lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170602.155529.599501370529389401.davem@davemloft.net> Date: Fri, 02 Jun 2017 15:55:29 -0400 (EDT) From: David Miller <davem@...emloft.net> To: darrick.wong@...cle.com Cc: herbert@...dor.apana.org.au, linux-crypto@...r.kernel.org, sparclinux@...r.kernel.org, linux-btrfs@...r.kernel.org, clm@...com, jbacik@...com, dsterba@...e.com, matorola@...il.com, sandeen@...deen.net, linux-xfs@...r.kernel.org, linux-ext4@...r.kernel.org Subject: Re: crypto: Work around deallocated stack frame reference gcc bug on sparc. From: David Miller <davem@...emloft.net> Date: Fri, 02 Jun 2017 14:39:06 -0400 (EDT) > From: "Darrick J. Wong" <darrick.wong@...cle.com> > Date: Fri, 2 Jun 2017 11:08:08 -0700 > >> ext4/jbd2's crc32c implementations will also need a fix like this for >> {ext4,jbd2}_chksum. Note that both of these modules call the crypto api >> directly to avoid a static dependence on libcrc32c; this was done to >> reduce kernel footprint for applications that don't need it. (ext2, >> ext3, and ext4 before the metadata_csum feature existed). > > Good catch. I even looked at that code the other day so should > have spotted it as well. > > I'll integrate fixes for those into my patch when I get a chance, > thanks! Actually, ext4 doesn't trigger the problem because the on-stack object used in ext4 is a fixed size at compile time. Which is technically an ill-advised assumption to make. Even the generic libcrc32c.c doesn't assume that the context area is 4 bytes for crc32c. Anyways, back to the main point, the gcc bug only triggers when alloca() like constructs are used. That's why I scanned for SHASH_DESC_ON_STACK() to see exactly where the workaround is necessary.
Powered by blists - more mailing lists