From patchwork Thu Aug  2 22:51:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554283
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 271AC13BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:03 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13E342C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:03 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 081A52C4E1; Thu,  2 Aug 2018 22:52:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AB83B2C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:02 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732067AbeHCApQ (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:16 -0400
Received: from mail-pg1-f194.google.com ([209.85.215.194]:41516 "EHLO
        mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731944AbeHCApQ (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:16 -0400
Received: by mail-pg1-f194.google.com with SMTP id z8-v6so1887687pgu.8
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=4w4IN2J6dONrrlVeO1+L0Kz9qBIwIaC7ttYkBFQeQFw=;
        b=MJPtM5DrXi71NqaWEQYItiJlS3TD+nNAyTVAZSz56FSXdi41JPXEIZCHRfaKPO4EGa
         r9bnOJ8j0gTaHlb1zSUOXZYTYqTmHxwiIH5BGkUWd3Jcc5cQZ/Yq23cOPaClZMMODbr/
         CojOQODYnJ/R98Ahr+wnJbTn5SrM8+olatYVs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=4w4IN2J6dONrrlVeO1+L0Kz9qBIwIaC7ttYkBFQeQFw=;
        b=r+Yz1fRcpKfMJ1Y8UmDHuUp+ndkVRtw8HbE/8tP8+Z9URRrueJ+ghXaMA8NdKxcPDV
         zVOdciuSpuDHUJ6fQpBiXTwPDPdJjAoQIdP1Qj/B/rn7vtsQDOULhjo/IilP43Gh/Ur9
         0/1BzYW4Bw5ZCseuYCSdC8sQv0PdEejPsiCXby8+YdHlT7YpDt5jPUmR+jkRimjzU7ud
         u7Uxcw8lI9F8pTjHfiBW9008nL9oibxJu5eEg2xY20ULn5AB6e/5O1OpJVHAIVJPaYbM
         ul95nxx54hObNT8xG7VMdMKox/30V4gUlN+gUNrGLoc0iPE3Scd5EYjbbbMMKQEFMKQ4
         B1Lg==
X-Gm-Message-State: AOUpUlEJTClGqI2BKK2ZUUxI05TCW1pn9YEEbuEiAyoPMdKLz6t3UTCZ
        DVGwoLivYcNr2lcjnlebQSWSUU7g/HE=
X-Google-Smtp-Source: 
 AAOMgpfS7uWJ2m2fnCd3q5O44WlAj38sQsrNquS+SSvsE+4QOZ9ZAOZxHfW/J5fqtyqnrkchc4RsdA==
X-Received: by 2002:a62:cac5:: with SMTP id
 y66-v6mr1437334pfk.187.1533250319247;
        Thu, 02 Aug 2018 15:51:59 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 5-v6sm4465319pgc.86.2018.08.02.15.51.55
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:51:56 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 1/9] crypto: xcbc: Remove VLA usage
Date: Thu,  2 Aug 2018 15:51:44 -0700
Message-Id: <20180802225152.19194-2-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this uses
the maximum blocksize and adds a sanity check. For xcbc, the blocksize
must always be 16, so use that, since it's already being enforced during
instantiation.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/xcbc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af50d3f..c055f57fab11 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -57,15 +57,17 @@ struct xcbc_desc_ctx {
 	u8 ctx[];
 };
 
+#define XCBC_BLOCKSIZE	16
+
 static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
 				     const u8 *inkey, unsigned int keylen)
 {
 	unsigned long alignmask = crypto_shash_alignmask(parent);
 	struct xcbc_tfm_ctx *ctx = crypto_shash_ctx(parent);
-	int bs = crypto_shash_blocksize(parent);
 	u8 *consts = PTR_ALIGN(&ctx->ctx[0], alignmask + 1);
 	int err = 0;
-	u8 key1[bs];
+	u8 key1[XCBC_BLOCKSIZE];
+	int bs = sizeof(key1);
 
 	if ((err = crypto_cipher_setkey(ctx->child, inkey, keylen)))
 		return err;
@@ -212,7 +214,7 @@ static int xcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
 		return PTR_ERR(alg);
 
 	switch(alg->cra_blocksize) {
-	case 16:
+	case XCBC_BLOCKSIZE:
 		break;
 	default:
 		goto out_put_alg;

