Allocating the hash state on the stack limits its size. Change
this to use kmalloc so the limit can be removed for new drivers.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 1d017ec5c63c..63af72e19fa8 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -235,24 +235,31 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
struct ahash_request *req = &ctx->req;
- char state[HASH_MAX_STATESIZE];
+ struct crypto_ahash *tfm;
struct sock *sk2;
struct alg_sock *ask2;
struct hash_ctx *ctx2;
+ char *state;
bool more;
int err;
+ tfm = crypto_ahash_reqtfm(req);
+ state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
+ err = -ENOMEM;
+ if (!state)
+ goto out;
+
lock_sock(sk);
more = ctx->more;
err = more ? crypto_ahash_export(req, state) : 0;
release_sock(sk);
if (err)
- return err;
+ goto out_free_state;
err = af_alg_accept(ask->parent, newsock, kern);
if (err)
- return err;
+ goto out_free_state;
sk2 = newsock->sk;
ask2 = alg_sk(sk2);
@@ -260,7 +267,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
ctx2->more = more;
if (!more)
- return err;
+ goto out_free_state;
err = crypto_ahash_import(&ctx2->req, state);
if (err) {
@@ -268,6 +275,10 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
sock_put(sk2);
}
+out_free_state:
+ kfree_sensitive(state);
+
+out:
return err;
}
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Remove the HASH_MAX_STATESIZE limit now that it is unused.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/crypto/shash.c b/crypto/shash.c
index dcc6a7170ce4..4cefa614dbbd 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -569,8 +569,7 @@ int hash_prepare_alg(struct hash_alg_common *alg)
struct crypto_istat_hash *istat = hash_get_stat(alg);
struct crypto_alg *base = &alg->base;
- if (alg->digestsize > HASH_MAX_DIGESTSIZE ||
- alg->statesize > HASH_MAX_STATESIZE)
+ if (alg->digestsize > HASH_MAX_DIGESTSIZE)
return -EINVAL;
base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK;
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 1ed674ba8429..3a04e601ad6a 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -183,8 +183,6 @@ struct shash_desc {
*/
#define HASH_MAX_DESCSIZE (sizeof(struct shash_desc) + 360)
-#define HASH_MAX_STATESIZE 512
-
#define SHASH_DESC_ON_STACK(shash, ctx) \
char __##shash##_desc[sizeof(struct shash_desc) + HASH_MAX_DESCSIZE] \
__aligned(__alignof__(struct shash_desc)); \
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Mar 28, 2023 at 5:58 AM Herbert Xu <[email protected]> wrote:
>
> Allocating the hash state on the stack limits its size. Change
> this to use kmalloc so the limit can be removed for new drivers.
>
> Signed-off-by: Herbert Xu <[email protected]>
>
> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 1d017ec5c63c..63af72e19fa8 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -235,24 +235,31 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
> struct alg_sock *ask = alg_sk(sk);
> struct hash_ctx *ctx = ask->private;
> struct ahash_request *req = &ctx->req;
> - char state[HASH_MAX_STATESIZE];
> + struct crypto_ahash *tfm;
> struct sock *sk2;
> struct alg_sock *ask2;
> struct hash_ctx *ctx2;
> + char *state;
> bool more;
> int err;
>
> + tfm = crypto_ahash_reqtfm(req);
> + state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
Shouldn't sock_kmalloc() be used instead?
> + err = -ENOMEM;
> + if (!state)
> + goto out;
> +
> lock_sock(sk);
> more = ctx->more;
> err = more ? crypto_ahash_export(req, state) : 0;
> release_sock(sk);
>
> if (err)
> - return err;
> + goto out_free_state;
>
> err = af_alg_accept(ask->parent, newsock, kern);
> if (err)
> - return err;
> + goto out_free_state;
>
> sk2 = newsock->sk;
> ask2 = alg_sk(sk2);
> @@ -260,7 +267,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
> ctx2->more = more;
>
> if (!more)
> - return err;
> + goto out_free_state;
>
> err = crypto_ahash_import(&ctx2->req, state);
> if (err) {
> @@ -268,6 +275,10 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
> sock_put(sk2);
> }
>
> +out_free_state:
> + kfree_sensitive(state);
> +
> +out:
> return err;
> }
>
> --
> Email: Herbert Xu <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, Mar 28, 2023 at 01:01:01PM +0200, Ondrej Mosnáček wrote:
>
> Shouldn't sock_kmalloc() be used instead?
Thanks for the review!
No that isn't necessary because this is transient and not really
open to abuse by the user.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi herbert,
I'm testing the serie on STM32MP1.
I cannot apply the patch on my kernel tree.
The patch fails to apply for the file crypto/ahash.c
I tried on tags v6.3-rc1 ans v6.3-p2.
On which branch can I test your patch ?
I see the overall idea of the patch so I modified crypto/ahash.c
and the serie works on STM32MP1.
Thomas
On Wed, Mar 29, 2023 at 05:26:29PM +0200, Thomas BOURGOIN wrote:
> Hi herbert,
>
> I'm testing the serie on STM32MP1.
> I cannot apply the patch on my kernel tree.
> The patch fails to apply for the file crypto/ahash.c
> I tried on tags v6.3-rc1 ans v6.3-p2.
>
> On which branch can I test your patch ?
Please use the cryptodev tree for all crypto work.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Hi Herbert,
I love your patch! Perhaps something to improve:
[auto build test WARNING on herbert-cryptodev-2.6/master]
[also build test WARNING on next-20230331]
[cannot apply to herbert-crypto-2.6/master linus/master v6.3-rc4]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Herbert-Xu/crypto-hash-Remove-maximum-statesize-limit/20230328-115842
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link: https://lore.kernel.org/r/ZCJllZQBWfjMCaoQ%40gondor.apana.org.au
patch subject: [PATCH] crypto: hash - Remove maximum statesize limit
config: x86_64-rhel-8.3 (https://download.01.org/0day-ci/archive/20230331/[email protected]/config)
compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
reproduce (this is a W=1 build):
# https://github.com/intel-lab-lkp/linux/commit/5258657ff30097b887ac972b95a5563918f4448f
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Herbert-Xu/crypto-hash-Remove-maximum-statesize-limit/20230328-115842
git checkout 5258657ff30097b887ac972b95a5563918f4448f
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 O=build_dir ARCH=x86_64 olddefconfig
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <[email protected]>
| Link: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All warnings (new ones prefixed by >>):
crypto/algif_hash.c: In function 'hash_accept':
crypto/algif_hash.c:238:20: error: 'HASH_MAX_STATESIZE' undeclared (first use in this function); did you mean 'HASH_MAX_DESCSIZE'?
238 | char state[HASH_MAX_STATESIZE];
| ^~~~~~~~~~~~~~~~~~
| HASH_MAX_DESCSIZE
crypto/algif_hash.c:238:20: note: each undeclared identifier is reported only once for each function it appears in
>> crypto/algif_hash.c:238:14: warning: unused variable 'state' [-Wunused-variable]
238 | char state[HASH_MAX_STATESIZE];
| ^~~~~
vim +/state +238 crypto/algif_hash.c
fe869cdb89c95d0 Herbert Xu 2010-10-19 230
cdfbabfb2f0ce98 David Howells 2017-03-09 231 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
cdfbabfb2f0ce98 David Howells 2017-03-09 232 bool kern)
fe869cdb89c95d0 Herbert Xu 2010-10-19 233 {
fe869cdb89c95d0 Herbert Xu 2010-10-19 234 struct sock *sk = sock->sk;
fe869cdb89c95d0 Herbert Xu 2010-10-19 235 struct alg_sock *ask = alg_sk(sk);
fe869cdb89c95d0 Herbert Xu 2010-10-19 236 struct hash_ctx *ctx = ask->private;
fe869cdb89c95d0 Herbert Xu 2010-10-19 237 struct ahash_request *req = &ctx->req;
b68a7ec1e9a3efa Kees Cook 2018-08-07 @238 char state[HASH_MAX_STATESIZE];
fe869cdb89c95d0 Herbert Xu 2010-10-19 239 struct sock *sk2;
fe869cdb89c95d0 Herbert Xu 2010-10-19 240 struct alg_sock *ask2;
fe869cdb89c95d0 Herbert Xu 2010-10-19 241 struct hash_ctx *ctx2;
4afa5f961792745 Herbert Xu 2015-11-01 242 bool more;
fe869cdb89c95d0 Herbert Xu 2010-10-19 243 int err;
fe869cdb89c95d0 Herbert Xu 2010-10-19 244
4afa5f961792745 Herbert Xu 2015-11-01 245 lock_sock(sk);
4afa5f961792745 Herbert Xu 2015-11-01 246 more = ctx->more;
4afa5f961792745 Herbert Xu 2015-11-01 247 err = more ? crypto_ahash_export(req, state) : 0;
4afa5f961792745 Herbert Xu 2015-11-01 248 release_sock(sk);
4afa5f961792745 Herbert Xu 2015-11-01 249
fe869cdb89c95d0 Herbert Xu 2010-10-19 250 if (err)
fe869cdb89c95d0 Herbert Xu 2010-10-19 251 return err;
fe869cdb89c95d0 Herbert Xu 2010-10-19 252
cdfbabfb2f0ce98 David Howells 2017-03-09 253 err = af_alg_accept(ask->parent, newsock, kern);
fe869cdb89c95d0 Herbert Xu 2010-10-19 254 if (err)
fe869cdb89c95d0 Herbert Xu 2010-10-19 255 return err;
fe869cdb89c95d0 Herbert Xu 2010-10-19 256
fe869cdb89c95d0 Herbert Xu 2010-10-19 257 sk2 = newsock->sk;
fe869cdb89c95d0 Herbert Xu 2010-10-19 258 ask2 = alg_sk(sk2);
fe869cdb89c95d0 Herbert Xu 2010-10-19 259 ctx2 = ask2->private;
4afa5f961792745 Herbert Xu 2015-11-01 260 ctx2->more = more;
4afa5f961792745 Herbert Xu 2015-11-01 261
4afa5f961792745 Herbert Xu 2015-11-01 262 if (!more)
4afa5f961792745 Herbert Xu 2015-11-01 263 return err;
fe869cdb89c95d0 Herbert Xu 2010-10-19 264
fe869cdb89c95d0 Herbert Xu 2010-10-19 265 err = crypto_ahash_import(&ctx2->req, state);
fe869cdb89c95d0 Herbert Xu 2010-10-19 266 if (err) {
fe869cdb89c95d0 Herbert Xu 2010-10-19 267 sock_orphan(sk2);
fe869cdb89c95d0 Herbert Xu 2010-10-19 268 sock_put(sk2);
fe869cdb89c95d0 Herbert Xu 2010-10-19 269 }
fe869cdb89c95d0 Herbert Xu 2010-10-19 270
fe869cdb89c95d0 Herbert Xu 2010-10-19 271 return err;
fe869cdb89c95d0 Herbert Xu 2010-10-19 272 }
fe869cdb89c95d0 Herbert Xu 2010-10-19 273
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
Hi Herbert,
I love your patch! Yet something to improve:
[auto build test ERROR on herbert-cryptodev-2.6/master]
[also build test ERROR on next-20230331]
[cannot apply to herbert-crypto-2.6/master linus/master v6.3-rc4]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Herbert-Xu/crypto-hash-Remove-maximum-statesize-limit/20230328-115842
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link: https://lore.kernel.org/r/ZCJllZQBWfjMCaoQ%40gondor.apana.org.au
patch subject: [PATCH] crypto: hash - Remove maximum statesize limit
config: x86_64-rhel-8.3-func (https://download.01.org/0day-ci/archive/20230402/[email protected]/config)
compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
reproduce (this is a W=1 build):
# https://github.com/intel-lab-lkp/linux/commit/5258657ff30097b887ac972b95a5563918f4448f
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Herbert-Xu/crypto-hash-Remove-maximum-statesize-limit/20230328-115842
git checkout 5258657ff30097b887ac972b95a5563918f4448f
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 O=build_dir ARCH=x86_64 olddefconfig
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <[email protected]>
| Link: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All errors (new ones prefixed by >>):
crypto/algif_hash.c: In function 'hash_accept':
>> crypto/algif_hash.c:238:20: error: 'HASH_MAX_STATESIZE' undeclared (first use in this function); did you mean 'HASH_MAX_DESCSIZE'?
238 | char state[HASH_MAX_STATESIZE];
| ^~~~~~~~~~~~~~~~~~
| HASH_MAX_DESCSIZE
crypto/algif_hash.c:238:20: note: each undeclared identifier is reported only once for each function it appears in
crypto/algif_hash.c:238:14: warning: unused variable 'state' [-Wunused-variable]
238 | char state[HASH_MAX_STATESIZE];
| ^~~~~
vim +238 crypto/algif_hash.c
fe869cdb89c95d Herbert Xu 2010-10-19 230
cdfbabfb2f0ce9 David Howells 2017-03-09 231 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
cdfbabfb2f0ce9 David Howells 2017-03-09 232 bool kern)
fe869cdb89c95d Herbert Xu 2010-10-19 233 {
fe869cdb89c95d Herbert Xu 2010-10-19 234 struct sock *sk = sock->sk;
fe869cdb89c95d Herbert Xu 2010-10-19 235 struct alg_sock *ask = alg_sk(sk);
fe869cdb89c95d Herbert Xu 2010-10-19 236 struct hash_ctx *ctx = ask->private;
fe869cdb89c95d Herbert Xu 2010-10-19 237 struct ahash_request *req = &ctx->req;
b68a7ec1e9a3ef Kees Cook 2018-08-07 @238 char state[HASH_MAX_STATESIZE];
fe869cdb89c95d Herbert Xu 2010-10-19 239 struct sock *sk2;
fe869cdb89c95d Herbert Xu 2010-10-19 240 struct alg_sock *ask2;
fe869cdb89c95d Herbert Xu 2010-10-19 241 struct hash_ctx *ctx2;
4afa5f96179274 Herbert Xu 2015-11-01 242 bool more;
fe869cdb89c95d Herbert Xu 2010-10-19 243 int err;
fe869cdb89c95d Herbert Xu 2010-10-19 244
4afa5f96179274 Herbert Xu 2015-11-01 245 lock_sock(sk);
4afa5f96179274 Herbert Xu 2015-11-01 246 more = ctx->more;
4afa5f96179274 Herbert Xu 2015-11-01 247 err = more ? crypto_ahash_export(req, state) : 0;
4afa5f96179274 Herbert Xu 2015-11-01 248 release_sock(sk);
4afa5f96179274 Herbert Xu 2015-11-01 249
fe869cdb89c95d Herbert Xu 2010-10-19 250 if (err)
fe869cdb89c95d Herbert Xu 2010-10-19 251 return err;
fe869cdb89c95d Herbert Xu 2010-10-19 252
cdfbabfb2f0ce9 David Howells 2017-03-09 253 err = af_alg_accept(ask->parent, newsock, kern);
fe869cdb89c95d Herbert Xu 2010-10-19 254 if (err)
fe869cdb89c95d Herbert Xu 2010-10-19 255 return err;
fe869cdb89c95d Herbert Xu 2010-10-19 256
fe869cdb89c95d Herbert Xu 2010-10-19 257 sk2 = newsock->sk;
fe869cdb89c95d Herbert Xu 2010-10-19 258 ask2 = alg_sk(sk2);
fe869cdb89c95d Herbert Xu 2010-10-19 259 ctx2 = ask2->private;
4afa5f96179274 Herbert Xu 2015-11-01 260 ctx2->more = more;
4afa5f96179274 Herbert Xu 2015-11-01 261
4afa5f96179274 Herbert Xu 2015-11-01 262 if (!more)
4afa5f96179274 Herbert Xu 2015-11-01 263 return err;
fe869cdb89c95d Herbert Xu 2010-10-19 264
fe869cdb89c95d Herbert Xu 2010-10-19 265 err = crypto_ahash_import(&ctx2->req, state);
fe869cdb89c95d Herbert Xu 2010-10-19 266 if (err) {
fe869cdb89c95d Herbert Xu 2010-10-19 267 sock_orphan(sk2);
fe869cdb89c95d Herbert Xu 2010-10-19 268 sock_put(sk2);
fe869cdb89c95d Herbert Xu 2010-10-19 269 }
fe869cdb89c95d Herbert Xu 2010-10-19 270
fe869cdb89c95d Herbert Xu 2010-10-19 271 return err;
fe869cdb89c95d Herbert Xu 2010-10-19 272 }
fe869cdb89c95d Herbert Xu 2010-10-19 273
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
> Please use the cryptodev tree for all crypto work.
Thanks for the tip, the serie works on STM32MP1
Tested-by : Thomas Bourgoin <[email protected]>
BR