lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK8P3a3zvmAtkmqHhNO4788WQ8kbunSW8Jp-nA+hYHc2YmziEg@mail.gmail.com> Date: Thu, 12 Jul 2018 23:15:51 +0200 From: Arnd Bergmann <arnd@...db.de> To: Kees Cook <keescook@...omium.org> Cc: Herbert Xu <herbert@...dor.apana.org.au>, "Gustavo A. R. Silva" <gustavo@...eddedor.com>, Eric Biggers <ebiggers@...gle.com>, Alasdair Kergon <agk@...hat.com>, Giovanni Cabiddu <giovanni.cabiddu@...el.com>, Lars Persson <larper@...s.com>, Mike Snitzer <snitzer@...hat.com>, Rabin Vincent <rabinv@...s.com>, Tim Chen <tim.c.chen@...ux.intel.com>, "David S. Miller" <davem@...emloft.net>, Masahiro Yamada <yamada.masahiro@...ionext.com>, "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" <linux-crypto@...r.kernel.org>, qat-linux@...el.com, dm-devel@...hat.com, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com> Subject: Re: [PATCH v4 13/14] rxrpc: Prepare to remove VLA usage for SKCIPHER_REQUEST_ON_STACK On Thu, Jul 12, 2018 at 10:30 PM, Kees Cook <keescook@...omium.org> wrote: > On Thu, Jul 12, 2018 at 1:23 PM, Kees Cook <keescook@...omium.org> wrote: >> On Thu, Jul 12, 2018 at 8:11 AM, Arnd Bergmann <arnd@...db.de> wrote: >>> On Wed, Jul 11, 2018 at 10:36 PM, Kees Cook <keescook@...omium.org> wrote: >>>> Two uses of SKCIPHER_REQUEST_ON_STACK() will trigger FRAME_WARN warnings >>>> (when less than 2048) once the VLA is no longer hidden from the check: >>>> >>>> net/rxrpc/rxkad.c:398:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] >>>> net/rxrpc/rxkad.c:242:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] >>>> >>>> This bumps the affected objects by 20% to silence the warnings while >>>> still providing coverage is anything grows even more. >>>> >>>> Signed-off-by: Kees Cook <keescook@...omium.org> >>> >>> (adding David Howells to cc) >>> >>> I don't think these are in a fast path, it should be possible to just use >>> skcipher_alloc_req() instead of SKCIPHER_REQUEST_ON_STACK() here. >>> From what I can tell, neither of the two are called in atomic context, so >>> you should be able to use a GFP_KERNEL allocation. >> >> Sure, I can do that instead. > > Actually, I think this can actually be adjusted to just re-use the > stack allocation, since rxkad_verify_packet() finishes one before > doing another in rxkad_verify_packet_1(): That looks very nice, yes. The same thing is needed in rxkad_secure_packet(), right? Arnd
Powered by blists - more mailing lists