From patchwork Thu Aug  2 22:51:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554281
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 212A013BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:00 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C7E42C4E0
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:00 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id F230E2C4E1; Thu,  2 Aug 2018 22:51:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9CE1B2C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:51:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727302AbeHCApO (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:14 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:42062 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726791AbeHCApO (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:14 -0400
Received: by mail-pg1-f195.google.com with SMTP id y4-v6so1886524pgp.9
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:51:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=;
        b=YK0sLQ6yx/nNf22z78FvybF7smSHZTnhCRXQxGyslT7EpdDx2alGo3541jQNsGp9vp
         8pDZrDntU+idgZMIW2VDvcaO1N0zhTJCjJZIexUkW5A5TeQmfDQqalbe48DGnFU0buQf
         uEONOy+9a5tJLimhzzgbNSgnmtp8nSNISwRZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=;
        b=YnZvDLvG7S7NxE+T1WcPirFfLakAHxr2FVhXxNV9qpsEK/drSR2/qL0nzXS6SN/dP9
         3eOs9a2kUkadhQ7uoEWMzJiAHgN1dQkzq84wCDvhhlEznGTtdalwSCTWqeLbHsHWgRmf
         swfff/VHhyQ4F8g+sn/20MnaFRIraaAaT2R1QvUeFCyr4pF+bDaUVhZy7OD4S1n8H8pO
         wk9cIPTkVatBP2y40+S9/degDDaLidUJyex0YC0NrlvN6+il0JdcgJGv0dRBbZQit342
         poXaIXj1/n9x5FnNptbw8vkcakJ0Y/94M7wkP8xs3T0RBK352n6FFLgMut9+TqwrGDW5
         d7yQ==
X-Gm-Message-State: AOUpUlEnMn8hAJtkp1JOwNm8FRWfuRX7AZuFnpeWmjHHbZ3RqC3gYyIp
        zCS0TZ43W9QT1ZdJy1UOUA4NxQ==
X-Google-Smtp-Source: 
 AAOMgpdxUZUIZzGXTUAHJB42T93KR5IqwOqZF7WaiQ/FktZbkan+JYAnOI7iUO0ZrKk468r1i6dY3g==
X-Received: by 2002:a63:1902:: with SMTP id
 z2-v6mr1226160pgl.86.1533250317502;
        Thu, 02 Aug 2018 15:51:57 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 y3-v6sm6236173pfi.24.2018.08.02.15.51.55
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:51:56 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 2/9] crypto: cbc: Remove VLA usage
Date: Thu,  2 Aug 2018 15:51:45 -0700
Message-Id: <20180802225152.19194-3-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this
uses the upper bounds on blocksize. Since this is always a cipher
blocksize, use the existing cipher max blocksize.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/crypto/cbc.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..47db0aac2ab9 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,9 @@ static inline int crypto_cbc_decrypt_inplace(
 	unsigned int bsize = crypto_skcipher_blocksize(tfm);
 	unsigned int nbytes = walk->nbytes;
 	u8 *src = walk->src.virt.addr;
-	u8 last_iv[bsize];
+	u8 last_iv[MAX_CIPHER_BLOCKSIZE];
+
+	BUG_ON(bsize > sizeof(last_iv));
 
 	/* Start of the last block. */
 	src += nbytes - (nbytes & (bsize - 1)) - bsize;

From patchwork Thu Aug  2 22:51:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554311
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D7E7C13BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C48CC2851B
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B89222859E; Thu,  2 Aug 2018 22:52:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 585E52851B
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:51 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731955AbeHCAqF (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:46:05 -0400
Received: from mail-pg1-f194.google.com ([209.85.215.194]:44387 "EHLO
        mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726929AbeHCApO (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:14 -0400
Received: by mail-pg1-f194.google.com with SMTP id r1-v6so1881375pgp.11
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:51:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=cYqwOJ7ESFIZwb4gd+/rbe5MIJRsMeh+zsX7Pq9yPAY=;
        b=mTY19WAXKcACv2jHRUfcKmGhLkXkq85tiOxXJpcFj0PAX9lWdyvUM9LqDcHa6iBIG/
         IiVeCwl6vqLnRdkeoxpKqO8dH/xl00FXb/lTnVVb0ztRX032O5A+wUw86q+fl6g1gK+e
         zB2UK6iF1LM/YHdusCOZ0lTsaU8j2aRNlKuyw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=cYqwOJ7ESFIZwb4gd+/rbe5MIJRsMeh+zsX7Pq9yPAY=;
        b=Mqgtxf08Phl6sG9d9J+fAAu/+8WBGO7jpsvGVLLLxV8DG+zR5xrPqbi/o3hnc/hsFS
         MehQmEdGRW3DdePBWNhLMcisCdyFswHK3q3tjczMw2doHeHCSBy1rd5+Og1gvw2jDnRQ
         ti0dw2/gn9vtAFHYuhp5jVWbJXFaUdNsbvRvzTaYgSAav1/AjwwLu3Jw8vNU/q8fFvhZ
         fuQqQriiR2wYzQNFIX/R7vDcn9Ls7s9Qv/3i+QEWz6ck/aW0kQd5+qu1BfSsWo0GACnW
         gU2wcDctdnQYboNdFni+dudz2GCcSLd/m1iygzOG5mbtXtk5XFf9AjX2ZGo++Vl5XlyS
         wmvQ==
X-Gm-Message-State: AOUpUlGZxxkEuuE8CK5IUMk10gFNWehlRcFPqoJzLHVgXJhoNtlzZ/K8
        CW1QIRIK9UO6zy8Mjinkjd2ePA==
X-Google-Smtp-Source: 
 AAOMgpc8iy9cvq8p6m9TZlGMtkIL+1L6+pA1vJtJHEVUn52NqhF7WjFMgLggNV//Jd9BU8b0PMhiqA==
X-Received: by 2002:a63:f344:: with SMTP id
 t4-v6mr1222258pgj.428.1533250318354;
        Thu, 02 Aug 2018 15:51:58 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 q10-v6sm4050397pfh.124.2018.08.02.15.51.55
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:51:56 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 3/9] crypto: ccm: Remove VLA usage
Date: Thu,  2 Aug 2018 15:51:46 -0700
Message-Id: <20180802225152.19194-4-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

In the quest to remove all stack VLA usage from the kernel[1], this drops
AHASH_REQUEST_ON_STACK by preallocating the ahash request area combined
with the skcipher area (which are not used at the same time).

