Re: [PATCH 09/11] crypto: shash: Remove VLA usage in unaligned hashing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers3@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
	Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
	Arnd Bergmann <arnd@arndb.de>, Eric Biggers <ebiggers@google.com>,
	Mike Snitzer <snitzer@redhat.com>,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	qat-linux@intel.com, linux-kernel@vger.kernel.org,
	dm-devel@redhat.com, linux-crypto@vger.kernel.org,
	Lars Persson <larper@axis.com>,
	Tim Chen <tim.c.chen@linux.intel.com>,
	"David S. Miller" <davem@davemloft.net>,
	Alasdair Kergon <agk@redhat.com>, Rabin Vincent <rabinv@axis.com>
Subject: Re: [PATCH 09/11] crypto: shash: Remove VLA usage in unaligned hashing
Date: Wed, 20 Jun 2018 16:57:21 -0700	[thread overview]
Message-ID: <20180620235721.GF111712@gmail.com> (raw)
In-Reply-To: <20180620190408.45104-10-keescook@chromium.org>

On Wed, Jun 20, 2018 at 12:04:06PM -0700, Kees Cook wrote:
> In the quest to remove all stack VLA usage from the kernel[1], this uses
> the newly defined max alignment to perform unaligned hashing to avoid
> VLAs, and drops the helper function while adding sanity checks on the
> resulting buffer sizes.
> 
> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  crypto/shash.c | 21 ++++++++++-----------
>  1 file changed, 10 insertions(+), 11 deletions(-)
> 
> diff --git a/crypto/shash.c b/crypto/shash.c
> index ab6902c6dae7..1bb58209330a 100644
> --- a/crypto/shash.c
> +++ b/crypto/shash.c
> @@ -73,13 +73,6 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
>  }
>  EXPORT_SYMBOL_GPL(crypto_shash_setkey);
>  
> -static inline unsigned int shash_align_buffer_size(unsigned len,
> -						   unsigned long mask)
> -{
> -	typedef u8 __aligned_largest u8_aligned;
> -	return len + (mask & ~(__alignof__(u8_aligned) - 1));
> -}
> -
>  static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
>  				  unsigned int len)
>  {
> @@ -88,11 +81,14 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
>  	unsigned long alignmask = crypto_shash_alignmask(tfm);
>  	unsigned int unaligned_len = alignmask + 1 -
>  				     ((unsigned long)data & alignmask);
> -	u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)]
> -		__aligned_largest;
> +	u8 ubuf[CRYPTO_ALG_MAX_ALIGNMASK]
> +		__aligned(CRYPTO_ALG_MAX_ALIGNMASK + 1);
>  	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
>  	int err;

Are you sure that __attribute__((aligned(64))) works correctly on stack
variables on all architectures?

And if it is expected to work, then why is the buffer still aligned by hand on
the very next line?

>  
> +	if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf)))
> +		return -EINVAL;
> +
>  	if (unaligned_len > len)
>  		unaligned_len = len;
>  
> @@ -124,11 +120,14 @@ static int shash_final_unaligned(struct shash_desc *desc, u8 *out)
>  	unsigned long alignmask = crypto_shash_alignmask(tfm);
>  	struct shash_alg *shash = crypto_shash_alg(tfm);
>  	unsigned int ds = crypto_shash_digestsize(tfm);
> -	u8 ubuf[shash_align_buffer_size(ds, alignmask)]
> -		__aligned_largest;
> +	u8 ubuf[SHASH_MAX_DIGESTSIZE]
> +		__aligned(CRYPTO_ALG_MAX_ALIGNMASK + 1);
>  	u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
>  	int err;

Same questions here.

>  
> +	if (WARN_ON(buf + ds > ubuf + sizeof(ubuf)))
> +		return -EINVAL;
> +
>  	err = shash->final(desc, buf);
>  	if (err)
>  		goto out;
> -- 

- Eric

next prev parent reply	other threads:[~2018-06-20 23:57 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-20 19:03 [PATCH 00/11] crypto: Remove VLA usage Kees Cook
2018-06-20 19:03 ` Kees Cook
2018-06-20 19:03 ` [PATCH 01/11] crypto: shash: " Kees Cook
2018-06-20 19:03   ` Kees Cook
2018-06-20 19:30   ` Christophe Leroy
2018-06-20 20:36     ` Kees Cook
2018-06-20 20:39       ` Christophe LEROY
2018-06-20 20:42         ` Kees Cook
2018-06-20 20:42           ` Kees Cook
2018-06-20 19:03 ` [PATCH 02/11] dm integrity: " Kees Cook
2018-06-20 19:04 ` [PATCH 03/11] crypto: ahash: " Kees Cook
2018-06-20 20:13   ` Christophe Leroy
2018-06-20 19:04 ` [PATCH 04/11] dm verity fec: " Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 23:33   ` [dm-devel] " Eric Biggers
2018-06-20 23:44     ` Kees Cook
2018-06-21  2:30   ` Herbert Xu
2018-06-21  2:30     ` Herbert Xu
2018-06-21 20:19     ` Kees Cook
2018-06-20 19:04 ` [PATCH 05/11] crypto alg: Introduce max blocksize and alignmask Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 23:40   ` [dm-devel] " Eric Biggers
2018-06-21  0:04     ` Kees Cook
2018-06-21  0:32       ` Eric Biggers
2018-06-20 19:04 ` [PATCH 06/11] crypto: cbc: Remove VLA usage Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 20:16   ` Christophe Leroy
2018-06-20 23:42   ` [dm-devel] " Eric Biggers
2018-06-20 19:04 ` [PATCH 07/11] crypto: xcbc: " Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 23:46   ` [dm-devel] " Eric Biggers
2018-06-21  0:10     ` Kees Cook
2018-06-21  0:47       ` Eric Biggers
2018-06-20 19:04 ` [PATCH 08/11] crypto: qat: " Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 19:04 ` [PATCH 09/11] crypto: shash: Remove VLA usage in unaligned hashing Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 23:57   ` Eric Biggers [this message]
2018-06-21  0:15     ` Kees Cook
2018-06-20 19:04 ` [PATCH 10/11] crypto: ahash: Remove VLA usage for AHASH_REQUEST_ON_STACK Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 19:04 ` [PATCH 11/11] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Kees Cook
2018-06-20 19:04   ` Kees Cook
2018-06-20 19:44   ` Arnd Bergmann
2018-06-20 20:38     ` Kees Cook
2018-06-20 20:22   ` Christophe Leroy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180620235721.GF111712@gmail.com \
    --to=ebiggers3@gmail.com \
    --cc=agk@redhat.com \
    --cc=arnd@arndb.de \
    --cc=davem@davemloft.net \
    --cc=dm-devel@redhat.com \
    --cc=ebiggers@google.com \
    --cc=giovanni.cabiddu@intel.com \
    --cc=gustavo@embeddedor.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=keescook@chromium.org \
    --cc=larper@axis.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=qat-linux@intel.com \
    --cc=rabinv@axis.com \
    --cc=snitzer@redhat.com \
    --cc=tim.c.chen@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.