Hi Ondrej, On Fri, May 11, 2018 at 02:12:51PM +0200, Ondrej Mosnáček wrote: > From: Ondrej Mosnacek <omosnacek@xxxxxxxxx> > > This patch adds optimized implementations of AEGIS-128, AEGIS-128L, > and AEGIS-256, utilizing the AES-NI and SSE2 x86 extensions. > > Signed-off-by: Ondrej Mosnacek <omosnacek@xxxxxxxxx> [...] > +static int crypto_aegis256_aesni_setkey(struct crypto_aead *aead, const u8 *key, > + unsigned int keylen) > +{ > + struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(aead); > + > + if (keylen != AEGIS256_KEY_SIZE) { > + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); > + return -EINVAL; > + } > + > + memcpy(ctx->key.bytes, key, AEGIS256_KEY_SIZE); > + > + return 0; > +} This code is copying 32 bytes into a 16-byte buffer. ================================================================== BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:345 [inline] BUG: KASAN: slab-out-of-bounds in crypto_aegis256_aesni_setkey+0x23/0x60 arch/x86/crypto/aegis256-aesni-glue.c:167 Write of size 32 at addr ffff88006c16b650 by task cryptomgr_test/120 CPU: 2 PID: 120 Comm: cryptomgr_test Not tainted 4.17.0-rc1-00069-g6ecc9d9ff91f #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 print_address_description+0x65/0x204 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.6+0x242/0x304 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13c/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 memcpy include/linux/string.h:345 [inline] crypto_aegis256_aesni_setkey+0x23/0x60 arch/x86/crypto/aegis256-aesni-glue.c:167 crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 cryptd_aead_setkey+0x30/0x50 crypto/cryptd.c:938 crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 cryptd_aegis256_aesni_setkey+0x30/0x50 arch/x86/crypto/aegis256-aesni-glue.c:259 crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 __test_aead+0x8bf/0x3770 crypto/testmgr.c:675 test_aead+0x28/0x110 crypto/testmgr.c:957 alg_test_aead+0x8b/0x140 crypto/testmgr.c:1690 alg_test.part.5+0x1bb/0x4d0 crypto/testmgr.c:3845 alg_test+0x23/0x25 crypto/testmgr.c:3865 cryptomgr_test+0x56/0x80 crypto/algboss.c:223 kthread+0x329/0x3f0 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412 Allocated by task 120: save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc.part.1+0x5f/0xf0 mm/kasan/kasan.c:553 kasan_kmalloc+0xaf/0xc0 mm/kasan/kasan.c:538 __do_kmalloc mm/slab.c:3718 [inline] __kmalloc+0x114/0x1d0 mm/slab.c:3727 kmalloc include/linux/slab.h:517 [inline] kzalloc include/linux/slab.h:701 [inline] crypto_create_tfm+0x80/0x2c0 crypto/api.c:464 crypto_spawn_tfm2+0x57/0x90 crypto/algapi.c:717 crypto_spawn_aead include/crypto/internal/aead.h:112 [inline] cryptd_aead_init_tfm+0x3d/0x110 crypto/cryptd.c:1033 crypto_aead_init_tfm+0x130/0x190 crypto/aead.c:111 crypto_create_tfm+0xda/0x2c0 crypto/api.c:471 crypto_alloc_tfm+0xcf/0x1d0 crypto/api.c:543 crypto_alloc_aead+0x14/0x20 crypto/aead.c:351 cryptd_alloc_aead+0xeb/0x1c0 crypto/cryptd.c:1334 cryptd_aegis256_aesni_init_tfm+0x24/0xf0 arch/x86/crypto/aegis256-aesni-glue.c:308 crypto_aead_init_tfm+0x130/0x190 crypto/aead.c:111 crypto_create_tfm+0xda/0x2c0 crypto/api.c:471 crypto_alloc_tfm+0xcf/0x1d0 crypto/api.c:543 crypto_alloc_aead+0x14/0x20 crypto/aead.c:351 alg_test_aead+0x1f/0x140 crypto/testmgr.c:1682 alg_test.part.5+0x1bb/0x4d0 crypto/testmgr.c:3845 alg_test+0x23/0x25 crypto/testmgr.c:3865 cryptomgr_test+0x56/0x80 crypto/algboss.c:223 kthread+0x329/0x3f0 kernel/kthread.c:238 ret_from_[ 16.453502] serial8250: too much work for irq4 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff88006c16b600 The buggy address is located 80 bytes inside of The buggy address belongs to the page: page:ffffea00017a4f68 count:1 mapcount:0 mapping:ffff88006c16b000 index:0x0 flags: 0x100000000000100(slab) raw: 0100000000000100 ffff88006c16b000 0000000000000000 0000000100000015 raw: ffffea00017a2470 ffff88006d401548 ffff88006d400400 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88006c16b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006c16b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88006c16b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc ^ ffff88006c16b680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff88006c16b700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ================================================================== Disabling lock debugging due to kernel taint