From mboxrd@z Thu Jan 1 00:00:00 1970 From: jmorris@namei.org (James Morris) Date: Thu, 10 May 2018 05:19:31 +1000 (AEST) Subject: [PATCH v3 1/3] big key: get rid of stack array allocation In-Reply-To: References: <20180424202639.19830-1-tycho@tycho.ws> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Tue, 8 May 2018, Kees Cook wrote: > On Tue, Apr 24, 2018 at 1:26 PM, Tycho Andersen wrote: > > We're interested in getting rid of all of the stack allocated arrays in the > > kernel [1]. This patch simply hardcodes the iv length to match that of the > > hardcoded cipher. > > > > [1]: https://lkml.org/lkml/2018/3/7/621 > > > > v2: hardcode the length of the nonce to be the GCM AES IV length, and do a > > sanity check in init(), Eric Biggers > > v3: * remember to free big_key_aead when sanity check fails > > * define a constant for big key IV size so it can be changed along side > > the algorithm in the code > > > > Signed-off-by: Tycho Andersen > > CC: David Howells > > CC: James Morris > > CC: "Serge E. Hallyn" > > CC: Jason A. Donenfeld > > CC: Eric Biggers > > Please consider this and patches 2 and 3: > > Reviewed-by: Kees Cook > > James, are these something you can take into your tree? > > Thanks! > > -Kees > > > --- > > security/keys/big_key.c | 11 ++++++++++- > > 1 file changed, 10 insertions(+), 1 deletion(-) > > > > diff --git a/security/keys/big_key.c b/security/keys/big_key.c > > index 933623784ccd..2806e70d7f8f 100644 > > --- a/security/keys/big_key.c > > +++ b/security/keys/big_key.c > > @@ -22,6 +22,7 @@ > > #include > > #include > > #include > > +#include > > > > struct big_key_buf { > > unsigned int nr_pages; > > @@ -85,6 +86,7 @@ struct key_type key_type_big_key = { Sure! -- James Morris -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html