e\xba\xbe\xfa\xce\xdb\xad"
| ^~
Signed-off-by: Kees Cook
---
Cc: Herbert Xu
Cc: Eric Biggers
Cc: Ard Biesheuvel
Cc: "David S. Miller"
Cc:
---
lib/crypto/aescfb.c | 8
lib/crypto/aesgcm.c | 46 ++---
2 files changed, 27 in
On Wed, May 28, 2025 at 07:15:18PM +0200, Jann Horn wrote:
> On Wed, May 28, 2025 at 6:46 PM Kees Cook wrote:
> > On Tue, May 27, 2025 at 11:14:27PM -0700, Eric Biggers wrote:
> > > If this new sanitizer is going to move forward, is there any sort of plan
> > > or
&g
the more versatile Overflow Behavior Types:
https://discourse.llvm.org/t/rfc-v2-clang-introduce-overflowbehaviortypes-for-wrapping-and-non-wrapping-arithmetic/86507
and our current testing is showing many fewer false positives. (Having
run syzkaller for weeks now.)
> Documentation/dev-tools/ubsan.rst says nothing about this and only mentions
> "undefined behavior", which this is not.
Right -- this will get extensive documentation before we move it out of
its development phase.
I'm not sure how to enforce "don't enable this unless you're developing
the Overflow Behavior Types" with current Kconfig, given the randconfig
gap... I have some memory of Arnd doing something special with his
randconfigs to avoid these kinds of things, but I can't find it now.
-Kees
--
Kees Cook
ype.)
The assigned type is "struct idxd_wq **", but the returned type will be
"struct wq **". These are the same size allocation (pointer sized), but
the types don't match. Adjust the allocation type to match the assignment.
Signed-off-by: Kees Cook
---
Cc: Kristen Accardi
Cc
kCFI is enabled.
>
> Cc: Kees Cook
> Cc: Linus Walleij
> Signed-off-by: Ard Biesheuvel
Reviewed-by: Kees Cook
--
Kees Cook
.cra_ctxsize= sizeof(struct nx842_crypto_ctx),
+ .cra_ctxsize= struct_size_t(struct nx842_crypto_ctx,
header.group,
+ NX842_CRYPTO_GROUP_MAX),
.cra_module = THIS_MODULE,
.cra_init = nx842_pseries_crypto_init,
.cra_exit = nx842_crypto_exit,
--
Kees Cook
On Fri, Feb 02, 2024 at 12:01:55PM +0100, Marco Elver wrote:
> On Fri, 2 Feb 2024 at 11:16, Kees Cook wrote:
> > [...]
> > +config UBSAN_UNSIGNED_WRAP
> > + bool "Perform checking for unsigned arithmetic wrap-around"
> > + depends on $(cc-option
still extremely noisy, but gets us to a common point where
we can continue experimenting with the sanitizer.
Cc: x...@kernel.org
Cc: net...@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Kees Cook
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/apic/Makefile | 1 +
arch
To allow for fine-grained control of where the wrapping sanitizers can
be disabled, split them from the main UBSAN CFLAGS into their own set of
rules.
Cc: Masahiro Yamada
Cc: Nathan Chancellor
Cc: Nicolas Schier
Cc: linux-kbu...@vger.kernel.org
Signed-off-by: Kees Cook
---
scripts
ot; is in effect.)
Cc: Andrey Konovalov
Cc: Marco Elver
Cc: linux-...@vger.kernel.org
Cc: linux-kbu...@vger.kernel.org
Signed-off-by: Kees Cook
---
Documentation/dev-tools/ubsan.rst | 28
arch/arm/Kconfig | 2 +-
arch/arm64/Kconfig
Yamada
Cc: Nathan Chancellor
Cc: Nicolas Schier
Cc: linux-kbu...@vger.kernel.org
Signed-off-by: Kees Cook
---
include/linux/compiler_types.h | 7 ++-
lib/Kconfig.ubsan | 8
lib/test_ubsan.c | 33 +
lib/ubsan.c
Chancellor
Cc: Masahiro Yamada
Cc: Nicolas Schier
Cc: Nick Desaulniers
Cc: Bill Wendling
Cc: linux-kbu...@vger.kernel.org
Cc: l...@lists.linux.dev
Signed-off-by: Kees Cook
---
scripts/Makefile.ubsan | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/Makefile.ubsan b
s/27 [2]
Link: https://github.com/KSPP/linux/issues/344 [3]
Cc: Justin Stitt
Cc: Miguel Ojeda
Cc: Nathan Chancellor
Cc: Nick Desaulniers
Cc: Peter Zijlstra
Cc: Marco Elver
Cc: Hao Luo
Cc: Przemek Kitszel
Signed-off-by: Kees Cook
---
include/linux/compiler_types.h | 14 ++-
lib
/KSPP/linux/issues/344 [3]
Kees Cook (6):
ubsan: Use Clang's -fsanitize-trap=undefined option
ubsan: Reintroduce signed and unsigned overflow sanitizers
ubsan: Introduce CONFIG_UBSAN_POINTER_WRAP
ubsan: Remove CONFIG_UBSAN_SANITIZE_ALL
ubsan: Split wrapping sanitizer Makefile rules
first steps
done. And then once the sanitizers are in good shape, the fuzzers can grind.
(I'm trying to add some parallelism to this project; this code pattern was
known so I figured we could address it now.)
-Kees
--
Kees Cook
nel.org/linus/68df3755e383e6fecf2354a67b08f92f18536594 [1]
Link: https://github.com/KSPP/linux/issues/26 [2]
Link: https://github.com/KSPP/linux/issues/27 [3]
Link: https://github.com/KSPP/linux/issues/344 [4]
Cc: Herbert Xu
Cc: "David S. Miller"
Cc: Aditya Srivastava
Cc: Randy Dunlap
Cc: linux-crypto@vger.kernel.org
S
-crypto@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/crypto/axis/artpec6_crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/axis/artpec6_crypto.c
b/drivers/crypto/axis/artpec6_crypto.c
index dbc1d483f2af..cbec539f0e20 100644
--- a/drivers/crypto/axis
om Rix
Cc: Adam Guerin
Cc: Lucas Segarra Fernandez
Cc: Andy Shevchenko
Cc: qat-li...@intel.com
Cc: linux-crypto@vger.kernel.org
Cc: l...@lists.linux.dev
Signed-off-by: Kees Cook
---
drivers/crypto/intel/qat/qat_common/adf_fw_counters.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
di
py(buf, str, sizeof(buf));
> for (i = 0; i < 16; i++) {
> if (!isdigit(buf[i])) {
I was initially worried when I saw this walking the entire contents, but
I see it is explicitly zeroed on the stack first, so this is fine:
char buf[16] = {0};
Reviewed-by: Kees
tps://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
> [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-
-through
All switch/case blocks must end in one of:
break;
fallthrough;
continue;
goto ;
return [expression];
[3] https://cwe.mitre.org/data/definitions/484.html
--
Kees Cook
inal series may be lower, but there
are still bugs being found from it -- we need to finish this and shut
the door on it for good.)
--
Kees Cook
On Mon, Nov 23, 2020 at 05:32:51PM -0800, Nick Desaulniers wrote:
> On Sun, Nov 22, 2020 at 8:17 AM Kees Cook wrote:
> >
> > On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> > > If none of the 140 patches here fix a real bug, and there is no change
>
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
ngs are supposed to warn about issues that could
> be bugs. Falling through to default: break; can hardly be a bug?!
It's certainly a place where the intent is not always clear. I think
this makes all the cases unambiguous, and doesn't impact the machine
code, since the compiler will happily optimize away any behavioral
redundancy.
--
Kees Cook
On Fri, Oct 16, 2020 at 01:12:24AM -0700, syzbot wrote:
> dashboard link: https://syzkaller.appspot.com/bug?extid=92ead4eb8e26a26d465e
> [...]
> Reported-by: syzbot+92ead4eb8e26a26d4...@syzkaller.appspotmail.com
> [...]
> UBSAN: array-index-out-of-bounds in crypto/af_alg.c:166:2
> index 91 is out o
build tests, I run those with COMPILE_TEST force-enabled.
Ah, I got this backwards. It's not COMPILE_TEST breaking it, it's
actually FIXING it. :P Anyway, I'll go clean this up more.
--
Kees Cook
On Thu, Aug 27, 2020 at 12:02:12PM -0700, Linus Torvalds wrote:
> On Thu, Aug 27, 2020 at 11:42 AM Kees Cook wrote:
> >
> > Do you mean you checked both gcc and clang and it was only a problem with
> > gcc?
>
> I didn't check with clang, but Arnd claimed it was
CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool)
CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum)
endif
--
Kees Cook
ts, u64 fsize)
> > (unsigned long)total,
> > (unsigned long)beN_to_cpu(&p->ostart[offset], size));
> > + if (size > p->olen)
> > + return -ENOSPC;
> > +
> > memcpy(p->out, &p->ostart[offset], size);
> > p->out += size;
> > p->olen -= size;
> > @@ -345,6 +348,9 @@ int sw842_decompress(const u8 *in, unsigned int ilen,
> > if (!bytes || bytes > SHORT_DATA_BITS_MAX)
> > return -EINVAL;
> > + if (bytes > p.olen)
> > + return -ENOSPC;
> > +
> > while (bytes-- > 0) {
> > ret = next_bits(&p, &tmp, 8);
> > if (ret)
> >
Reviewed-by: Kees Cook
--
Kees Cook
On Tue, May 05, 2020 at 04:36:49PM -0700, Nick Desaulniers wrote:
> On Tue, May 5, 2020 at 4:22 PM Jason A. Donenfeld wrote:
> >
> > On Tue, May 5, 2020 at 5:19 PM Kees Cook wrote:
> > >
> > > (Though as was mentioned, it's likely that FORTIFY_SOURCE isn&#x
so I may still send a patch to depend on !clang
just to avoid surprises until it's fixed, but I haven't had time to
chase down a solution yet.)
--
Kees Cook
o you think it should just be dropped in each patch?
--
Kees Cook
lude/asm/asm.h |1
> include/asm/paravirt_types.h| 25 +++--
> include/asm/pm-trace.h |2
> include/asm/processor.h |6 +-
> kernel/acpi/wakeup_64.S | 31 ++-
> kernel/head_64.S| 16 +++---
> kernel/relocate_kernel_64.S |2
> power/hibernate_asm_64.S|4 -
> 29 files changed, 306 insertions(+), 213 deletions(-)
>
> Patchset is based on next-20190708.
>
>
--
Kees Cook
m/include/asm/io.h:299:29: note: in expansion of macro ‘__raw_writel’
> #define writel_relaxed(v,c) __raw_writel((__force u32) cpu_to_le32(v),c)
> ^~~~
> drivers/crypto/ux500/cryp/cryp.c:371:3: note: in expansion of macro
> ‘writel_relaxed’
>writ
e "little" fixes so
there's less to review for the big PIE changes down the road.
--
Kees Cook
stmgr.c:1420
> __alg_test_hash+0x26d/0x340 crypto/testmgr.c:1502
> alg_test_hash+0x22e/0x330 crypto/testmgr.c:1552
> alg_test.part.7+0x132/0x610 crypto/testmgr.c:4931
> alg_test+0x1f/0x40 crypto/testmgr.c:4952
>
> Fixes: b68a7ec1e9a3 ("crypto: hash - Remove VLA usage")
> Reported-by: Corentin Labbe
> Cc: # v4.20+
> Cc: Kees Cook
> Signed-off-by: Eric Biggers
Ah, yikes! Nice catch. Thanks for fixing this. :)
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Oct 17, 2018 at 7:41 AM, Gustavo A. R. Silva
wrote:
>
>
> On 10/17/18 9:20 AM, Antoine Tenart wrote:
>> Hi,
>>
>> On Wed, Oct 17, 2018 at 02:17:41PM +0800, Herbert Xu wrote:
>>> On Tue, Oct 16, 2018 at 09:44:02PM +0200, Gustavo A. R. Silva wrote:
>&
("Sizeof not portable")
> Fixes: 9744fec95f06 ("crypto: inside-secure - remove request list to improve
> performance")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
Luckily, this results in the same size, since it's still a pointer:
struct crypt
On Thu, Sep 27, 2018 at 10:08 PM, Herbert Xu
wrote:
> All applied. Thanks.
Awesome! Thanks :)
-Kees
--
Kees Cook
Pixel Security
it as a fix, and handle the conflict with Kees's
> patch in cryptodev. Otherwise, I can respin it to apply onto cryptodev
> directly. The patch was build tested only - I don't have the hardware.
I think the depth warning is minor (90 bytes over), so I don't think
it's high priority to backport the fix. I'm fine either way, of
course.
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
On Mon, Sep 24, 2018 at 9:49 PM, Herbert Xu wrote:
> On Mon, Sep 24, 2018 at 05:49:37PM -0700, Kees Cook wrote:
>>
>> > Kees Cook (23):
>> > crypto: skcipher - Introduce crypto_sync_skcipher
>> > gss_krb5: Remove VLA usage of skcipher
>>
On Tue, Sep 18, 2018 at 7:10 PM, Kees Cook wrote:
> This is the full follow-up to earlier discussions[1] that suggested
> adding a new struct crypto_sync_skcipher to handle the VLA removal from
> SKCIPHER_REQUEST_ON_STACK.
>
> This series is effectively a no-op change: everythi
On Mon, Sep 24, 2018 at 4:52 AM, Ard Biesheuvel
wrote:
> On Wed, 19 Sep 2018 at 04:11, Kees Cook wrote:
>> @@ -119,7 +119,7 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
>> unsigned in_offs, out_offs;
>> int err;
>>
>> -
On Mon, Sep 24, 2018 at 4:45 AM, Ard Biesheuvel
wrote:
> On Wed, 19 Sep 2018 at 04:11, Kees Cook wrote:
>>
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
>> with stru
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Jesper Nilsson
Cc: Lars Persson
Cc: linux-arm-ker...@axis.com
Signed-off-by: Kees Cook
---
drivers/crypto/axis/artpec6_crypto.c | 19 +--
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/axis
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Jamie Iles
Cc: linux-arm-ker...@lists.infradead.org
Signed-off-by: Kees Cook
---
drivers/crypto/picoxcell_crypto.c | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/picoxcell_crypto.c
b/drivers
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Himanshu Jha
Signed-off-by: Kees Cook
---
drivers/crypto/qce/ablkcipher.c | 13 ++---
drivers/crypto/qce/cipher.h | 2 +-
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/qce/ablkcipher.c b/drivers/crypto/qce
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/mxs-dcp.c | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c
index a10c418d4e5c..430174be6f92 100644
--- a/drivers
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Harsh Jain
Signed-off-by: Kees Cook
---
drivers/crypto/chelsio/chcr_algo.c | 27 ++-
drivers/crypto/chelsio/chcr_crypto.h | 2 +-
2 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/chelsio
Now that all the users of the VLA-generating SKCIPHER_REQUEST_ON_STACK()
macro have been moved to SYNC_SKCIPHER_REQUEST_ON_STACK(), we can remove
the former.
Signed-off-by: Kees Cook
---
include/crypto/skcipher.h | 5 -
1 file changed, 5 deletions(-)
diff --git a/include/crypto/skcipher.h
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Alexander Aring
Cc: Stefan Schmidt
Cc: linux-w...@vger.kernel.org
Signed-off-by: Kees Cook
---
net/mac802154/llsec.c | 16
net/mac802154/llsec.h | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/net/mac802154
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: x...@kernel.org
Signed-off-by: Kees Cook
---
arch/x86/crypto/fpu.c | 30 --
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/arch/x86/crypto/fpu.c b/arch/x86/crypto/fpu.c
index 406680476c52..be9b3766f241
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Martin Schwidefsky
Cc: Heiko Carstens
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook
---
arch/s390/crypto/aes_s390.c | 48 ++---
1 file changed, 24 insertions(+), 24 deletions(-)
diff --git a/arch/s390/crypto
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Ilya Dryomov
Cc: "Yan, Zheng"
Cc: Sage Weil
Cc: ceph-de...@vger.kernel.org
Signed-off-by: Kees Cook
---
net/ceph/crypto.c | 12 ++--
net/ceph/crypto.h | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/net/cep
_set_flags()
crypto_sync_skcipher_clear_flags()
crypto_sync_skcipher_blocksize()
crypto_sync_skcipher_ivsize()
crypto_sync_skcipher_reqtfm()
skcipher_request_set_sync_tfm()
SYNC_SKCIPHER_REQUEST_ON_STACK() (with tfm type check)
Signed-off-by: Kees Cook
-
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Johannes Berg
Cc: linux-wirel...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 34 +--
drivers/staging/rtl8192e/rtllib_crypt_wep.c | 28 +++
.../rtl8192u/ieee80211
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Jens Axboe
Cc: linux-bl...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/block/cryptoloop.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Paul Mackerras
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/net/ppp/ppp_mppe.c | 27 ++-
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/algif_aead.c | 12 ++--
crypto/authenc.c| 8
crypto/authencesn.c | 8
crypto/crypto_null.c| 11 +--
crypto/echainiv.c
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Greg Kroah-Hartman
Cc: Felipe Balbi
Cc: Johan Hovold
Cc: "Gustavo A. R. Silva"
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
drivers/usb/wusbcore/crypto.c | 16
1 file changed, 8 insertions(+), 8 deletion
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: David Howells
Cc: linux-...@lists.infradead.org
Signed-off-by: Kees Cook
---
net/rxrpc/ar-internal.h | 2 +-
net/rxrpc/rxkad.c | 44 -
2 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/net
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: "Leonidas S. Barbosa"
Cc: Paulo Flabiano Smorigo
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Michael Ellerman
Cc: linuxppc-...@lists.ozlabs.org
Signed-off-by: Kees Cook
---
drivers/crypto/vmx/aes_cbc.c | 22 +++--
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Tom Lendacky
Cc: Gary Hook
Signed-off-by: Kees Cook
---
drivers/crypto/ccp/ccp-crypto-aes-xts.c | 13 +++--
drivers/crypto/ccp/ccp-crypto.h | 2 +-
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/ccp/ccp
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/sahara.c | 31 +++
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/drivers/crypto/sahara.c b/drivers/crypto/sahara.c
index e7540a5b8197..bbf166a97ad3 100644
--- a
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/cryptd.c | 32 +---
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index addca7bae33f..7118fb5efbaa 100644
--- a/crypto/cryptd.c
+++ b/crypto
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/omap-aes.c | 17 -
drivers/crypto/omap-aes.h | 2 +-
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index 9019f6b67986
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Cc: Trond Myklebust
Cc: Anna Schumaker
Cc: "J. Bruce Fields"
Cc: Jeff Layton
Cc: YueHaibing
Cc: linux-...@vger.kernel.org
Signed-off-by: Kees Cook
---
include/linux/sunrpc/gss_krb5.h | 30 -
net/sunrpc/auth_gss/gss_krb5_cry
enforcement
for not putting an ASYNC skcipher on the stack, which allows us to
declare the on-stack requests with a fixed stack size.
[1]
https://lkml.kernel.org/r/CAGXu5j+bpLK=EQ9LHkO8V=sdaQwt==6fbghgn2vi1e9_wxs...@mail.gmail.com
-Kees
Kees Cook (23):
crypto: skcipher - Introduce
On Thu, Sep 13, 2018 at 11:23 AM, Kees Cook wrote:
> RFC follow-up to
> https://lkml.kernel.org/r/CAGXu5j+bpLK=EQ9LHkO8V=sdaQwt==6fbghgn2vi1e9_wxs...@mail.gmail.com
>
> The core API changes:
>
> struct crypto_sync_skcipher
> crypt
es of SKCIPHER_REQUEST_ON_STACK().
Signed-off-by: Kees Cook
---
crypto/skcipher.c | 24 +
drivers/crypto/ccp/ccp-crypto-aes-xts.c | 10
drivers/crypto/ccp/ccp-crypto.h | 2 +-
include/crypto/skcipher.h | 34 -
4
On Thu, Sep 13, 2018 at 9:46 AM, Kees Cook wrote:
> On Mon, Sep 10, 2018 at 10:52 PM, Herbert Xu
> wrote:
>> On Fri, Sep 07, 2018 at 08:56:23AM +0200, Ard Biesheuvel wrote:
>>>
>>> OK, so given that all SKCIPHER_REQUEST_ON_STACK occurrences are
>>> up
rypt(nreq);
For the above, we'd also need:
sync_skcipher_request_set_tfm()
sync_skcipher_request_set_callback()
sync_skcipher_request_set_crypt()
-Kees
--
Kees Cook
Pixel Security
On Mon, Sep 3, 2018 at 8:13 PM, Herbert Xu wrote:
> On Tue, Aug 07, 2018 at 02:18:39PM -0700, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this uses
>> the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
>> bounds on
On Thu, Sep 6, 2018 at 8:42 PM, Herbert Xu wrote:
> On Thu, Sep 06, 2018 at 03:58:52PM -0700, Kees Cook wrote:
>>
>> @@ -437,6 +442,12 @@ static inline struct crypto_skcipher
>> *crypto_skcipher_reqtfm_check(
>> {
>> struct crypto_skcipher
possible.
Signed-off-by: Kees Cook
---
include/crypto/skcipher.h | 33 +++--
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 2f327f090c3e..6e954d398e0f 100644
--- a/include/crypto/skcipher.h
+++ b
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
include/crypto/skcipher.h | 28
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 3aabd5d098ed..cca216999bf1
tfm argument after VLA removal.
-Kees
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Kees Cook (4):
crypto: skcipher - Consolidate encrypt/decrypt sanity check
crypto: skcipher - Enforce non-ASYNC for on-stack requests
crypto: skcipher
Check at use-time whether an skcipher request is on the stack. If it
is, enforce that it must be backed by a synchronous algorithm, as is
required:
https://www.redhat.com/archives/dm-devel/2018-January/msg00087.html
Co-developed-by: Ard Biesheuvel
Signed-off-by: Kees Cook
---
include/crypto
Since the size is now fixed, there is no need to include the tfm
argument. This removes it from the definition and callers.
Suggested-by: Alexander Stein
Signed-off-by: Kees Cook
---
arch/s390/crypto/aes_s390.c| 8
arch/x86/crypto/fpu.c
On Thu, Sep 6, 2018 at 1:22 PM, Kees Cook wrote:
> On Wed, Sep 5, 2018 at 5:43 PM, Kees Cook wrote:
>> On Wed, Sep 5, 2018 at 3:49 PM, Ard Biesheuvel
>> wrote:
>>> On 5 September 2018 at 23:05, Kees Cook wrote:
>>>> On Wed, Sep 5, 2018 at 2:18 AM, Ar
On Wed, Sep 5, 2018 at 5:43 PM, Kees Cook wrote:
> On Wed, Sep 5, 2018 at 3:49 PM, Ard Biesheuvel
> wrote:
>> On 5 September 2018 at 23:05, Kees Cook wrote:
>>> On Wed, Sep 5, 2018 at 2:18 AM, Ard Biesheuvel
>>> wrote:
>>>> On 4 September 2018 at 20:1
REQUEST_ON_STACK to ensure that
>> only sync algorithms can use this construct.
>>
>
> That would require lots of changes in the callers, including ones that
> already take care to use sync algos only.
>
> How about we do something like the below instead?
Oh, I like this, thanks!
-Kees
--
Kees Cook
Pixel Security
On Wed, Sep 5, 2018 at 3:49 PM, Ard Biesheuvel
wrote:
> On 5 September 2018 at 23:05, Kees Cook wrote:
>> On Wed, Sep 5, 2018 at 2:18 AM, Ard Biesheuvel
>> wrote:
>>> On 4 September 2018 at 20:16, Kees Cook wrote:
>>>> In the quest to remove all stac
On Wed, Sep 5, 2018 at 2:18 AM, Ard Biesheuvel
wrote:
> On 4 September 2018 at 20:16, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> caps the skcipher request size similar to other limits and adds a sanity
>> check at reg
zK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/cryptd.c| 7 +--
crypto/ctr.c | 7 +--
crypto/cts.c | 7 +--
crypto/lrw.c
This removes VLAs[1] from SKCIPHER_REQUEST_ON_STACK by making it possible
for crypto_skcipher_set_reqsize() to fail. Callers are updated to handle
the error condition.
-Kees
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Kees Cook (2):
crypto
crypto_skcipher_set_reqsize: 88
crypto_skcipher_set_reqsize: 472
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
include/crypto/internal/skcipher.h | 3 +++
include/crypto/skcipher.h | 4
On Mon, Sep 3, 2018 at 10:19 PM, Herbert Xu wrote:
> On Tue, Aug 07, 2018 at 02:18:34PM -0700, Kees Cook wrote:
>> v8 cover letter:
>>
>> I continue to hope this can land in v4.19, but I realize that's unlikely.
>> It would be nice, though, if some of the "tri
to continues to get tweaked and has taken much longer
than I had expected.
-Kees
--
Kees Cook
Pixel Security
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new upper bound for the stack buffer. Also adds a sanity check.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/qat
: Kees Cook
---
include/crypto/cbc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..3bf28beefa33 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,7 @@ static inline int
cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the
new blocksize limit, I went with 160 (20 8-byte words).
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/algapi.c | 7 ++-
include
crypto_skcipher_set_reqsize: 88
crypto_skcipher_set_reqsize: 472
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
include/crypto/internal/skcipher.h | 1 +
include/crypto/skcipher.h | 4
...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/ahash.c| 4 ++--
crypto/algif_hash.c | 2 +-
crypto/shash.c| 6 +++---
include/crypto/hash.h | 6 +-
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index a64c143165b1..78aaf2158c43
aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/xcbc.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af50d3f..c055f57fab11 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -57,15 +57,17 @@ s
reqsizes for skcipher and ahash instead of guessing.
- improve names and comments for alg maxes
Ard Biesheuvel (1):
crypto: ccm: Remove VLA usage
Kees Cook (8):
crypto: xcbc: Remove VLA usage
crypto: cbc: Remove VLA usage
crypto: hash: Remove VLA usage
dm: Remove VLA usage from hashes
this helper was the only user.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/shash.c | 27 ---
include/linux/compiler-gcc.h | 1 -
2 files changed, 16 insertions(+), 12
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
bounds on stack usage.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
1 - 100 of 282 matches
Mail list logo
