On Fri, 6 Sep 2019 at 18:56, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Sep 06, 2019 at 06:32:29PM -0700, Ard Biesheuvel wrote: > > > > The point is that doing > > > > skcipher_walk_virt(&walk, ...); > > skcipher_walk_done(&walk, -EFOO); > > > > may clobber your data if you are executing in place (unless I am > > missing something) > > You mean encrypting in place? If you're encrypting in place you're > usually on the zero-copy fast path so whatever is left-behind by the > algorithm will be visible anyway without any copying. > > > If skcipher_walk_done() is called with an error, it should really just > > clean up after it self, but not copy back the unknown contents of > > temporary buffers. > > We're not copying uninitialised kernel memory. The temporary space > starts out as a copy of the source and we're just copying it to the > destination. > Right. In that case, I guess it is safe. I've tested my XTS/CTS changes (which call skcipher_walk_done() with an error value in some cases) with Eric's fuzz testing enabled, and it all works fine, so Tested-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> Thanks, Ard.