lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 8 Oct 2022 17:53:50 +0200
From:   Ard Biesheuvel <ardb@...nel.org>
To:     "Guilherme G. Piccoli" <gpiccoli@...lia.com>
Cc:     Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, kernel-dev@...lia.com,
        kernel@...ccoli.net, anton@...msg.org, ccross@...roid.com,
        tony.luck@...el.com
Subject: Re: [PATCH 5/8] pstore: Fix long-term implicit conversions in the
 compression routines

On Sat, 8 Oct 2022 at 16:14, Guilherme G. Piccoli <gpiccoli@...lia.com> wrote:
>
> On 07/10/2022 16:37, Kees Cook wrote:
> > On Fri, Oct 07, 2022 at 10:47:01AM +0200, Ard Biesheuvel wrote:
> >> [...]
> >> Isn't this the stuff we want to move into the crypto API?
> >
> > It is, yes. Guilherme, for background:
> > https://lore.kernel.org/linux-crypto/20180802215118.17752-1-keescook@chromium.org/
> >
>
> Thanks a bunch Kees / Ard for pointing me that!
>
> But I'm confused with regards to the state of this conversion: the
> patches seem to be quite mature and work fine, but at the same time,
> they focus in what Herbert consider a deprecated/old API, so they were
> never merged right?
>
> The proposal from Ard (to move to crypto scomp/acomp) allow to rework
> the zbufsize worst case thing and wire it on such new API, correct? Do
> you intend to do that Kees?
>
> At the same time, I feel it is still valid to avoid these bunch of
> implicit conversions on pstore, as this patch proposes - what do you all
> think?
>
> I could rework this one on top of Ard's acomp migration while we don't
> have an official zbufsize API for on crypto scomp - and once we have,
> it'd be just a matter of removing the zbufsize functions of pstore and
> make use of the new API, which shouldn't be affected by this implicit
> conversion fix.
>

So one thing I don't understand about these changes is why we need
them in the first place.

The zbufsize routines are all worst case routines, which means each
one of those will return a value that exceeds the size parameter.

We only use compression for dmesg, which compresses quite well. If it
doesn't compress well, there is probably something wrong with the
input data, so preserving it may not be as critical. And if
compressing the data makes it bigger, can't we just omit the
compression for that particular record?

In summary, while adding zbufsize to the crypto API seems a reasonable
thing to do, I don't see why we'd want to make use of it in pstore -
can't we just use the decompressed size as the worst case compressed
size for all algorithms, and skip the compression if it doesn't fit?

Or am I missing something here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