6k2kB4aPw=; b=QK5+saYE4Z5USdkq1zbsNBAYLnzqWCyoVg4HRYIuK7XPgFcGLCW4A7smQFmjJiu0Ft V21wW7yOZIodYJCX0hjyP31aqBfg7b2SzyNvgK8XjRQpWMCRsu2/Tl6YDE8WMbjwb6xl exwn3dXT49Pnj0OmyHhXnf4rR3AX/s+Y4/Blo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=54lVbIo1lDuCzb67uTyjPcUEOxnRHWhERg6k2kB4aPw=; b=B2CBKfRK9LBgIKbFyhNuG2+E9PJ+rOifJvV0BCTxaZvTnVzZFf+jaX+y7i2G0GyGRo ENZQ+yK/qnf8x0fjp4XEYHkXtp9sG4T16ejscZWNXr7COKSEGMAdyHBoCHRSJhi7Q12v +yGbPWFsr6UGtwZAke5poY5iUrA8goo4hiKs+TN/N5jLFEYpWZff6EiiNjX2w8ZU0Pjl MixyWl9R9uCRN6A9z8JJLzTbLyzQldJraSDx37Jj9s0WTgs/dsQ4Nv0sdmOn929tQgKg tHjLC1PbaqjoZ5fzrASMMCkR0v+66Shw0YcWwUu4eNyQtR/N/S5IcHsrjMOMz7p9GuXj i3qw== X-Gm-Message-State: APzg51D8cscX42uDOCmcE+GSuUSjERROatEFNAqnCZs+S+3h3wzvkED0 hoWG7oMO0W4LWXPVPuwexQQYbA== X-Google-Smtp-Source: ANB0Vda85UoUNLCHyDbUfpwrzSzQ7QzZiO3WbEwSFwIhi2cKd31czDvTVhRpkJuPO7lXxee+lT2xoA== X-Received: by 2002:a63:d645:: with SMTP id d5-v6mr5176531pgj.450.1536274742889; Thu, 06 Sep 2018 15:59:02 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id d6-v6sm10777007pgt.66.2018.09.06.15.59.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 06 Sep 2018 15:59:01 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH v2 0/4] crypto: skcipher - Remove VLA usage Date: Thu, 6 Sep 2018 15:58:50 -0700 Message-Id: <20180906225854.40989-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180906_155914_331589_82107A54 X-CRM114-Status: GOOD ( 10.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Christian Lamparter , Ard Biesheuvel , Antoine Tenart , Boris Brezillon , Eric Biggers , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Corentin Labbe , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , linux-arm-kernel@lists.infradead.org, Alexander Stein MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP This removes VLAs[1] from SKCIPHER_REQUEST_ON_STACK by making sure that on-stack requests are being used only on non-ASYNC algorithms and that enough space has been reserved. v2: - Instead of globally failing large reqsizes, limit to only non-ASYNC users of the on-stack request. - Remove unused tfm argument after VLA removal. -Kees [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Kees Cook (4): crypto: skcipher - Consolidate encrypt/decrypt sanity check crypto: skcipher - Enforce non-ASYNC for on-stack requests crypto: skcipher - Remove VLA usage for SKCIPHER_REQUEST_ON_STACK crypto: skcipher - Remove unused argument to SKCIPHER_REQUEST_ON_STACK() arch/s390/crypto/aes_s390.c | 8 +- arch/x86/crypto/fpu.c | 4 +- crypto/algif_aead.c | 2 +- crypto/authenc.c | 2 +- crypto/authencesn.c | 2 +- crypto/cryptd.c | 4 +- crypto/echainiv.c | 2 +- crypto/gcm.c | 2 +- crypto/seqiv.c | 2 +- drivers/block/cryptoloop.c | 2 +- drivers/crypto/axis/artpec6_crypto.c | 2 +- drivers/crypto/ccp/ccp-crypto-aes-xts.c | 2 +- drivers/crypto/chelsio/chcr_algo.c | 2 +- drivers/crypto/mxs-dcp.c | 2 +- drivers/crypto/omap-aes.c | 2 +- drivers/crypto/picoxcell_crypto.c | 2 +- drivers/crypto/qce/ablkcipher.c | 2 +- drivers/crypto/sahara.c | 8 +- drivers/crypto/vmx/aes_cbc.c | 4 +- drivers/crypto/vmx/aes_ctr.c | 2 +- drivers/crypto/vmx/aes_xts.c | 2 +- drivers/net/ppp/ppp_mppe.c | 6 +- drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 4 +- drivers/staging/rtl8192e/rtllib_crypt_wep.c | 4 +- .../rtl8192u/ieee80211/ieee80211_crypt_tkip.c | 4 +- .../rtl8192u/ieee80211/ieee80211_crypt_wep.c | 4 +- drivers/usb/wusbcore/crypto.c | 2 +- include/crypto/skcipher.h | 74 ++++++++++++++----- net/ceph/crypto.c | 2 +- net/mac802154/llsec.c | 4 +- net/rxrpc/rxkad.c | 10 +-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 14 ++-- net/wireless/lib80211_crypt_tkip.c | 4 +- net/wireless/lib80211_crypt_wep.c | 4 +- 34 files changed, 116 insertions(+), 80 deletions(-)