| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120201235204.GA18950@kroah.com> Date: Wed, 1 Feb 2012 15:52:04 -0800 From: Greg KH <gregkh@...uxfoundation.org> To: Alexey Dobriyan <adobriyan@...il.com> Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: [06/20] crypto: sha512 - reduce stack usage to safe number On Thu, Feb 02, 2012 at 02:42:08AM +0300, Alexey Dobriyan wrote: > On Wed, Feb 01, 2012 at 12:14:08PM -0800, Greg KH wrote: > > @@ -87,38 +87,48 @@ sha512_transform(u64 *state, const u8 *i > > u64 a, b, c, d, e, f, g, h, t1, t2; > > > > int i; > > - u64 W[80]; > > + u64 W[16]; > > This needs 3rd companion patch which does stack reduction even on i386. > Patch which removes excessive loop unrolling and thus fixes the problem > has been posted. Maybe there is some other way to maintain low stack > space on i386 but I haven't found it. > > http://marc.info/?l=linux-netdev&m=132768692525017&w=4 > > If you apply only 2, original bug will be fixed, but on at least i386 > stack usage could go in 900-byte region. But this patch isn't in Linus's tree yet, right? So, should I just drop this one for now (well both of them) or just wait for the above referenced patch to hit Linus's tree and handle it then? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists