Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp686043imm; Wed, 25 Jul 2018 04:33:32 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfd9RpQjs5EkCgL7XKY1/RL/haRGsaC698jCRsUgugkQHoiZ0gvUGqZgumnvD5zJHAqf5aO X-Received: by 2002:a63:5421:: with SMTP id i33-v6mr20415442pgb.417.1532518412896; Wed, 25 Jul 2018 04:33:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532518412; cv=none; d=google.com; s=arc-20160816; b=ovmupGRid2LkxREDi+nn7ypomh5KHVXL8u3Y5SEfN3GTIkxAC7hvc2je7mXS/4pLAG 70sXltk02B9u2JFbmVYIQDMv7UtgPCRnfG6DatVxgh24PzGlboNFGaWvRAdFdZPgMKoQ 2GWDbzu5ugJgnypUrZ232UKmFZjsoVEKJG+0gY/y2dz91SaRfF/Cnd7HaFjrAgSYKzV0 d46MG8wVpVOxCFS4fWQhPgeIjOd/H081gAK6gFWTiHZ5Xs9UiYqxMjCehwOLKZIo53Ap bsLAoaZ1cXlChwxwPeiAuf6ZMNVkUSPD/XZOvATnWK7NELWouBgXy+ilr7CGnCO+myGV Bfew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=WWXRa/geaDX7N/7gqDUTKBM6a9EHNiVAdzlCOQrJR9o=; b=rLkwdg6KYWXXHsd2KYowamrK13NNes4fXJQNluw9vb/fO1Ii/RhPBTfhMXRbwcUNWL Uq6u5/CCYMz5Klh7m438CYGtx2DXmorLYP+iFguw5gUN/ocbRTZrE8KlNo4ZWrwCyoZp qQqnHgnKnI/mSOM9Is2ASov6zHeivGhGNoVFzHrqSEDnBxwEDX+zxKohV0IljdTSppOM 2ciD2ybHfCFe7N3Umn3e/2sPg5rKuTbHBqBk7IPZbWTPfOOpWbEPn1hyBcYW5WpwYzI2 9L2XaMSvCYHz6lZ9dMUeDxqeNZe6JrrsUb8YrziowdsQgC0YlbgctZRacivWFNDKKz3c uzOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=fLBBiOfS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u7-v6si14887104pfb.227.2018.07.25.04.33.17; Wed, 25 Jul 2018 04:33:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=fLBBiOfS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728797AbeGYMnl (ORCPT + 99 others); Wed, 25 Jul 2018 08:43:41 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:42140 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728474AbeGYMnl (ORCPT ); Wed, 25 Jul 2018 08:43:41 -0400 Received: by mail-oi0-f65.google.com with SMTP id n84-v6so13225114oib.9; Wed, 25 Jul 2018 04:32:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=WWXRa/geaDX7N/7gqDUTKBM6a9EHNiVAdzlCOQrJR9o=; b=fLBBiOfSjGB8rjudPfv78kYfJ+3uwhcvwnlUY7dxZ8Q7HxwuAWPVYppbW0s/zHIkv3 QSVuEkBKwjit8nOXoSNr6UMwejGTVAio3Bflg8XVmVOTakdF9y8RJKA93cl2+6ck83z3 aFZEOxtzX3f50kYYRaMblASzBHsWboNZHHzNau4ifuhjBv3XT3UrUjLfvmiQhf0c4NYl +CK6HsYD3q7ecn3wDyF7H7G+DH6MpE3/yZnooUR2kYt/E1vq2czTPL9C+Gh+Fkki/9cD qnRQ3bcjQvi7nz56uw0DK1ZqZ2tWgE4CgkYn5/ynkUt8aL1ytvz9/M0cWsH976qZFJCg QDGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=WWXRa/geaDX7N/7gqDUTKBM6a9EHNiVAdzlCOQrJR9o=; b=kaAdx9iuT3b03n251ycJlgmCq8i+oeLOjIhuI0zGV88stYfMa5Bo7zXxBWxFMLHAGq HdacFaR0d3gCTH6Wpwh6GnJKgX9UJZ50p4RRBtZ28sXfkZzx5OblhvrNucE0mRdKYWIE 4ourJeOB93ddkQv9xQqPFUW2FVWbbU8Z8z74O/ZBpmRepCvhPJNuH68e0bpqnFNqlr1m ZMCJsjKx51gi0VIJeI3+vfTghTGcnv/Di+bqLU3YSQsEHVYjbK5CSc/4qe1qUjGl7RF6 /zT5Aa0XGUuqOK1tbGPAKirGlbA2qRiJu6JUZlkzrr75crKVT/j8fLOu/1tQtraa4Bu9 TzeA== X-Gm-Message-State: AOUpUlEnaJfdkVpbvF9LEtnyt2e4/x0Ib+WIGQrdfH2DbNTZb9Kt5tcV Zt//AdO+iliY9WiuOAsx/xNryXGe/6MUAh7bCss= X-Received: by 2002:aca:42:: with SMTP id 63-v6mr2725365oia.154.1532518344061; Wed, 25 Jul 2018 04:32:24 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:63d2:0:0:0:0:0 with HTTP; Wed, 25 Jul 2018 04:32:23 -0700 (PDT) In-Reply-To: <20180724164936.37477-11-keescook@chromium.org> References: <20180724164936.37477-1-keescook@chromium.org> <20180724164936.37477-11-keescook@chromium.org> From: "Rafael J. Wysocki" Date: Wed, 25 Jul 2018 13:32:23 +0200 X-Google-Sender-Auth: aGoZuBFE4M8I61P2pBXlCMLSMW0 Message-ID: Subject: Re: [PATCH v6 10/18] x86/power/64: Remove VLA usage To: Kees Cook Cc: Herbert Xu , Arnd Bergmann , Eric Biggers , "Gustavo A. R. Silva" , Alasdair Kergon , Rabin Vincent , Tim Chen , "Rafael J. Wysocki" , Pavel Machek , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , "the arch/x86 maintainers" , Philipp Reisner , Lars Ellenberg , Jens Axboe , Giovanni Cabiddu , Mike Snitzer , Paul Mackerras , Greg Kroah-Hartman , David Howells , Johannes Berg , Tudor-Dan Ambarus , Jia-Ju Bai , Andrew Morton , Geert Uytterhoeven , Josh Poimboeuf , David Woodhouse , Will Deacon , dm-devel@redhat.com, Linux PM , linux-crypto@vger.kernel.org, drbd-dev@lists.linbit.com, linux-block@vger.kernel.org, qat-linux@intel.com, linux-ppp@vger.kernel.org, netdev , devel@driverdev.osuosl.org, linux-afs@lists.infradead.org, "open list:NETWORKING DRIVERS (WIRELESS)" , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 24, 2018 at 6:49 PM, Kees Cook wrote: > In the quest to remove all stack VLA usage from the kernel[1], this > removes the discouraged use of AHASH_REQUEST_ON_STACK by switching to > shash directly and allocating the descriptor in heap memory (which should > be fine: the tfm has already been allocated there too). > > [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com > > Signed-off-by: Kees Cook > Acked-by: Pavel Machek I think I can queue this up if there are no objections from others. Do you want me to do that? > --- > arch/x86/power/hibernate_64.c | 36 ++++++++++++++++++++--------------- > 1 file changed, 21 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/power/hibernate_64.c b/arch/x86/power/hibernate_64.c > index 67ccf64c8bd8..f8e3b668d20b 100644 > --- a/arch/x86/power/hibernate_64.c > +++ b/arch/x86/power/hibernate_64.c > @@ -233,29 +233,35 @@ struct restore_data_record { > */ > static int get_e820_md5(struct e820_table *table, void *buf) > { > - struct scatterlist sg; > - struct crypto_ahash *tfm; > + struct crypto_shash *tfm; > + struct shash_desc *desc; > int size; > int ret = 0; > > - tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); > + tfm = crypto_alloc_shash("md5", 0, 0); > if (IS_ERR(tfm)) > return -ENOMEM; > > - { > - AHASH_REQUEST_ON_STACK(req, tfm); > - size = offsetof(struct e820_table, entries) + sizeof(struct e820_entry) * table->nr_entries; > - ahash_request_set_tfm(req, tfm); > - sg_init_one(&sg, (u8 *)table, size); > - ahash_request_set_callback(req, 0, NULL, NULL); > - ahash_request_set_crypt(req, &sg, buf, size); > - > - if (crypto_ahash_digest(req)) > - ret = -EINVAL; > - ahash_request_zero(req); > + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), > + GFP_KERNEL); > + if (!desc) { > + ret = -ENOMEM; > + goto free_tfm; > } > - crypto_free_ahash(tfm); > > + desc->tfm = tfm; > + desc->flags = 0; > + > + size = offsetof(struct e820_table, entries) + > + sizeof(struct e820_entry) * table->nr_entries; > + > + if (crypto_shash_digest(desc, (u8 *)table, size, buf)) > + ret = -EINVAL; > + > + kzfree(desc); > + > +free_tfm: > + crypto_free_shash(tfm); > return ret; > } > > -- > 2.17.1 >