From: Mikulas Patocka <mpatocka@redhat.com>
To: Milan Broz <gmazyland@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
dm-devel@lists.linux.dev
Subject: Re: dm-crypt: Extend state buffer size in crypt_iv_lmk_one
Date: Mon, 23 Jun 2025 11:40:39 +0200 (CEST) [thread overview]
Message-ID: <cc21e81d-e03c-a8c8-e32c-f4e52ce18891@redhat.com> (raw)
In-Reply-To: <afeb759d-0f6d-4868-8242-01157f144662@gmail.com>
On Fri, 20 Jun 2025, Milan Broz wrote:
> Hi,
>
> On 6/20/25 6:09 AM, Herbert Xu wrote:
> > The output buffer size of of crypto_shash_export is returned by
> > crypto_shash_statesize. Alternatively HASH_MAX_STATESIZE may be
> > used for stack buffers.
> >
> > Fixes: 8cf4c341f193 ("crypto: md5-generic - Use API partial block handling")
> > Reported-by: Milan Broz <gmazyland@gmail.com>
> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> Yes, that fixes the issue, thanks!
>
> Tested-by: Milan Broz <gmazyland@gmail.com>
>
> Mikulas, I think this should go through DM tree, could you send it for 6.16?
> The full patch is here
> https://lore.kernel.org/linux-crypto/aFTe3kDZXCAzcwNq@gondor.apana.org.au/T/#u
>
> > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> > index 9dfdb63220d7..cb4617df7356 100644
> > --- a/drivers/md/dm-crypt.c
> > +++ b/drivers/md/dm-crypt.c
> > @@ -517,7 +517,10 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8
> > *iv,
> > {
> > struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
> > SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
> > - struct md5_state md5state;
> > + union {
> > + struct md5_state md5state;
> > + u8 state[HASH_MAX_STATESIZE];
> > + } u;
Hi
345 bytes on the stack - I think it's too much, given the fact that it
already uses 345 bytes (from SHASH_DESC_ON_STACK) and it may be called in
a tasklet context. I'd prefer a solution that allocates less bytes.
I don't see the beginning of this thread, so I'd like to ask what's the
problem here, what algorithm other than md5 is used here that causes the
buffer overflow?
Mikulas
next prev parent reply other threads:[~2025-06-23 9:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 21:17 OOPs in 6.16-rc2 crypto_shash_export due to partial block handling Milan Broz
2025-06-20 4:09 ` dm-crypt: Extend state buffer size in crypt_iv_lmk_one Herbert Xu
2025-06-20 8:04 ` Milan Broz
2025-06-23 9:40 ` Mikulas Patocka [this message]
2025-06-23 11:11 ` [v2 PATCH] " Herbert Xu
2025-06-23 11:55 ` Milan Broz
2025-06-23 12:42 ` Mikulas Patocka
2025-06-23 18:22 ` Eric Biggers
2025-06-24 16:59 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cc21e81d-e03c-a8c8-e32c-f4e52ce18891@redhat.com \
--to=mpatocka@redhat.com \
--cc=agk@redhat.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).