2018-05-20 4:41 GMT+02:00 Eric Biggers <ebiggers3@xxxxxxxxx>: > Hi Ondrej, > > On Fri, May 11, 2018 at 02:12:51PM +0200, Ondrej Mosnáček wrote: >> From: Ondrej Mosnacek <omosnacek@xxxxxxxxx> >> >> This patch adds optimized implementations of AEGIS-128, AEGIS-128L, >> and AEGIS-256, utilizing the AES-NI and SSE2 x86 extensions. >> >> Signed-off-by: Ondrej Mosnacek <omosnacek@xxxxxxxxx> > [...] >> +static int crypto_aegis256_aesni_setkey(struct crypto_aead *aead, const u8 *key, >> + unsigned int keylen) >> +{ >> + struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(aead); >> + >> + if (keylen != AEGIS256_KEY_SIZE) { >> + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); >> + return -EINVAL; >> + } >> + >> + memcpy(ctx->key.bytes, key, AEGIS256_KEY_SIZE); >> + >> + return 0; >> +} > > This code is copying 32 bytes into a 16-byte buffer. Indeed, I must have overlooked that while copy-pasting and editing the boilerplate... I will send a follow-up patch soon. Thanks for the report! > > ================================================================== > BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:345 [inline] > BUG: KASAN: slab-out-of-bounds in crypto_aegis256_aesni_setkey+0x23/0x60 arch/x86/crypto/aegis256-aesni-glue.c:167 > Write of size 32 at addr ffff88006c16b650 by task cryptomgr_test/120 > CPU: 2 PID: 120 Comm: cryptomgr_test Not tainted 4.17.0-rc1-00069-g6ecc9d9ff91f #31 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x86/0xca lib/dump_stack.c:113 > print_address_description+0x65/0x204 mm/kasan/report.c:256 > kasan_report_error mm/kasan/report.c:354 [inline] > kasan_report.cold.6+0x242/0x304 mm/kasan/report.c:412 > check_memory_region_inline mm/kasan/kasan.c:260 [inline] > check_memory_region+0x13c/0x1b0 mm/kasan/kasan.c:267 > memcpy+0x37/0x50 mm/kasan/kasan.c:303 > memcpy include/linux/string.h:345 [inline] > crypto_aegis256_aesni_setkey+0x23/0x60 arch/x86/crypto/aegis256-aesni-glue.c:167 > crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 > cryptd_aead_setkey+0x30/0x50 crypto/cryptd.c:938 > crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 > cryptd_aegis256_aesni_setkey+0x30/0x50 arch/x86/crypto/aegis256-aesni-glue.c:259 > crypto_aead_setkey+0xa4/0x1e0 crypto/aead.c:62 > __test_aead+0x8bf/0x3770 crypto/testmgr.c:675 > test_aead+0x28/0x110 crypto/testmgr.c:957 > alg_test_aead+0x8b/0x140 crypto/testmgr.c:1690 > alg_test.part.5+0x1bb/0x4d0 crypto/testmgr.c:3845 > alg_test+0x23/0x25 crypto/testmgr.c:3865 > cryptomgr_test+0x56/0x80 crypto/algboss.c:223 > kthread+0x329/0x3f0 kernel/kthread.c:238 > ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412 > Allocated by task 120: > save_stack mm/kasan/kasan.c:448 [inline] > set_track mm/kasan/kasan.c:460 [inline] > kasan_kmalloc.part.1+0x5f/0xf0 mm/kasan/kasan.c:553 > kasan_kmalloc+0xaf/0xc0 mm/kasan/kasan.c:538 > __do_kmalloc mm/slab.c:3718 [inline] > __kmalloc+0x114/0x1d0 mm/slab.c:3727 > kmalloc include/linux/slab.h:517 [inline] > kzalloc include/linux/slab.h:701 [inline] > crypto_create_tfm+0x80/0x2c0 crypto/api.c:464 > crypto_spawn_tfm2+0x57/0x90 crypto/algapi.c:717 > crypto_spawn_aead include/crypto/internal/aead.h:112 [inline] > cryptd_aead_init_tfm+0x3d/0x110 crypto/cryptd.c:1033 > crypto_aead_init_tfm+0x130/0x190 crypto/aead.c:111 > crypto_create_tfm+0xda/0x2c0 crypto/api.c:471 > crypto_alloc_tfm+0xcf/0x1d0 crypto/api.c:543 > crypto_alloc_aead+0x14/0x20 crypto/aead.c:351 > cryptd_alloc_aead+0xeb/0x1c0 crypto/cryptd.c:1334 > cryptd_aegis256_aesni_init_tfm+0x24/0xf0 arch/x86/crypto/aegis256-aesni-glue.c:308 > crypto_aead_init_tfm+0x130/0x190 crypto/aead.c:111 > crypto_create_tfm+0xda/0x2c0 crypto/api.c:471 > crypto_alloc_tfm+0xcf/0x1d0 crypto/api.c:543 > crypto_alloc_aead+0x14/0x20 crypto/aead.c:351 > alg_test_aead+0x1f/0x140 crypto/testmgr.c:1682 > alg_test.part.5+0x1bb/0x4d0 crypto/testmgr.c:3845 > alg_test+0x23/0x25 crypto/testmgr.c:3865 > cryptomgr_test+0x56/0x80 crypto/algboss.c:223 > kthread+0x329/0x3f0 kernel/kthread.c:238 > ret_from_[ 16.453502] serial8250: too much work for irq4 > Freed by task 0: > (stack is not available) > The buggy address belongs to the object at ffff88006c16b600 > The buggy address is located 80 bytes inside of > The buggy address belongs to the page: > page:ffffea00017a4f68 count:1 mapcount:0 mapping:ffff88006c16b000 index:0x0 > flags: 0x100000000000100(slab) > raw: 0100000000000100 ffff88006c16b000 0000000000000000 0000000100000015 > raw: ffffea00017a2470 ffff88006d401548 ffff88006d400400 > page dumped because: kasan: bad access detected > Memory state around the buggy address: > ffff88006c16b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ffff88006c16b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >>ffff88006c16b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc > ^ > ffff88006c16b680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb > ffff88006c16b700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc > ================================================================== > Disabling lock debugging due to kernel taint