On Wed, Feb 20, 2019 at 12:06:28PM +0800, Herbert Xu wrote: > On Wed, Apr 18, 2018 at 07:35:33AM +0200, Steffen Klassert wrote: > > > > Yes sure, I just wanted to know if it is worth to think about > > preventing template recursions. If there is a valid usecase, > > then we don't even need to think in this direction. > > > > While I think each pcrypt instance should have it's own > > padata instance on the long run, it would be good to have > > a not so intrusive fix that can be backported to the stable > > trees. > > Steffen, has there been any progress on this work? I had a look on what we need to use separate padata instances for each pcrypt instance. But that's comlicated and will create incompatibilities on the sysfs cpuset configuration options. So that's not really a thing that could be a fix. > > We need to fix this soon or we'll have to disable pcrypt because > it is a security issue. > > It's not just about nested templates either. You can trigger > the same issue where a pcrypt instance over an AEAD algorithm > that uses a fallback which also happens to be pcrypt. Would it be possible to forbid pcrypt for algorithms that needs a fallback? If I see this correct, only crypto algorithms used by HW crypto accelerators need a fallback to software crypto. HW crypto can't benefit from pcrypt anyway, so it would be no loss to disable pcrypt in that case. We could use the initial fix from Eric in combination with disableing pcrypt for algorithms that need a fallback.