From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kees Cook Subject: Re: [PATCH crypto-next 06/23] x86/fpu: Remove VLA usage of skcipher Date: Mon, 24 Sep 2018 10:35:24 -0700 Message-ID: References: <20180919021100.3380-1-keescook@chromium.org> <20180919021100.3380-7-keescook@chromium.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Herbert Xu , "the arch/x86 maintainers" , Eric Biggers , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List To: Ard Biesheuvel Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Mon, Sep 24, 2018 at 4:45 AM, Ard Biesheuvel wrote: > On Wed, 19 Sep 2018 at 04:11, Kees Cook wrote: >> >> In the quest to remove all stack VLA usage from the kernel[1], this >> replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage >> with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), >> which uses a fixed stack size. >> >> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com >> >> Cc: x86@kernel.org >> Signed-off-by: Kees Cook > > Doing some archeology on this driver, it turns out that the FPU > wrapper was introduced to support combining the generic CTR, LRW, XTS > and PCBC chaining modes with the AES-NI core transform. In the mean > time, CTR, LRW and XTS support have been implemented natively, which > leaves pcbc-aes-aesni as the only remaining user of the fpu template. > > Since there are no users of pcbc(aes) in the kernel, could we perhaps > just remove this driver and all the special handling we have for it in > aesni-intel_glue.c? Both options get rid of the VLA, so I'm happy either way. ;) > If not, or in case we prefer to defer that to the next release: > > Reviewed-by: Ard Biesheuvel Thanks! -Kees -- Kees Cook Pixel Security