From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4746BC433B4 for ; Wed, 12 May 2021 20:07:24 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E783D60725 for ; Wed, 12 May 2021 20:07:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E783D60725 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2scxoHLjqYLk3HClab0X/01J2wm7WRZPXDM3DnEVA24=; b=JVUzD4b1OksyqsWM947fMAcOn 38zHOuTqDRsgsaxJN6y5sExZgats4gcTy00QTncGLL1iPpQp3+chXNnyRyv1QynokljBh1IjQJmPm TnCBFeg0cQiMG5AbDu7ZwWSn8l4YNEnEyb3ahpGwowM7zB8BsqnCQur5QRArqpPmON17NOI+iCz3s cHvu6BGdZ9ayVoujXqkqkCDqtz9SxjUwdI1Cn5q5IkDUQJqqd02JwYTlVVn1q+Lfp0qMlBucMlla/ lvGJB8INxzgMXiWIIe8p5N2nk3mSdwsICohMydPwcznSlGXD4BNsyOUQFhNeRU8ZsvDo9E511nqBz IEworjF8w==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lgv67-003qdS-O2; Wed, 12 May 2021 20:04:47 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lgv64-003qdG-NT for linux-arm-kernel@desiato.infradead.org; Wed, 12 May 2021 20:04:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=2UTfPZadZvSwn8+sNIKhid9S9bN7vQkfzne7oY6O0aI=; b=ySsrSl5TutuH6y4TeAlmo93T4x 0uxb8szUTT5pC+L/yDFMQdSSmGiVAiihO00cq/30SqVSUdd7+e8ugnBwalMI2d0tS9tT6gEJ8JVvd t6P3k7eg1YnGN09awhJZAAZeRyoO0DGjxegKeb+RKiNPgz+HfpbIl/RcV27m9cx4I+e5b5wwjF6oA kZThQJ8e9QIAwm7BzqVNaWTpOIrQzsJdbafXC+vFL9BPHqPxXDIfHQHioyAUs5pe4X3vSFUIysMw9 suvZunvBHKTME6jpTlMqliZFl9MERVfOuTaOZzDaYyQb2H2EQIKLcSbmrkPLNLI3s75wW5h7XhWww q5BQD+2w==; Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lgv62-00AmeK-4K for linux-arm-kernel@lists.infradead.org; Wed, 12 May 2021 20:04:43 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 07D4C613FB; Wed, 12 May 2021 20:04:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620849879; bh=KV/kbZd31J8snv17/g8BAEhBEHm7mAyytVKpZqg3zA0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=inc5AvJgcd9lavh0t/B/EzghYuDxnl7fL46NWCRgeeCX+fOBqrignfUptxNfGL8Eh YA5AEAHGbu6swO4mKkEiDRp3WZDo8PZ93qISy+1i2oQh31ZRIGxg+Na0rZIMdoPck4 UD2VaiKq+YFruaRas2sSuAjUngZ34OgFXJW4yJJoRitM3lrB1EkF+inxNwBIZlw7TS 6PA7XQaTN4ejeor5yFGLR5cZFI+ssWDJS5HkZQdnMUL48eMC7feJuW8MUzpvJubK4Z bqAGPhrGSSxM2bALvhos0Ek6JRJFszpGFDGj3y+kr4lNCZC3qYnXJfKN4+0w2TlGj2 2fQr64TW/u7Kw== Date: Wed, 12 May 2021 13:04:37 -0700 From: Eric Biggers To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, herbert@gondor.apana.org.au, will@kernel.org, kernel-team@android.com Subject: Re: [PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly Message-ID: References: <20210512184439.8778-1-ardb@kernel.org> <20210512184439.8778-2-ardb@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210512184439.8778-2-ardb@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210512_130442_237961_9F8F1146 X-CRM114-Status: GOOD ( 15.29 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, May 12, 2021 at 08:44:33PM +0200, Ard Biesheuvel wrote: > There are corner cases where skcipher_walk_aead_[en|de]crypt() may be > invoked with a zero sized input, which is not rejected by the walker > code, but results in the skcipher_walk structure to not be fully > initialized. This will leave stale values in its page and buffer > members, which will be subsequently passed to kfree() or free_page() by > skcipher_walk_done(), resulting in a crash if those routines fail to > identify them as in valid inputs. > > Fix this by setting page and buffer to NULL even if the size of the > input is zero. > > Signed-off-by: Ard Biesheuvel Is this fixing an existing bug, or only a bug that got exposed by this patchset? It would be helpful to make that clear (and if it fixes an existing bug, include a Fixes tag). Also, skcipher_walk_virt() doesn't set page and buffer to NULL, as it is currently expected that skcipher_walk_done() is only called when walk.nbytes != 0. Is something different for skcipher_walk_aead_[en|de]crypt()? - Eric _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel