Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3997437imm; Wed, 5 Sep 2018 09:06:14 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaRGL00BMRcOHQU1LIaq7feEOpjGuY0wxBfkUtpF3kqkjLPUeEX3BiwI4Ba7Ki6+jSP9tfy X-Received: by 2002:a62:c8d2:: with SMTP id i79-v6mr41038743pfk.35.1536163574594; Wed, 05 Sep 2018 09:06:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536163574; cv=none; d=google.com; s=arc-20160816; b=0X4RgzIK4XZ+Q6kjJiiEQeu90dKiGfQDs9M0cLRH8PVE8BkVGTfCEB2f24/+1dh1dE Id/oh+Q2TZ9JRVHlEItAoW7H7mTgmh4Hm5oSAisqdUnP0FIHmpUx/1SiCqbLxBEFcfXI krBh1MXOmenfc+rL144e3snj8yI6KhGOCEl2zlxUsEqSC7oZtbeknEGMdB+PCOIMgKpx Ovc83gvJy/WC5ngi6Pd/D3TY1xmcir3CcwTHP2z/ucIraT1I3cEEslXshfE0uxacR3co 4mfWI2Jxb9B5sFvlSc/Mu+jK5wzpSAZMlJIeN+5sIb6ZXOH1HSF+VM8Nsbw36Z2XTtFp MkpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=VNRbT61f9XqZrz7We7IC/lTsql9rSwq2esxyN+EbK1g=; b=i0aPkeUYgZuB7IYrJlDTFXcex3lusYoSJrmSrG7b69FLU6JJP2FzKqDW4dhNIxYUTd GvH53p1NBkg7l+aReNGvLJh2bSTXgiBzW9TCqmF8yh4pRoc8DbQULpalRLj2WnE899DI TwzT9JbSyfpuHPWCDHN8sRfvNwU+afo4GnB6nJ7F+gh0VAKAtCmuf42pikaibXaG/NLJ vB9Cp1LXIXBZo/bmYupmQ+VPWmmtUyidWhmWL0GRUF4z0ndijXFVTRmV0fdxb6sJPoXM lmjt0aovBcxwg2AFmaHwdB5II5gdrSZhNqL1f3ZtFat+XUtQTERanoXA85VTYrai5u9C p6bQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WS3KY9Wl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7-v6si2169369plk.215.2018.09.05.09.05.58; Wed, 05 Sep 2018 09:06:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WS3KY9Wl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727746AbeIEUfK (ORCPT + 99 others); Wed, 5 Sep 2018 16:35:10 -0400 Received: from mail-yb1-f196.google.com ([209.85.219.196]:33359 "EHLO mail-yb1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727599AbeIEUfK (ORCPT ); Wed, 5 Sep 2018 16:35:10 -0400 Received: by mail-yb1-f196.google.com with SMTP id m123-v6so2895647ybm.0 for ; Wed, 05 Sep 2018 09:04:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VNRbT61f9XqZrz7We7IC/lTsql9rSwq2esxyN+EbK1g=; b=WS3KY9WlCwCFxeXgLouywxLowJBu0ucVmeuMplMcALsRjhUsRtNmP9+VVc09pERZB1 c6j5EwLe7inH7Indhrm2L4WLLZTE9G0692WCGNHGp2RGQTqykatPEqc8GNwHSS3UnZ97 dj7MRCbNY/h/wXO82xo6AcaR4ZMihoyf10xlY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VNRbT61f9XqZrz7We7IC/lTsql9rSwq2esxyN+EbK1g=; b=OwHHL0PI0c2Q7EHvKMwcJitAEiob1t9MX4G6AiCwqeyuS//I9PteesxKHfRfYO+DTU PB5g3tjKbr5wjVScVtryDtiywJG487wGjMS5VxpBau6sB1CPfPFJfReiMoOrVZKoMr1w dgv4ZH9jxbib51OjQUcM0YRMPfVO78kqupUOJntAZj3f4RW1o02tgeHaubU6GgIX0lWn r2VDxeQXX87JqalqvUnc8NOvEtzo5BRgBhXk6udmr4mqDG6+LOAVl/d247xJp+JqhBa7 UgNudAARQER+lXhJI/w9zUei7JrTiK3bJOHCzFErbVeHfPYtNp8ZDJ4d6j8hUcCifD1P bgXA== X-Gm-Message-State: APzg51DNpDkL5bxaavcim2+ayaEMMC1ZmHEpglfvXbUB5AUfS+9qfQmr CX278DoixaX3X08dvVan8gBe/MsMtk0= X-Received: by 2002:a25:6b41:: with SMTP id o1-v6mr11644037ybm.319.1536163458368; Wed, 05 Sep 2018 09:04:18 -0700 (PDT) Received: from mail-yw1-f45.google.com (mail-yw1-f45.google.com. [209.85.161.45]) by smtp.gmail.com with ESMTPSA id m82-v6sm1078103ywm.19.2018.09.05.09.04.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Sep 2018 09:04:16 -0700 (PDT) Received: by mail-yw1-f45.google.com with SMTP id l9-v6so2835915ywc.11 for ; Wed, 05 Sep 2018 09:04:16 -0700 (PDT) X-Received: by 2002:a81:98d7:: with SMTP id p206-v6mr21312320ywg.353.1536163455561; Wed, 05 Sep 2018 09:04:15 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:5f04:0:0:0:0:0 with HTTP; Wed, 5 Sep 2018 09:04:14 -0700 (PDT) In-Reply-To: <20180905083320.GA28462@soda.linbit> References: <20180806233216.GA6037@beast> <20180905083320.GA28462@soda.linbit> From: Kees Cook Date: Wed, 5 Sep 2018 09:04:14 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v7] drbd: Convert from ahash to shash To: Kees Cook , Jens Axboe , Philipp Reisner , linux-block , drbd-dev@lists.linbit.com, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 5, 2018 at 1:33 AM, Lars Ellenberg wrote: > On Tue, Sep 04, 2018 at 08:04:18PM -0700, Kees Cook wrote: >> On Mon, Sep 3, 2018 at 11:04 PM, Kees Cook wrote: >> > On Mon, Aug 6, 2018 at 4:32 PM, Kees Cook wrote: >> >> In preparing to remove all stack VLA usage from the kernel[1], this >> >> removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of >> >> the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash >> >> to direct shash. By removing a layer of indirection this both improves >> >> performance and reduces stack usage. The stack allocation will be made >> >> a fixed size in a later patch to the crypto subsystem. >> >> >> >> The bulk of the lines in this change are simple s/ahash/shash/, but the >> >> main logic differences are in drbd_csum_ee() and drbd_csum_bio(), which >> >> externalizes the page walking with k(un)map_atomic() instead of using >> >> scattergather. >> > >> > Hi Lars! How does this look to you? If you can Ack I assume Jens would >> > be able to take this. > > Sure, I should have ACKed it a month ago already. As I said, I believe > you the crypto. And you added the kmap_atomic as I pointed out. > All good. Great, thanks! Jens, can you take this? >> FWIW I've tested a simple drbd configuration before/after this change >> and things seem to be working correctly. > > You'd need "data-integrity-alg" set (or "verify-alg", and then have it > do an online-verify) to excercise the crypto stuff, > and you'd need a highmem system (are these still out there?) > to have the kmap not be a no-op. But I don't see any potential problem. While I don't have a highmem system, I've confirmed that data-integrity-alg and verify-alg are both working for me. Thanks! -Kees -- Kees Cook Pixel Security