| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200401225304.GA16019@gondor.apana.org.au>
Date: Thu, 2 Apr 2020 09:53:04 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Marco Elver <elver@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>,
syzbot <syzbot+6a6bca8169ffda8ce77b@...kaller.appspotmail.com>,
Borislav Petkov <bp@...en8.de>,
David Miller <davem@...emloft.net>,
"H. Peter Anvin" <hpa@...or.com>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...hat.com>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Thomas Gleixner <tglx@...utronix.de>,
the arch/x86 maintainers <x86@...nel.org>
Subject: Re: KCSAN: data-race in glue_cbc_decrypt_req_128bit /
glue_cbc_decrypt_req_128bit
On Wed, Apr 01, 2020 at 09:20:28AM -0700, Eric Biggers wrote:
>
> The issue is that fixing it would require adding READ_ONCE() / WRITE_ONCE() in
> hundreds of different places, affecting most crypto-related .c files.
I don't think we should be doing that. This is exactly the same
as using sendfile(2) and modifying the data during the send. As
long as you don't trigger behaviours such as crashes or uncontrolled
execution then it's fine. The output is simply undefined.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists