[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f097e95715f0ff43929a4cb56b1ad29c2f2b1c44.camel@huaweicloud.com>
Date: Fri, 02 Jun 2023 19:52:29 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
Herbert Xu <herbert@...dor.apana.org.au>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Eric Biggers <ebiggers@...nel.org>,
Stefan Berger <stefanb@...ux.ibm.com>, davem@...emloft.net,
zohar@...ux.ibm.com, dmitry.kasatkin@...il.com,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
Jarkko Sakkinen <jarkko@...nel.org>,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [GIT PULL] Asymmetric keys fix for v6.4-rc5
On Fri, 2023-06-02 at 13:38 -0400, Linus Torvalds wrote:
> On Fri, Jun 2, 2023 at 10:41 AM Roberto Sassu
> <roberto.sassu@...weicloud.com> wrote:
> > sorry for this unusual procedure of me requesting a patch to be pulled.
> > I asked for several months the maintainers (David: asymmetric keys,
> > Jarkko: key subsystem) to pick my patch but without any luck.
>
> Hmm.
>
> The patch behind that tag looks sane to me, but this is not code I am
> hugely familiar with.
>
> Who is the caller that passes in the public_key_signature data on the
> stack to public_key_verify_signature()? This may well be the right
> point to move it away from the stack in order to have a valid sg-list,
> but even if this patch is all good, it would be nice to have the call
> chain documented as part of the commit message.
Oh, it seems it was only in the first version of the patch:
https://lore.kernel.org/linux-kernel/20221104122023.1750333-1-roberto.sassu@huaweicloud.com/
Originally, the kernel panic was due to EVM, but I later found that IMA
Appraisal could have caused the same.
> > I signed the tag, but probably it would not matter, since my key is not
> > among your trusted keys.
>
> It does matter - I do pull from people even without full chains, I
> just end up being a lot more careful, and I still want to see the
> signature for any future reference...
Ok, then it makes sense to push my key to a key server.
Thanks
Roberto
> DavidH, Herbert, please comment:
>
> > https://github.com/robertosassu/linux.git tags/asym-keys-fix-for-linus-v6.4-rc5
>
> basically public_key_verify_signature() is passed that
>
> const struct public_key_signature *sig
>
> as an argument, and currently does
>
> sg_init_table(src_sg, 2);
> sg_set_buf(&src_sg[0], sig->s, sig->s_size);
> sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
>
>
> on it which is *not* ok if the s->s and s->digest points to stack data
> that ends up not dma'able because of a virtually mapped stack.
>
> The patch re-uses the allocation it already does for the key data, and
> it seems sane.
>
> But again, this is not code I look at normally, so...
>
> Linus
Powered by blists - more mailing lists