On 30/04/2026 05:34, Pengpeng Hou wrote:
bpf_crypto_ctx_create() receives a BPF-supplied params pointer. The
current selftests use static initializers, but BPF programs can also
build the struct in writable BPF memory before calling the kfunc. The
verifier checks that the memory is accessible; it does not prove that
the fixed type[] and algo[] fields are NUL-terminated strings.
Copy the params once into a local snapshot, validate the reserved fields
and fixed-width strings there, and then use the same snapshot for all
later checks and crypto API calls. This also keeps key_len and authsize
stable across validation and use if params points at mutable BPF memory.
You didn't answer the question why copying params will somehow help?
Add a selftest that fills algo[] completely and expects -EINVAL.
What happens without the fix?
BPF Crypto follows in-kernel Crypto API as all other in-kernel users.
If there is a problem in crypto - we have to fix it in crypto subsystem.
NAck.