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/ccm.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/ccm.c b/crypto/ccm.c
index 0a083342ec8c..b242fd0d3262 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -50,7 +50,10 @@ struct crypto_ccm_req_priv_ctx {
 	u32 flags;
 	struct scatterlist src[3];
 	struct scatterlist dst[3];
-	struct skcipher_request skreq;
+	union {
+		struct ahash_request ahreq;
+		struct skcipher_request skreq;
+	};
 };
 
 struct cbcmac_tfm_ctx {
@@ -181,7 +184,7 @@ static int crypto_ccm_auth(struct aead_request *req, struct scatterlist *plain,
 	struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
 	struct crypto_aead *aead = crypto_aead_reqtfm(req);
 	struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
-	AHASH_REQUEST_ON_STACK(ahreq, ctx->mac);
+	struct ahash_request *ahreq = &pctx->ahreq;
 	unsigned int assoclen = req->assoclen;
 	struct scatterlist sg[3];
 	u8 *odata = pctx->odata;
@@ -427,7 +430,7 @@ static int crypto_ccm_init_tfm(struct crypto_aead *tfm)
 	crypto_aead_set_reqsize(
 		tfm,
 		align + sizeof(struct crypto_ccm_req_priv_ctx) +
-		crypto_skcipher_reqsize(ctr));
+		max(crypto_ahash_reqsize(mac), crypto_skcipher_reqsize(ctr)));
 
 	return 0;
 

From patchwork Thu Aug  2 22:51:47 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554307
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6D4E415E9
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:37 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5AA3D2C4E8
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:37 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4E79D2C4F4; Thu,  2 Aug 2018 22:52:37 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI
	autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBBBD2C4E8
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732037AbeHCApS (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:18 -0400
Received: from mail-pg1-f196.google.com ([209.85.215.196]:43522 "EHLO
        mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732124AbeHCApR (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:17 -0400
Received: by mail-pg1-f196.google.com with SMTP id d17-v6so1880246pgv.10
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=f6HZhbULuwp1ONQvXFzzLM5M+BCFj7xnBsodxU5HF/8=;
        b=gDOTFSH0mCBlWwYAR3zE4E/NU4Ae68M1jZ2jlcToRp3C9d6cxCTDvXvfyrU8eUVCA+
         tg0Fav652WJByf3rSA6iZmyZCVEChYE6VKtWEwB6X4FfhWMErgxk3PiMHA6tzxYTgl1a
         VceqcEG3m4dJBP9zVGYDbhCRq4cJknF64bF2s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=f6HZhbULuwp1ONQvXFzzLM5M+BCFj7xnBsodxU5HF/8=;
        b=ooIhMXgNhTWEVBvD1V1E9y2Oq0hKnVDAIpjIe6mcBlS/lBqtHvM3UQtUCgfg6onIvg
         XF1x5m4ZyqDPnYHS23IY2qhp1AHiOY37Uu5wi+4t+29JumNrciFRXuu4tvQZkGvryXZR
         Gk9+1ljX2LSYMfIov8tgYs4jipIsMO9gmC0O7OrKolw+QG5JOE84nBD2kcMZRYA1iU1i
         YuxFu70C+gdD4x0SmOnEnBOTDVwNZGJ5EHPghTiBYoPTOXLcl/qW4WIjjhkvbj4b3M2Z
         8k1+RHpLYiND19bhPWqn4oj4cjU7XzSGojHkths2y3X7/iPj0sRWQFnZ00SzY6ZWitIb
         omMA==
X-Gm-Message-State: AOUpUlE+9mZtcVAWos9a8Wl0M8VqOS5ZJCDi7Vg7l86feXPzm+51ZTex
        5su3fgSW3hRIzeCvmQNmWaHn/Q==
X-Google-Smtp-Source: 
 AAOMgpeq7b4A4TtOygBOe2UF5UT/NmKqS/7woheqoowHId5Vx0ISuomHOEX8ttSG/0TPY+FNq9uo2g==
X-Received: by 2002:a63:1a49:: with SMTP id
 a9-v6mr1237556pgm.423.1533250321097;
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 87-v6sm6761280pfn.103.2018.08.02.15.51.55
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:51:56 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 4/9] crypto: hash: Remove VLA usage
Date: Thu,  2 Aug 2018 15:51:47 -0700
Message-Id: <20180802225152.19194-5-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this
removes the VLAs in SHASH_DESC_ON_STACK (via crypto_shash_descsize())
by using the maximum allowable size (which is now more clearly captured
in a macro), along with a few other cases. Similar limits are turned into
macros as well.

A review of existing sizes shows that SHA512_DIGEST_SIZE (64) is the
largest digest size and that sizeof(struct sha3_state) (360) is the
largest descriptor size. The corresponding maximums are reduced.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/ahash.c        | 4 ++--
 crypto/algif_hash.c   | 2 +-
 crypto/shash.c        | 6 +++---
 include/crypto/hash.h | 6 +++++-
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index a64c143165b1..78aaf2158c43 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -550,8 +550,8 @@ static int ahash_prepare_alg(struct ahash_alg *alg)
 {
 	struct crypto_alg *base = &alg->halg.base;
 
-	if (alg->halg.digestsize > PAGE_SIZE / 8 ||
-	    alg->halg.statesize > PAGE_SIZE / 8 ||
+	if (alg->halg.digestsize > HASH_MAX_DIGESTSIZE ||
+	    alg->halg.statesize > HASH_MAX_STATESIZE ||
 	    alg->halg.statesize == 0)
 		return -EINVAL;
 
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index bfcf595fd8f9..d0cde541beb6 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -239,7 +239,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
 	struct alg_sock *ask = alg_sk(sk);
 	struct hash_ctx *ctx = ask->private;
 	struct ahash_request *req = &ctx->req;
-	char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req)) ? : 1];
+	char state[HASH_MAX_STATESIZE];
 	struct sock *sk2;
 	struct alg_sock *ask2;
 	struct hash_ctx *ctx2;
diff --git a/crypto/shash.c b/crypto/shash.c
index 5d732c6bb4b2..86d76b5c626c 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -458,9 +458,9 @@ static int shash_prepare_alg(struct shash_alg *alg)
 {
 	struct crypto_alg *base = &alg->base;
 
-	if (alg->digestsize > PAGE_SIZE / 8 ||
-	    alg->descsize > PAGE_SIZE / 8 ||
-	    alg->statesize > PAGE_SIZE / 8)
+	if (alg->digestsize > HASH_MAX_DIGESTSIZE ||
+	    alg->descsize > HASH_MAX_DESCSIZE ||
+	    alg->statesize > HASH_MAX_STATESIZE)
 		return -EINVAL;
 
 	base->cra_type = &crypto_shash_type;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 76e432cab75d..21587011ab0f 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -151,9 +151,13 @@ struct shash_desc {
 	void *__ctx[] CRYPTO_MINALIGN_ATTR;
 };
 
+#define HASH_MAX_DIGESTSIZE	 64
+#define HASH_MAX_DESCSIZE	360
+#define HASH_MAX_STATESIZE	512
+
 #define SHASH_DESC_ON_STACK(shash, ctx)				  \
 	char __##shash##_desc[sizeof(struct shash_desc) +	  \
-		crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \
+		HASH_MAX_DESCSIZE] CRYPTO_MINALIGN_ATTR; \
 	struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
 
 /**

From patchwork Thu Aug  2 22:51:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554305
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9ACEA15E9
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88DC02C4E8
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7CB692C4F4; Thu,  2 Aug 2018 22:52:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI
	autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E3A82C4E8
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727260AbeHCAps (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:48 -0400
Received: from mail-pg1-f194.google.com ([209.85.215.194]:46945 "EHLO
        mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732233AbeHCApT (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:19 -0400
Received: by mail-pg1-f194.google.com with SMTP id f14-v6so1368235pgv.13
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=XEthQhO55UFajYXolwRxBcBomydbdSRnD/7XsWAlazI=;
        b=UGt12nTwmHxhJQgBrDpAX55UtwLPk4N83/y1pbOn4tNkYzoY5ED+aYV9ih6WeESb5/
         OQ2+P2UZ22n8h9mhOzG1oNpL6ctibvRjZJpMrmbQzdrg3yR+nK+C67PbnTwJbGRx/B+j
         cKwiAFQ3b9jqFq1FqJwQ1629OLXkehfL4TA88=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=XEthQhO55UFajYXolwRxBcBomydbdSRnD/7XsWAlazI=;
        b=kCvRbnZSV/m1YVdfPXuEcSHr9UrpWiB9OIJZXdmy8hvu73OaCR2DHoWoT+vRcBZ+O2
         YXQ8v9MI7zDFP4+1UwKJXjHDYZa//XneClZRNvO96nfDnvzYcA5TjB6zut52yDYDtToq
         /ftdgbq3r6mNY//T2ZbALWa9V4tvLocsw1taHHxW4ImHcT+ruYc1jnM2RRq3K8DQjVpW
         ZSD2PVZHvJlLbb/C+vtcKy5WXevcVsiiV7Zxg3sz5L8hfWOHjMuSZi48weiP7rdai/ak
         yvByhf1cizD9MNFktew79zd9r7Bk+DiLaP/eLO2BrH3FV4h/YpNchuq4qJx/tue1QfWj
         zszQ==
X-Gm-Message-State: AOUpUlFUGI1pLLG/AvMh+Zg1nyPCjqZnJL2OrCBh9zWDZBvhsp8+uxcA
        dHUzeM9MBKmt4k8S6AKnED/YXg==
X-Google-Smtp-Source: 
 AAOMgpdbbtksYbVv6VbveSuwIRrJjtZmIYHON1vFmCbpEYkI+B/m7rTm2gRqjDTBfLLx0D7e53ynWg==
X-Received: by 2002:a62:9c17:: with SMTP id
 f23-v6mr1445023pfe.209.1533250323395;
        Thu, 02 Aug 2018 15:52:03 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 k79-v6sm7811453pfa.22.2018.08.02.15.51.58
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 5/9] dm: Remove VLA usage from hashes
Date: Thu,  2 Aug 2018 15:51:48 -0700
Message-Id: <20180802225152.19194-6-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this uses
the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
bounds on stack usage.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/md/dm-integrity.c  | 23 +++++++++++++++++------
 drivers/md/dm-verity-fec.c |  5 ++++-
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 86438b2f10dd..884edd7cf1d0 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -521,7 +521,12 @@ static void section_mac(struct dm_integrity_c *ic, unsigned section, __u8 result
 		}
 		memset(result + size, 0, JOURNAL_MAC_SIZE - size);
 	} else {
-		__u8 digest[size];
+		__u8 digest[HASH_MAX_DIGESTSIZE];
+
+		if (WARN_ON(size > sizeof(digest))) {
+			dm_integrity_io_error(ic, "digest_size", -EINVAL);
+			goto err;
+		}
 		r = crypto_shash_final(desc, digest);
 		if (unlikely(r)) {
 			dm_integrity_io_error(ic, "crypto_shash_final", r);
@@ -1244,7 +1249,7 @@ static void integrity_metadata(struct work_struct *w)
 		struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io));
 		char *checksums;
 		unsigned extra_space = unlikely(digest_size > ic->tag_size) ? digest_size - ic->tag_size : 0;
-		char checksums_onstack[ic->tag_size + extra_space];
+		char checksums_onstack[HASH_MAX_DIGESTSIZE];
 		unsigned sectors_to_process = dio->range.n_sectors;
 		sector_t sector = dio->range.logical_sector;
 
