From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 24 Apr 2018 08:51:04 -0600 From: Tycho Andersen Subject: Re: [PATCH 1/3] big key: get rid of stack array allocation Message-ID: <20180424145104.GC3125@cisco> References: <20180424010321.14739-1-tycho@tycho.ws> <20180424045015.GA4281@sol.localdomain> <20180424143539.GB3125@cisco> <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> To: Tetsuo Handa Cc: ebiggers3@gmail.com, dhowells@redhat.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, jmorris@namei.org, serge@hallyn.com, Jason@zx2c4.com List-ID: On Tue, Apr 24, 2018 at 11:46:38PM +0900, Tetsuo Handa wrote: > Tycho Andersen wrote: > > > > + if (unlikely(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_SIZE)) { > > > > + WARN(1, "big key algorithm changed?"); > > Please avoid using WARN() WARN_ON() etc. > syzbot would catch it and panic() due to panic_on_warn == 1. But it is really a programming bug in this case (and it seems better than BUG()...). Isn't this exactly the sort of case we want to catch? Tycho From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tycho Andersen Date: Tue, 24 Apr 2018 14:51:04 +0000 Subject: Re: [PATCH 1/3] big key: get rid of stack array allocation Message-Id: <20180424145104.GC3125@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit List-Id: References: <20180424010321.14739-1-tycho@tycho.ws> <20180424045015.GA4281@sol.localdomain> <20180424143539.GB3125@cisco> <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> In-Reply-To: <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> To: Tetsuo Handa Cc: ebiggers3@gmail.com, dhowells@redhat.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, jmorris@namei.org, serge@hallyn.com, Jason@zx2c4.com On Tue, Apr 24, 2018 at 11:46:38PM +0900, Tetsuo Handa wrote: > Tycho Andersen wrote: > > > > + if (unlikely(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_SIZE)) { > > > > + WARN(1, "big key algorithm changed?"); > > Please avoid using WARN() WARN_ON() etc. > syzbot would catch it and panic() due to panic_on_warn = 1. But it is really a programming bug in this case (and it seems better than BUG()...). Isn't this exactly the sort of case we want to catch? Tycho From mboxrd@z Thu Jan 1 00:00:00 1970 From: tycho@tycho.ws (Tycho Andersen) Date: Tue, 24 Apr 2018 08:51:04 -0600 Subject: [PATCH 1/3] big key: get rid of stack array allocation In-Reply-To: <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> References: <20180424010321.14739-1-tycho@tycho.ws> <20180424045015.GA4281@sol.localdomain> <20180424143539.GB3125@cisco> <201804242346.FHI69745.SQMHFVOOFLFOJt@I-love.SAKURA.ne.jp> Message-ID: <20180424145104.GC3125@cisco> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, Apr 24, 2018 at 11:46:38PM +0900, Tetsuo Handa wrote: > Tycho Andersen wrote: > > > > + if (unlikely(crypto_aead_ivsize(big_key_aead) != GCM_AES_IV_SIZE)) { > > > > + WARN(1, "big key algorithm changed?"); > > Please avoid using WARN() WARN_ON() etc. > syzbot would catch it and panic() due to panic_on_warn == 1. But it is really a programming bug in this case (and it seems better than BUG()...). Isn't this exactly the sort of case we want to catch? Tycho -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html