libceph: Remove VLA usage of skcipher · tjh.dev/kernel@69d6302

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

libceph: Remove VLA usage of skcipher

In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com

Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: "Yan, Zheng" <zyan@redhat.com>
Cc: Sage Weil <sage@redhat.com>
Cc: ceph-devel@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Kees Cook and committed by

Herbert Xu 7 years ago 69d6302b dc568baf

+7 -7

2 changed files

expand all

net

ceph

crypto.c

crypto.h

+6 -6

net/ceph/crypto.c

··· 46 46 goto fail; 47 47 } 48 48 49 - /* crypto_alloc_skcipher() allocates with GFP_KERNEL */ 49 + /* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */ 50 50 noio_flag = memalloc_noio_save(); 51 - key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC); 51 + key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0); 52 52 memalloc_noio_restore(noio_flag); 53 53 if (IS_ERR(key->tfm)) { 54 54 ret = PTR_ERR(key->tfm); ··· 56 56 goto fail; 57 57 } 58 58 59 - ret = crypto_skcipher_setkey(key->tfm, key->key, key->len); 59 + ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len); 60 60 if (ret) 61 61 goto fail; 62 62 ··· 136 136 if (key) { 137 137 kfree(key->key); 138 138 key->key = NULL; 139 - crypto_free_skcipher(key->tfm); 139 + crypto_free_sync_skcipher(key->tfm); 140 140 key->tfm = NULL; 141 141 } 142 142 } ··· 216 216 static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt, 217 217 void *buf, int buf_len, int in_len, int *pout_len) 218 218 { 219 - SKCIPHER_REQUEST_ON_STACK(req, key->tfm); 219 + SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm); 220 220 struct sg_table sgt; 221 221 struct scatterlist prealloc_sg; 222 222 char iv[AES_BLOCK_SIZE] __aligned(8); ··· 232 232 return ret; 233 233 234 234 memcpy(iv, aes_iv, AES_BLOCK_SIZE); 235 - skcipher_request_set_tfm(req, key->tfm); 235 + skcipher_request_set_sync_tfm(req, key->tfm); 236 236 skcipher_request_set_callback(req, 0, NULL, NULL); 237 237 skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv); 238 238

+1 -1

net/ceph/crypto.h

··· 13 13 struct ceph_timespec created; 14 14 int len; 15 15 void *key; 16 - struct crypto_skcipher *tfm; 16 + struct crypto_sync_skcipher *tfm; 17 17 }; 18 18 19 19 int ceph_crypto_key_clone(struct ceph_crypto_key *dst,