On Wed, Feb 20, 2019 at 12:42:08PM +0100, Steffen Klassert wrote: > > I had a look on what we need to use separate padata > instances for each pcrypt instance. But that's comlicated > and will create incompatibilities on the sysfs cpuset > configuration options. So that's not really a thing that > could be a fix. I don't see why it'll create incompatibilities for the cpu mask configuration. You can just maintain two global configuration masks as you do now, and read them from each instance. What's the problem with that? > > We need to fix this soon or we'll have to disable pcrypt because > > it is a security issue. > > > > It's not just about nested templates either. You can trigger > > the same issue where a pcrypt instance over an AEAD algorithm > > that uses a fallback which also happens to be pcrypt. > > Would it be possible to forbid pcrypt for algorithms > that needs a fallback? This is complicated and not fool-proof. pcrypt itself might be embedded into some other algorithm directly rather than as a fallback. Basically anyone who does a crypto_alloc_aead could end up with a pcrypt instance unwittingly. If they were then used as part of another AEAD algorithm's encrypt/decrypt path then we'd have a dead-lock as we do now. Granted we may not have this situation right now but relying on it to never occur is not a good choice IMHO. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt