libceph: Remove VLA usage of skcipher

In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Ilya Dryomov <idryomov@gmail.com> Cc: "Yan, Zheng" <zyan@redhat.com> Cc: Sage Weil <sage@redhat.com> Cc: ceph-devel@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Kees Cook <keescook@chromium.org> 2018-09-18 22:10:45 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-28 00:46:07 -0400
commit: 69d6302b65a83ce04720158f3f6fc2c9fb46c941 (patch)
tree: 4fcfe7ca7fcf53a5ab5a6d22044024570ac6c415
parent: dc568baf9bd1d455de81a18bb68d555a3a9edc3f (diff)
2 files changed, 7 insertions, 7 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 02172c408ff2..5d6724cee38f 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -46,9 +46,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
                goto fail;
        }
-        /* crypto_alloc_skcipher() allocates with GFP_KERNEL */
+        /* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */
        noio_flag = memalloc_noio_save();
-        key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+        key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);
        memalloc_noio_restore(noio_flag);
        if (IS_ERR(key->tfm)) {
                ret = PTR_ERR(key->tfm);
@@ -56,7 +56,7 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
                goto fail;
        }
-        ret = crypto_skcipher_setkey(key->tfm, key->key, key->len);
+        ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);
        if (ret)
                goto fail;
@@ -136,7 +136,7 @@ void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
        if (key) {
                kfree(key->key);
                key->key = NULL;
-                crypto_free_skcipher(key->tfm);
+                crypto_free_sync_skcipher(key->tfm);
                key->tfm = NULL;
        }
 }
@@ -216,7 +216,7 @@ static void teardown_sgtable(struct sg_table *sgt)
 static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
                          void *buf, int buf_len, int in_len, int *pout_len)
 {
-        SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
+        SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
        struct sg_table sgt;
        struct scatterlist prealloc_sg;
        char iv[AES_BLOCK_SIZE] __aligned(8);
@@ -232,7 +232,7 @@ static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
                return ret;
        memcpy(iv, aes_iv, AES_BLOCK_SIZE);
-        skcipher_request_set_tfm(req, key->tfm);
+        skcipher_request_set_sync_tfm(req, key->tfm);
        skcipher_request_set_callback(req, 0, NULL, NULL);
        skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);
diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index bb45c7d43739..96ef4d860bc9 100644
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -13,7 +13,7 @@ struct ceph_crypto_key {
        struct ceph_timespec created;
        int len;
        void *key;
-        struct crypto_skcipher *tfm;
+        struct crypto_sync_skcipher *tfm;
 };
 int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
author	Kees Cook <keescook@chromium.org>	2018-09-18 22:10:45 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-09-28 00:46:07 -0400
commit	69d6302b65a83ce04720158f3f6fc2c9fb46c941 (patch)
tree	4fcfe7ca7fcf53a5ab5a6d22044024570ac6c415
parent	dc568baf9bd1d455de81a18bb68d555a3a9edc3f (diff)

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 02172c408ff2..5d6724cee38f 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c
@@ -46,9 +46,9 @@ static int set_secret(struct ceph_crypto_key key, void buf)
46	goto fail;	46	goto fail;
47	}	47	}
48		48
49	/* crypto_alloc_skcipher() allocates with GFP_KERNEL */	49	/* crypto_alloc_sync_skcipher() allocates with GFP_KERNEL */
50	noio_flag = memalloc_noio_save();	50	noio_flag = memalloc_noio_save();
51	key->tfm = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);	51	key->tfm = crypto_alloc_sync_skcipher("cbc(aes)", 0, 0);
52	memalloc_noio_restore(noio_flag);	52	memalloc_noio_restore(noio_flag);
53	if (IS_ERR(key->tfm)) {	53	if (IS_ERR(key->tfm)) {
54	ret = PTR_ERR(key->tfm);	54	ret = PTR_ERR(key->tfm);
@@ -56,7 +56,7 @@ static int set_secret(struct ceph_crypto_key key, void buf)
56	goto fail;	56	goto fail;
57	}	57	}
58		58
59	ret = crypto_skcipher_setkey(key->tfm, key->key, key->len);	59	ret = crypto_sync_skcipher_setkey(key->tfm, key->key, key->len);
60	if (ret)	60	if (ret)
61	goto fail;	61	goto fail;
62		62
@@ -136,7 +136,7 @@ void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
136	if (key) {	136	if (key) {
137	kfree(key->key);	137	kfree(key->key);
138	key->key = NULL;	138	key->key = NULL;
139	crypto_free_skcipher(key->tfm);	139	crypto_free_sync_skcipher(key->tfm);
140	key->tfm = NULL;	140	key->tfm = NULL;
141	}	141	}
142	}	142	}
@@ -216,7 +216,7 @@ static void teardown_sgtable(struct sg_table *sgt)
216	static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,	216	static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
217	void buf, int buf_len, int in_len, int pout_len)	217	void buf, int buf_len, int in_len, int pout_len)
218	{	218	{
219	SKCIPHER_REQUEST_ON_STACK(req, key->tfm);	219	SYNC_SKCIPHER_REQUEST_ON_STACK(req, key->tfm);
220	struct sg_table sgt;	220	struct sg_table sgt;
221	struct scatterlist prealloc_sg;	221	struct scatterlist prealloc_sg;
222	char iv[AES_BLOCK_SIZE] __aligned(8);	222	char iv[AES_BLOCK_SIZE] __aligned(8);
@@ -232,7 +232,7 @@ static int ceph_aes_crypt(const struct ceph_crypto_key *key, bool encrypt,
232	return ret;	232	return ret;
233		233
234	memcpy(iv, aes_iv, AES_BLOCK_SIZE);	234	memcpy(iv, aes_iv, AES_BLOCK_SIZE);
235	skcipher_request_set_tfm(req, key->tfm);	235	skcipher_request_set_sync_tfm(req, key->tfm);
236	skcipher_request_set_callback(req, 0, NULL, NULL);	236	skcipher_request_set_callback(req, 0, NULL, NULL);
237	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);	237	skcipher_request_set_crypt(req, sgt.sgl, sgt.sgl, crypt_len, iv);
238		238


diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h index bb45c7d43739..96ef4d860bc9 100644 --- a/net/ceph/crypto.h +++ b/net/ceph/crypto.h
@@ -13,7 +13,7 @@ struct ceph_crypto_key {
13	struct ceph_timespec created;	13	struct ceph_timespec created;
14	int len;	14	int len;
15	void *key;	15	void *key;
16	struct crypto_skcipher *tfm;	16	struct crypto_sync_skcipher *tfm;
17	};	17	};
18		18
19	int ceph_crypto_key_clone(struct ceph_crypto_key *dst,	19	int ceph_crypto_key_clone(struct ceph_crypto_key *dst,