@@ -1253,8 +1258,14 @@ static void integrity_metadata(struct work_struct *w)
 
 		checksums = kmalloc((PAGE_SIZE >> SECTOR_SHIFT >> ic->sb->log2_sectors_per_block) * ic->tag_size + extra_space,
 				    GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN);
-		if (!checksums)
+		if (!checksums) {
 			checksums = checksums_onstack;
+			if (WARN_ON(extra_space &&
+				    digest_size > sizeof(checksums_onstack))) {
+				r = -EINVAL;
+				goto error;
+			}
+		}
 
 		__bio_for_each_segment(bv, bio, iter, dio->orig_bi_iter) {
 			unsigned pos;
@@ -1466,7 +1477,7 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio,
 				} while (++s < ic->sectors_per_block);
 #ifdef INTERNAL_VERIFY
 				if (ic->internal_hash) {
-					char checksums_onstack[max(crypto_shash_digestsize(ic->internal_hash), ic->tag_size)];
+					char checksums_onstack[max(HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)];
 
 					integrity_sector_checksum(ic, logical_sector, mem + bv.bv_offset, checksums_onstack);
 					if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) {
@@ -1516,7 +1527,7 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio,
 				if (ic->internal_hash) {
 					unsigned digest_size = crypto_shash_digestsize(ic->internal_hash);
 					if (unlikely(digest_size > ic->tag_size)) {
-						char checksums_onstack[digest_size];
+						char checksums_onstack[HASH_MAX_DIGESTSIZE];
 						integrity_sector_checksum(ic, logical_sector, (char *)js, checksums_onstack);
 						memcpy(journal_entry_tag(ic, je), checksums_onstack, ic->tag_size);
 					} else
@@ -1937,7 +1948,7 @@ static void do_journal_write(struct dm_integrity_c *ic, unsigned write_start,
 				    unlikely(from_replay) &&
 #endif
 				    ic->internal_hash) {
-					char test_tag[max(crypto_shash_digestsize(ic->internal_hash), ic->tag_size)];
+					char test_tag[max_t(size_t, HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)];
 
 					integrity_sector_checksum(ic, sec + ((l - j) << ic->sb->log2_sectors_per_block),
 								  (char *)access_journal_data(ic, i, l), test_tag);
diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c
index 684af08d0747..0ce04e5b4afb 100644
--- a/drivers/md/dm-verity-fec.c
+++ b/drivers/md/dm-verity-fec.c
@@ -212,12 +212,15 @@ static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io,
 	struct dm_verity_fec_io *fio = fec_io(io);
 	u64 block, ileaved;
 	u8 *bbuf, *rs_block;
-	u8 want_digest[v->digest_size];
+	u8 want_digest[HASH_MAX_DIGESTSIZE];
 	unsigned n, k;
 
 	if (neras)
 		*neras = 0;
 
+	if (WARN_ON(v->digest_size > sizeof(want_digest)))
+		return -EINVAL;
+
 	/*
 	 * read each of the rsn data blocks that are part of the RS block, and
 	 * interleave contents to available bufs

From patchwork Thu Aug  2 22:51:49 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554303
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 800FE13BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E6692C4F1
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6271D2C4E8; Thu,  2 Aug 2018 22:52:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0ACE62C4E2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732242AbeHCApT (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:19 -0400
Received: from mail-pl0-f66.google.com ([209.85.160.66]:37854 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732173AbeHCApS (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:18 -0400
Received: by mail-pl0-f66.google.com with SMTP id d5-v6so1679609pll.4
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=om28ZBbqlVOdWVGgbNqly+1dcj2BlW29w8AmBA0lHYw=;
        b=gnuzfHVgztgCCNRm6Fo6hVqX8eYr4Cy0DA9YmvVEZUDPcqjuZTuvhJGfe6Fz9Ki6xL
         sKZ8btMCqEqKQNMkmLHPylQ6viMLow8hbJi3F/8F6G9iw3+/YDDWTvP53rMKzGye/TmY
         JNVxv2cWfyrs6XSqIQSGK6uJb+1xdTn80qCgY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=om28ZBbqlVOdWVGgbNqly+1dcj2BlW29w8AmBA0lHYw=;
        b=QbIaCNQZLBedCLgKCr472deZq9ioGUukfv/JS+7WHVfYEUV5FOkAiEW+Rro4LjDkYY
         B50TEUlPuiJdeBbaVCDC0Y0ycYa2ZG0/0fpBeQe0JqBIs5GrLXE3Jy6Wuh9UhIdVveo8
         ollm6QKvWjD5rx8oCYl7UAcfAaPRC47dKMOsSZ7vDn22hYGSk9xrR7C7dRAT8dEcPdU2
         PCFt5/KTHpreCbSjxfx1gIdmjyWAXa67dbjJ2UrRveP94oKtx6s+kBS6s1FUCumuJ+OJ
         bf9lIcdYXhAhfHk3AMOmKFm06yY/1I/iO7AFBQZe29UplIs4cRaMiKm9f0hlF5XpqDti
         qx6Q==
X-Gm-Message-State: AOUpUlHyXl8sBvboQgZwM0z0rMZRrxQJAGNuSEzZk0+1kNTy+1zSY3CQ
        JaeC0WPcMga4nyZtZubALULOew==
X-Google-Smtp-Source: 
 AAOMgpfmK6OmRV1X/DEFd8Nc1SsO6Or88hMnC6IN4nSKK0Vef7te6s/1iPxrNJYDR3XpRu8h4dF2Uw==
X-Received: by 2002:a17:902:758c:: with SMTP id
 j12-v6mr1141313pll.195.1533250322224;
        Thu, 02 Aug 2018 15:52:02 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 a77-v6sm5911001pfj.38.2018.08.02.15.51.58
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 6/9] crypto alg: Introduce generic max blocksize and
 alignmask
Date: Thu,  2 Aug 2018 15:51:49 -0700
Message-Id: <20180802225152.19194-7-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this
exposes a new general upper bound on crypto blocksize and alignmask
(higher than for the existing cipher limits) for VLA removal,
and introduces new checks.

At present, the highest cra_alignmask in the kernel is 63. The highest
cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the
new blocksize limit, I went with 160 (20 8-byte words).

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/algapi.c         | 7 ++++++-
 include/crypto/algapi.h | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/algapi.c b/crypto/algapi.c
index c0755cf4f53f..496fc51bf215 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -57,9 +57,14 @@ static int crypto_check_alg(struct crypto_alg *alg)
 	if (alg->cra_alignmask & (alg->cra_alignmask + 1))
 		return -EINVAL;
 
-	if (alg->cra_blocksize > PAGE_SIZE / 8)
+	/* General maximums for all algs. */
+	if (alg->cra_alignmask > MAX_ALGAPI_ALIGNMASK)
 		return -EINVAL;
 
+	if (alg->cra_blocksize > MAX_ALGAPI_BLOCKSIZE)
+		return -EINVAL;
+
+	/* Lower maximums for specific alg types. */
 	if (!alg->cra_type && (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
 			       CRYPTO_ALG_TYPE_CIPHER) {
 		if (alg->cra_alignmask > MAX_CIPHER_ALIGNMASK)
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index bd5e8ccf1687..21371ac8f355 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -20,8 +20,10 @@
 /*
  * Maximum values for blocksize and alignmask, used to allocate
  * static buffers that are big enough for any combination of
- * ciphers and architectures.
+ * algs and architectures. Ciphers have a lower maximum size.
  */
+#define MAX_ALGAPI_BLOCKSIZE		160
+#define MAX_ALGAPI_ALIGNMASK		63
 #define MAX_CIPHER_BLOCKSIZE		16
 #define MAX_CIPHER_ALIGNMASK		15
 

From patchwork Thu Aug  2 22:51:50 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554293
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5679913BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:20 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4528B2C4E2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:20 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 38DEB2C4E8; Thu,  2 Aug 2018 22:52:20 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC8DB2C4E2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732347AbeHCApV (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:21 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:32856 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727299AbeHCApU (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:20 -0400
Received: by mail-pg1-f195.google.com with SMTP id r5-v6so1906155pgv.0
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=BYgigRdBSanSiafl9f2cJhj28CjRYh2SZJXlKmlCU5M=;
        b=UigPxuBmykunqKnqzKm6827zR+OIUHu+pQcfKTB79/NYEvyqd31MiliHPuJtN5deOT
         +N9eKOPm4+oeOnMQ+MDJaJ/UzpjaG633esZqb11FZ+RSNlkQlUOUNhW4DtmCjOG2Mf5Q
         6AiymdEPWVD0qNC28a134xAZhwZosbRR2UCAs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=BYgigRdBSanSiafl9f2cJhj28CjRYh2SZJXlKmlCU5M=;
        b=FoJ4+T/+ZMHyM1kswwj3Gi12k46dO2MzeaLmkSTEFxhZSGzVv5LjV3wHG2ANUMRxSJ
         YRwPt5jxbiWDQB+v8zMgHe6FyeX1osKiuSw29qr4OkyE1pKmwtEV09zkz9oXWZdD7Hn7
         xtRc9ru6FlF8CPlY/2DADHlidzgNIBwSLWAEFYXU34WCEksJH70xmvOCjdYnb/JgtC+H
         279WBG5BByQYOjkyzCuHDzuoTYP3lu+xm5Ku65egEra4cvSgIyXmZz4TjWdpBug/cXnN
         RQ5I4dp+affkvz9FQpyllhn1+PuN6teGDTvtVX0KRjUBP8i0mlNIxPjHAn22sYvuPD7u
         gqFg==
X-Gm-Message-State: AOUpUlFhAZd6A75ANczYn0CE4XD7kuLvhqijlhwO3u3f1za+b01J4t/f
        514WsOrgqeFfNYprTCJr7GWbwg==
X-Google-Smtp-Source: 
 AAOMgpcsmlt5k1ouh7N1h9VGSIiu5UCKb8UkjRUwwxRPdVNfajQqQWMd397hcAqcnWnomxtvcYzX2g==
X-Received: by 2002:a62:5cc1:: with SMTP id
 q184-v6mr1455794pfb.241.1533250324318;
        Thu, 02 Aug 2018 15:52:04 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 s16-v6sm4033868pfm.114.2018.08.02.15.51.58
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 7/9] crypto: qat: Remove VLA usage
Date: Thu,  2 Aug 2018 15:51:50 -0700
Message-Id: <20180802225152.19194-8-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this uses
the new upper bound for the stack buffer. Also adds a sanity check.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/crypto/qat/qat_common/qat_algs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 1138e41d6805..a28edf7b792f 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -153,8 +153,8 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
 	struct sha512_state sha512;
 	int block_size = crypto_shash_blocksize(ctx->hash_tfm);
 	int digest_size = crypto_shash_digestsize(ctx->hash_tfm);
-	char ipad[block_size];
-	char opad[block_size];
+	char ipad[MAX_ALGAPI_BLOCKSIZE];
+	char opad[MAX_ALGAPI_BLOCKSIZE];
 	__be32 *hash_state_out;
 	__be64 *hash512_state_out;
 	int i, offset;
@@ -164,6 +164,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
 	shash->tfm = ctx->hash_tfm;
 	shash->flags = 0x0;
 
+	if (WARN_ON(block_size > sizeof(ipad) ||
+		    sizeof(ipad) != sizeof(opad)))
+		return -EINVAL;
+
 	if (auth_keylen > block_size) {
 		int ret = crypto_shash_digest(shash, auth_key,
 					      auth_keylen, ipad);

From patchwork Thu Aug  2 22:51:51 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554291
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6BDC813BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:11 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58DE32C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:11 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4C3632C4E2; Thu,  2 Aug 2018 22:52:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D1F902C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732403AbeHCApX (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:23 -0400
Received: from mail-pg1-f196.google.com ([209.85.215.196]:40069 "EHLO
        mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732321AbeHCApW (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:22 -0400
Received: by mail-pg1-f196.google.com with SMTP id x5-v6so1888884pgp.7
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=Ok95ycGnZuw2CZpO4KgRNxj4QX0cXIlEQlrBt5ewdsw=;
        b=gTSIjP+BXLrO2IicbnHBes4QeogFvcVEPlBh6HW/dJmhxKmm2PRY92QWTE5qvxgKv5
         nUnJ3qbKIKsx1RNyphjxyxxRicPleCpQPJWSL+GSzteLUbAZa7BKa/rUPL3YE7lf7gET
         Sc4RXeQOLoBYd7tPQGW/nhp+8KlfHwLJqf4c8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=Ok95ycGnZuw2CZpO4KgRNxj4QX0cXIlEQlrBt5ewdsw=;
        b=oKFrdCwqGOTQ+JE7FVnGN6FLznYXHWcEutU4t7z1uJKvs9FAbtbokyRh6WGUDpxCZC
         qeAr4YL3BWNmCCruO9TBQoLmmX/pCWVqqE/9epkmj+zQvMfBQzTOpxSJe1M0pDTRcz6c
         lMw1CxX6bA3J7y6RmMuax5JtNuHDpKMArUrT9HadyoVrFDREJPCJqABRKPpSy0KgcWI4
         aAZVB2VASZQsIomtZo6ZEjbuncR3d3TF+raA/JYZSTOnXDX0bRIAcXrMRAG0nF97DYOy
         zNTSM+yCghGcHrY66nU7ZU9g0C2lksK9bUOixQjU8DPCMuPF027O9Sx1MO7CK3HSOoOQ
         0S+A==
X-Gm-Message-State: AOUpUlGFoj0QAULfWQEBQJQFNMnVwqaYRzvp5k6VoGgzmJuoN2m/44ax
        DJeHtX5sPugZvdMXGILudrB28A==
X-Google-Smtp-Source: 
 AAOMgpcIKNAsPE4xgqD+LPYAJrI0futpo4xXl95pAv66fpabVHFtxBe0/N7mY4z7z4v2OAq0Vc+lMQ==
X-Received: by 2002:a63:380d:: with SMTP id
 f13-v6mr1267746pga.124.1533250326535;
        Thu, 02 Aug 2018 15:52:06 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 k64-v6sm5576852pfg.141.2018.08.02.15.51.58
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 8/9] crypto: shash: Remove VLA usage in unaligned hashing
Date: Thu,  2 Aug 2018 15:51:51 -0700
Message-Id: <20180802225152.19194-9-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this uses
the newly defined max alignment to perform unaligned hashing to avoid
VLAs, and drops the helper function while adding sanity checks on the
resulting buffer sizes. Additionally, the __aligned_largest macro is
removed since this helper was the only user.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 crypto/shash.c               | 27 ++++++++++++++++-----------
 include/linux/compiler-gcc.h |  1 -
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/crypto/shash.c b/crypto/shash.c
index 86d76b5c626c..d21f04d70dce 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -73,13 +73,6 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
 }
 EXPORT_SYMBOL_GPL(crypto_shash_setkey);
 
-static inline unsigned int shash_align_buffer_size(unsigned len,
-						   unsigned long mask)
-{
-	typedef u8 __aligned_largest u8_aligned;
-	return len + (mask & ~(__alignof__(u8_aligned) - 1));
-}
-
 static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
 				  unsigned int len)
 {
@@ -88,11 +81,17 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 	unsigned int unaligned_len = alignmask + 1 -
 				     ((unsigned long)data & alignmask);
-	u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)]
-		__aligned_largest;
+	/*
+	 * We cannot count on __aligned() working for large values:
+	 * https://patchwork.kernel.org/patch/9507697/
+	 */
+	u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2];
 	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
 	int err;
 
+	if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf)))
+		return -EINVAL;
+
 	if (unaligned_len > len)
 		unaligned_len = len;
 
@@ -124,11 +123,17 @@ static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
 	unsigned long alignmask = crypto_shash_alignmask(tfm);
 	struct shash_alg *shash = crypto_shash_alg(tfm);
 	unsigned int ds = crypto_shash_digestsize(tfm);
-	u8 ubuf[shash_align_buffer_size(ds, alignmask)]
-		__aligned_largest;
+	/*
+	 * We cannot count on __aligned() working for large values:
+	 * https://patchwork.kernel.org/patch/9507697/
+	 */
+	u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE];
 	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
 	int err;
 
