lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 01 Apr 2009 21:22:10 +0200
From:	Andreas Robinson <andr345@...il.com>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Alain Knaff <alain@...ff.lu>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] lib: add fast lzo decompressor

On Wed, 2009-04-01 at 09:12 -0700, H. Peter Anvin wrote:
> Andreas Robinson wrote:
> > This patch adds an LZO decompressor tweaked to be faster than
> > the 'safe' decompressor already in the kernel.
> > 
> > On x86_64, it runs in roughly 80% of the time needed by the safe
> > decompressor.
> > 
> > This function is inherently insecure and can cause buffer overruns.
> > It is only intended for decompressing implicitly trusted data, such
> > as an initramfs and the kernel itself.
> > 
> > As such, the function is neither exported nor declared in a header.
> > 
> 
> OK, I'm more than a bit nervous about that, especially since we're
> trying to make the decompression functions more generic.

Perhaps the system can default to the safe decompressor for normal use
and choose the fast one if STATIC is defined or when system_state ==
SYSTEM_BOOTING?

> Furthermore, is there a specific reason you didn't implent this for the
> kernel itself as well as for the initramfs?  I'd really would strongly
> prefer if the two compression sets didn't diverge.

There is a patch but I wanted to be sure that I had not missed anything
before submtting it, and also have a look at possibly supporting more
architectures. But I'll post it shortly.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