From: Herbert Xu Subject: Re: [kernel-hardening] Re: Remaining crypto API regressions with CONFIG_VMAP_STACK Date: Sat, 10 Dec 2016 16:16:43 +0800 Message-ID: <20161210081643.GA384@gondor.apana.org.au> References: <20161210060316.GC6846@zzz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kernel-hardening@lists.openwall.com, luto@amacapital.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, luto@kernel.org, smueller@chronox.de To: Eric Biggers Return-path: Received: from helcar.hengli.com.au ([209.40.204.226]:53281 "EHLO helcar.apana.org.au" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751194AbcLJIRB (ORCPT ); Sat, 10 Dec 2016 03:17:01 -0500 Content-Disposition: inline In-Reply-To: <20161210060316.GC6846@zzz> Sender: linux-crypto-owner@vger.kernel.org List-ID: Why did you drop me from the CC list when you were replying to my email? Eric Biggers wrote: > On Sat, Dec 10, 2016 at 01:32:08PM +0800, Herbert Xu wrote: > >> Are you sure? Any instance of *_ON_STACK must only be used with >> sync algorithms and most drivers under drivers/crypto declare >> themselves as async. > > Why exactly is that? Obviously, it wouldn't work if you returned from the stack > frame before the request completed, but does anything stop someone from using an > *_ON_STACK() request and then waiting for the request to complete before > returning from the stack frame? The *_ON_STACK variants (except SHASH of course) were simply hacks to help legacy crypto API users to cope with the new async interface. In general we should avoid using the sync interface when possible. It's a bad idea for the obvious reason that most of our async algorithms want to DMA and that doesn't work very well when you're using memory from the stack. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt