All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers3@gmail.com>
To: Abed Kamaluddin <abedamu@gmail.com>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
	akamaluddin@cavium.com, pathreya@cavium.com, machalla@cavium.com
Subject: Re: [RFC PATCH v1 1/1] crypto: algif_compression - User-space interface for compression
Date: Sun, 16 Apr 2017 18:31:19 -0700	[thread overview]
Message-ID: <20170417013119.GA1910@zzz> (raw)
In-Reply-To: <1492108494-10694-2-git-send-email-akamaluddin@cavium.com>

On Fri, Apr 14, 2017 at 12:04:54AM +0530, Abed Kamaluddin wrote:
> crypto: algif_compression - User-space interface for compression
> 
> This patch adds af_alg plugin for compression algorithms of type scomp/acomp
> registered to the kernel crypto layer.
> 
> The user needs to set operation (compression/decompression) as a control
> message to sendmsg, identical to selecting the cipher operation type in case of
> ciphers. Once a sendmsg call occurs, no further writes can be made to the
> socket until all previous data has been processed and read. Therefore the
> interface only supports one request at a time.
> 
> The interface is completely synchronous; all operations are carried out in
> recvmsg and will complete prior to the system call returning.
> 
> The sendmsg and recvmsg interface supports directly reading/writing to 
> user-space without additional copying, i.e., the kernel crypto interface will
> receive the user-space address as its input/output SG list. The scomp interface
> or crypto drivers may copy the data as required.

Fun, so unprivileged users will be able to feed arbitrary data into the kernel's
zlib, LZ4, LZO, etc. compressors and decompressors.  Including zlib which is 12
years out of date from the upstream version.  Moreover, if anyone decides to
optimize these to directly support the new "acomp" (page-based) API, e.g. for
zlib by using its streaming API, then the algorithms will be passed the actual
userspace memory which can be modified by userspace concurrently.  When people
write compression algorithms usually it's assumed that's not possible.  At the
very least, it's unlikely to have been covered by fuzz testing that's been done
on the original userspace versions of these algorithms.  They might be safe by
chance, but I don't know.

Why does userspace need to be able to call the in-kernel zlib, LZ4, LZO, etc.
anyway?  At the very least, how about limiting the new attack surface by only
exposing algorithms provided by hardware drivers?

Eric

  parent reply	other threads:[~2017-04-17  1:31 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-13 18:34 [RFC PATCH v1 0/1] *** crypto: AF_ALG: add compression support *** Abed Kamaluddin
2017-04-13 18:34 ` [RFC PATCH v1 1/1] crypto: algif_compression - User-space interface for compression Abed Kamaluddin
2017-04-14  4:19   ` PrasannaKumar Muralidharan
2017-04-17  1:31   ` Eric Biggers [this message]
2017-04-18 10:12   ` Stephan Müller
2017-04-21 15:42     ` abed mohammad kamaluddin
2017-04-21 15:50       ` Stephan Müller
2017-04-21 16:07         ` abed mohammad kamaluddin
2017-04-14  8:32 ` [RFC PATCH v1 0/1] *** crypto: AF_ALG: add compression support *** Herbert Xu
2017-04-20  7:09   ` abed mohammad kamaluddin
2017-04-20  8:00     ` Herbert Xu
2017-04-20 14:39       ` abed mohammad kamaluddin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170417013119.GA1910@zzz \
    --to=ebiggers3@gmail.com \
    --cc=abedamu@gmail.com \
    --cc=akamaluddin@cavium.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=machalla@cavium.com \
    --cc=pathreya@cavium.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.