From patchwork Tue Jul 24 16:49:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542671 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 170EE112E for ; Tue, 24 Jul 2018 16:53:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E67CC290A7 for ; Tue, 24 Jul 2018 16:53:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA2E128FFE; Tue, 24 Jul 2018 16:53:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 91E4129151 for ; Tue, 24 Jul 2018 16:53:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388761AbeGXSA0 (ORCPT ); Tue, 24 Jul 2018 14:00:26 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:44243 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388409AbeGXR5F (ORCPT ); Tue, 24 Jul 2018 13:57:05 -0400 Received: by mail-pl0-f66.google.com with SMTP id m16-v6so2018888pls.11 for ; Tue, 24 Jul 2018 09:49:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4w4IN2J6dONrrlVeO1+L0Kz9qBIwIaC7ttYkBFQeQFw=; b=KUe+LjlaQlS1O5ciNkx+mQgwWTRmPZ13UHy/USQfoyc0dAXMTwzk2Xx6qUc7AlF0O2 QiGXnGLkJwj+BaRXaUO015beIxRmiskoZ3V8mMejwoG8eJCaOM0zKqmuuA0SSSqaghC0 k1TppukdfSo15YKpxR2HelnJKmM6fpiatM8sk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4w4IN2J6dONrrlVeO1+L0Kz9qBIwIaC7ttYkBFQeQFw=; b=ThIA/T/jggACfwMGrqg1bEgdPahwZZ5fCr1Au4lQ/r/fZ65sUPVc/61VfJWlUzIT+9 IVgp1zuLMlbej+f1ku6zwI7sDSXAfM/hGuLAqrqKRQlPYwATi9w0uB6FoAcmGcwdms+w gYlKjggqvu62AI1Wbz6yjPr4qegC7uEG0MBUprit/MJ7GpdW1yvsWAQz0CocAqtkEzOn s0jVmvCE4dAOLGvHgGHAWzJ0GkUNlUfZ51OULHGd4ervpztB+ND94m50dY7RAHs8nmWz 7Xzsn/v8FHzRCCgVlh1YM/f/2+ZgLZxYtDNDy449KBoaY8Pr4F+DFA/bzXBw6JXKSLPL GWFg== X-Gm-Message-State: AOUpUlGr5ljatK581bvuPvlgTHer/oPHL1H3QlnU4ixxo8w8BYt75EWh yk0KbaD5kfuziHZvU8aTYOxprA== X-Google-Smtp-Source: AAOMgpc3bGW4E04kHUgFezSeoq8fvmHs03wRkMlKKtoD4yLsHExUpfOH9KDFmVzDOLA8REAbdGIg7g== X-Received: by 2002:a17:902:4203:: with SMTP id g3-v6mr17515330pld.315.1532450984795; Tue, 24 Jul 2018 09:49:44 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id w13-v6sm2179184pgs.89.2018.07.24.09.49.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:42 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 01/18] crypto: xcbc: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:19 -0700 Message-Id: <20180724164936.37477-2-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this uses the maximum blocksize and adds a sanity check. For xcbc, the blocksize must always be 16, so use that, since it's already being enforced during instantiation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- crypto/xcbc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/xcbc.c b/crypto/xcbc.c index 25c75af50d3f..c055f57fab11 100644 --- a/crypto/xcbc.c +++ b/crypto/xcbc.c @@ -57,15 +57,17 @@ struct xcbc_desc_ctx { u8 ctx[]; }; +#define XCBC_BLOCKSIZE 16 + static int crypto_xcbc_digest_setkey(struct crypto_shash *parent, const u8 *inkey, unsigned int keylen) { unsigned long alignmask = crypto_shash_alignmask(parent); struct xcbc_tfm_ctx *ctx = crypto_shash_ctx(parent); - int bs = crypto_shash_blocksize(parent); u8 *consts = PTR_ALIGN(&ctx->ctx[0], alignmask + 1); int err = 0; - u8 key1[bs]; + u8 key1[XCBC_BLOCKSIZE]; + int bs = sizeof(key1); if ((err = crypto_cipher_setkey(ctx->child, inkey, keylen))) return err; @@ -212,7 +214,7 @@ static int xcbc_create(struct crypto_template *tmpl, struct rtattr **tb) return PTR_ERR(alg); switch(alg->cra_blocksize) { - case 16: + case XCBC_BLOCKSIZE: break; default: goto out_put_alg; From patchwork Tue Jul 24 16:49:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542673 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 66331157A for ; Tue, 24 Jul 2018 16:53:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 559E328CD1 for ; Tue, 24 Jul 2018 16:53:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4985628CDE; Tue, 24 Jul 2018 16:53:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EBBDB28CD1 for ; Tue, 24 Jul 2018 16:53:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388422AbeGXR5F (ORCPT ); Tue, 24 Jul 2018 13:57:05 -0400 Received: from mail-pl0-f65.google.com ([209.85.160.65]:38110 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388403AbeGXR5E (ORCPT ); Tue, 24 Jul 2018 13:57:04 -0400 Received: by mail-pl0-f65.google.com with SMTP id b1-v6so2023319pls.5 for ; Tue, 24 Jul 2018 09:49:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=; b=KhqlpwUhL7SO6HAt68REzVNh23xMYyqwyRYxyfbREhsXYNLJpRRD4CxsLAi/G0ABEE nEQPzunKszHZy9EQghyS9betds9tNuabN8iDV1U+D0LkktZ9RLjo2pM9X/Ooshz8Kkwx DWOS2k/XX7IAe6UdMjR7A/dGV/sM2yx1YvS2w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=aHfzmuE3dXR4IAoiUCBdTyidzm+NOXbAHoWt0SfC0Yk=; b=Lv1bUvwX4sYzmsyvWuERAY5xwGnxvP/VOnI7Lh/NpMNzmP0Ftvupk1jZfw6H1uE68k f4YRHG4rN6Ad2M2GW3VNDjGmKMHfgd0+TvbnUNkr+uhs8SXxQM56+mqDyS7CV78boyfz zQf6mwzAb7h4x9kTUnxdnLp0YN2MGBy1FARVp/HOTXtUJxAdoMJOcxOh3yrNEPae/ejs JuBSsP1hqXWKZpb608x4apTMJ0IQIwQy2EB1os6kzxhaw1mmJMzM5JDF0AWVPeu7ZjCG 9+5Tythq7wByvi9YOgoQoAlU0LEd11I7zYJMyA8upmZrKhfgHLfghReKU/ioPLkGe6/c BtMg== X-Gm-Message-State: AOUpUlGnB1WucvIoAnoMIt4huhYjGnulmWCWMasT+QJwicXyZW1J33i6 NXkVg2nsJI3FPhT/M/Gdpc1/5Q== X-Google-Smtp-Source: AAOMgpdtrnpgdlGnZZaNxxRflnZkRXI0URdOC8dm/ekglScefov9CteU1tBZQcasQJzTaLBwGdLJwA== X-Received: by 2002:a17:902:9b90:: with SMTP id y16-v6mr1180619plp.201.1532450983936; Tue, 24 Jul 2018 09:49:43 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id v4-v6sm13314440pgr.36.2018.07.24.09.49.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:42 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 02/18] crypto: cbc: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:20 -0700 Message-Id: <20180724164936.37477-3-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this uses the upper bounds on blocksize. Since this is always a cipher blocksize, use the existing cipher max blocksize. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- include/crypto/cbc.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h index f5b8bfc22e6d..47db0aac2ab9 100644 --- a/include/crypto/cbc.h +++ b/include/crypto/cbc.h @@ -113,7 +113,9 @@ static inline int crypto_cbc_decrypt_inplace( unsigned int bsize = crypto_skcipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 last_iv[bsize]; + u8 last_iv[MAX_CIPHER_BLOCKSIZE]; + + BUG_ON(bsize > sizeof(last_iv)); /* Start of the last block. */ src += nbytes - (nbytes & (bsize - 1)) - bsize; From patchwork Tue Jul 24 16:49:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542665 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE511112E for ; Tue, 24 Jul 2018 16:53:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95A6D219AC for ; Tue, 24 Jul 2018 16:53:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 927FD28D26; Tue, 24 Jul 2018 16:53:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2C2FD28D01 for ; Tue, 24 Jul 2018 16:53:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388471AbeGXSAS (ORCPT ); Tue, 24 Jul 2018 14:00:18 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:41102 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388490AbeGXR5I (ORCPT ); Tue, 24 Jul 2018 13:57:08 -0400 Received: by mail-pg1-f196.google.com with SMTP id z8-v6so3289772pgu.8 for ; Tue, 24 Jul 2018 09:49:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=f6HZhbULuwp1ONQvXFzzLM5M+BCFj7xnBsodxU5HF/8=; b=i7l2V203iKO8F/E1rGfCAs1SmGDKSVgLOuC6p+RiEiDgghBwCioOqiOcdEbp1aHC9f e6E6bHThzZU1dXEL1sm1DF7zeY93yBoPuosS3Mymf9SAr3A3Djv7LI0z58EkpO4TUuZ6 YMvIdf+Z7RpBLlMAtFtbpLycMkcbWFlit3mlY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=f6HZhbULuwp1ONQvXFzzLM5M+BCFj7xnBsodxU5HF/8=; b=dYtwIQIKuWGFb1IIfUi7bVYSqyS/CH0BG/mdBVuu4MDS9hax1afFkHl14ezRq8qJbv j2Fb0KgkEuLx7qTebndpL+Dh5EuPJgqCsOf4OKMGARwAvHterc2xasm+2LQ5XqFCYEKS tCaL0a/TfX+VF01LZH8PzFINjaSPYXYR7odAk9TEoPSbPNvDv2Pa2ZwhvmDCyyw/e7y3 QTlhBvzc7EX7kfQbcWHHG07tgnHmU6bD5yXL+IrpxRscKU2EiyDc3guisQUAk7iqZBMX jEukyaUlPo0mUE2ZSYsIekhk0/Z+8s4njoLK43amhRjFEKOgbF4T5/mu0Ta3T3jwSWWV hHNA== X-Gm-Message-State: AOUpUlE7XGSLi6ZP+1V1ae2aiWA+USUO7VaDmMAKqSmXmZOkuYxHkj6V VOHN6lZTiJbsmNJl1fZdo/5jmg== X-Google-Smtp-Source: AAOMgpcRHY0TUWqYeFkhwRK2msJqumUjSrqUTZ6koIWFJUTWdXija+ayMyvvMOlWcFlaoGFkJ+e9Lw== X-Received: by 2002:a65:57c9:: with SMTP id q9-v6mr17291413pgr.128.1532450985634; Tue, 24 Jul 2018 09:49:45 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id l85-v6sm21610692pfk.34.2018.07.24.09.49.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:42 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 03/18] crypto: hash: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:21 -0700 Message-Id: <20180724164936.37477-4-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this removes the VLAs in SHASH_DESC_ON_STACK (via crypto_shash_descsize()) by using the maximum allowable size (which is now more clearly captured in a macro), along with a few other cases. Similar limits are turned into macros as well. A review of existing sizes shows that SHA512_DIGEST_SIZE (64) is the largest digest size and that sizeof(struct sha3_state) (360) is the largest descriptor size. The corresponding maximums are reduced. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- crypto/ahash.c | 4 ++-- crypto/algif_hash.c | 2 +- crypto/shash.c | 6 +++--- include/crypto/hash.h | 6 +++++- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/crypto/ahash.c b/crypto/ahash.c index a64c143165b1..78aaf2158c43 100644 --- a/crypto/ahash.c +++ b/crypto/ahash.c @@ -550,8 +550,8 @@ static int ahash_prepare_alg(struct ahash_alg *alg) { struct crypto_alg *base = &alg->halg.base; - if (alg->halg.digestsize > PAGE_SIZE / 8 || - alg->halg.statesize > PAGE_SIZE / 8 || + if (alg->halg.digestsize > HASH_MAX_DIGESTSIZE || + alg->halg.statesize > HASH_MAX_STATESIZE || alg->halg.statesize == 0) return -EINVAL; diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index bfcf595fd8f9..d0cde541beb6 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -239,7 +239,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags, struct alg_sock *ask = alg_sk(sk); struct hash_ctx *ctx = ask->private; struct ahash_request *req = &ctx->req; - char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req)) ? : 1]; + char state[HASH_MAX_STATESIZE]; struct sock *sk2; struct alg_sock *ask2; struct hash_ctx *ctx2; diff --git a/crypto/shash.c b/crypto/shash.c index 5d732c6bb4b2..86d76b5c626c 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -458,9 +458,9 @@ static int shash_prepare_alg(struct shash_alg *alg) { struct crypto_alg *base = &alg->base; - if (alg->digestsize > PAGE_SIZE / 8 || - alg->descsize > PAGE_SIZE / 8 || - alg->statesize > PAGE_SIZE / 8) + if (alg->digestsize > HASH_MAX_DIGESTSIZE || + alg->descsize > HASH_MAX_DESCSIZE || + alg->statesize > HASH_MAX_STATESIZE) return -EINVAL; base->cra_type = &crypto_shash_type; diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 76e432cab75d..21587011ab0f 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -151,9 +151,13 @@ struct shash_desc { void *__ctx[] CRYPTO_MINALIGN_ATTR; }; +#define HASH_MAX_DIGESTSIZE 64 +#define HASH_MAX_DESCSIZE 360 +#define HASH_MAX_STATESIZE 512 + #define SHASH_DESC_ON_STACK(shash, ctx) \ char __##shash##_desc[sizeof(struct shash_desc) + \ - crypto_shash_descsize(ctx)] CRYPTO_MINALIGN_ATTR; \ + HASH_MAX_DESCSIZE] CRYPTO_MINALIGN_ATTR; \ struct shash_desc *shash = (struct shash_desc *)__##shash##_desc /** From patchwork Tue Jul 24 16:49:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542651 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 547081822 for ; Tue, 24 Jul 2018 16:52:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 432FF28926 for ; Tue, 24 Jul 2018 16:52:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3638B209CE; Tue, 24 Jul 2018 16:52:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD34C209CE for ; Tue, 24 Jul 2018 16:52:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388603AbeGXR75 (ORCPT ); Tue, 24 Jul 2018 13:59:57 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:46928 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388476AbeGXR5I (ORCPT ); Tue, 24 Jul 2018 13:57:08 -0400 Received: by mail-pg1-f196.google.com with SMTP id p23-v6so3286677pgv.13 for ; Tue, 24 Jul 2018 09:49:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=XEthQhO55UFajYXolwRxBcBomydbdSRnD/7XsWAlazI=; b=ixxOdkMi9vZPN9eRiFZDAkxfO2bTTNYRzxZYzn4NSWx6QOYFVL6oePm0o1WULyMlG3 +xbfQ2qCdDwQV6/w1qUfpWYXJaH6ouXgwNpjDmjX/SnKwBqOvIhpY2e3BSqFrg8aUM8j W4y0jfjC4dAG5XOfOH3+UjWHqNXo1eRaVlSuo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XEthQhO55UFajYXolwRxBcBomydbdSRnD/7XsWAlazI=; b=Bqdwch0vJ9TVKsGEfxdGdG3uMpRYX6z+acC88uaS2IMMUT3RqSqGvbnS06K6gN23Ub 4gWSPXMX98Cj/fUSp2ZpkBwP/9K7dnAHbBtFVWQ+6GtDPracGbbXBjKHe5b9b/uH0sjZ Doh70D7xqt1U3t4EM3DwVP5EtyXDt/qIlzm4rUzL2fRrNncL9H3I/0vKIXvi871Y3Q33 xC5oWmRpVcWchzTyceQqdTHlolGZsqpJEBRFmy3/lz+aM+q3z6wAWes6chd/fi6HQ3zT zO5nVeBP7cgsb5O6oZpqeRlhPTc46RcLrQKR9soC+5JLi1ec7S0sjHxAu+Y3u9lRhErZ 9oRw== X-Gm-Message-State: AOUpUlEfLn5QAwbMk/gqC3SQofXEHjNcb3zD7EExUAqKOMQyOJFs2uHw tMZf++qow0oBiHkB924yAaHF6g== X-Google-Smtp-Source: AAOMgpfSnEruQEecNgrwUM8MWayxKCpXWlARZNF1H0mPZYOSjqfCLBd8T9TV9kHWsTsLOvVEhJRi9Q== X-Received: by 2002:a63:e452:: with SMTP id i18-v6mr16893596pgk.185.1532450986562; Tue, 24 Jul 2018 09:49:46 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id 12-v6sm16652474pfx.128.2018.07.24.09.49.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:42 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 04/18] dm: Remove VLA usage from hashes Date: Tue, 24 Jul 2018 09:49:22 -0700 Message-Id: <20180724164936.37477-5-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this uses the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper bounds on stack usage. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- drivers/md/dm-integrity.c | 23 +++++++++++++++++------ drivers/md/dm-verity-fec.c | 5 ++++- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index 86438b2f10dd..884edd7cf1d0 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -521,7 +521,12 @@ static void section_mac(struct dm_integrity_c *ic, unsigned section, __u8 result } memset(result + size, 0, JOURNAL_MAC_SIZE - size); } else { - __u8 digest[size]; + __u8 digest[HASH_MAX_DIGESTSIZE]; + + if (WARN_ON(size > sizeof(digest))) { + dm_integrity_io_error(ic, "digest_size", -EINVAL); + goto err; + } r = crypto_shash_final(desc, digest); if (unlikely(r)) { dm_integrity_io_error(ic, "crypto_shash_final", r); @@ -1244,7 +1249,7 @@ static void integrity_metadata(struct work_struct *w) struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io)); char *checksums; unsigned extra_space = unlikely(digest_size > ic->tag_size) ? digest_size - ic->tag_size : 0; - char checksums_onstack[ic->tag_size + extra_space]; + char checksums_onstack[HASH_MAX_DIGESTSIZE]; unsigned sectors_to_process = dio->range.n_sectors; sector_t sector = dio->range.logical_sector; @@ -1253,8 +1258,14 @@ static void integrity_metadata(struct work_struct *w) checksums = kmalloc((PAGE_SIZE >> SECTOR_SHIFT >> ic->sb->log2_sectors_per_block) * ic->tag_size + extra_space, GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN); - if (!checksums) + if (!checksums) { checksums = checksums_onstack; + if (WARN_ON(extra_space && + digest_size > sizeof(checksums_onstack))) { + r = -EINVAL; + goto error; + } + } __bio_for_each_segment(bv, bio, iter, dio->orig_bi_iter) { unsigned pos; @@ -1466,7 +1477,7 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio, } while (++s < ic->sectors_per_block); #ifdef INTERNAL_VERIFY if (ic->internal_hash) { - char checksums_onstack[max(crypto_shash_digestsize(ic->internal_hash), ic->tag_size)]; + char checksums_onstack[max(HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; integrity_sector_checksum(ic, logical_sector, mem + bv.bv_offset, checksums_onstack); if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) { @@ -1516,7 +1527,7 @@ static bool __journal_read_write(struct dm_integrity_io *dio, struct bio *bio, if (ic->internal_hash) { unsigned digest_size = crypto_shash_digestsize(ic->internal_hash); if (unlikely(digest_size > ic->tag_size)) { - char checksums_onstack[digest_size]; + char checksums_onstack[HASH_MAX_DIGESTSIZE]; integrity_sector_checksum(ic, logical_sector, (char *)js, checksums_onstack); memcpy(journal_entry_tag(ic, je), checksums_onstack, ic->tag_size); } else @@ -1937,7 +1948,7 @@ static void do_journal_write(struct dm_integrity_c *ic, unsigned write_start, unlikely(from_replay) && #endif ic->internal_hash) { - char test_tag[max(crypto_shash_digestsize(ic->internal_hash), ic->tag_size)]; + char test_tag[max_t(size_t, HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)]; integrity_sector_checksum(ic, sec + ((l - j) << ic->sb->log2_sectors_per_block), (char *)access_journal_data(ic, i, l), test_tag); diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c index 684af08d0747..0ce04e5b4afb 100644 --- a/drivers/md/dm-verity-fec.c +++ b/drivers/md/dm-verity-fec.c @@ -212,12 +212,15 @@ static int fec_read_bufs(struct dm_verity *v, struct dm_verity_io *io, struct dm_verity_fec_io *fio = fec_io(io); u64 block, ileaved; u8 *bbuf, *rs_block; - u8 want_digest[v->digest_size]; + u8 want_digest[HASH_MAX_DIGESTSIZE]; unsigned n, k; if (neras) *neras = 0; + if (WARN_ON(v->digest_size > sizeof(want_digest))) + return -EINVAL; + /* * read each of the rsn data blocks that are part of the RS block, and * interleave contents to available bufs From patchwork Tue Jul 24 16:49:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542653 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D4FBD1822 for ; Tue, 24 Jul 2018 16:52:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5B27287A4 for ; Tue, 24 Jul 2018 16:52:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C312628942; Tue, 24 Jul 2018 16:52:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 10B3F291A5 for ; Tue, 24 Jul 2018 16:52:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388408AbeGXR7p (ORCPT ); Tue, 24 Jul 2018 13:59:45 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:35933 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388535AbeGXR5K (ORCPT ); Tue, 24 Jul 2018 13:57:10 -0400 Received: by mail-pf1-f195.google.com with SMTP id d14-v6so986605pfo.3 for ; Tue, 24 Jul 2018 09:49:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=om28ZBbqlVOdWVGgbNqly+1dcj2BlW29w8AmBA0lHYw=; b=jX0T/1t+6ISxyA0Xu/P8wbMfZX4kQyW0Su7SqfXTq8k/RPM2fjPSGS0aCOhAlQST+W b4Vk7coIKTa9vBa1wvkAXRWt0UsEdIwSMy7PAf6LroT/KbEEyPbumKF92+ACRdPHGsJ3 2IdOeyVA5HEJgHD7cpjQMPRtLT3BSGgo+mUQE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=om28ZBbqlVOdWVGgbNqly+1dcj2BlW29w8AmBA0lHYw=; b=dXf+M5lBl5J10c8OqropTxrDR1aeu1UDY1meETd0QRoA56cpT+20QbHBBh+KMalEhL vJ5DkGN+UuwqTaxiYQI3LZLASJ934Rd5xE63CkNmUSWbc75FFO7HuXxZUgP3JIvLzZLh EV1itC4QwusETJBnvpHURkK9IuXrqGQVR9KJ1oCKTESBwgJoKdgPDjmCwKvSnBXBrw9o f/XMoqJIchdruDNPmsDBGYekffVXv9OMeBj+UgOaRqHYcwodpqeHUJ1tGXPSphBHvcsh GBk5OX2odiR9FysJWMjwnMHx2KM3xDAqYaCIubrLkKmppPhfYulvuTGmhFgfGrQEIe7x zPow== X-Gm-Message-State: AOUpUlEXW6XJYEtCxkuceRoEs21dURW73PckMjtw7IMjep8N97UM1vK6 0y44qvBPui3bfhPS+Os8D+kzRg== X-Google-Smtp-Source: AAOMgpdhL4Vph4rx299lhM5n19LKgB1pTVs3ajNSBPEwKLgtHfWzGMh/cSt8mACt4jv1jm5N7igODA== X-Received: by 2002:a63:220d:: with SMTP id i13-v6mr17411926pgi.212.1532450989120; Tue, 24 Jul 2018 09:49:49 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id s195-v6sm25373097pgs.76.2018.07.24.09.49.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 05/18] crypto alg: Introduce generic max blocksize and alignmask Date: Tue, 24 Jul 2018 09:49:23 -0700 Message-Id: <20180724164936.37477-6-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this exposes a new general upper bound on crypto blocksize and alignmask (higher than for the existing cipher limits) for VLA removal, and introduces new checks. At present, the highest cra_alignmask in the kernel is 63. The highest cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the new blocksize limit, I went with 160 (20 8-byte words). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- crypto/algapi.c | 7 ++++++- include/crypto/algapi.h | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/algapi.c b/crypto/algapi.c index c0755cf4f53f..496fc51bf215 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -57,9 +57,14 @@ static int crypto_check_alg(struct crypto_alg *alg) if (alg->cra_alignmask & (alg->cra_alignmask + 1)) return -EINVAL; - if (alg->cra_blocksize > PAGE_SIZE / 8) + /* General maximums for all algs. */ + if (alg->cra_alignmask > MAX_ALGAPI_ALIGNMASK) return -EINVAL; + if (alg->cra_blocksize > MAX_ALGAPI_BLOCKSIZE) + return -EINVAL; + + /* Lower maximums for specific alg types. */ if (!alg->cra_type && (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { if (alg->cra_alignmask > MAX_CIPHER_ALIGNMASK) diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index bd5e8ccf1687..21371ac8f355 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -20,8 +20,10 @@ /* * Maximum values for blocksize and alignmask, used to allocate * static buffers that are big enough for any combination of - * ciphers and architectures. + * algs and architectures. Ciphers have a lower maximum size. */ +#define MAX_ALGAPI_BLOCKSIZE 160 +#define MAX_ALGAPI_ALIGNMASK 63 #define MAX_CIPHER_BLOCKSIZE 16 #define MAX_CIPHER_ALIGNMASK 15 From patchwork Tue Jul 24 16:49:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542631 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 192CF90E3 for ; Tue, 24 Jul 2018 16:52:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 04F3F291C7 for ; Tue, 24 Jul 2018 16:52:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0294A291E3; Tue, 24 Jul 2018 16:52:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8BBF291F0 for ; Tue, 24 Jul 2018 16:52:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388572AbeGXR5L (ORCPT ); Tue, 24 Jul 2018 13:57:11 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:40393 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388545AbeGXR5K (ORCPT ); Tue, 24 Jul 2018 13:57:10 -0400 Received: by mail-pf1-f195.google.com with SMTP id e13-v6so983691pff.7 for ; Tue, 24 Jul 2018 09:49:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BYgigRdBSanSiafl9f2cJhj28CjRYh2SZJXlKmlCU5M=; b=fbvBHvm0aVtMNBYkVoeyHxW4qn3bBowhr+yjjR5AVYmmJYLKSk1VUYLbSXZRqNWAN3 sjgO3gTTL1medxbL+lJO5cAoTCtQZXbJbh8kzjkUiP/SMu0qV0avrE+A5M+oV90xVbF+ o0ozqgf8gTqLpEYexFLpKSk1cBWb+tR0nmugo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BYgigRdBSanSiafl9f2cJhj28CjRYh2SZJXlKmlCU5M=; b=ZabEuC/AeRlfG+Ao5zE/lu1LoBx+ciY52NvmFdkABMDQbcnIFO3jS2epByiV8QtZXO fx4iN9TQ1/zgdn+3EYRgPr5m1raaTjbXpps/npfZ8U4zAucCF6k8vDhmsTdZBhYeOShV ssoSAXJN+ntWZh4Gw2ydvwpBbhub+cg4aMPnA5qbnRuoW7ZZZEtZCX4wOOYZwvUIVcxd q3dX574Ym6EVZPKosdbNotmkaCmv+FvLkf1m4R56lGuvyLYvTh67Urzn1FE5syJ4Zw5t udIg6TvjKJ2cUaf2MxMpWvDZSTeDM4ajgNsLHKvwW10f1KjATofVKkk1BhkpyCTJDa9X Z8Fw== X-Gm-Message-State: AOUpUlHagPDoFByjb7CSFqssj3+cwHKlHQaQ0ieKMeJpO88c10Ony5Sc zSMlO0RQ/rF7htV6bWAO3ySPrw== X-Google-Smtp-Source: AAOMgpejt/8eaP/vX2Mv3zbSbY3cKd9odRDYEzzOSvdKQxeog2q1a3bDuwwt7lah0vUOGzlRRfPMAg== X-Received: by 2002:a63:62c4:: with SMTP id w187-v6mr16962865pgb.55.1532450989974; Tue, 24 Jul 2018 09:49:49 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id q140-v6sm16788405pgq.11.2018.07.24.09.49.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 06/18] crypto: qat: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:24 -0700 Message-Id: <20180724164936.37477-7-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this uses the new upper bound for the stack buffer. Also adds a sanity check. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- drivers/crypto/qat/qat_common/qat_algs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index 1138e41d6805..a28edf7b792f 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -153,8 +153,8 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, struct sha512_state sha512; int block_size = crypto_shash_blocksize(ctx->hash_tfm); int digest_size = crypto_shash_digestsize(ctx->hash_tfm); - char ipad[block_size]; - char opad[block_size]; + char ipad[MAX_ALGAPI_BLOCKSIZE]; + char opad[MAX_ALGAPI_BLOCKSIZE]; __be32 *hash_state_out; __be64 *hash512_state_out; int i, offset; @@ -164,6 +164,10 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, shash->tfm = ctx->hash_tfm; shash->flags = 0x0; + if (WARN_ON(block_size > sizeof(ipad) || + sizeof(ipad) != sizeof(opad))) + return -EINVAL; + if (auth_keylen > block_size) { int ret = crypto_shash_digest(shash, auth_key, auth_keylen, ipad); From patchwork Tue Jul 24 16:49:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542619 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 23621112E for ; Tue, 24 Jul 2018 16:52:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 135502917D for ; Tue, 24 Jul 2018 16:52:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 10742290F0; Tue, 24 Jul 2018 16:52:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3744D2917D for ; Tue, 24 Jul 2018 16:52:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388681AbeGXR7S (ORCPT ); Tue, 24 Jul 2018 13:59:18 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:34413 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388607AbeGXR5M (ORCPT ); Tue, 24 Jul 2018 13:57:12 -0400 Received: by mail-pg1-f195.google.com with SMTP id y5-v6so3308491pgv.1 for ; Tue, 24 Jul 2018 09:49:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ok95ycGnZuw2CZpO4KgRNxj4QX0cXIlEQlrBt5ewdsw=; b=jQ5y83FYcXRBUM77JJA0nyUNgrejZPE5lJ0JT0iizxWJfPIBVNOrdtpeO7rT+b2lsv +bjOyNg4sn32L5cfKvZIdvHZhJj8DFiyCgt6UyipV5eZBsz7wNOkN0Bulbb9Gj/WzKGr ZuhcetVCR/7gfa6Kfm6K+hpLj/2AObwWbUbIA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ok95ycGnZuw2CZpO4KgRNxj4QX0cXIlEQlrBt5ewdsw=; b=P+IhJe4Mzq5aXb3RK4rpVVoZ7kUL/VaqlDWjhspccUOgxRT6QMfuKYvFn+snfvzZIr TQgxQt11jR0+ooltA849esnHo9iY/BtDMPqtJCNesS3Rs64ECsrh/evb8sf4qQUWOQBb u/zjIUd+5Y4IYx24f9bgxecA1lfImWSTKpGqgIj3kIwjudSDJYZmXjxO2GUI+DeBRZQF DlTNvjLgrTpyaR+eBtaEMHJGShVCU96jHdaaFhATEeGV1TnRzsRYXAy5qHEbf7XPr5c2 sMnLYReA4qPNeDuEAVGX/nlxPuN8H9dogm7rlPQ2GAWHHYRerBHYksE1mbokYmrHgf+u Il8w== X-Gm-Message-State: AOUpUlEjz316RSnslhCCDnAlIroHhXpOq7OYIkFPaorY+AJ+GVe9Ws79 j9yDCwTZOwoZmF1rxnpdVF/2cg== X-Google-Smtp-Source: AAOMgpc6VqDh6VDKEj14IbS01oeHnKpI3OsjZNoP+Pml6OkQrZbvFlPFHd08eIo2+U87sWqzc4srfA== X-Received: by 2002:a65:4384:: with SMTP id m4-v6mr5659689pgp.265.1532450992012; Tue, 24 Jul 2018 09:49:52 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id x65-v6sm6984082pfk.140.2018.07.24.09.49.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 07/18] crypto: shash: Remove VLA usage in unaligned hashing Date: Tue, 24 Jul 2018 09:49:25 -0700 Message-Id: <20180724164936.37477-8-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this uses the newly defined max alignment to perform unaligned hashing to avoid VLAs, and drops the helper function while adding sanity checks on the resulting buffer sizes. Additionally, the __aligned_largest macro is removed since this helper was the only user. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- crypto/shash.c | 27 ++++++++++++++++----------- include/linux/compiler-gcc.h | 1 - 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/crypto/shash.c b/crypto/shash.c index 86d76b5c626c..d21f04d70dce 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -73,13 +73,6 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, } EXPORT_SYMBOL_GPL(crypto_shash_setkey); -static inline unsigned int shash_align_buffer_size(unsigned len, - unsigned long mask) -{ - typedef u8 __aligned_largest u8_aligned; - return len + (mask & ~(__alignof__(u8_aligned) - 1)); -} - static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, unsigned int len) { @@ -88,11 +81,17 @@ static int shash_update_unaligned(struct shash_desc *desc, const u8 *data, unsigned long alignmask = crypto_shash_alignmask(tfm); unsigned int unaligned_len = alignmask + 1 - ((unsigned long)data & alignmask); - u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)] - __aligned_largest; + /* + * We cannot count on __aligned() working for large values: + * https://patchwork.kernel.org/patch/9507697/ + */ + u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2]; u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); int err; + if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf))) + return -EINVAL; + if (unaligned_len > len) unaligned_len = len; @@ -124,11 +123,17 @@ static int shash_final_unaligned(struct shash_desc *desc, u8 *out) unsigned long alignmask = crypto_shash_alignmask(tfm); struct shash_alg *shash = crypto_shash_alg(tfm); unsigned int ds = crypto_shash_digestsize(tfm); - u8 ubuf[shash_align_buffer_size(ds, alignmask)] - __aligned_largest; + /* + * We cannot count on __aligned() working for large values: + * https://patchwork.kernel.org/patch/9507697/ + */ + u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE]; u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1); int err; + if (WARN_ON(buf + ds > ubuf + sizeof(ubuf))) + return -EINVAL; + err = shash->final(desc, buf); if (err) goto out; diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index f1a7492a5cc8..1f1cdef36a82 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -125,7 +125,6 @@ */ #define __pure __attribute__((pure)) #define __aligned(x) __attribute__((aligned(x))) -#define __aligned_largest __attribute__((aligned)) #define __printf(a, b) __attribute__((format(printf, a, b))) #define __scanf(a, b) __attribute__((format(scanf, a, b))) #define __attribute_const__ __attribute__((__const__)) From patchwork Tue Jul 24 16:49:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542617 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1692C90E3 for ; Tue, 24 Jul 2018 16:52:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 059F62906F for ; Tue, 24 Jul 2018 16:52:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 02A4029167; Tue, 24 Jul 2018 16:52:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94694291AF for ; Tue, 24 Jul 2018 16:52:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388614AbeGXR5M (ORCPT ); Tue, 24 Jul 2018 13:57:12 -0400 Received: from mail-pl0-f65.google.com ([209.85.160.65]:46016 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388552AbeGXR5L (ORCPT ); Tue, 24 Jul 2018 13:57:11 -0400 Received: by mail-pl0-f65.google.com with SMTP id j8-v6so1955774pll.12 for ; Tue, 24 Jul 2018 09:49:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=; b=dyArO5HPDOmgxu1KqX1PLyjELlLB/4D/84YPYAORv5WvH1EukArfqKSZklwmUMMB7a /TGpsRkqAMjiQVw/mB48Ccn1vguQr0t20yF9CE+lGYxame7S7lxWefDK14kQapdlhLEk 203wUEPeCBMmH4vWUkmIeSP0Tbz3jZdvFjhbE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=xi1UiijgPtH3bEbgxLJTLT+H3zXPa7fDlbmxyBVC5QY=; b=p3Phn8ChnAJr7f+R7X4UNAEDvNSudp2i72Fqp1/qWSH5TzNgN0H94tgrZgs+akJJc1 CdaEzz39O0QyRVbCmhT2ZFyustjgMFZ7pYHde3LfJeBhRi7qtxwRSrgDDDbj+7h0+OSh j2+Ab30FaoAX0jdbKulpa/PPDexu+9casLt5EZLDazHmYzsb1qAzSoF1Uc8ccqdZ11mn JrNGQyGyJqnE+QRKL311e7VBH2tv9qeo5eRfN+SnqHXiOJD0NKYPQDwP7+4uBTbkZ5BN F56pg7mN//hEkVGp8M8ow7tC3KhfiiXvM1JW/Sc4m9uf0F4gb1xjoS9RwPqoClLJoOTX ji2g== X-Gm-Message-State: AOUpUlFDCqyEPIhToSnS1fqLmFDcSe/jcmvFgsJLhM5LADKTWBS5EQ+v At32tn1lsZaX7q/aT669ffdmaw== X-Google-Smtp-Source: AAOMgpeVOEL3rwh7h++k7IUoH+FXXTX0DIe/o1QEmZSs2q6LYLTUBCJLP1OSBUBvuU8XEGR4LWmKqA== X-Received: by 2002:a17:902:b112:: with SMTP id q18-v6mr17394185plr.284.1532450990853; Tue, 24 Jul 2018 09:49:50 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id e2-v6sm13671874pgo.92.2018.07.24.09.49.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 08/18] crypto: skcipher: Remove VLA usage for SKCIPHER_REQUEST_ON_STACK Date: Tue, 24 Jul 2018 09:49:26 -0700 Message-Id: <20180724164936.37477-9-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this caps the skcipher request size similar to other limits and adds a sanity check at registration. Looking at instrumented tcrypt output, the largest is for lrw: crypt: testing lrw(aes) crypto_skcipher_set_reqsize: 8 crypto_skcipher_set_reqsize: 88 crypto_skcipher_set_reqsize: 472 [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- include/crypto/internal/skcipher.h | 1 + include/crypto/skcipher.h | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index e42f7063f245..5035482cbe68 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -130,6 +130,7 @@ static inline struct crypto_skcipher *crypto_spawn_skcipher( static inline void crypto_skcipher_set_reqsize( struct crypto_skcipher *skcipher, unsigned int reqsize) { + BUG_ON(reqsize > SKCIPHER_MAX_REQSIZE); skcipher->reqsize = reqsize; } diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 2f327f090c3e..c48e194438cf 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -139,9 +139,11 @@ struct skcipher_alg { struct crypto_alg base; }; +#define SKCIPHER_MAX_REQSIZE 472 + #define SKCIPHER_REQUEST_ON_STACK(name, tfm) \ char __##name##_desc[sizeof(struct skcipher_request) + \ - crypto_skcipher_reqsize(tfm)] CRYPTO_MINALIGN_ATTR; \ + SKCIPHER_MAX_REQSIZE] CRYPTO_MINALIGN_ATTR; \ struct skcipher_request *name = (void *)__##name##_desc /** From patchwork Tue Jul 24 16:49:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542609 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 323A51822 for ; Tue, 24 Jul 2018 16:51:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 22A0C291DE for ; Tue, 24 Jul 2018 16:51:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1ED6D291BD; Tue, 24 Jul 2018 16:51:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 84482291D4 for ; Tue, 24 Jul 2018 16:51:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388618AbeGXR7Q (ORCPT ); Tue, 24 Jul 2018 13:59:16 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:43354 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388623AbeGXR5N (ORCPT ); Tue, 24 Jul 2018 13:57:13 -0400 Received: by mail-pf1-f193.google.com with SMTP id j26-v6so981961pfi.10 for ; Tue, 24 Jul 2018 09:49:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EgkhKZ/Kq1WYLP+KKm550fKJfIA30Q04zx67UHx5CVw=; b=S92o1ZFwaZ2aylf4k1VTGxvWM7JZPhGcyXrz7iZHR94z/kaZL0L6kH2rRGVWrH6iju eUpSLl/7EISqe9730FeeGBGn7J6lWJa1DO2CrW7zgkLsAF3YR1X8Wk74laRSb+Zs4zvj SYx8wnid83S/p8ReZrV3kGlfr/ZxMOFmYYKnA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EgkhKZ/Kq1WYLP+KKm550fKJfIA30Q04zx67UHx5CVw=; b=I5MNo3GdUpgAERfvNPWUQaB06xGPUhR2jgULDRuVCE229SJGuVUxhe9GKX66MU2r4N FpTEkR+PWiyEiQ76fqpFYYE0HpfPSjTbPJP3MVyexr+xNhjb7NJd9fucMtWkPmKLFESE fmL58/xQGfSrzPam07McyC4VlcJ0sc8XDE2d8kS7IHEIqqfaIS9cIg2KX9NZS3u/3WF2 wVmXMSeHMNCtzwHdds9f6Qzjr1soO/nlZLgYgiUI+/ZaHO+/BZ7oVOCoay5zCZDZTfKD IrEY1f+/E5Y8iKzn2jvXJAkTxXd16Zg1VupSTar++VoQoSamAOj6trE26VFfDmq77dT8 mEzg== X-Gm-Message-State: AOUpUlFPp9ZXwiNAuR0GPEdslHcVj3lFKZa8RmPwYOgs0271VjFuVZAt rw1FS1H4pZ7ZWvoHWjKyCqbf3A== X-Google-Smtp-Source: AAOMgpflp49N0AC5xiB8mpCD9AbiIwFcdTzaeSIcKVrYl9oEty5XsAmRJYRzowpikmxDTVIEKkvfJg== X-Received: by 2002:a62:9d14:: with SMTP id i20-v6mr18485201pfd.3.1532450992941; Tue, 24 Jul 2018 09:49:52 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id a15-v6sm19835983pfe.32.2018.07.24.09.49.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 09/18] ppp: mppe: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:27 -0700 Message-Id: <20180724164936.37477-10-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK (and associated VLA) by switching to shash directly and keeping the associated descriptor allocated with the regular state on the heap. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Acked-by: Arnd Bergmann --- drivers/net/ppp/ppp_mppe.c | 56 ++++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c index 6c7fd98cb00a..a205750b431b 100644 --- a/drivers/net/ppp/ppp_mppe.c +++ b/drivers/net/ppp/ppp_mppe.c @@ -96,7 +96,7 @@ static inline void sha_pad_init(struct sha_pad *shapad) */ struct ppp_mppe_state { struct crypto_skcipher *arc4; - struct crypto_ahash *sha1; + struct shash_desc *sha1; unsigned char *sha1_digest; unsigned char master_key[MPPE_MAX_KEY_LEN]; unsigned char session_key[MPPE_MAX_KEY_LEN]; @@ -136,25 +136,16 @@ struct ppp_mppe_state { */ static void get_new_key_from_sha(struct ppp_mppe_state * state) { - AHASH_REQUEST_ON_STACK(req, state->sha1); - struct scatterlist sg[4]; - unsigned int nbytes; - - sg_init_table(sg, 4); - - nbytes = setup_sg(&sg[0], state->master_key, state->keylen); - nbytes += setup_sg(&sg[1], sha_pad->sha_pad1, - sizeof(sha_pad->sha_pad1)); - nbytes += setup_sg(&sg[2], state->session_key, state->keylen); - nbytes += setup_sg(&sg[3], sha_pad->sha_pad2, - sizeof(sha_pad->sha_pad2)); - - ahash_request_set_tfm(req, state->sha1); - ahash_request_set_callback(req, 0, NULL, NULL); - ahash_request_set_crypt(req, sg, state->sha1_digest, nbytes); - - crypto_ahash_digest(req); - ahash_request_zero(req); + crypto_shash_init(state->sha1); + crypto_shash_update(state->sha1, state->master_key, + state->keylen); + crypto_shash_update(state->sha1, sha_pad->sha_pad1, + sizeof(sha_pad->sha_pad1)); + crypto_shash_update(state->sha1, state->session_key, + state->keylen); + crypto_shash_update(state->sha1, sha_pad->sha_pad2, + sizeof(sha_pad->sha_pad2)); + crypto_shash_final(state->sha1, state->sha1_digest); } /* @@ -200,6 +191,7 @@ static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) static void *mppe_alloc(unsigned char *options, int optlen) { struct ppp_mppe_state *state; + struct crypto_shash *shash; unsigned int digestsize; if (optlen != CILEN_MPPE + sizeof(state->master_key) || @@ -217,13 +209,21 @@ static void *mppe_alloc(unsigned char *options, int optlen) goto out_free; } - state->sha1 = crypto_alloc_ahash("sha1", 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(state->sha1)) { - state->sha1 = NULL; + shash = crypto_alloc_shash("sha1", 0, 0); + if (IS_ERR(shash)) + goto out_free; + + state->sha1 = kmalloc(sizeof(*state->sha1) + + crypto_shash_descsize(shash), + GFP_KERNEL); + if (!state->sha1) { + crypto_free_shash(shash); goto out_free; } + state->sha1->tfm = shash; + state->sha1->flags = 0; - digestsize = crypto_ahash_digestsize(state->sha1); + digestsize = crypto_shash_digestsize(shash); if (digestsize < MPPE_MAX_KEY_LEN) goto out_free; @@ -246,7 +246,10 @@ static void *mppe_alloc(unsigned char *options, int optlen) out_free: kfree(state->sha1_digest); - crypto_free_ahash(state->sha1); + if (state->sha1) { + crypto_free_shash(state->sha1->tfm); + kzfree(state->sha1); + } crypto_free_skcipher(state->arc4); kfree(state); out: @@ -261,7 +264,8 @@ static void mppe_free(void *arg) struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; if (state) { kfree(state->sha1_digest); - crypto_free_ahash(state->sha1); + crypto_free_shash(state->sha1->tfm); + kzfree(state->sha1); crypto_free_skcipher(state->arc4); kfree(state); } From patchwork Tue Jul 24 16:49:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542505 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2E7FA112E for ; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1EA0029063 for ; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 124FB29097; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44C7829096 for ; Tue, 24 Jul 2018 16:49:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388669AbeGXR5P (ORCPT ); Tue, 24 Jul 2018 13:57:15 -0400 Received: from mail-pl0-f65.google.com ([209.85.160.65]:32896 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388598AbeGXR5O (ORCPT ); Tue, 24 Jul 2018 13:57:14 -0400 Received: by mail-pl0-f65.google.com with SMTP id 6-v6so2030667plb.0 for ; Tue, 24 Jul 2018 09:49:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZI2aob70T18+rSqCI2VmsibkGPFJ6uFylB1GNq8x2tU=; b=lhaX8SZbZjzXrl4urHtWAlOw0+5v2jhpiueRSlwInGEIhtnoWEcHkEo2Rti0au0kTK cyoLrc1bLLVPJzhNPhaWg6wGX2PhkP0GsTsho7i9AdEKJ58RD3bnmHsEP+YDd8PDv2qc cWo7fpA1R05gIRDrThrywOkzK8sPxhD1/Sz/4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZI2aob70T18+rSqCI2VmsibkGPFJ6uFylB1GNq8x2tU=; b=fXi6rXEHoUtoWVcFXMxAq68bHkwO1wwVUn8cYzRB7Pguzab8blpfHLswtgSaZVoS/1 3uqJqhzt8Qq0JZgeaVgg4+lf4XFwEB4EsQ60w8B9xcrUcx7uhnKBJ3ZHrAYXmYrkH8HM gVGplleQ7ngq5YmebW+cYTV2LbM/aREklVEJruKEWQFRZvLhotkMwtEQoLWBS3Q53F8j NoxdVZT9QgfscVr/V5CWMLBHzmTGPLgt1XivOkoOnv84d3RtovzJv19/NIMaZa7lMbv9 YMNq+P1fnGslATzV/8bMblXxPfKqzrp3M2nvRAFxU27Kb6x2qs8NL8zikNhA+t7N+PGi 70/A== X-Gm-Message-State: AOUpUlGV8MZv+LleSE/M7X8anWBvY3UKAdPm0txA1GcR93wrWigrr4Ka w7WwadDyAvTEJ9CEbQ9QQgnHIg== X-Google-Smtp-Source: AAOMgpdDfbfeNYrD5Tke9cwk7/M0KCext81YN1e+mYrixCTTS8+Y3+j2yYZwLCcAE6lQGskPdc0BMA== X-Received: by 2002:a17:902:8506:: with SMTP id bj6-v6mr17572390plb.210.1532450993856; Tue, 24 Jul 2018 09:49:53 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id d18-v6sm13530804pgo.74.2018.07.24.09.49.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 10/18] x86/power/64: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:28 -0700 Message-Id: <20180724164936.37477-11-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK by switching to shash directly and allocating the descriptor in heap memory (which should be fine: the tfm has already been allocated there too). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Acked-by: Pavel Machek --- arch/x86/power/hibernate_64.c | 36 ++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/arch/x86/power/hibernate_64.c b/arch/x86/power/hibernate_64.c index 67ccf64c8bd8..f8e3b668d20b 100644 --- a/arch/x86/power/hibernate_64.c +++ b/arch/x86/power/hibernate_64.c @@ -233,29 +233,35 @@ struct restore_data_record { */ static int get_e820_md5(struct e820_table *table, void *buf) { - struct scatterlist sg; - struct crypto_ahash *tfm; + struct crypto_shash *tfm; + struct shash_desc *desc; int size; int ret = 0; - tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); + tfm = crypto_alloc_shash("md5", 0, 0); if (IS_ERR(tfm)) return -ENOMEM; - { - AHASH_REQUEST_ON_STACK(req, tfm); - size = offsetof(struct e820_table, entries) + sizeof(struct e820_entry) * table->nr_entries; - ahash_request_set_tfm(req, tfm); - sg_init_one(&sg, (u8 *)table, size); - ahash_request_set_callback(req, 0, NULL, NULL); - ahash_request_set_crypt(req, &sg, buf, size); - - if (crypto_ahash_digest(req)) - ret = -EINVAL; - ahash_request_zero(req); + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), + GFP_KERNEL); + if (!desc) { + ret = -ENOMEM; + goto free_tfm; } - crypto_free_ahash(tfm); + desc->tfm = tfm; + desc->flags = 0; + + size = offsetof(struct e820_table, entries) + + sizeof(struct e820_entry) * table->nr_entries; + + if (crypto_shash_digest(desc, (u8 *)table, size, buf)) + ret = -EINVAL; + + kzfree(desc); + +free_tfm: + crypto_free_shash(tfm); return ret; } From patchwork Tue Jul 24 16:49:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542507 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 481CE90E3 for ; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 376BB29063 for ; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3509D2907D; Tue, 24 Jul 2018 16:49:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3DD92909F for ; Tue, 24 Jul 2018 16:49:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388521AbeGXR5Q (ORCPT ); Tue, 24 Jul 2018 13:57:16 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:37284 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388651AbeGXR5P (ORCPT ); Tue, 24 Jul 2018 13:57:15 -0400 Received: by mail-pg1-f193.google.com with SMTP id n7-v6so3305341pgq.4 for ; Tue, 24 Jul 2018 09:49:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CPbMm0CRMjn6WWe1IlnQfdE8WKGufaSORW1Jwv5jp9g=; b=Sqy/U6lEAtaHCvGGjuA15TO8EgzKx6zxS1R9gJQDDAWcgcCf3FdmexBo+PzFomA1eZ 6Kgtq57CYV+rNLJRqvrZiZmKTnI9d9GT0L9Ya0rv5DgzRx00TaZZ3kiK3boa/VeQIjWu zR0dm4KEiWAal8wcI7KYU8TkXwp7zqUORY8AA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CPbMm0CRMjn6WWe1IlnQfdE8WKGufaSORW1Jwv5jp9g=; b=nAHWg5fiJvsb9gGoZ8Re7ZSCm01MblfOUFP9eYM2WlBcmo9JSdfz6ZMQUCCqD9lg23 J6RtE1jOUdywvZFOr2hbRQqKK151SjrlxzQFNQuJ1ip5w6BqjqP7rch+/SBWjZH3FU7W Si4p1TNQ1RZsLxyVzG/Qgnr/FDdHWbNcZf7HF2mtc2kfB5J4+WhmuzG+53zc01+xnjh8 w6SEkNn/HikI38JmGtQN5/il8ZVAmNf17DAakkm+TWfrd/SDqj3iZ0agXpAZ/WyyTe6I q6DK1OuSvavmMYfLh5hItVhC1oOvk/nxVreQiDW8d7eqClBFjy54bhvqXASFycgjwsJu PsbA== X-Gm-Message-State: AOUpUlHzP5UwvcH/kzdr1UMAyGzhUw/znaz5DV0di0ita6SOqlRRMPrv nJnDZFZ1IyuELICZl7rftnUmiQ== X-Google-Smtp-Source: AAOMgpdIDiJGQzsbr+YTILmO9p528DomYEZ+nGflZUHk5FySzT4GPqu95oyrX932WDCrQnA/7RF0pA== X-Received: by 2002:a63:2644:: with SMTP id m65-v6mr16889618pgm.371.1532450994828; Tue, 24 Jul 2018 09:49:54 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id e7-v6sm23751655pgc.55.2018.07.24.09.49.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:47 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 11/18] dm crypt: Convert essiv from ahash to shash Date: Tue, 24 Jul 2018 09:49:29 -0700 Message-Id: <20180724164936.37477-12-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. By removing a layer of indirection this both improves performance and reduces stack usage. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Reviewed-by: Eric Biggers --- drivers/md/dm-crypt.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index b61b069c33af..c4c922990090 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -99,7 +99,7 @@ struct crypt_iv_operations { }; struct iv_essiv_private { - struct crypto_ahash *hash_tfm; + struct crypto_shash *hash_tfm; u8 *salt; }; @@ -327,25 +327,22 @@ static int crypt_iv_plain64be_gen(struct crypt_config *cc, u8 *iv, static int crypt_iv_essiv_init(struct crypt_config *cc) { struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; - AHASH_REQUEST_ON_STACK(req, essiv->hash_tfm); - struct scatterlist sg; + SHASH_DESC_ON_STACK(desc, essiv->hash_tfm); struct crypto_cipher *essiv_tfm; int err; - sg_init_one(&sg, cc->key, cc->key_size); - ahash_request_set_tfm(req, essiv->hash_tfm); - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); - ahash_request_set_crypt(req, &sg, essiv->salt, cc->key_size); + desc->tfm = essiv->hash_tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; - err = crypto_ahash_digest(req); - ahash_request_zero(req); + err = crypto_shash_digest(desc, cc->key, cc->key_size, essiv->salt); + shash_desc_zero(desc); if (err) return err; essiv_tfm = cc->iv_private; err = crypto_cipher_setkey(essiv_tfm, essiv->salt, - crypto_ahash_digestsize(essiv->hash_tfm)); + crypto_shash_digestsize(essiv->hash_tfm)); if (err) return err; @@ -356,7 +353,7 @@ static int crypt_iv_essiv_init(struct crypt_config *cc) static int crypt_iv_essiv_wipe(struct crypt_config *cc) { struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; - unsigned salt_size = crypto_ahash_digestsize(essiv->hash_tfm); + unsigned salt_size = crypto_shash_digestsize(essiv->hash_tfm); struct crypto_cipher *essiv_tfm; int r, err = 0; @@ -408,7 +405,7 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc) struct crypto_cipher *essiv_tfm; struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv; - crypto_free_ahash(essiv->hash_tfm); + crypto_free_shash(essiv->hash_tfm); essiv->hash_tfm = NULL; kzfree(essiv->salt); @@ -426,7 +423,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, const char *opts) { struct crypto_cipher *essiv_tfm = NULL; - struct crypto_ahash *hash_tfm = NULL; + struct crypto_shash *hash_tfm = NULL; u8 *salt = NULL; int err; @@ -436,14 +433,14 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, } /* Allocate hash algorithm */ - hash_tfm = crypto_alloc_ahash(opts, 0, CRYPTO_ALG_ASYNC); + hash_tfm = crypto_alloc_shash(opts, 0, 0); if (IS_ERR(hash_tfm)) { ti->error = "Error initializing ESSIV hash"; err = PTR_ERR(hash_tfm); goto bad; } - salt = kzalloc(crypto_ahash_digestsize(hash_tfm), GFP_KERNEL); + salt = kzalloc(crypto_shash_digestsize(hash_tfm), GFP_KERNEL); if (!salt) { ti->error = "Error kmallocing salt storage in ESSIV"; err = -ENOMEM; @@ -454,7 +451,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, cc->iv_gen_private.essiv.hash_tfm = hash_tfm; essiv_tfm = alloc_essiv_cipher(cc, ti, salt, - crypto_ahash_digestsize(hash_tfm)); + crypto_shash_digestsize(hash_tfm)); if (IS_ERR(essiv_tfm)) { crypt_iv_essiv_dtr(cc); return PTR_ERR(essiv_tfm); @@ -465,7 +462,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti, bad: if (hash_tfm && !IS_ERR(hash_tfm)) - crypto_free_ahash(hash_tfm); + crypto_free_shash(hash_tfm); kfree(salt); return err; } From patchwork Tue Jul 24 16:49:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542517 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 97826A517 for ; Tue, 24 Jul 2018 16:50:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7322D290CE for ; Tue, 24 Jul 2018 16:50:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6EFEA290B0; Tue, 24 Jul 2018 16:50:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F169D2909E for ; Tue, 24 Jul 2018 16:50:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388748AbeGXR5V (ORCPT ); Tue, 24 Jul 2018 13:57:21 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:45128 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388740AbeGXR5U (ORCPT ); Tue, 24 Jul 2018 13:57:20 -0400 Received: by mail-pg1-f193.google.com with SMTP id f1-v6so3290794pgq.12 for ; Tue, 24 Jul 2018 09:49:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Meqphyy9r7z2IA/wd6c1NXlpAsx9fbiho4zaI5dcUo8=; b=Yu1SOz5xehkgc73TvjHbTt/ug/8kekD1Zzy9d7prH92g2xoa0L5f+nls+3I6temwfl vdgGmLNhhvV0HPbgZnSRtxTkLF63ceveOiVZ/rx9gGR7W8hNBu+rlTqxpERp6oyZzknF lrcBk4mUdsZZwxKN7rem1TSWzhk7NpdDlL42M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Meqphyy9r7z2IA/wd6c1NXlpAsx9fbiho4zaI5dcUo8=; b=gBl4JQM4igePAs5UXKKGpqincbAtc+4Fi9KTinqkQdy0JIcED6mWndUrlQOrwZ5TmF +wmc5/Ssw5BHYFjFslFBaLQcdG4E3rD0KfzRFnJCFU4Qfh/8M55M1YuPHiS/A7MVuIq3 p6zZcmwqSwqZRdYfcO+WfdKffJwGGI+/skhpJ7zbN3tQOdlzQsGfNEqcnrurJ05Gn94N mf0FvfBZcI2/5jrtBg1KrerufGfuihxVQPztKERK1xX2zbovR3/AKAHKw0XQOuoY8QYG 7t9Pz1ozAg0Lw8z9zyPvY+bL0CukVU1ZU84v+Bxvwa9gxKYIm/u4YTAnhJvQT3s2ZyQL flUg== X-Gm-Message-State: AOUpUlG0yg+J3Aie6vkCsTw9qapaBKZlzopADxosce6qDGDvbLVG81G4 Tn6dCZsCpiAqIvPKB/Pmpg6X2A== X-Google-Smtp-Source: AAOMgpdmekeSpNERR32WCNswIZukgbAd5Y9TQpGsSnDp/KEicnJRhHqJ+uQRbzZwii03JZuUtuhDGw== X-Received: by 2002:a62:d24a:: with SMTP id c71-v6mr18460124pfg.242.1532450998442; Tue, 24 Jul 2018 09:49:58 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id f184-v6sm16532532pfc.88.2018.07.24.09.49.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:54 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 12/18] drbd: Convert from ahash to shash Date: Tue, 24 Jul 2018 09:49:30 -0700 Message-Id: <20180724164936.37477-13-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. By removing a layer of indirection this both improves performance and reduces stack usage. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- drivers/block/drbd/drbd_int.h | 13 +++---- drivers/block/drbd/drbd_main.c | 14 ++++---- drivers/block/drbd/drbd_nl.c | 39 +++++++-------------- drivers/block/drbd/drbd_receiver.c | 35 ++++++++++--------- drivers/block/drbd/drbd_worker.c | 56 +++++++++++++----------------- 5 files changed, 69 insertions(+), 88 deletions(-) diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h index bc4ed2ed40a2..97d8e290c2be 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -726,10 +726,10 @@ struct drbd_connection { struct list_head transfer_log; /* all requests not yet fully processed */ struct crypto_shash *cram_hmac_tfm; - struct crypto_ahash *integrity_tfm; /* checksums we compute, updates protected by connection->data->mutex */ - struct crypto_ahash *peer_integrity_tfm; /* checksums we verify, only accessed from receiver thread */ - struct crypto_ahash *csums_tfm; - struct crypto_ahash *verify_tfm; + struct crypto_shash *integrity_tfm; /* checksums we compute, updates protected by connection->data->mutex */ + struct crypto_shash *peer_integrity_tfm; /* checksums we verify, only accessed from receiver thread */ + struct crypto_shash *csums_tfm; + struct crypto_shash *verify_tfm; void *int_dig_in; void *int_dig_vv; @@ -1533,8 +1533,9 @@ static inline void ov_out_of_sync_print(struct drbd_device *device) } -extern void drbd_csum_bio(struct crypto_ahash *, struct bio *, void *); -extern void drbd_csum_ee(struct crypto_ahash *, struct drbd_peer_request *, void *); +extern void drbd_csum_bio(struct crypto_shash *, struct bio *, void *); +extern void drbd_csum_ee(struct crypto_shash *, struct drbd_peer_request *, + void *); /* worker callbacks */ extern int w_e_end_data_req(struct drbd_work *, int); extern int w_e_end_rsdata_req(struct drbd_work *, int); diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c index a80809bd3057..ccb54791d39c 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1377,7 +1377,7 @@ void drbd_send_ack_dp(struct drbd_peer_device *peer_device, enum drbd_packet cmd struct p_data *dp, int data_size) { if (peer_device->connection->peer_integrity_tfm) - data_size -= crypto_ahash_digestsize(peer_device->connection->peer_integrity_tfm); + data_size -= crypto_shash_digestsize(peer_device->connection->peer_integrity_tfm); _drbd_send_ack(peer_device, cmd, dp->sector, cpu_to_be32(data_size), dp->block_id); } @@ -1690,7 +1690,7 @@ int drbd_send_dblock(struct drbd_peer_device *peer_device, struct drbd_request * sock = &peer_device->connection->data; p = drbd_prepare_command(peer_device, sock); digest_size = peer_device->connection->integrity_tfm ? - crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0; + crypto_shash_digestsize(peer_device->connection->integrity_tfm) : 0; if (!p) return -EIO; @@ -1796,7 +1796,7 @@ int drbd_send_block(struct drbd_peer_device *peer_device, enum drbd_packet cmd, p = drbd_prepare_command(peer_device, sock); digest_size = peer_device->connection->integrity_tfm ? - crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0; + crypto_shash_digestsize(peer_device->connection->integrity_tfm) : 0; if (!p) return -EIO; @@ -2561,11 +2561,11 @@ void conn_free_crypto(struct drbd_connection *connection) { drbd_free_sock(connection); - crypto_free_ahash(connection->csums_tfm); - crypto_free_ahash(connection->verify_tfm); + crypto_free_shash(connection->csums_tfm); + crypto_free_shash(connection->verify_tfm); crypto_free_shash(connection->cram_hmac_tfm); - crypto_free_ahash(connection->integrity_tfm); - crypto_free_ahash(connection->peer_integrity_tfm); + crypto_free_shash(connection->integrity_tfm); + crypto_free_shash(connection->peer_integrity_tfm); kfree(connection->int_dig_in); kfree(connection->int_dig_vv); diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index b4f02768ba47..d15703b1ffe8 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c @@ -2303,10 +2303,10 @@ check_net_options(struct drbd_connection *connection, struct net_conf *new_net_c } struct crypto { - struct crypto_ahash *verify_tfm; - struct crypto_ahash *csums_tfm; + struct crypto_shash *verify_tfm; + struct crypto_shash *csums_tfm; struct crypto_shash *cram_hmac_tfm; - struct crypto_ahash *integrity_tfm; + struct crypto_shash *integrity_tfm; }; static int @@ -2324,36 +2324,21 @@ alloc_shash(struct crypto_shash **tfm, char *tfm_name, int err_alg) return NO_ERROR; } -static int -alloc_ahash(struct crypto_ahash **tfm, char *tfm_name, int err_alg) -{ - if (!tfm_name[0]) - return NO_ERROR; - - *tfm = crypto_alloc_ahash(tfm_name, 0, CRYPTO_ALG_ASYNC); - if (IS_ERR(*tfm)) { - *tfm = NULL; - return err_alg; - } - - return NO_ERROR; -} - static enum drbd_ret_code alloc_crypto(struct crypto *crypto, struct net_conf *new_net_conf) { char hmac_name[CRYPTO_MAX_ALG_NAME]; enum drbd_ret_code rv; - rv = alloc_ahash(&crypto->csums_tfm, new_net_conf->csums_alg, + rv = alloc_shash(&crypto->csums_tfm, new_net_conf->csums_alg, ERR_CSUMS_ALG); if (rv != NO_ERROR) return rv; - rv = alloc_ahash(&crypto->verify_tfm, new_net_conf->verify_alg, + rv = alloc_shash(&crypto->verify_tfm, new_net_conf->verify_alg, ERR_VERIFY_ALG); if (rv != NO_ERROR) return rv; - rv = alloc_ahash(&crypto->integrity_tfm, new_net_conf->integrity_alg, + rv = alloc_shash(&crypto->integrity_tfm, new_net_conf->integrity_alg, ERR_INTEGRITY_ALG); if (rv != NO_ERROR) return rv; @@ -2371,9 +2356,9 @@ alloc_crypto(struct crypto *crypto, struct net_conf *new_net_conf) static void free_crypto(struct crypto *crypto) { crypto_free_shash(crypto->cram_hmac_tfm); - crypto_free_ahash(crypto->integrity_tfm); - crypto_free_ahash(crypto->csums_tfm); - crypto_free_ahash(crypto->verify_tfm); + crypto_free_shash(crypto->integrity_tfm); + crypto_free_shash(crypto->csums_tfm); + crypto_free_shash(crypto->verify_tfm); } int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) @@ -2450,17 +2435,17 @@ int drbd_adm_net_opts(struct sk_buff *skb, struct genl_info *info) rcu_assign_pointer(connection->net_conf, new_net_conf); if (!rsr) { - crypto_free_ahash(connection->csums_tfm); + crypto_free_shash(connection->csums_tfm); connection->csums_tfm = crypto.csums_tfm; crypto.csums_tfm = NULL; } if (!ovr) { - crypto_free_ahash(connection->verify_tfm); + crypto_free_shash(connection->verify_tfm); connection->verify_tfm = crypto.verify_tfm; crypto.verify_tfm = NULL; } - crypto_free_ahash(connection->integrity_tfm); + crypto_free_shash(connection->integrity_tfm); connection->integrity_tfm = crypto.integrity_tfm; if (connection->cstate >= C_WF_REPORT_PARAMS && connection->agreed_pro_version >= 100) /* Do this without trying to take connection->data.mutex again. */ diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index be9450f5ad1c..76243e9ef277 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -1732,7 +1732,7 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf } /* quick wrapper in case payload size != request_size (write same) */ -static void drbd_csum_ee_size(struct crypto_ahash *h, +static void drbd_csum_ee_size(struct crypto_shash *h, struct drbd_peer_request *r, void *d, unsigned int payload_size) { @@ -1769,7 +1769,7 @@ read_in_block(struct drbd_peer_device *peer_device, u64 id, sector_t sector, digest_size = 0; if (!trim && peer_device->connection->peer_integrity_tfm) { - digest_size = crypto_ahash_digestsize(peer_device->connection->peer_integrity_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->peer_integrity_tfm); /* * FIXME: Receive the incoming digest into the receive buffer * here, together with its struct p_data? @@ -1905,7 +1905,7 @@ static int recv_dless_read(struct drbd_peer_device *peer_device, struct drbd_req digest_size = 0; if (peer_device->connection->peer_integrity_tfm) { - digest_size = crypto_ahash_digestsize(peer_device->connection->peer_integrity_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->peer_integrity_tfm); err = drbd_recv_all_warn(peer_device->connection, dig_in, digest_size); if (err) return err; @@ -3540,7 +3540,7 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in int p_proto, p_discard_my_data, p_two_primaries, cf; struct net_conf *nc, *old_net_conf, *new_net_conf = NULL; char integrity_alg[SHARED_SECRET_MAX] = ""; - struct crypto_ahash *peer_integrity_tfm = NULL; + struct crypto_shash *peer_integrity_tfm = NULL; void *int_dig_in = NULL, *int_dig_vv = NULL; p_proto = be32_to_cpu(p->protocol); @@ -3621,7 +3621,7 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in * change. */ - peer_integrity_tfm = crypto_alloc_ahash(integrity_alg, 0, CRYPTO_ALG_ASYNC); + peer_integrity_tfm = crypto_alloc_shash(integrity_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(peer_integrity_tfm)) { peer_integrity_tfm = NULL; drbd_err(connection, "peer data-integrity-alg %s not supported\n", @@ -3629,7 +3629,7 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in goto disconnect; } - hash_size = crypto_ahash_digestsize(peer_integrity_tfm); + hash_size = crypto_shash_digestsize(peer_integrity_tfm); int_dig_in = kmalloc(hash_size, GFP_KERNEL); int_dig_vv = kmalloc(hash_size, GFP_KERNEL); if (!(int_dig_in && int_dig_vv)) { @@ -3659,7 +3659,7 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in mutex_unlock(&connection->resource->conf_update); mutex_unlock(&connection->data.mutex); - crypto_free_ahash(connection->peer_integrity_tfm); + crypto_free_shash(connection->peer_integrity_tfm); kfree(connection->int_dig_in); kfree(connection->int_dig_vv); connection->peer_integrity_tfm = peer_integrity_tfm; @@ -3677,7 +3677,7 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in disconnect_rcu_unlock: rcu_read_unlock(); disconnect: - crypto_free_ahash(peer_integrity_tfm); + crypto_free_shash(peer_integrity_tfm); kfree(int_dig_in); kfree(int_dig_vv); conn_request_state(connection, NS(conn, C_DISCONNECTING), CS_HARD); @@ -3689,15 +3689,16 @@ static int receive_protocol(struct drbd_connection *connection, struct packet_in * return: NULL (alg name was "") * ERR_PTR(error) if something goes wrong * or the crypto hash ptr, if it worked out ok. */ -static struct crypto_ahash *drbd_crypto_alloc_digest_safe(const struct drbd_device *device, +static struct crypto_shash *drbd_crypto_alloc_digest_safe( + const struct drbd_device *device, const char *alg, const char *name) { - struct crypto_ahash *tfm; + struct crypto_shash *tfm; if (!alg[0]) return NULL; - tfm = crypto_alloc_ahash(alg, 0, CRYPTO_ALG_ASYNC); + tfm = crypto_alloc_shash(alg, 0, 0); if (IS_ERR(tfm)) { drbd_err(device, "Can not allocate \"%s\" as %s (reason: %ld)\n", alg, name, PTR_ERR(tfm)); @@ -3750,8 +3751,8 @@ static int receive_SyncParam(struct drbd_connection *connection, struct packet_i struct drbd_device *device; struct p_rs_param_95 *p; unsigned int header_size, data_size, exp_max_sz; - struct crypto_ahash *verify_tfm = NULL; - struct crypto_ahash *csums_tfm = NULL; + struct crypto_shash *verify_tfm = NULL; + struct crypto_shash *csums_tfm = NULL; struct net_conf *old_net_conf, *new_net_conf = NULL; struct disk_conf *old_disk_conf = NULL, *new_disk_conf = NULL; const int apv = connection->agreed_pro_version; @@ -3898,14 +3899,14 @@ static int receive_SyncParam(struct drbd_connection *connection, struct packet_i if (verify_tfm) { strcpy(new_net_conf->verify_alg, p->verify_alg); new_net_conf->verify_alg_len = strlen(p->verify_alg) + 1; - crypto_free_ahash(peer_device->connection->verify_tfm); + crypto_free_shash(peer_device->connection->verify_tfm); peer_device->connection->verify_tfm = verify_tfm; drbd_info(device, "using verify-alg: \"%s\"\n", p->verify_alg); } if (csums_tfm) { strcpy(new_net_conf->csums_alg, p->csums_alg); new_net_conf->csums_alg_len = strlen(p->csums_alg) + 1; - crypto_free_ahash(peer_device->connection->csums_tfm); + crypto_free_shash(peer_device->connection->csums_tfm); peer_device->connection->csums_tfm = csums_tfm; drbd_info(device, "using csums-alg: \"%s\"\n", p->csums_alg); } @@ -3949,9 +3950,9 @@ static int receive_SyncParam(struct drbd_connection *connection, struct packet_i mutex_unlock(&connection->resource->conf_update); /* just for completeness: actually not needed, * as this is not reached if csums_tfm was ok. */ - crypto_free_ahash(csums_tfm); + crypto_free_shash(csums_tfm); /* but free the verify_tfm again, if csums_tfm did not work out */ - crypto_free_ahash(verify_tfm); + crypto_free_shash(verify_tfm); conn_request_state(peer_device->connection, NS(conn, C_DISCONNECTING), CS_HARD); return -EIO; } diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c index 1476cb3439f4..62dd3700dd84 100644 --- a/drivers/block/drbd/drbd_worker.c +++ b/drivers/block/drbd/drbd_worker.c @@ -295,60 +295,54 @@ void drbd_request_endio(struct bio *bio) complete_master_bio(device, &m); } -void drbd_csum_ee(struct crypto_ahash *tfm, struct drbd_peer_request *peer_req, void *digest) +void drbd_csum_ee(struct crypto_shash *tfm, struct drbd_peer_request *peer_req, void *digest) { - AHASH_REQUEST_ON_STACK(req, tfm); - struct scatterlist sg; + SHASH_DESC_ON_STACK(desc, tfm); struct page *page = peer_req->pages; struct page *tmp; unsigned len; - ahash_request_set_tfm(req, tfm); - ahash_request_set_callback(req, 0, NULL, NULL); + desc->tfm = tfm; + desc->flags = 0; - sg_init_table(&sg, 1); - crypto_ahash_init(req); + crypto_shash_init(desc); while ((tmp = page_chain_next(page))) { /* all but the last page will be fully used */ - sg_set_page(&sg, page, PAGE_SIZE, 0); - ahash_request_set_crypt(req, &sg, NULL, sg.length); - crypto_ahash_update(req); + crypto_shash_update(desc, page_to_virt(page), PAGE_SIZE); page = tmp; } /* and now the last, possibly only partially used page */ len = peer_req->i.size & (PAGE_SIZE - 1); - sg_set_page(&sg, page, len ?: PAGE_SIZE, 0); - ahash_request_set_crypt(req, &sg, digest, sg.length); - crypto_ahash_finup(req); - ahash_request_zero(req); + crypto_shash_update(desc, page_to_virt(page), len ?: PAGE_SIZE); + + crypto_shash_final(desc, digest); + shash_desc_zero(desc); } -void drbd_csum_bio(struct crypto_ahash *tfm, struct bio *bio, void *digest) +void drbd_csum_bio(struct crypto_shash *tfm, struct bio *bio, void *digest) { - AHASH_REQUEST_ON_STACK(req, tfm); - struct scatterlist sg; + SHASH_DESC_ON_STACK(desc, tfm); struct bio_vec bvec; struct bvec_iter iter; - ahash_request_set_tfm(req, tfm); - ahash_request_set_callback(req, 0, NULL, NULL); + desc->tfm = tfm; + desc->flags = 0; - sg_init_table(&sg, 1); - crypto_ahash_init(req); + crypto_shash_init(desc); bio_for_each_segment(bvec, bio, iter) { - sg_set_page(&sg, bvec.bv_page, bvec.bv_len, bvec.bv_offset); - ahash_request_set_crypt(req, &sg, NULL, sg.length); - crypto_ahash_update(req); + crypto_shash_update(desc, (u8 *)page_to_virt(bvec.bv_page) + + bvec.bv_offset, + bvec.bv_len); + /* REQ_OP_WRITE_SAME has only one segment, * checksum the payload only once. */ if (bio_op(bio) == REQ_OP_WRITE_SAME) break; } - ahash_request_set_crypt(req, NULL, digest, 0); - crypto_ahash_final(req); - ahash_request_zero(req); + crypto_shash_final(desc, digest); + shash_desc_zero(desc); } /* MAYBE merge common code with w_e_end_ov_req */ @@ -367,7 +361,7 @@ static int w_e_send_csum(struct drbd_work *w, int cancel) if (unlikely((peer_req->flags & EE_WAS_ERROR) != 0)) goto out; - digest_size = crypto_ahash_digestsize(peer_device->connection->csums_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->csums_tfm); digest = kmalloc(digest_size, GFP_NOIO); if (digest) { sector_t sector = peer_req->i.sector; @@ -1205,7 +1199,7 @@ int w_e_end_csum_rs_req(struct drbd_work *w, int cancel) * a real fix would be much more involved, * introducing more locking mechanisms */ if (peer_device->connection->csums_tfm) { - digest_size = crypto_ahash_digestsize(peer_device->connection->csums_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->csums_tfm); D_ASSERT(device, digest_size == di->digest_size); digest = kmalloc(digest_size, GFP_NOIO); } @@ -1255,7 +1249,7 @@ int w_e_end_ov_req(struct drbd_work *w, int cancel) if (unlikely(cancel)) goto out; - digest_size = crypto_ahash_digestsize(peer_device->connection->verify_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->verify_tfm); digest = kmalloc(digest_size, GFP_NOIO); if (!digest) { err = 1; /* terminate the connection in case the allocation failed */ @@ -1327,7 +1321,7 @@ int w_e_end_ov_reply(struct drbd_work *w, int cancel) di = peer_req->digest; if (likely((peer_req->flags & EE_WAS_ERROR) == 0)) { - digest_size = crypto_ahash_digestsize(peer_device->connection->verify_tfm); + digest_size = crypto_shash_digestsize(peer_device->connection->verify_tfm); digest = kmalloc(digest_size, GFP_NOIO); if (digest) { drbd_csum_ee(peer_device->connection->verify_tfm, peer_req, digest); From patchwork Tue Jul 24 16:49:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542577 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F50F1822 for ; Tue, 24 Jul 2018 16:51:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7EF3429091 for ; Tue, 24 Jul 2018 16:51:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7CE1D290F0; Tue, 24 Jul 2018 16:51:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E4E4529091 for ; Tue, 24 Jul 2018 16:51:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388704AbeGXR6f (ORCPT ); Tue, 24 Jul 2018 13:58:35 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:34422 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388703AbeGXR5S (ORCPT ); Tue, 24 Jul 2018 13:57:18 -0400 Received: by mail-pg1-f196.google.com with SMTP id y5-v6so3308642pgv.1 for ; Tue, 24 Jul 2018 09:49:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+KSRUj/0qvL/pmvBGcl9scVjMMFqpRubuQt1mN2b+58=; b=bqCFx0Jik8X9JYE3Y5uDzvqC3mHEdtYjbzng4JyAov2RxzBQcjptIhXxzO8PH3RJn3 eH+cKtotdFhdJ1lNh7ImCkjMXCRI9ivBMArWL1hC+97ZlE4aE89Zkztl1xeUeTQ4/v7e kDvXrJMlU19+S4jxmNmKqlPfgNAHLRm4Jg90k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+KSRUj/0qvL/pmvBGcl9scVjMMFqpRubuQt1mN2b+58=; b=nXLzucJRD9ZZ3yCdkJjdWs5J0c7REu2i0X1ARnGd+ug6gBNReNjHrciO8OR78LeuOU i/YBUV41zIYJxM/wIGkJbEbyAhB28agQuotow6BG1smyazppBHNj+P1siyei0TSySko6 pXTuGoZFfBKm5lonq1dSddQ87PL/W+twyuVMVpCH/yth/Vd+6ykf47uZK8VjF84Zt2Eu ytoky9vfsjPWEDHLubq04zmeDr0fd9jvp+SV2BGrhRL9WDYkDAhIyilFCSdlpG1L2zQw +V0pExIBqm6G0bjo+4FW/zhqywE6sDYkgonBOLZM0MveV9MSAGHim4817SXoBi5OCcBr aDtg== X-Gm-Message-State: AOUpUlHaKUMv1u0XC3LPLWmzfNqnd5RxZBXKCR7rCaf2za5p9fxDrGMR 4aELAgyEWDId/g5SDMh0QGfPGg== X-Google-Smtp-Source: AAOMgpeXBCzKp+W+s1UuSZoP5kLT0BLIUEg2hNBm/TGpDGYB9h6deRtHnOkdF2k7HOrKSf/4MbakMw== X-Received: by 2002:a63:790b:: with SMTP id u11-v6mr16888983pgc.111.1532450997108; Tue, 24 Jul 2018 09:49:57 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id j83-v6sm25798959pfj.71.2018.07.24.09.49.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:54 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 13/18] wireless/lib80211: Convert from ahash to shash Date: Tue, 24 Jul 2018 09:49:31 -0700 Message-Id: <20180724164936.37477-14-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. By removing a layer of indirection this both improves performance and reduces stack usage. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- net/wireless/lib80211_crypt_tkip.c | 58 +++++++++++++++--------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c index ba0a1f398ce5..21040aba3a81 100644 --- a/net/wireless/lib80211_crypt_tkip.c +++ b/net/wireless/lib80211_crypt_tkip.c @@ -65,9 +65,9 @@ struct lib80211_tkip_data { int key_idx; struct crypto_skcipher *rx_tfm_arc4; - struct crypto_ahash *rx_tfm_michael; + struct crypto_shash *rx_tfm_michael; struct crypto_skcipher *tx_tfm_arc4; - struct crypto_ahash *tx_tfm_michael; + struct crypto_shash *tx_tfm_michael; /* scratch buffers for virt_to_page() (crypto API) */ u8 rx_hdr[16], tx_hdr[16]; @@ -106,8 +106,7 @@ static void *lib80211_tkip_init(int key_idx) goto fail; } - priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->tx_tfm_michael)) { priv->tx_tfm_michael = NULL; goto fail; @@ -120,8 +119,7 @@ static void *lib80211_tkip_init(int key_idx) goto fail; } - priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->rx_tfm_michael)) { priv->rx_tfm_michael = NULL; goto fail; @@ -131,9 +129,9 @@ static void *lib80211_tkip_init(int key_idx) fail: if (priv) { - crypto_free_ahash(priv->tx_tfm_michael); + crypto_free_shash(priv->tx_tfm_michael); crypto_free_skcipher(priv->tx_tfm_arc4); - crypto_free_ahash(priv->rx_tfm_michael); + crypto_free_shash(priv->rx_tfm_michael); crypto_free_skcipher(priv->rx_tfm_arc4); kfree(priv); } @@ -145,9 +143,9 @@ static void lib80211_tkip_deinit(void *priv) { struct lib80211_tkip_data *_priv = priv; if (_priv) { - crypto_free_ahash(_priv->tx_tfm_michael); + crypto_free_shash(_priv->tx_tfm_michael); crypto_free_skcipher(_priv->tx_tfm_arc4); - crypto_free_ahash(_priv->rx_tfm_michael); + crypto_free_shash(_priv->rx_tfm_michael); crypto_free_skcipher(_priv->rx_tfm_arc4); } kfree(priv); @@ -510,29 +508,31 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) return keyidx; } -static int michael_mic(struct crypto_ahash *tfm_michael, u8 * key, u8 * hdr, - u8 * data, size_t data_len, u8 * mic) +static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr, + u8 *data, size_t data_len, u8 *mic) { - AHASH_REQUEST_ON_STACK(req, tfm_michael); - struct scatterlist sg[2]; + SHASH_DESC_ON_STACK(desc, tfm_michael); int err; - if (tfm_michael == NULL) { - pr_warn("%s(): tfm_michael == NULL\n", __func__); - return -1; - } - sg_init_table(sg, 2); - sg_set_buf(&sg[0], hdr, 16); - sg_set_buf(&sg[1], data, data_len); + desc->tfm = tfm_michael; + desc->flags = 0; - if (crypto_ahash_setkey(tfm_michael, key, 8)) + if (crypto_shash_setkey(tfm_michael, key, 8)) return -1; - ahash_request_set_tfm(req, tfm_michael); - ahash_request_set_callback(req, 0, NULL, NULL); - ahash_request_set_crypt(req, sg, mic, data_len + 16); - err = crypto_ahash_digest(req); - ahash_request_zero(req); + err = crypto_shash_init(desc); + if (err) + goto out; + err = crypto_shash_update(desc, hdr, 16); + if (err) + goto out; + err = crypto_shash_update(desc, data, data_len); + if (err) + goto out; + err = crypto_shash_final(desc, mic); + +out: + shash_desc_zero(desc); return err; } @@ -654,9 +654,9 @@ static int lib80211_tkip_set_key(void *key, int len, u8 * seq, void *priv) { struct lib80211_tkip_data *tkey = priv; int keyidx; - struct crypto_ahash *tfm = tkey->tx_tfm_michael; + struct crypto_shash *tfm = tkey->tx_tfm_michael; struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4; - struct crypto_ahash *tfm3 = tkey->rx_tfm_michael; + struct crypto_shash *tfm3 = tkey->rx_tfm_michael; struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4; keyidx = tkey->key_idx; From patchwork Tue Jul 24 16:49:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542585 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D54CB112E for ; Tue, 24 Jul 2018 16:51:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C454C291AD for ; Tue, 24 Jul 2018 16:51:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C134C291AE; Tue, 24 Jul 2018 16:51:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 35CD3291B2 for ; Tue, 24 Jul 2018 16:51:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388322AbeGXR6o (ORCPT ); Tue, 24 Jul 2018 13:58:44 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:32948 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388598AbeGXR5R (ORCPT ); Tue, 24 Jul 2018 13:57:17 -0400 Received: by mail-pg1-f194.google.com with SMTP id r5-v6so3305644pgv.0 for ; Tue, 24 Jul 2018 09:49:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Fd4CyuLW4EvKRKBdDvHFYcqX0s0Y10MBU0R0P+vSpn0=; b=hIU+xMH81mTgYVxwuWmSqAWn5A53bqOvWhpMEc7QMlhDhVn8zjoypa/Kwg4VQ4vc5n c0c5gXf+1K9cQbw4roO1CRdC7oMEfTerePZzwbkzYMz/DZyb/ZC52dNE0HdjuuP/Wb/O BaEZgLoloJry6pklEt9aFP+0gBy/O6s6Bm+Z0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Fd4CyuLW4EvKRKBdDvHFYcqX0s0Y10MBU0R0P+vSpn0=; b=WC1+Sd5F/gELdQY1YSRoS2h/gyiW4hOxPV5gid6vAg4mkux2Z2LNo09nDUaNX9wpmZ LsfWMaJXy6Daaninaauh5sWu4KWR/6d4XjFGJxuZ2h9BUePXByPb1XzkEWYro6b2RziD eA8NeWqNnnrSfcSTjvjIh1yC51LJZ+t18pMvNzs55NjSY2dcTIFF5ywhFVJ58SUYMHrd KAFVr+fAk5ixnqevWEjJwV+B0Qi0S84VrT8EddscTHxkyL2WVNpLaeaRq+cm7ccrP17x l63k5wuTJX57jIzNXNFHyMHG0DOWD01EDBhGX5Gh0saDtstHkMS00necEy0ZSiK7nmB9 52Gw== X-Gm-Message-State: AOUpUlHKSRSsgowl0Pt8J2f2KKoOvd5sppJCSDlXOTdwctk9b2bRgWDR mKalC/9TTMBUeBNMemgE5Eqxkg== X-Google-Smtp-Source: AAOMgpdsuohVnd0En4CIyFCHkNYnM+bIZqP+GRTUR5oDPu5dw2xRv0c+exBfpQVchJ3xnfdA0rHqBA== X-Received: by 2002:a62:4083:: with SMTP id f3-v6mr18399882pfd.229.1532450996103; Tue, 24 Jul 2018 09:49:56 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id g184-v6sm19038443pgc.22.2018.07.24.09.49.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:54 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 14/18] staging: rtl8192u: ieee80211: Convert from ahash to shash Date: Tue, 24 Jul 2018 09:49:32 -0700 Message-Id: <20180724164936.37477-15-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This is an identical change to the wireless/lib80211 of the same name. In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. By removing a layer of indirection this both improves performance and reduces stack usage. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- .../rtl8192u/ieee80211/ieee80211_crypt_tkip.c | 57 +++++++++---------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c index a7efaae4e25a..1088fa0aee0e 100644 --- a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c +++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c @@ -54,9 +54,9 @@ struct ieee80211_tkip_data { int key_idx; struct crypto_skcipher *rx_tfm_arc4; - struct crypto_ahash *rx_tfm_michael; + struct crypto_shash *rx_tfm_michael; struct crypto_skcipher *tx_tfm_arc4; - struct crypto_ahash *tx_tfm_michael; + struct crypto_shash *tx_tfm_michael; /* scratch buffers for virt_to_page() (crypto API) */ u8 rx_hdr[16], tx_hdr[16]; @@ -80,8 +80,7 @@ static void *ieee80211_tkip_init(int key_idx) goto fail; } - priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->tx_tfm_michael)) { printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " "crypto API michael_mic\n"); @@ -98,8 +97,7 @@ static void *ieee80211_tkip_init(int key_idx) goto fail; } - priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->rx_tfm_michael)) { printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate " "crypto API michael_mic\n"); @@ -111,9 +109,9 @@ static void *ieee80211_tkip_init(int key_idx) fail: if (priv) { - crypto_free_ahash(priv->tx_tfm_michael); + crypto_free_shash(priv->tx_tfm_michael); crypto_free_skcipher(priv->tx_tfm_arc4); - crypto_free_ahash(priv->rx_tfm_michael); + crypto_free_shash(priv->rx_tfm_michael); crypto_free_skcipher(priv->rx_tfm_arc4); kfree(priv); } @@ -127,9 +125,9 @@ static void ieee80211_tkip_deinit(void *priv) struct ieee80211_tkip_data *_priv = priv; if (_priv) { - crypto_free_ahash(_priv->tx_tfm_michael); + crypto_free_shash(_priv->tx_tfm_michael); crypto_free_skcipher(_priv->tx_tfm_arc4); - crypto_free_ahash(_priv->rx_tfm_michael); + crypto_free_shash(_priv->rx_tfm_michael); crypto_free_skcipher(_priv->rx_tfm_arc4); } kfree(priv); @@ -500,30 +498,31 @@ static int ieee80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) return keyidx; } -static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr, +static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr, u8 *data, size_t data_len, u8 *mic) { - AHASH_REQUEST_ON_STACK(req, tfm_michael); - struct scatterlist sg[2]; + SHASH_DESC_ON_STACK(desc, tfm_michael); int err; - if (tfm_michael == NULL) { - printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n"); - return -1; - } - - sg_init_table(sg, 2); - sg_set_buf(&sg[0], hdr, 16); - sg_set_buf(&sg[1], data, data_len); + desc->tfm = tfm_michael; + desc->flags = 0; - if (crypto_ahash_setkey(tfm_michael, key, 8)) + if (crypto_shash_setkey(tfm_michael, key, 8)) return -1; - ahash_request_set_tfm(req, tfm_michael); - ahash_request_set_callback(req, 0, NULL, NULL); - ahash_request_set_crypt(req, sg, mic, data_len + 16); - err = crypto_ahash_digest(req); - ahash_request_zero(req); + err = crypto_shash_init(desc); + if (err) + goto out; + err = crypto_shash_update(desc, hdr, 16); + if (err) + goto out; + err = crypto_shash_update(desc, data, data_len); + if (err) + goto out; + err = crypto_shash_final(desc, mic); + +out: + shash_desc_zero(desc); return err; } @@ -663,9 +662,9 @@ static int ieee80211_tkip_set_key(void *key, int len, u8 *seq, void *priv) { struct ieee80211_tkip_data *tkey = priv; int keyidx; - struct crypto_ahash *tfm = tkey->tx_tfm_michael; + struct crypto_shash *tfm = tkey->tx_tfm_michael; struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4; - struct crypto_ahash *tfm3 = tkey->rx_tfm_michael; + struct crypto_shash *tfm3 = tkey->rx_tfm_michael; struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4; keyidx = tkey->key_idx; From patchwork Tue Jul 24 16:49:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542551 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3F70D112E for ; Tue, 24 Jul 2018 16:50:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2DBDB2911D for ; Tue, 24 Jul 2018 16:50:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 26E3229085; Tue, 24 Jul 2018 16:50:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 941BF2916B for ; Tue, 24 Jul 2018 16:50:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388795AbeGXR5g (ORCPT ); Tue, 24 Jul 2018 13:57:36 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:42524 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388751AbeGXR5U (ORCPT ); Tue, 24 Jul 2018 13:57:20 -0400 Received: by mail-pg1-f195.google.com with SMTP id y4-v6so3294035pgp.9 for ; Tue, 24 Jul 2018 09:49:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6pNFetmmz11JBFPOEOzFiraD/6Zu8EQD4uGZBgpwh0A=; b=I0n31eswI68uJ00aoNJ5L2yYwtzgLm7mMALidYXOtWCO6XfGhtfIKst/K+kyLtT3ns nclLRXHA26FoRlXAxdtNpVxeW0JWvUQ+0GNThCv3UZuMBO0ka8vfLvA+6gvqWEWtuqHV DpU5VFza+Am3Okq/gibGjR0qfU3u1zdKPJiDY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6pNFetmmz11JBFPOEOzFiraD/6Zu8EQD4uGZBgpwh0A=; b=k7g+Xb3G2lOcOAuRAvtQ8amSDU+1xZuIygfesotOPjnaA3YCtZuiH3Rynw5Am+iWX5 G/pYkthtYEHz2UTEeuJ2v7cmcWO0vQ/KyvBzq2WeXwMfvnP7QNoJA8WnOMOcYxhyqwaH PECe3hQr2pgGr9/tCPVrYXUB07simMhcY0fB5UDMJzCDh40hHDp9byn1+lYKyCKuG5Nv AuSh5AKZqNhpFm1vC6VFfzghXPeW8EFY4BPbNpqHfxv/SYRWimap1J4SxqtAY2Xv8XO/ hJur3Bp8Fv+A/AE7mdgX9wgVMFMzkK+DfwKr9eVPthIAaPgJNPvtrO67qVesHYCP13Bl qGIw== X-Gm-Message-State: AOUpUlH7kqoRQeTqXVeYUb91DAoqSF4AFCj+WiN1SApu9Quwro+bPD36 FQL1/Wsp/iC86dDLWMFvTRa5pg== X-Google-Smtp-Source: AAOMgpcG/mt3ci5UUbxhf/UoGW3g9EmUimCfCYx9Nh05PYTNf0VKpMi8hdwU0JhF5Cxrd1pZV+ki5g== X-Received: by 2002:a63:2506:: with SMTP id l6-v6mr16822157pgl.237.1532450999438; Tue, 24 Jul 2018 09:49:59 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id c131-v6sm36228560pga.69.2018.07.24.09.49.49 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:49:54 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 15/18] staging: rtl8192e: ieee80211: Convert from ahash to shash Date: Tue, 24 Jul 2018 09:49:33 -0700 Message-Id: <20180724164936.37477-16-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This is an identical change to the wireless/lib80211 of the same name. In preparing to remove all stack VLA usage from the kernel[1], this removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash to direct shash. By removing a layer of indirection this both improves performance and reduces stack usage. The stack allocation will be made a fixed size in a later patch to the crypto subsystem. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook --- drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 56 ++++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c index ae103b0b7a2a..9f18be14dda6 100644 --- a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c +++ b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c @@ -50,9 +50,9 @@ struct rtllib_tkip_data { int key_idx; struct crypto_skcipher *rx_tfm_arc4; - struct crypto_ahash *rx_tfm_michael; + struct crypto_shash *rx_tfm_michael; struct crypto_skcipher *tx_tfm_arc4; - struct crypto_ahash *tx_tfm_michael; + struct crypto_shash *tx_tfm_michael; /* scratch buffers for virt_to_page() (crypto API) */ u8 rx_hdr[16]; u8 tx_hdr[16]; @@ -74,8 +74,7 @@ static void *rtllib_tkip_init(int key_idx) goto fail; } - priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->tx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->tx_tfm_michael)) { pr_debug("Could not allocate crypto API michael_mic\n"); priv->tx_tfm_michael = NULL; @@ -90,8 +89,7 @@ static void *rtllib_tkip_init(int key_idx) goto fail; } - priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0, - CRYPTO_ALG_ASYNC); + priv->rx_tfm_michael = crypto_alloc_shash("michael_mic", 0, 0); if (IS_ERR(priv->rx_tfm_michael)) { pr_debug("Could not allocate crypto API michael_mic\n"); priv->rx_tfm_michael = NULL; @@ -101,9 +99,9 @@ static void *rtllib_tkip_init(int key_idx) fail: if (priv) { - crypto_free_ahash(priv->tx_tfm_michael); + crypto_free_shash(priv->tx_tfm_michael); crypto_free_skcipher(priv->tx_tfm_arc4); - crypto_free_ahash(priv->rx_tfm_michael); + crypto_free_shash(priv->rx_tfm_michael); crypto_free_skcipher(priv->rx_tfm_arc4); kfree(priv); } @@ -117,9 +115,9 @@ static void rtllib_tkip_deinit(void *priv) struct rtllib_tkip_data *_priv = priv; if (_priv) { - crypto_free_ahash(_priv->tx_tfm_michael); + crypto_free_shash(_priv->tx_tfm_michael); crypto_free_skcipher(_priv->tx_tfm_arc4); - crypto_free_ahash(_priv->rx_tfm_michael); + crypto_free_shash(_priv->rx_tfm_michael); crypto_free_skcipher(_priv->rx_tfm_arc4); } kfree(priv); @@ -504,29 +502,31 @@ static int rtllib_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv) } -static int michael_mic(struct crypto_ahash *tfm_michael, u8 *key, u8 *hdr, +static int michael_mic(struct crypto_shash *tfm_michael, u8 *key, u8 *hdr, u8 *data, size_t data_len, u8 *mic) { - AHASH_REQUEST_ON_STACK(req, tfm_michael); - struct scatterlist sg[2]; + SHASH_DESC_ON_STACK(desc, tfm_michael); int err; - if (tfm_michael == NULL) { - pr_warn("michael_mic: tfm_michael == NULL\n"); - return -1; - } - sg_init_table(sg, 2); - sg_set_buf(&sg[0], hdr, 16); - sg_set_buf(&sg[1], data, data_len); + desc->tfm = tfm_michael; + desc->flags = 0; - if (crypto_ahash_setkey(tfm_michael, key, 8)) + if (crypto_shash_setkey(tfm_michael, key, 8)) return -1; - ahash_request_set_tfm(req, tfm_michael); - ahash_request_set_callback(req, 0, NULL, NULL); - ahash_request_set_crypt(req, sg, mic, data_len + 16); - err = crypto_ahash_digest(req); - ahash_request_zero(req); + err = crypto_shash_init(desc); + if (err) + goto out; + err = crypto_shash_update(desc, hdr, 16); + if (err) + goto out; + err = crypto_shash_update(desc, data, data_len); + if (err) + goto out; + err = crypto_shash_final(desc, mic); + +out: + shash_desc_zero(desc); return err; } @@ -663,9 +663,9 @@ static int rtllib_tkip_set_key(void *key, int len, u8 *seq, void *priv) { struct rtllib_tkip_data *tkey = priv; int keyidx; - struct crypto_ahash *tfm = tkey->tx_tfm_michael; + struct crypto_shash *tfm = tkey->tx_tfm_michael; struct crypto_skcipher *tfm2 = tkey->tx_tfm_arc4; - struct crypto_ahash *tfm3 = tkey->rx_tfm_michael; + struct crypto_shash *tfm3 = tkey->rx_tfm_michael; struct crypto_skcipher *tfm4 = tkey->rx_tfm_arc4; keyidx = tkey->key_idx; From patchwork Tue Jul 24 16:49:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542695 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E2B791822 for ; Tue, 24 Jul 2018 16:56:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D1BCB28942 for ; Tue, 24 Jul 2018 16:56:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C4AF928EBF; Tue, 24 Jul 2018 16:56:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BEAA28942 for ; Tue, 24 Jul 2018 16:56:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388548AbeGXSDo (ORCPT ); Tue, 24 Jul 2018 14:03:44 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:40066 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388545AbeGXSDm (ORCPT ); Tue, 24 Jul 2018 14:03:42 -0400 Received: by mail-pg1-f194.google.com with SMTP id x5-v6so3313427pgp.7 for ; Tue, 24 Jul 2018 09:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0ojuoFtpY49pRoRZrlcC4u6qgVkehMZZO1daFH4ebQg=; b=CgkzIzBn05lmhk+e5TxjjScesDSSObcCCDKeeEetNTDQqzFBrOQOV5dpyPCniZo7Vx ya0Qd8SN1iPqfA/0N1NH3sMbIObBCd3gLY9JtF7Eol3k1gcOI0v7oiPJWAB6Rb4aejv+ 1n3po6/tG1epyvHDeSHaxKEgii74YV5qc+tvQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0ojuoFtpY49pRoRZrlcC4u6qgVkehMZZO1daFH4ebQg=; b=EHDxDY5uWEcLuYFjA1iBpOG+JE13CMYr2AhlLRUD/zZOMJmH1SPvdZ4dXoAe78E3wQ 8RVFcTcPzCFwSuGsyQ8lS6ltTpI79Q+DSies+n5B7llsBcxa5FwL20FrYeXEi2H8GMV2 1Mazn1bPoCRp96qetVaysansVmyP0DUMkTosIJo7/TrHjDvHB15EH1LBAZ76pae8RIis l35/eOMbqcLr5zCg256vwES/9hVdT8LUIpsDCp0MiyTKtcDc3UedBrbhg8g2jnp25ZDh RzSBHN/2HoTcuFehIc77KtDp5h69DOix79snOzgfPxqOnIXF0DHPD9p0i7TZTUoHsh+s yllQ== X-Gm-Message-State: AOUpUlHr03QcmZbO1wIK+b/XDdRM5qlfH+S1KksEdpupMkOnaoQS08eG tQl7YaGiC80B2k5I35zihUJMUA== X-Google-Smtp-Source: AAOMgpf+xHiYmSuy+iFsx+BWYX3LSu60mgKBhzZNEgiNUYprSNUZMSYoiShz+vEbEyowvo14sudtLA== X-Received: by 2002:a63:714a:: with SMTP id b10-v6mr16668343pgn.73.1532451379202; Tue, 24 Jul 2018 09:56:19 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id b12-v6sm17874054pfe.148.2018.07.24.09.56.16 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:56:17 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 16/18] rxrpc: Reuse SKCIPHER_REQUEST_ON_STACK buffer Date: Tue, 24 Jul 2018 09:49:34 -0700 Message-Id: <20180724164936.37477-17-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The use of SKCIPHER_REQUEST_ON_STACK() will trigger FRAME_WARN warnings (when less than 2048) once the VLA is no longer hidden from the check: net/rxrpc/rxkad.c:398:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] net/rxrpc/rxkad.c:242:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=] This passes the initial SKCIPHER_REQUEST_ON_STACK allocation to the leaf functions for reuse. Two requests allocated on the stack is not needed when only one is used at a time. Signed-off-by: Kees Cook Acked-by: Arnd Bergmann --- net/rxrpc/rxkad.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index 278ac0807a60..6393391fac86 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -146,10 +146,10 @@ static int rxkad_prime_packet_security(struct rxrpc_connection *conn) static int rxkad_secure_packet_auth(const struct rxrpc_call *call, struct sk_buff *skb, u32 data_size, - void *sechdr) + void *sechdr, + struct skcipher_request *req) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxkad_level1_hdr hdr; struct rxrpc_crypt iv; struct scatterlist sg; @@ -183,12 +183,12 @@ static int rxkad_secure_packet_auth(const struct rxrpc_call *call, static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, struct sk_buff *skb, u32 data_size, - void *sechdr) + void *sechdr, + struct skcipher_request *req) { const struct rxrpc_key_token *token; struct rxkad_level2_hdr rxkhdr; struct rxrpc_skb_priv *sp; - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist sg[16]; struct sk_buff *trailer; @@ -296,11 +296,12 @@ static int rxkad_secure_packet(struct rxrpc_call *call, ret = 0; break; case RXRPC_SECURITY_AUTH: - ret = rxkad_secure_packet_auth(call, skb, data_size, sechdr); + ret = rxkad_secure_packet_auth(call, skb, data_size, sechdr, + req); break; case RXRPC_SECURITY_ENCRYPT: ret = rxkad_secure_packet_encrypt(call, skb, data_size, - sechdr); + sechdr, req); break; default: ret = -EPERM; @@ -316,10 +317,10 @@ static int rxkad_secure_packet(struct rxrpc_call *call, */ static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, unsigned int offset, unsigned int len, - rxrpc_seq_t seq) + rxrpc_seq_t seq, + struct skcipher_request *req) { struct rxkad_level1_hdr sechdr; - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist sg[16]; struct sk_buff *trailer; @@ -402,11 +403,11 @@ static int rxkad_verify_packet_1(struct rxrpc_call *call, struct sk_buff *skb, */ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, unsigned int offset, unsigned int len, - rxrpc_seq_t seq) + rxrpc_seq_t seq, + struct skcipher_request *req) { const struct rxrpc_key_token *token; struct rxkad_level2_hdr sechdr; - SKCIPHER_REQUEST_ON_STACK(req, call->conn->cipher); struct rxrpc_crypt iv; struct scatterlist _sg[4], *sg; struct sk_buff *trailer; @@ -549,9 +550,9 @@ static int rxkad_verify_packet(struct rxrpc_call *call, struct sk_buff *skb, case RXRPC_SECURITY_PLAIN: return 0; case RXRPC_SECURITY_AUTH: - return rxkad_verify_packet_1(call, skb, offset, len, seq); + return rxkad_verify_packet_1(call, skb, offset, len, seq, req); case RXRPC_SECURITY_ENCRYPT: - return rxkad_verify_packet_2(call, skb, offset, len, seq); + return rxkad_verify_packet_2(call, skb, offset, len, seq, req); default: return -ENOANO; } From patchwork Tue Jul 24 16:49:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542701 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CD1C9180E for ; Tue, 24 Jul 2018 16:56:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC2E928942 for ; Tue, 24 Jul 2018 16:56:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AFCC828EBF; Tue, 24 Jul 2018 16:56:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5BEBA28942 for ; Tue, 24 Jul 2018 16:56:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388552AbeGXSDm (ORCPT ); Tue, 24 Jul 2018 14:03:42 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:35031 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388449AbeGXSDl (ORCPT ); Tue, 24 Jul 2018 14:03:41 -0400 Received: by mail-pg1-f195.google.com with SMTP id e6-v6so3312501pgv.2 for ; Tue, 24 Jul 2018 09:56:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SXSUe20DYbH44YyT3AXD6Igiq+2PNNXg+ovqiA/boxo=; b=X3kCdf0Uj63XqAnAuieU1YsZS8JiiKErKvsj99jp4RKXC93FHBkqibyLChQHlXi7Vg vn5ozP+TKXJymsuETeBbDnK3EqeHB5k+DWPvr18ZQ6skGgedc/wZdm1WBHKPVQBSqL/X Lc/BlOuZzIHXkUIzWZbM0u99uEHbW/wsxeLCc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SXSUe20DYbH44YyT3AXD6Igiq+2PNNXg+ovqiA/boxo=; b=Hie1AlItmGObhjog51wLSC7uhIXTpcpDCGLzE2T6+L84sk+u2D8pYdYFHjvG+flfgL 4YGvG/Oc6O4GRZtiIU/KMMEnrJHETfBziP24iPYW6rV3sfZ3gZGQAOaE7fhZ0gpdMbfj 9YR+nWB5okXDaE+rFHIB6cmqslnl1O0aUPz7YRLLmo7b2EhIjo/8CgiQiUdDRLoWLzW4 VRURpPXWn8dVoht6YENU0tvNAB9Cqdpn907OgTc867imOOeuvW3BLtdFpquKlYlQ+1aB avwNx5YQLlHN8Ic6I0CDqv2l8pZTizmvLhwA500ipiVgBTY3WMuSudJK5b63jG4QJkd4 mVDg== X-Gm-Message-State: AOUpUlHIDcQ5v88O1Nf91yWBU8t4cESfiufFgPnVe+MkLSPgtYWVuhar 1Fp8b5Z4wIGkPY80DRuvSZ73Mw== X-Google-Smtp-Source: AAOMgpddHoILTxA1pmdfiJJbwrLlV21a44LIGXnVTGqBwS4fr6cqOWabudmShtMReuuLuLA5JZVXyw== X-Received: by 2002:a63:2506:: with SMTP id l6-v6mr16840145pgl.237.1532451378306; Tue, 24 Jul 2018 09:56:18 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id d145-v6sm18467198pfd.52.2018.07.24.09.56.15 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:56:16 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Ard Biesheuvel , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 17/18] crypto: ccm: Remove VLA usage Date: Tue, 24 Jul 2018 09:49:35 -0700 Message-Id: <20180724164936.37477-18-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Ard Biesheuvel In the quest to remove all stack VLA usage from the kernel[1], this drops AHASH_REQUEST_ON_STACK by preallocated the ahash request area with the skcipher area (which are not used at the same time). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Ard Biesheuvel Signed-off-by: Kees Cook --- crypto/ccm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/ccm.c b/crypto/ccm.c index 0a083342ec8c..b242fd0d3262 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -50,7 +50,10 @@ struct crypto_ccm_req_priv_ctx { u32 flags; struct scatterlist src[3]; struct scatterlist dst[3]; - struct skcipher_request skreq; + union { + struct ahash_request ahreq; + struct skcipher_request skreq; + }; }; struct cbcmac_tfm_ctx { @@ -181,7 +184,7 @@ static int crypto_ccm_auth(struct aead_request *req, struct scatterlist *plain, struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req); struct crypto_aead *aead = crypto_aead_reqtfm(req); struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead); - AHASH_REQUEST_ON_STACK(ahreq, ctx->mac); + struct ahash_request *ahreq = &pctx->ahreq; unsigned int assoclen = req->assoclen; struct scatterlist sg[3]; u8 *odata = pctx->odata; @@ -427,7 +430,7 @@ static int crypto_ccm_init_tfm(struct crypto_aead *tfm) crypto_aead_set_reqsize( tfm, align + sizeof(struct crypto_ccm_req_priv_ctx) + - crypto_skcipher_reqsize(ctr)); + max(crypto_ahash_reqsize(mac), crypto_skcipher_reqsize(ctr))); return 0; From patchwork Tue Jul 24 16:49:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10542705 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2009917FD for ; Tue, 24 Jul 2018 16:56:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0EE5228942 for ; Tue, 24 Jul 2018 16:56:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 02A8A28FF2; Tue, 24 Jul 2018 16:56:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E13E228942 for ; Tue, 24 Jul 2018 16:56:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388539AbeGXSEH (ORCPT ); Tue, 24 Jul 2018 14:04:07 -0400 Received: from mail-pl0-f66.google.com ([209.85.160.66]:39135 "EHLO mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388465AbeGXSDk (ORCPT ); Tue, 24 Jul 2018 14:03:40 -0400 Received: by mail-pl0-f66.google.com with SMTP id m1-v6so2024777plt.6 for ; Tue, 24 Jul 2018 09:56:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NcyGQqHeJf08FCzNacBJKb8s2eWekxJenaMH09CYQ7Y=; b=NUe10EpSwaK9hTK+tgq8KHU1ZJEoxtFiiin1GLrUvH5befNzNbJp/dbqZtx0wwTjsZ S+9uldBhcSPn9UrOn3TzkhsKoKOGNGOHdl2zL3armIVu/iYQm29La09prGGpC6w7v5to kzrazNWKQj2c568+uReKEwROKVWqmdLy51RJM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NcyGQqHeJf08FCzNacBJKb8s2eWekxJenaMH09CYQ7Y=; b=qZWn2hrlCnMnguiM9n58q2Bx7O5+Kfe1Qz/vlTjrDJMoGaSLswavJArXlLqNuRkynm ImNvrqwbRKTFjXvKV8m8lsGtd+YlTECa5XcVhGmUp3csDKvZnw9IxJ/4gh4VvbaB5AE1 QUzLFfcStJx0D/WVK2GyKdnEQcB6YBGn7SafYjBXb47mksYi6Sn+nxqUf2mw1EJ3A3qb ZNSBXdNvjkFyhZMVcYJ2f9Kx+nhdkfg3cn9L7aQPXbFnw8jgFqNPwpyQfj7lkUhSkI1h yLcp5bOGDDmF5AYksZsasVocvtahbShP8hM9JIjeoZCBUmtZPoZLVTTXVJ4/scvGwJZ/ YF9w== X-Gm-Message-State: AOUpUlEIRQAI8SjC8VjHwUbbKRlxGlXD+EaBB5eZdbs+cdESMeXJZuNv 8+j24fKBsSLsffWexUWE+69zow== X-Google-Smtp-Source: AAOMgpdsCSzdgHfeKIerJQZi1yIP1qsAKuD1uCzih3O8Vp+lUv2MyL1OLAAO13EERm9srC2f7xhK+w== X-Received: by 2002:a17:902:a5:: with SMTP id a34-v6mr18046476pla.60.1532451377375; Tue, 24 Jul 2018 09:56:17 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id z4-v6sm21812205pfl.11.2018.07.24.09.56.15 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 24 Jul 2018 09:56:16 -0700 (PDT) From: Kees Cook To: Herbert Xu Cc: Kees Cook , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev@vger.kernel.org, devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 18/18] crypto: Remove AHASH_REQUEST_ON_STACK Date: Tue, 24 Jul 2018 09:49:36 -0700 Message-Id: <20180724164936.37477-19-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180724164936.37477-1-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP All users of AHASH_REQUEST_ON_STACK have been removed from the kernel, so drop it entirely so no VLAs get reintroduced by future users. Signed-off-by: Kees Cook --- include/crypto/hash.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 21587011ab0f..fca3e28c77a4 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -64,11 +64,6 @@ struct ahash_request { void *__ctx[] CRYPTO_MINALIGN_ATTR; }; -#define AHASH_REQUEST_ON_STACK(name, ahash) \ - char __##name##_desc[sizeof(struct ahash_request) + \ - crypto_ahash_reqsize(ahash)] CRYPTO_MINALIGN_ATTR; \ - struct ahash_request *name = (void *)__##name##_desc - /** * struct ahash_alg - asynchronous message digest definition * @init: **[mandatory]** Initialize the transformation context. Intended only to initialize the