Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp414038rwd; Thu, 1 Jun 2023 01:55:04 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7Vwd0vq06yJIQdLLI92x2IOgZTrBhaNYBMBGvvYRhPuW9+a4WA8Abfdk46X95ZBhPlu/TZ X-Received: by 2002:a05:6a21:32a2:b0:10f:708b:bb13 with SMTP id yt34-20020a056a2132a200b0010f708bbb13mr5333721pzb.1.1685609703935; Thu, 01 Jun 2023 01:55:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685609703; cv=none; d=google.com; s=arc-20160816; b=OIDYdehgAeT0o5unt7WJgvz3BA0qWV0DJIgLKAgi2gadkkdAqciKLrAJ6DkYnRKNC1 QtCTDrH025lyqFdCK6R26A31WhxUVd9V0lB0K3QNgsj0k1i32lwlOENJBrr5H6Bt5gvJ gL56JUcTdH20wllWQcgjcVSPucDtoEYGv3Ds1h5HGlowNPqOGtkA+JRl1WqlLGSytYfd UJtpRxOWavjLPltn/lrUKDplIQYh6dl/8SxitpzuW7S8S2hGSsHYTUrO37rgMBEuU75d 9dVlxhJO8bKj6IqVV/juunp7T+jh4cBVC06qngjCpayzks1VDyAATg6xAiA6gpxygd3x N/6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date; bh=iEYFK55ed4mP9kW5lXuk7AVmeqIfhnOjTCVc3WiPJkI=; b=NZJ7FkjadcOFfmbQeSZqEGlt6Nonm0Kc3+ycvRpm0TqSegMzokkrQXd3ZtmvTYsNOd TRWJdIOZMEBazp6f2Qn519vaONTALb2CWMLctiDlBYRL/2QnlrcfnC3Pu2gwVtBFjsxn mp/VdoPzRpNvA0bFED0qZIEga4EL/BpYNkzaHbzKrqXgiNZ0VDrndVUJF/bWx2JQuxvl gQUqSZDtTJ68iy6gCzfU3vplcqCy/qjod8VFHTGoKy3MhqN9UrpdQE8B5v8/wvFZuyq0 oy2mPa31EhS/fxFKyz5XZ9ioH2EYjSNJmduuq9D8crUYZZqll+hVvcRWhTRNIY8nv6zm g4fg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o15-20020a637e4f000000b0053fb69a6397si1631272pgn.587.2023.06.01.01.54.45; Thu, 01 Jun 2023 01:55:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232046AbjFAIsE (ORCPT + 99 others); Thu, 1 Jun 2023 04:48:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231428AbjFAIry (ORCPT ); Thu, 1 Jun 2023 04:47:54 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C052B134 for ; Thu, 1 Jun 2023 01:47:50 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1q4dyB-00Fb2R-Cb; Thu, 01 Jun 2023 16:47:44 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Thu, 01 Jun 2023 16:47:43 +0800 Date: Thu, 1 Jun 2023 16:47:43 +0800 From: Herbert Xu To: Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Linux Crypto Mailing List Subject: dm crypt: Avoid using MAX_CIPHER_BLOCKSIZE Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_00,HELO_DYNAMIC_IPADDR2, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org MAX_CIPHER_BLOCKSIZE is an internal implementation detail and should not be relied on by users of the Crypto API. Instead of storing the IV on the stack, allocate it together with the crypto request. Signed-off-by: Herbert Xu --- drivers/md/dm-crypt.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 40cb1719ae4d..0e7e443dde11 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -31,10 +31,10 @@ #include #include #include -#include #include #include #include +#include #include /* for struct rtattr and RTA macros only */ #include #include @@ -743,16 +743,23 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, struct dm_crypt_request *dmreq) { - u8 buf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(__le64)); + struct crypto_skcipher *tfm = any_tfm(cc); struct skcipher_request *req; struct scatterlist src, dst; DECLARE_CRYPTO_WAIT(wait); + unsigned int reqsize; int err; + u8 *buf; - req = skcipher_request_alloc(any_tfm(cc), GFP_NOIO); + reqsize = ALIGN(crypto_skcipher_reqsize(tfm), __alignof__(__le64)); + + req = kmalloc(reqsize + cc->iv_size, GFP_NOIO); if (!req) return -ENOMEM; + skcipher_request_set_tfm(req, tfm); + + buf = (u8 *)req + reqsize; memset(buf, 0, cc->iv_size); *(__le64 *)buf = cpu_to_le64(dmreq->iv_sector * cc->sector_size); @@ -761,7 +768,7 @@ static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, skcipher_request_set_crypt(req, &src, &dst, cc->iv_size, buf); skcipher_request_set_callback(req, 0, crypto_req_done, &wait); err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); - skcipher_request_free(req); + kfree_sensitive(req); return err; } -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt