Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1229948rwd; Thu, 1 Jun 2023 12:18:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7XtmrYR2eKLkqT2pG/TDm92R/a4liQzu3aSg03bbM0dkr53nH0usutk+CIN/FH0GlSZg3k X-Received: by 2002:a05:6a00:1a44:b0:643:a903:f1b8 with SMTP id h4-20020a056a001a4400b00643a903f1b8mr6723002pfv.1.1685647082912; Thu, 01 Jun 2023 12:18:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685647082; cv=none; d=google.com; s=arc-20160816; b=ATmHiIJjg2J2bEFciQRQNStGQh1HIsL9iv0PwvjfrDrwlGumTUqOHYJwbgrjmWYPGH FV9qr0J+/FmawdTYVCyqmwbJTPV3/Vkzj3SxD/xpUkgAdYlgpxHY3ckU5J1VB4BlUcfQ mzDcuuKHVIvPcCJJSqUSo8fundSMqYnahyAJogrl7yJ+JtfjiGgM3wKetD8n/YfG276f eBvet5lOpEMvNpevjmPmaEfvSASn8/TylGJQ+SBYvSD233wjuAft5hQ1HdupzoDE71Xi 0n87aeRQP/dmn/kyKIKKJepelnPXpYtBTXL1yD0XukUYGQYrvzoGzj5Pqc5jl5Mgq2EO mLbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=hm7Jjh9TF3Bsq+esRbEZ2y936YTbpq5qnxQF0w6eX7M=; b=XX2cxUqinMFKm16nqYO/4v90gex5zomfsh/RBz09NKxAt7Qdzo8s4XpEzlfCz1qwSJ LVEJgJzQuix9D6ej9shobpr79wbdW4sm34E7JP0/1Kq54Q3hCemmmwzIjAtmDi8K3HqD X5MEJgFvy5bEwRFOeu4a6LFVX5DNkmyw+72HxuJDKkLXoVXZJ2kBAIPODS3BKB8THTv2 m0O6/RVZINJZiOINp0x1HhKMXJ/5lsaTiryVN6frestfaLa9z4cYNIJJGrFn+zrnqDBG 02sT+zIDkHb601SZxsQG2GR8cig2iABFeV2hFOjifucurRez9AyVbaM6tOn4RAUdBEpp yKfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f28-20020a63381c000000b00540107fc033si1213885pga.282.2023.06.01.12.17.42; Thu, 01 Jun 2023 12:18:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231863AbjFATLF (ORCPT + 99 others); Thu, 1 Jun 2023 15:11:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55342 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229651AbjFATLE (ORCPT ); Thu, 1 Jun 2023 15:11:04 -0400 Received: from mail-qv1-f46.google.com (mail-qv1-f46.google.com [209.85.219.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 413BB186 for ; Thu, 1 Jun 2023 12:10:21 -0700 (PDT) Received: by mail-qv1-f46.google.com with SMTP id 6a1803df08f44-6260b578097so10904906d6.3 for ; Thu, 01 Jun 2023 12:10:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685646620; x=1688238620; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=hm7Jjh9TF3Bsq+esRbEZ2y936YTbpq5qnxQF0w6eX7M=; b=H6h67NlSnRvdOf5g3GoLF9c2Fmsjmr8qxRal6LLvABOKiRHbpfFPuaWgSO1mD6hlUv 1oMiCuMaTLTMny4jt0IO2kOf02mrivmKeAFEsRNgUq2ZedbRNWIuTeV/rFjCc1s6ZqKq LZoOmTrVRc9qN87T7h69yVe7NxeQ/04KrPe4mCblEurvBxSLeMrUmrWjjS6xXxeQ9FSD rlUnli8hrgWIVhdxMZFN7KTehn1UlEGQqTX+ljYg+P4glLlwA2Pr4xuV5YzhzCWQ5RJg MmJ1sqdnCIkm2PB0QkTIe+MMFm/FR261lT5CW++F27T+R9r7uAg0LFjuLU0Ms3CfCl6z sK3g== X-Gm-Message-State: AC+VfDwGD9FJCd9bTXjVoH2rE1TVcd2zDry+4kPHdQzAtiym+ra2L9IT Qm9KB13Nf8npv3Ob6iTsv+m+ X-Received: by 2002:a05:6214:1bcb:b0:628:3e37:e175 with SMTP id m11-20020a0562141bcb00b006283e37e175mr6190986qvc.25.1685646620329; Thu, 01 Jun 2023 12:10:20 -0700 (PDT) Received: from localhost (pool-68-160-166-30.bstnma.fios.verizon.net. [68.160.166.30]) by smtp.gmail.com with ESMTPSA id mn6-20020a0562145ec600b0060530c942f4sm7830403qvb.46.2023.06.01.12.10.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Jun 2023 12:10:19 -0700 (PDT) Date: Thu, 1 Jun 2023 15:10:18 -0400 From: Mike Snitzer To: Herbert Xu Cc: Alasdair Kergon , dm-devel@redhat.com, Linux Crypto Mailing List Subject: Re: dm crypt: Avoid using MAX_CIPHER_BLOCKSIZE Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jun 01 2023 at 4:47P -0400, Herbert Xu wrote: > MAX_CIPHER_BLOCKSIZE is an internal implementation detail and should > not be relied on by users of the Crypto API. > > Instead of storing the IV on the stack, allocate it together with > the crypto request. > > Signed-off-by: Herbert Xu > --- > > drivers/md/dm-crypt.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c > index 40cb1719ae4d..0e7e443dde11 100644 > --- a/drivers/md/dm-crypt.c > +++ b/drivers/md/dm-crypt.c > @@ -31,10 +31,10 @@ > #include > #include > #include > -#include > #include > #include > #include > +#include > #include /* for struct rtattr and RTA macros only */ > #include > #include > @@ -743,16 +743,23 @@ static int crypt_iv_eboiv_ctr(struct crypt_config *cc, struct dm_target *ti, > static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, > struct dm_crypt_request *dmreq) > { > - u8 buf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(__le64)); > + struct crypto_skcipher *tfm = any_tfm(cc); > struct skcipher_request *req; > struct scatterlist src, dst; > DECLARE_CRYPTO_WAIT(wait); > + unsigned int reqsize; > int err; > + u8 *buf; > > - req = skcipher_request_alloc(any_tfm(cc), GFP_NOIO); > + reqsize = ALIGN(crypto_skcipher_reqsize(tfm), __alignof__(__le64)); > + > + req = kmalloc(reqsize + cc->iv_size, GFP_NOIO); > if (!req) > return -ENOMEM; > > + skcipher_request_set_tfm(req, tfm); > + > + buf = (u8 *)req + reqsize; > memset(buf, 0, cc->iv_size); > *(__le64 *)buf = cpu_to_le64(dmreq->iv_sector * cc->sector_size); > > @@ -761,7 +768,7 @@ static int crypt_iv_eboiv_gen(struct crypt_config *cc, u8 *iv, > skcipher_request_set_crypt(req, &src, &dst, cc->iv_size, buf); > skcipher_request_set_callback(req, 0, crypto_req_done, &wait); > err = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); > - skcipher_request_free(req); > + kfree_sensitive(req); > > return err; > } Strikes me as strange that open-coding skcipher_request_{alloc,free} is ideal, but dm-crypt is the only non-crypto consumer of MAX_CIPHER_BLOCKSIZE so really not worth standing up yet another interface wrapper. Anyway, this code is certainly better for dm-crypt's needs. I'm happy with you applying this change via your crypto tree. Reviewed-by: Mike Snitzer Thanks.