From patchwork Tue Sep 4 18:16:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10587751 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 94EA55A4 for ; Tue, 4 Sep 2018 18:18:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7BD82298F8 for ; Tue, 4 Sep 2018 18:18:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6AAC22992E; Tue, 4 Sep 2018 18:18:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 72A04298F8 for ; Tue, 4 Sep 2018 18:18:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=HkXO3pizHuLKAdbD275Ioiirs/KpvOia1KJzQSouPgE=; b=pqUafonogi/2wKeEtnpCfFFj1N i/sCYCFQrBoLazvnjdgD6Jgv/AIFo8EgyulLbe9vZxBJWVefdBRcLVx7xp2Zcx5BOzVEi6+cLlUfq +6tUDv404PkqUmtAeSOQ2CLkB9KNojBxCVBGMMepPh5HTWHiF1RH06SqTc1eglkFu07u+mrxDQhQj L//Ol5m8fjON9w3tsnTPVKmHLjPMvmbgUxMetGHYCgpk+/XX1NjedrC4Rq8i8NAlGQW+oRim3pT1T eRe8MpR6prl4Dp6q8ZbuE3ynv8XWlZsrnJX/k8OHDF8N37ZWrcUnAnL2cVy4swggj/KdubJCn+Rs0 W4XAneqA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fxFtz-0001XQ-E3; Tue, 04 Sep 2018 18:18:11 +0000 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fxFsb-0000kN-So for linux-arm-kernel@lists.infradead.org; Tue, 04 Sep 2018 18:16:49 +0000 Received: by mail-pl1-x644.google.com with SMTP id ba4-v6so1998384plb.11 for ; Tue, 04 Sep 2018 11:16:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nB+CR4lS0Xcd10F4octuTThVuwMrMZ6zDzWzpkfENAU=; b=mB7gQLn9jE8CIQ48SkjDwKzCmmooepbjeWhWNfhtqWZcUFHV13vxPfd9ht7cLaRq90 BSOUQ4Se8KZVs/NGvmfPxKBa/1mZYZZHU/SmM7/UmXPw/5pmb+/8vGTUJm4dhLUCRcaY ZRnBSJr1hYw9RMt9JbKRPJ/W70F5/0HY1+ANA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nB+CR4lS0Xcd10F4octuTThVuwMrMZ6zDzWzpkfENAU=; b=XoYYcqLSGgam7PemqJ5hkvQ+YxEmlo43mbusDZJFUrYISJERhM+15d2vonr/lZS0z/ 6yrNbZ4D3D0Y+YUSs/M27Z1KBw5xjGnfZ+nxySBtB8H/rfSi3eiqxi4T4ROv+yMwRg6e CnQNFEjgMXcOk8wwN8omVjNvhS8Amr9cIyuKVfsHWWZzc91+zbBklaLI/wT6oKv/73uf rayOUsZZJH53zloOg/04YWNeaS8WSFKJ4t63BiLXbIL2gQr7CSLzxMNKlgn6n55EUg37 LKOAQE9erTEer5XFzmNq4gWFWQGYgJfWIR6OlnEA0j00Dq1AHYdMiClJwJJnWzJyiGJ8 schw== X-Gm-Message-State: APzg51CTnzQ0njEbMtR97c0FJAIFHWUMywx9xt5emRzCwqspACtQG+wj 0TVS6feq5+jLio4ciTHswhJX4g== X-Google-Smtp-Source: ANB0VdYWJtqKBC6TrJOa7O8b9ERa/A8aB+tozM5SqtIITCHotyGEzgtH58cEF9TCtnykdexepQE3RQ== X-Received: by 2002:a17:902:64c1:: with SMTP id y1-v6mr34164880pli.45.1536084995849; Tue, 04 Sep 2018 11:16:35 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id z11-v6sm31792016pff.162.2018.09.04.11.16.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 04 Sep 2018 11:16:32 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH 1/2] crypto: skcipher: Allow crypto_skcipher_set_reqsize() to fail Date: Tue, 4 Sep 2018 11:16:28 -0700 Message-Id: <20180904181629.20712-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180904181629.20712-1-keescook@chromium.org> References: <20180904181629.20712-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180904_111645_944747_4EB25808 X-CRM114-Status: GOOD ( 19.96 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Boris Brezillon , Antoine Tenart , Ard Biesheuvel , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Eric Biggers , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , Corentin Labbe , linux-arm-kernel@lists.infradead.org, Christian Lamparter MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], we must put an upper limit on how large an skcipher's reqsize can grow. In order to cleanly handle this limit, crypto_skcipher_set_reqsize() must report whether the desired reqsize is allowed. This means all callers need to check the new return value and handle any cleanup now. This patch adds the return value and updates all the callers to check the result and act appropriately. A followup patch will add the new bounds checking to crypto_skcipher_set_reqsize(). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- crypto/cryptd.c | 7 +++++-- crypto/ctr.c | 7 +++++-- crypto/cts.c | 7 +++++-- crypto/lrw.c | 9 ++++++--- crypto/simd.c | 7 +++++-- crypto/xts.c | 11 ++++++++--- drivers/crypto/amcc/crypto4xx_core.c | 8 +++++++- drivers/crypto/cavium/nitrox/nitrox_algs.c | 9 +++++++-- drivers/crypto/ccree/cc_cipher.c | 6 ++++-- drivers/crypto/hisilicon/sec/sec_algs.c | 5 ++++- drivers/crypto/inside-secure/safexcel_cipher.c | 5 ++++- drivers/crypto/marvell/cipher.c | 4 +--- drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 4 +--- include/crypto/internal/skcipher.h | 4 +++- 14 files changed, 65 insertions(+), 28 deletions(-) diff --git a/crypto/cryptd.c b/crypto/cryptd.c index addca7bae33f..e0131907a537 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -563,15 +563,18 @@ static int cryptd_skcipher_init_tfm(struct crypto_skcipher *tfm) struct crypto_skcipher_spawn *spawn = &ictx->spawn; struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *cipher; + int ret; cipher = crypto_spawn_skcipher(spawn); if (IS_ERR(cipher)) return PTR_ERR(cipher); ctx->child = cipher; - crypto_skcipher_set_reqsize( + ret = crypto_skcipher_set_reqsize( tfm, sizeof(struct cryptd_skcipher_request_ctx)); - return 0; + if (ret) + crypto_free_skcipher(ctx->child); + return ret; } static void cryptd_skcipher_exit_tfm(struct crypto_skcipher *tfm) diff --git a/crypto/ctr.c b/crypto/ctr.c index 435b75bd619e..70b8496ee569 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -319,6 +319,7 @@ static int crypto_rfc3686_init_tfm(struct crypto_skcipher *tfm) struct crypto_skcipher *cipher; unsigned long align; unsigned int reqsize; + int ret; cipher = crypto_spawn_skcipher(spawn); if (IS_ERR(cipher)) @@ -330,9 +331,11 @@ static int crypto_rfc3686_init_tfm(struct crypto_skcipher *tfm) align &= ~(crypto_tfm_ctx_alignment() - 1); reqsize = align + sizeof(struct crypto_rfc3686_req_ctx) + crypto_skcipher_reqsize(cipher); - crypto_skcipher_set_reqsize(tfm, reqsize); + ret = crypto_skcipher_set_reqsize(tfm, reqsize); + if (ret) + crypto_free_skcipher(ctx->child); - return 0; + return ret; } static void crypto_rfc3686_exit_tfm(struct crypto_skcipher *tfm) diff --git a/crypto/cts.c b/crypto/cts.c index 4e28d83ae37d..f04c29f4197f 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -289,6 +289,7 @@ static int crypto_cts_init_tfm(struct crypto_skcipher *tfm) unsigned reqsize; unsigned bsize; unsigned align; + int ret; cipher = crypto_spawn_skcipher(spawn); if (IS_ERR(cipher)) @@ -303,9 +304,11 @@ static int crypto_cts_init_tfm(struct crypto_skcipher *tfm) crypto_tfm_ctx_alignment()) + (align & ~(crypto_tfm_ctx_alignment() - 1)) + bsize; - crypto_skcipher_set_reqsize(tfm, reqsize); + ret = crypto_skcipher_set_reqsize(tfm, reqsize); + if (ret) + crypto_free_skcipher(ctx->child); - return 0; + return ret; } static void crypto_cts_exit_tfm(struct crypto_skcipher *tfm) diff --git a/crypto/lrw.c b/crypto/lrw.c index 393a782679c7..dc344046b637 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -426,6 +426,7 @@ static int init_tfm(struct crypto_skcipher *tfm) struct crypto_skcipher_spawn *spawn = skcipher_instance_ctx(inst); struct priv *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *cipher; + int ret; cipher = crypto_spawn_skcipher(spawn); if (IS_ERR(cipher)) @@ -433,10 +434,12 @@ static int init_tfm(struct crypto_skcipher *tfm) ctx->child = cipher; - crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(cipher) + - sizeof(struct rctx)); + ret = crypto_skcipher_set_reqsize(tfm, + crypto_skcipher_reqsize(cipher) + sizeof(struct rctx)); + if (ret) + crypto_free_skcipher(ctx->child); - return 0; + return ret; } static void exit_tfm(struct crypto_skcipher *tfm) diff --git a/crypto/simd.c b/crypto/simd.c index ea7240be3001..bf1a27057e92 100644 --- a/crypto/simd.c +++ b/crypto/simd.c @@ -112,6 +112,7 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm) struct simd_skcipher_alg *salg; struct skcipher_alg *alg; unsigned reqsize; + int ret; alg = crypto_skcipher_alg(tfm); salg = container_of(alg, struct simd_skcipher_alg, alg); @@ -127,9 +128,11 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm) reqsize = sizeof(struct skcipher_request); reqsize += crypto_skcipher_reqsize(&cryptd_tfm->base); - crypto_skcipher_set_reqsize(tfm, reqsize); + ret = crypto_skcipher_set_reqsize(tfm, reqsize); + if (ret) + cryptd_free_skcipher(ctx->cryptd_tfm); - return 0; + return ret; } struct simd_skcipher_alg *simd_skcipher_create_compat(const char *algname, diff --git a/crypto/xts.c b/crypto/xts.c index ccf55fbb8bc2..d7a85abb9723 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -364,6 +364,7 @@ static int init_tfm(struct crypto_skcipher *tfm) struct priv *ctx = crypto_skcipher_ctx(tfm); struct crypto_skcipher *child; struct crypto_cipher *tweak; + int ret; child = crypto_spawn_skcipher(&ictx->spawn); if (IS_ERR(child)) @@ -379,10 +380,14 @@ static int init_tfm(struct crypto_skcipher *tfm) ctx->tweak = tweak; - crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(child) + - sizeof(struct rctx)); + ret = crypto_skcipher_set_reqsize(tfm, + crypto_skcipher_reqsize(child) + sizeof(struct rctx)); + if (ret) { + crypto_free_cipher(ctx->tweak); + crypto_free_skcipher(ctx->child); + } - return 0; + return ret; } static void exit_tfm(struct crypto_skcipher *tfm) diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c index 6eaec9ba0f68..de41bc35629c 100644 --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -951,6 +951,8 @@ static int crypto4xx_sk_init(struct crypto_skcipher *sk) struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(sk); if (alg->base.cra_flags & CRYPTO_ALG_NEED_FALLBACK) { + int ret; + ctx->sw_cipher.cipher = crypto_alloc_skcipher(alg->base.cra_name, 0, CRYPTO_ALG_NEED_FALLBACK | @@ -958,9 +960,13 @@ static int crypto4xx_sk_init(struct crypto_skcipher *sk) if (IS_ERR(ctx->sw_cipher.cipher)) return PTR_ERR(ctx->sw_cipher.cipher); - crypto_skcipher_set_reqsize(sk, + ret = crypto_skcipher_set_reqsize(sk, sizeof(struct skcipher_request) + 32 + crypto_skcipher_reqsize(ctx->sw_cipher.cipher)); + if (ret) { + crypto_free_skcipher(ctx->sw_cipher.cipher); + return ret; + } } amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.cipher); diff --git a/drivers/crypto/cavium/nitrox/nitrox_algs.c b/drivers/crypto/cavium/nitrox/nitrox_algs.c index 2ae6124e5da6..f0e688d37da6 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_algs.c +++ b/drivers/crypto/cavium/nitrox/nitrox_algs.c @@ -74,6 +74,7 @@ static int nitrox_skcipher_init(struct crypto_skcipher *tfm) { struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(tfm); void *fctx; + int ret; /* get the first device */ nctx->ndev = nitrox_get_first_device(); @@ -87,9 +88,13 @@ static int nitrox_skcipher_init(struct crypto_skcipher *tfm) return -ENOMEM; } nctx->u.ctx_handle = (uintptr_t)fctx; - crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(tfm) + + ret = crypto_skcipher_set_reqsize(tfm, crypto_skcipher_reqsize(tfm) + sizeof(struct nitrox_kcrypt_request)); - return 0; + if (ret) { + crypto_free_context(fctx); + nitrox_put_device(nctx->ndev); + } + return ret; } static void nitrox_skcipher_exit(struct crypto_skcipher *tfm) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 7623b29911af..ec8e9506f4c5 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -136,13 +136,15 @@ static int cc_cipher_init(struct crypto_tfm *tfm) skcipher_alg.base); struct device *dev = drvdata_to_dev(cc_alg->drvdata); unsigned int max_key_buf_size = cc_alg->skcipher_alg.max_keysize; - int rc = 0; + int rc; dev_dbg(dev, "Initializing context @%p for %s\n", ctx_p, crypto_tfm_alg_name(tfm)); - crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), + rc = crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), sizeof(struct cipher_req_ctx)); + if (rc) + return rc; ctx_p->cipher_mode = cc_alg->cipher_mode; ctx_p->flow_mode = cc_alg->flow_mode; diff --git a/drivers/crypto/hisilicon/sec/sec_algs.c b/drivers/crypto/hisilicon/sec/sec_algs.c index f7d6d690116e..b10ff7202718 100644 --- a/drivers/crypto/hisilicon/sec/sec_algs.c +++ b/drivers/crypto/hisilicon/sec/sec_algs.c @@ -880,10 +880,13 @@ static int sec_alg_skcipher_decrypt(struct skcipher_request *req) static int sec_alg_skcipher_init(struct crypto_skcipher *tfm) { struct sec_alg_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); + int ret; mutex_init(&ctx->lock); INIT_LIST_HEAD(&ctx->backlog); - crypto_skcipher_set_reqsize(tfm, sizeof(struct sec_request)); + ret = crypto_skcipher_set_reqsize(tfm, sizeof(struct sec_request)); + if (ret) + return ret; ctx->queue = sec_queue_alloc_start_safe(); if (IS_ERR(ctx->queue)) diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c index 3aef1d43e435..b64a245a00fb 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -782,9 +782,12 @@ static int safexcel_skcipher_cra_init(struct crypto_tfm *tfm) struct safexcel_alg_template *tmpl = container_of(tfm->__crt_alg, struct safexcel_alg_template, alg.skcipher.base); + int ret; - crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), + ret = crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), sizeof(struct safexcel_cipher_req)); + if (ret) + return ret; ctx->priv = tmpl->priv; diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 0ae84ec9e21c..41a2e047beb6 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -241,10 +241,8 @@ static int mv_cesa_skcipher_cra_init(struct crypto_tfm *tfm) ctx->ops = &mv_cesa_skcipher_req_ops; - crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), + return crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), sizeof(struct mv_cesa_skcipher_req)); - - return 0; } static int mv_cesa_aes_setkey(struct crypto_skcipher *cipher, const u8 *key, diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c index 5cf64746731a..d01fb1054b77 100644 --- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c +++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c @@ -465,10 +465,8 @@ int sun4i_ss_cipher_init(struct crypto_tfm *tfm) alg.crypto.base); op->ss = algt->ss; - crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), + return crypto_skcipher_set_reqsize(__crypto_skcipher_cast(tfm), sizeof(struct sun4i_cipher_req_ctx)); - - return 0; } /* check and set the AES key, prepare the mode to be used */ diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index e42f7063f245..d2926ecae2ac 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -127,10 +127,12 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher( return crypto_spawn_tfm2(&spawn->base); } -static inline void crypto_skcipher_set_reqsize( +static inline int crypto_skcipher_set_reqsize( struct crypto_skcipher *skcipher, unsigned int reqsize) { skcipher->reqsize = reqsize; + + return 0; } int crypto_register_skcipher(struct skcipher_alg *alg); From patchwork Tue Sep 4 18:16:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10587747 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 76DF3175A for ; Tue, 4 Sep 2018 18:16:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62C002985D for ; Tue, 4 Sep 2018 18:16:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 55FEF29C1F; Tue, 4 Sep 2018 18:16:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D81E62985D for ; Tue, 4 Sep 2018 18:16:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Y7q6kQ94QSqWEMP7j9d0Gftm6VTS7KrPkKtKIcLEecI=; b=uJuP9UErhfuQ+eW3cGXFYSrbJH 7+evmwH0H7llQ7f+GaTviUTAJUUGc7VnrBUMQYHzDzWcobOOecCpAxaysRYvgw+b3wyN430FJUx6o n/JbuOK+s0bcX+DcLyGWp/SaPW39gg8GOjM43s9TrSyK86R2SSYBjcto8Qxyf3fmX+Ng75SosszTB dvHtndbJIw3elospEV59qXazNYJ8qAQRLLHnuaxNIKkURiVe1JfOjXgeTaxiRxRrcTjZNHffJZRtN hEatpteJjJEwv4uSAPxmwjqLuO+51afdGf/B8XqUoBGAxRL2pnSwNiMcg33fLDwIuVngr69RLAWga ytJFfIXw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fxFsf-0000mq-95; Tue, 04 Sep 2018 18:16:49 +0000 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fxFsb-0000k9-FV for linux-arm-kernel@lists.infradead.org; Tue, 04 Sep 2018 18:16:47 +0000 Received: by mail-pl1-x642.google.com with SMTP id f6-v6so2016868plo.1 for ; Tue, 04 Sep 2018 11:16:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Grbq2zQ3A4RhONhGOZUwbxnQrSQ434BRDzK8+t1CT3o=; b=ThtCkZ2YkCZaLcEhmQ/Zr23+uw5rXcjk2HmjnCpWaiQIvxg13hkLbzdjgfEhbUn/VS KesgmKVo6v/JS1wbMSP6olTM9AOJEW9OnZQ1IzyfkVU9izj1FA/euGHLuooSpp6UR0if EN8fIByydxDx3Gu6VCAzBFpe2qp/cwtkiFyd0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Grbq2zQ3A4RhONhGOZUwbxnQrSQ434BRDzK8+t1CT3o=; b=ofzIYPHFgrEkQrGiaWeasbsX6wzV313WuQfLDYdpzMGezOYrifP/E4UxRycs63DplM 3FkRljhodaBAOpuTWkWUjZNAunImkhGa/+7dMyUb18RrK2+lDHqn7nn+s9Zjue3MauKa uCHI1Q32YA+p6mESv1ka+zNyEA3ZmTRNqn4HtuK/EG5ETg3JTKVZCsBQDvTUe6BiNEbU NfEFjAfiPVlrFUOEth4c6RVt8oIkYmbn/FoR0rKwZu6ZpuTEzJqmyUle2sMt3bHwEyZh 8XHGrJq/7jvGg2zffzBdhvTNBOZcETD6EuYYWyrrmULZERxPyO7QCy7T08WZJ4ziagrW 5UWw== X-Gm-Message-State: APzg51ATtM3RAlxaYZIEsZb3POZa+oD1dXj5emC5njwkQfy/rtV/smDM ijBU2N352gpiGeiYBaz+zzWIOQ== X-Google-Smtp-Source: ANB0VdZqhIyxgVgJ/wEoDsmFr44ZGNjpNJ2Fg7Mg6OTMFLfOQwhIwzN8isNxfWlaSEQ0CjFGhfoe2A== X-Received: by 2002:a17:902:8a92:: with SMTP id p18-v6mr34176720plo.148.1536084994102; Tue, 04 Sep 2018 11:16:34 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id r205-v6sm61545336pgr.11.2018.09.04.11.16.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 04 Sep 2018 11:16:32 -0700 (PDT) From: Kees Cook To: Herbert Xu Subject: [PATCH 2/2] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Date: Tue, 4 Sep 2018 11:16:29 -0700 Message-Id: <20180904181629.20712-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180904181629.20712-1-keescook@chromium.org> References: <20180904181629.20712-1-keescook@chromium.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180904_111645_518748_B0D4D8D1 X-CRM114-Status: GOOD ( 15.24 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Ripard , Arnaud Ebalard , Kees Cook , Boris Brezillon , Antoine Tenart , Ard Biesheuvel , linux-kernel@vger.kernel.org, Gilad Ben-Yossef , Chen-Yu Tsai , Eric Biggers , linux-crypto@vger.kernel.org, Jonathan Cameron , Philippe Ombredanne , Corentin Labbe , linux-arm-kernel@lists.infradead.org, Christian Lamparter MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this caps the skcipher request size similar to other limits and adds a sanity check at registration. Looking at instrumented tcrypt output, the largest is for lrw: crypt: testing lrw(aes) crypto_skcipher_set_reqsize: 8 crypto_skcipher_set_reqsize: 88 crypto_skcipher_set_reqsize: 472 [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- include/crypto/internal/skcipher.h | 3 +++ include/crypto/skcipher.h | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index d2926ecae2ac..6da811c0747e 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -130,6 +130,9 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher( static inline int crypto_skcipher_set_reqsize( struct crypto_skcipher *skcipher, unsigned int reqsize) { + if (WARN_ON(reqsize > SKCIPHER_MAX_REQSIZE)) + return -EINVAL; + skcipher->reqsize = reqsize; return 0; diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 2f327f090c3e..c48e194438cf 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -139,9 +139,11 @@ struct skcipher_alg { struct crypto_alg base; }; +#define SKCIPHER_MAX_REQSIZE 472 + #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \ char __##name##_desc[sizeof(struct skcipher_request) + \ - crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR; \ + SKCIPHER_MAX_REQSIZE] CRYPTO_MINALIGN_ATTR; \ struct skcipher_request *name = (void *)__##name##_desc /**