+	if (WARN_ON(buf + ds > ubuf + sizeof(ubuf)))
+		return -EINVAL;
+
 	err = shash->final(desc, buf);
 	if (err)
 		goto out;
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
index f1a7492a5cc8..1f1cdef36a82 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -125,7 +125,6 @@
  */
 #define __pure			__attribute__((pure))
 #define __aligned(x)		__attribute__((aligned(x)))
-#define __aligned_largest	__attribute__((aligned))
 #define __printf(a, b)		__attribute__((format(printf, a, b)))
 #define __scanf(a, b)		__attribute__((format(scanf, a, b)))
 #define __attribute_const__	__attribute__((__const__))

From patchwork Thu Aug  2 22:51:52 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10554285
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3E2D715E9
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2B3C52C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 1F1172C4E2; Thu,  2 Aug 2018 22:52:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B26792C4C2
	for <patchwork-linux-crypto@patchwork.kernel.org>;
 Thu,  2 Aug 2018 22:52:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732237AbeHCApW (ORCPT
        <rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
        Thu, 2 Aug 2018 20:45:22 -0400
Received: from mail-pg1-f196.google.com ([209.85.215.196]:40067 "EHLO
        mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732321AbeHCApV (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 2 Aug 2018 20:45:21 -0400
Received: by mail-pg1-f196.google.com with SMTP id x5-v6so1888859pgp.7
        for <linux-crypto@vger.kernel.org>;
 Thu, 02 Aug 2018 15:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=;
        b=eGPrL4Iqvi3fpF1UY/SdATbOG42TY0YaGFjLLGUxOxa7eMQXe+hgudakAAfjPgcNX7
         0zhtrJMEJmCqEGxJEoF3x/apLx+ZXnGBOE7RpL6dY57u0asc22zOwbYMf3Djpurzvmmb
         p4Sc0ZPKzdhueTt1z0KUh54g813kl0b4f61qc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=;
        b=pSP8J2ldi5NLzE+p4wnB0psUcrH1xE1GWR+4vADdhnLRnBXkfbZpsMxpp23r0w9IEj
         eWJeD6cUl/iRNrE22kD1fVwIN5WIbXrtJ3Vo1/TCoRpr4HELQ8rrtMsZbIbETVtjWOqk
         7+H+iKTCcwQAGyQya3CIrs5eAE6MWHscLCVOr6XETjsEd06+qbdi95HMwv8kRYcAthkS
         gfQIA9q/lHNLGbk4mg+TRMnqBfBQFokQmBXheWe2bSuxqwYDiuzDUwDdihrVeIKqz/Nj
         dhzsGo0r7RRx5IAAEpMmFl/mhKEDJK9/a72ZUhc8aqRaETTeukXa1vH6NGGB+eJvzL3b
         Z4Kg==
X-Gm-Message-State: AOUpUlH/u+YfKrzfHOaiuMqxaYdmpU0RTBG5zf0T01b13DD/gaXts5/s
        NSqns9UAzGJi/9PEdi1lOvCh7A==
X-Google-Smtp-Source: 
 AAOMgpc/uRMA4sPxhEFJiLaj5SOCRI4SkxWo1T6OF/GJjTPO/dJWYQNE4mYnveDfWTGqXs7TfoSZAw==
X-Received: by 2002:a63:314f:: with SMTP id
 x76-v6mr1184591pgx.373.1533250325177;
        Thu, 02 Aug 2018 15:52:05 -0700 (PDT)
Received: from www.outflux.net
 (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id
 n26-v6sm2848324pgv.78.2018.08.02.15.51.59
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 02 Aug 2018 15:52:01 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Kees Cook <keescook@chromium.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
        Alasdair Kergon <agk@redhat.com>,
        Mike Snitzer <snitzer@redhat.com>, dm-devel@redhat.com,
        Tudor-Dan Ambarus <tudor.ambarus@microchip.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Geert Uytterhoeven <geert@linux-m68k.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Will Deacon <will.deacon@arm.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        David Woodhouse <dwmw@amazon.co.uk>,
        Matthew Wilcox <mawilcox@microsoft.com>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, qat-linux@intel.com,
        linux-kernel@vger.kernel.org
Subject: [PATCH v7 9/9] crypto: skcipher: Remove VLA usage for
 SKCIPHER_REQUEST_ON_STACK
Date: Thu,  2 Aug 2018 15:51:52 -0700
Message-Id: <20180802225152.19194-10-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180802225152.19194-1-keescook@chromium.org>
References: <20180802225152.19194-1-keescook@chromium.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In the quest to remove all stack VLA usage from the kernel[1], this
caps the skcipher request size similar to other limits and adds a sanity
check at registration. Looking at instrumented tcrypt output, the largest
is for lrw:

	crypt: testing lrw(aes)
	crypto_skcipher_set_reqsize: 8
	crypto_skcipher_set_reqsize: 88
	crypto_skcipher_set_reqsize: 472

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/crypto/internal/skcipher.h | 1 +
 include/crypto/skcipher.h          | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index e42f7063f245..5035482cbe68 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -130,6 +130,7 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher(
 static inline void crypto_skcipher_set_reqsize(
 	struct crypto_skcipher *skcipher, unsigned int reqsize)
 {
+	BUG_ON(reqsize > SKCIPHER_MAX_REQSIZE);
 	skcipher->reqsize = reqsize;
 }
 
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 2f327f090c3e..c48e194438cf 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -139,9 +139,11 @@ struct skcipher_alg {
 	struct crypto_alg base;
 };
 
+#define SKCIPHER_MAX_REQSIZE	472
+
 #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \
 	char __##name##_desc[sizeof(struct skcipher_request) + \
-		crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR; \
+		SKCIPHER_MAX_REQSIZE] CRYPTO_MINALIGN_ATTR; \
 	struct skcipher_request *name = (void *)__##name##_desc
 
 /**