| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Jun 2017 15:55:29 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: darrick.wong@...cle.com
Cc: herbert@...dor.apana.org.au, linux-crypto@...r.kernel.org,
sparclinux@...r.kernel.org, linux-btrfs@...r.kernel.org,
clm@...com, jbacik@...com, dsterba@...e.com, matorola@...il.com,
sandeen@...deen.net, linux-xfs@...r.kernel.org,
linux-ext4@...r.kernel.org
Subject: Re: crypto: Work around deallocated stack frame reference gcc bug
on sparc.
From: David Miller <davem@...emloft.net>
Date: Fri, 02 Jun 2017 14:39:06 -0400 (EDT)
> From: "Darrick J. Wong" <darrick.wong@...cle.com>
> Date: Fri, 2 Jun 2017 11:08:08 -0700
>
>> ext4/jbd2's crc32c implementations will also need a fix like this for
>> {ext4,jbd2}_chksum. Note that both of these modules call the crypto api
>> directly to avoid a static dependence on libcrc32c; this was done to
>> reduce kernel footprint for applications that don't need it. (ext2,
>> ext3, and ext4 before the metadata_csum feature existed).
>
> Good catch. I even looked at that code the other day so should
> have spotted it as well.
>
> I'll integrate fixes for those into my patch when I get a chance,
> thanks!
Actually, ext4 doesn't trigger the problem because the on-stack object
used in ext4 is a fixed size at compile time. Which is technically an
ill-advised assumption to make. Even the generic libcrc32c.c doesn't
assume that the context area is 4 bytes for crc32c.
Anyways, back to the main point, the gcc bug only triggers when
alloca() like constructs are used.
That's why I scanned for SHASH_DESC_ON_STACK() to see exactly where
the workaround is necessary.
Powered by blists - more mailing lists