On Thu, Mar 03, 2022 at 04:53:56PM -0800, Bart Van Assche wrote:
> On 2/27/22 23:05, Eric Biggers wrote:
> > @@ -68,7 +71,10 @@ static int __init bio_crypt_ctx_init(void)
> > /* Sanity check that no algorithm exceeds the defined limits. */
> > for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++) {
> > - BUG_ON(blk_crypto_modes[i].keysize > BLK_CRYPTO_MAX_KEY_SIZE);
> > + BUG_ON(blk_crypto_modes[i].keysize >
> > + BLK_CRYPTO_MAX_STANDARD_KEY_SIZE);
> > + BUG_ON(blk_crypto_modes[i].security_strength >
> > + blk_crypto_modes[i].keysize);
> > BUG_ON(blk_crypto_modes[i].ivsize > BLK_CRYPTO_MAX_IV_SIZE);
> > }
>
> Does the following advice from Linus Torvalds apply to the above code:
> "because there is NO EXCUSE to knowingly kill the kernel"? See also
> https://lkml.org/lkml/2016/10/4/1.
These are boot time checks, so the advice doesn't apply. If the code is buggy
here, then kernels with CONFIG_BLK_INLINE_ENCRYPTION enabled won't boot. I
would prefer compile-time checks, of course, but that isn't possible here. This
is the next best thing.
- Eric
