Received: by 10.223.176.46 with SMTP id f43csp2657126wra; Mon, 22 Jan 2018 01:02:01 -0800 (PST) X-Google-Smtp-Source: AH8x224shp8g9hjswcsVHIntotn9fnBzf009N4L2HgPX7vTcQWOaxtgoTQ/slNFAkPR4J+FGamrF X-Received: by 10.99.103.69 with SMTP id b66mr6648986pgc.233.1516611721870; Mon, 22 Jan 2018 01:02:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516611721; cv=none; d=google.com; s=arc-20160816; b=Uee3bwLoCOfDN1M+PwQGrMUeOKH8iEjstJGUvZq/iPmCA0PwP6SDnaTAmxG580ySxY ceULscKks7OuH0KLJFXqdlPpBbXGTfjWmbAM9dFGsU0ZbsQQh2BzZKIYwvfJWijBUDIG uDGwBO7qbpqxlnH/9eLdANWzvQfzJE7DgtQR+l7deOxLxQhybxtqOvnAFBRtytYhwURD vRtxJ7nBeC9x4zVlCwWlh9gSxRbVce/06uDJxmwfSHoEMBhqpH8mlqvgYqoNuEPcmoAy FdyLRoLPriJ5WBXJZKgSPHjwo8keZkJQdVw6d7SPCDgsKVfm5qApWZEENF6QY/s8lbhn 72XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=s46fllVYECZEVYyxcR4MqCqQv4NiB4WeUlNqjK0E1ZI=; b=wDgZvOTr7KUMpRzwFHOn5yDPTXWYkuouapQEJeJxPZRAdEiq7gycnJz+N/RYUq4xK5 4bqmxarlH4RrXeVcRA1gqAUQlusS/zCZ2DHOKSG8aOnfWsDq7iID1megRfuR8LG9CWXk nOXsvlaxfLiNofFwqydUR9hAf3srJo6BDW9C9Ni5Ifau14WRlWFG5TG1Ke6UtZsvwUPM Fk7HvPuEt4K0IBp6ECjqdzcO22fNh/P+1CmV7qXWO2BWWDXCC3baxpFbsNjzZR2f8Giu tAycCov98h+wCRNTrJeLX/GWrPh1leOJFH3nKHNXWyek2WbH+ta7UCRVOU+EN8HVAvCq Cekw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2si15282825pfg.94.2018.01.22.01.01.47; Mon, 22 Jan 2018 01:02:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753595AbeAVIx3 (ORCPT + 99 others); Mon, 22 Jan 2018 03:53:29 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:33972 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753573AbeAVIx0 (ORCPT ); Mon, 22 Jan 2018 03:53:26 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id C0D16F24; Mon, 22 Jan 2018 08:53:25 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mikulas Patocka , Mike Snitzer Subject: [PATCH 4.14 72/89] dm integrity: dont store cipher request on the stack Date: Mon, 22 Jan 2018 09:45:52 +0100 Message-Id: <20180122084001.630964161@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083954.683903493@linuxfoundation.org> References: <20180122083954.683903493@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mikulas Patocka commit 717f4b1c52135f279112df82583e0c77e80f90de upstream. Some asynchronous cipher implementations may use DMA. The stack may be mapped in the vmalloc area that doesn't support DMA. Therefore, the cipher request and initialization vector shouldn't be on the stack. Fix this by allocating the request and iv with kmalloc. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman --- drivers/md/dm-integrity.c | 49 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 12 deletions(-) --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -2558,7 +2558,8 @@ static int create_journal(struct dm_inte int r = 0; unsigned i; __u64 journal_pages, journal_desc_size, journal_tree_size; - unsigned char *crypt_data = NULL; + unsigned char *crypt_data = NULL, *crypt_iv = NULL; + struct skcipher_request *req = NULL; ic->commit_ids[0] = cpu_to_le64(0x1111111111111111ULL); ic->commit_ids[1] = cpu_to_le64(0x2222222222222222ULL); @@ -2616,9 +2617,20 @@ static int create_journal(struct dm_inte if (blocksize == 1) { struct scatterlist *sg; - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); - unsigned char iv[ivsize]; - skcipher_request_set_tfm(req, ic->journal_crypt); + + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); + if (!req) { + *error = "Could not allocate crypt request"; + r = -ENOMEM; + goto bad; + } + + crypt_iv = kmalloc(ivsize, GFP_KERNEL); + if (!crypt_iv) { + *error = "Could not allocate iv"; + r = -ENOMEM; + goto bad; + } ic->journal_xor = dm_integrity_alloc_page_list(ic); if (!ic->journal_xor) { @@ -2640,9 +2652,9 @@ static int create_journal(struct dm_inte sg_set_buf(&sg[i], va, PAGE_SIZE); } sg_set_buf(&sg[i], &ic->commit_ids, sizeof ic->commit_ids); - memset(iv, 0x00, ivsize); + memset(crypt_iv, 0x00, ivsize); - skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, iv); + skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, crypt_iv); init_completion(&comp.comp); comp.in_flight = (atomic_t)ATOMIC_INIT(1); if (do_crypt(true, req, &comp)) @@ -2658,10 +2670,22 @@ static int create_journal(struct dm_inte crypto_free_skcipher(ic->journal_crypt); ic->journal_crypt = NULL; } else { - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); - unsigned char iv[ivsize]; unsigned crypt_len = roundup(ivsize, blocksize); + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); + if (!req) { + *error = "Could not allocate crypt request"; + r = -ENOMEM; + goto bad; + } + + crypt_iv = kmalloc(ivsize, GFP_KERNEL); + if (!crypt_iv) { + *error = "Could not allocate iv"; + r = -ENOMEM; + goto bad; + } + crypt_data = kmalloc(crypt_len, GFP_KERNEL); if (!crypt_data) { *error = "Unable to allocate crypt data"; @@ -2669,8 +2693,6 @@ static int create_journal(struct dm_inte goto bad; } - skcipher_request_set_tfm(req, ic->journal_crypt); - ic->journal_scatterlist = dm_integrity_alloc_journal_scatterlist(ic, ic->journal); if (!ic->journal_scatterlist) { *error = "Unable to allocate sg list"; @@ -2694,12 +2716,12 @@ static int create_journal(struct dm_inte struct skcipher_request *section_req; __u32 section_le = cpu_to_le32(i); - memset(iv, 0x00, ivsize); + memset(crypt_iv, 0x00, ivsize); memset(crypt_data, 0x00, crypt_len); memcpy(crypt_data, §ion_le, min((size_t)crypt_len, sizeof(section_le))); sg_init_one(&sg, crypt_data, crypt_len); - skcipher_request_set_crypt(req, &sg, &sg, crypt_len, iv); + skcipher_request_set_crypt(req, &sg, &sg, crypt_len, crypt_iv); init_completion(&comp.comp); comp.in_flight = (atomic_t)ATOMIC_INIT(1); if (do_crypt(true, req, &comp)) @@ -2757,6 +2779,9 @@ retest_commit_id: } bad: kfree(crypt_data); + kfree(crypt_iv); + skcipher_request_free(req); + return r; }