From patchwork Wed Sep 19 02:10:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10605151 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6C83F17E0 for ; Wed, 19 Sep 2018 02:12:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 554872C0CA for ; Wed, 19 Sep 2018 02:12:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 530272BF67; Wed, 19 Sep 2018 02:12:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A7E02C0D4 for ; Wed, 19 Sep 2018 02:11:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730779AbeISHrX (ORCPT ); Wed, 19 Sep 2018 03:47:23 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:45538 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730905AbeISHqr (ORCPT ); Wed, 19 Sep 2018 03:46:47 -0400 Received: by mail-pg1-f195.google.com with SMTP id x186-v6so565916pgd.12 for ; Tue, 18 Sep 2018 19:11:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2qfRxJpua4aeq0G3/0ZgD5G+YtDBNQl7hzf7l+aYl6c=; b=gVZZ+na1p6a96r3OUGbK1/uYrj42+tQQOkVkh8xhyCZvD1eYL5qHs0qeGE7UThAcbp CFCF4BJonm9RSS3zgOkF8zPcmygPd02FOHcKLJKfCtex2s1MJf+fQsmKbL/YYiKI7xnl GXLC/wDwiVD+gzVv6+7vs1+5uVJjsjfZFiCgo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2qfRxJpua4aeq0G3/0ZgD5G+YtDBNQl7hzf7l+aYl6c=; b=dPTX56/5In77pmfpcfkbzwam6UWxdLm+ILW/lsTO2nx9/uNHW4nBGNQ+fN4EF5F3Ft BvHj7Q+7zy7FSQpvoFYB1XO71sXEsQm2EX6v8nCx7igMS82Rf2qttschkKwocvkxIttc IZe12lqY50qNy6rSUFnuhT1glAcZS4CyOsGTkktKgQCcED//oZA3C9zipaZDQLeeV/nw pvpkxFoQKV9xBMYdOHgCbUBnCrNDJKHc4+LeKTh7xRq1a7OpYj3N0p0facHN5j0Ym0FI 6jnTbwF25K4S0WinXb79xEw0PVlCBRC6OwSaLcFIXdfyLfWdkAZoFIx+5e0ipNmNqtBo k5ag== X-Gm-Message-State: APzg51CcyCEBREpXS5xbwCBr4MQCufGttYSvTD0ZRD2c+XFrc/lQXfwp 3UmjXZZQT5eZYnN69rWxYz+1ig== X-Google-Smtp-Source: ANB0Vdarif3gFOtHEDFxr0mRbO/yD/7QQmomdH8M7LfMMW4CYuU3D9ry8Ux/FyQgPQgd02EFoOev1A== X-Received: by 2002:a62:ad9:: with SMTP id 86-v6mr33528849pfk.57.1537323079781; Tue, 18 Sep 2018 19:11:19 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id q80-v6sm28324577pfd.15.2018.09.18.19.11.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 18 Sep 2018 19:11:17 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , "Leonidas S. Barbosa" , Paulo Flabiano Smorigo , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , linuxppc-dev@lists.ozlabs.org, Ard Biesheuvel , Eric Biggers , linux-crypto , Linux Kernel Mailing List Subject: [PATCH crypto-next 13/23] crypto: vmx - Remove VLA usage of skcipher Date: Tue, 18 Sep 2018 19:10:50 -0700 Message-Id: <20180919021100.3380-14-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180919021100.3380-1-keescook@chromium.org> References: <20180919021100.3380-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: "Leonidas S. Barbosa" Cc: Paulo Flabiano Smorigo Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Kees Cook --- drivers/crypto/vmx/aes_cbc.c | 22 +++++++++++----------- drivers/crypto/vmx/aes_ctr.c | 18 +++++++++--------- drivers/crypto/vmx/aes_xts.c | 18 +++++++++--------- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index b71895871be3..c5c5ff82b52e 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -32,7 +32,7 @@ #include "aesp8-ppc.h" struct p8_aes_cbc_ctx { - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct aes_key enc_key; struct aes_key dec_key; }; @@ -40,11 +40,11 @@ struct p8_aes_cbc_ctx { static int p8_aes_cbc_init(struct crypto_tfm *tfm) { const char *alg = crypto_tfm_alg_name(tfm); - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); - fallback = crypto_alloc_skcipher(alg, 0, - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); + fallback = crypto_alloc_sync_skcipher(alg, 0, + CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(fallback)) { printk(KERN_ERR @@ -53,7 +53,7 @@ static int p8_aes_cbc_init(struct crypto_tfm *tfm) return PTR_ERR(fallback); } - crypto_skcipher_set_flags( + crypto_sync_skcipher_set_flags( fallback, crypto_skcipher_get_flags((struct crypto_skcipher *)tfm)); ctx->fallback = fallback; @@ -66,7 +66,7 @@ static void p8_aes_cbc_exit(struct crypto_tfm *tfm) struct p8_aes_cbc_ctx *ctx = crypto_tfm_ctx(tfm); if (ctx->fallback) { - crypto_free_skcipher(ctx->fallback); + crypto_free_sync_skcipher(ctx->fallback); ctx->fallback = NULL; } } @@ -86,7 +86,7 @@ static int p8_aes_cbc_setkey(struct crypto_tfm *tfm, const u8 *key, pagefault_enable(); preempt_enable(); - ret += crypto_skcipher_setkey(ctx->fallback, key, keylen); + ret += crypto_sync_skcipher_setkey(ctx->fallback, key, keylen); return ret; } @@ -100,8 +100,8 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); - skcipher_request_set_tfm(req, ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + skcipher_request_set_sync_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); ret = crypto_skcipher_encrypt(req); @@ -139,8 +139,8 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); - skcipher_request_set_tfm(req, ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + skcipher_request_set_sync_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); ret = crypto_skcipher_decrypt(req); diff --git a/drivers/crypto/vmx/aes_ctr.c b/drivers/crypto/vmx/aes_ctr.c index cd777c75291d..8a2fe092cb8e 100644 --- a/drivers/crypto/vmx/aes_ctr.c +++ b/drivers/crypto/vmx/aes_ctr.c @@ -32,18 +32,18 @@ #include "aesp8-ppc.h" struct p8_aes_ctr_ctx { - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct aes_key enc_key; }; static int p8_aes_ctr_init(struct crypto_tfm *tfm) { const char *alg = crypto_tfm_alg_name(tfm); - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm); - fallback = crypto_alloc_skcipher(alg, 0, - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); + fallback = crypto_alloc_sync_skcipher(alg, 0, + CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(fallback)) { printk(KERN_ERR "Failed to allocate transformation for '%s': %ld\n", @@ -51,7 +51,7 @@ static int p8_aes_ctr_init(struct crypto_tfm *tfm) return PTR_ERR(fallback); } - crypto_skcipher_set_flags( + crypto_sync_skcipher_set_flags( fallback, crypto_skcipher_get_flags((struct crypto_skcipher *)tfm)); ctx->fallback = fallback; @@ -64,7 +64,7 @@ static void p8_aes_ctr_exit(struct crypto_tfm *tfm) struct p8_aes_ctr_ctx *ctx = crypto_tfm_ctx(tfm); if (ctx->fallback) { - crypto_free_skcipher(ctx->fallback); + crypto_free_sync_skcipher(ctx->fallback); ctx->fallback = NULL; } } @@ -83,7 +83,7 @@ static int p8_aes_ctr_setkey(struct crypto_tfm *tfm, const u8 *key, pagefault_enable(); preempt_enable(); - ret += crypto_skcipher_setkey(ctx->fallback, key, keylen); + ret += crypto_sync_skcipher_setkey(ctx->fallback, key, keylen); return ret; } @@ -119,8 +119,8 @@ static int p8_aes_ctr_crypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); - skcipher_request_set_tfm(req, ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + skcipher_request_set_sync_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); ret = crypto_skcipher_encrypt(req); diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index e9954a7d4694..ecd64e5cc5bb 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -33,7 +33,7 @@ #include "aesp8-ppc.h" struct p8_aes_xts_ctx { - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct aes_key enc_key; struct aes_key dec_key; struct aes_key tweak_key; @@ -42,11 +42,11 @@ struct p8_aes_xts_ctx { static int p8_aes_xts_init(struct crypto_tfm *tfm) { const char *alg = crypto_tfm_alg_name(tfm); - struct crypto_skcipher *fallback; + struct crypto_sync_skcipher *fallback; struct p8_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm); - fallback = crypto_alloc_skcipher(alg, 0, - CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); + fallback = crypto_alloc_sync_skcipher(alg, 0, + CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(fallback)) { printk(KERN_ERR "Failed to allocate transformation for '%s': %ld\n", @@ -54,7 +54,7 @@ static int p8_aes_xts_init(struct crypto_tfm *tfm) return PTR_ERR(fallback); } - crypto_skcipher_set_flags( + crypto_sync_skcipher_set_flags( fallback, crypto_skcipher_get_flags((struct crypto_skcipher *)tfm)); ctx->fallback = fallback; @@ -67,7 +67,7 @@ static void p8_aes_xts_exit(struct crypto_tfm *tfm) struct p8_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm); if (ctx->fallback) { - crypto_free_skcipher(ctx->fallback); + crypto_free_sync_skcipher(ctx->fallback); ctx->fallback = NULL; } } @@ -92,7 +92,7 @@ static int p8_aes_xts_setkey(struct crypto_tfm *tfm, const u8 *key, pagefault_enable(); preempt_enable(); - ret += crypto_skcipher_setkey(ctx->fallback, key, keylen); + ret += crypto_sync_skcipher_setkey(ctx->fallback, key, keylen); return ret; } @@ -109,8 +109,8 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm)); if (in_interrupt()) { - SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); - skcipher_request_set_tfm(req, ctx->fallback); + SYNC_SKCIPHER_REQUEST_ON_STACK(req, ctx->fallback); + skcipher_request_set_sync_tfm(req, ctx->fallback); skcipher_request_set_callback(req, desc->flags, NULL, NULL); skcipher_request_set_crypt(req, src, dst, nbytes, desc->info); ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req);