diff options
| author | Kees Cook <keescook@chromium.org> | 2018-09-18 22:10:52 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-09-28 00:46:08 -0400 |
| commit | 36b3875a97b85e60eb612f8c72d19271c70b08fd (patch) | |
| tree | 75c2c965017403d050de33ce5be23e71d8e586e1 /crypto/cryptd.c | |
| parent | 8d605398425843c7ce3c0e9a0434d832d3bd54cc (diff) | |
crypto: cryptd - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/cryptd.c')
| -rw-r--r-- | crypto/cryptd.c | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/crypto/cryptd.c b/crypto/cryptd.c index addca7bae33f..7118fb5efbaa 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c | |||
| @@ -76,7 +76,7 @@ struct cryptd_blkcipher_request_ctx { | |||
| 76 | 76 | ||
| 77 | struct cryptd_skcipher_ctx { | 77 | struct cryptd_skcipher_ctx { |
| 78 | atomic_t refcnt; | 78 | atomic_t refcnt; |
| 79 | struct crypto_skcipher *child; | 79 | struct crypto_sync_skcipher *child; |
| 80 | }; | 80 | }; |
| 81 | 81 | ||
| 82 | struct cryptd_skcipher_request_ctx { | 82 | struct cryptd_skcipher_request_ctx { |
| @@ -449,14 +449,16 @@ static int cryptd_skcipher_setkey(struct crypto_skcipher *parent, | |||
| 449 | const u8 *key, unsigned int keylen) | 449 | const u8 *key, unsigned int keylen) |
| 450 | { | 450 | { |
| 451 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(parent); | 451 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(parent); |
| 452 | struct crypto_skcipher *child = ctx->child; | 452 | struct crypto_sync_skcipher *child = ctx->child; |
| 453 | int err; | 453 | int err; |
| 454 | 454 | ||
| 455 | crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); | 455 | crypto_sync_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); |
| 456 | crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(parent) & | 456 | crypto_sync_skcipher_set_flags(child, |
| 457 | crypto_skcipher_get_flags(parent) & | ||
| 457 | CRYPTO_TFM_REQ_MASK); | 458 | CRYPTO_TFM_REQ_MASK); |
| 458 | err = crypto_skcipher_setkey(child, key, keylen); | 459 | err = crypto_sync_skcipher_setkey(child, key, keylen); |
| 459 | crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) & | 460 | crypto_skcipher_set_flags(parent, |
| 461 | crypto_sync_skcipher_get_flags(child) & | ||
| 460 | CRYPTO_TFM_RES_MASK); | 462 | CRYPTO_TFM_RES_MASK); |
| 461 | return err; | 463 | return err; |
| 462 | } | 464 | } |
| @@ -483,13 +485,13 @@ static void cryptd_skcipher_encrypt(struct crypto_async_request *base, | |||
| 483 | struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); | 485 | struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); |
| 484 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); | 486 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
| 485 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); | 487 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); |
| 486 | struct crypto_skcipher *child = ctx->child; | 488 | struct crypto_sync_skcipher *child = ctx->child; |
| 487 | SKCIPHER_REQUEST_ON_STACK(subreq, child); | 489 | SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child); |
| 488 | 490 | ||
| 489 | if (unlikely(err == -EINPROGRESS)) | 491 | if (unlikely(err == -EINPROGRESS)) |
| 490 | goto out; | 492 | goto out; |
| 491 | 493 | ||
| 492 | skcipher_request_set_tfm(subreq, child); | 494 | skcipher_request_set_sync_tfm(subreq, child); |
| 493 | skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, | 495 | skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, |
| 494 | NULL, NULL); | 496 | NULL, NULL); |
| 495 | skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, | 497 | skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, |
| @@ -511,13 +513,13 @@ static void cryptd_skcipher_decrypt(struct crypto_async_request *base, | |||
| 511 | struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); | 513 | struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req); |
| 512 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); | 514 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
| 513 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); | 515 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); |
| 514 | struct crypto_skcipher *child = ctx->child; | 516 | struct crypto_sync_skcipher *child = ctx->child; |
| 515 | SKCIPHER_REQUEST_ON_STACK(subreq, child); | 517 | SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child); |
| 516 | 518 | ||
| 517 | if (unlikely(err == -EINPROGRESS)) | 519 | if (unlikely(err == -EINPROGRESS)) |
| 518 | goto out; | 520 | goto out; |
| 519 | 521 | ||
| 520 | skcipher_request_set_tfm(subreq, child); | 522 | skcipher_request_set_sync_tfm(subreq, child); |
| 521 | skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, | 523 | skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP, |
| 522 | NULL, NULL); | 524 | NULL, NULL); |
| 523 | skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, | 525 | skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, |
| @@ -568,7 +570,7 @@ static int cryptd_skcipher_init_tfm(struct crypto_skcipher *tfm) | |||
| 568 | if (IS_ERR(cipher)) | 570 | if (IS_ERR(cipher)) |
| 569 | return PTR_ERR(cipher); | 571 | return PTR_ERR(cipher); |
| 570 | 572 | ||
| 571 | ctx->child = cipher; | 573 | ctx->child = (struct crypto_sync_skcipher *)cipher; |
| 572 | crypto_skcipher_set_reqsize( | 574 | crypto_skcipher_set_reqsize( |
| 573 | tfm, sizeof(struct cryptd_skcipher_request_ctx)); | 575 | tfm, sizeof(struct cryptd_skcipher_request_ctx)); |
| 574 | return 0; | 576 | return 0; |
| @@ -578,7 +580,7 @@ static void cryptd_skcipher_exit_tfm(struct crypto_skcipher *tfm) | |||
| 578 | { | 580 | { |
| 579 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); | 581 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm); |
| 580 | 582 | ||
| 581 | crypto_free_skcipher(ctx->child); | 583 | crypto_free_sync_skcipher(ctx->child); |
| 582 | } | 584 | } |
| 583 | 585 | ||
| 584 | static void cryptd_skcipher_free(struct skcipher_instance *inst) | 586 | static void cryptd_skcipher_free(struct skcipher_instance *inst) |
| @@ -1243,7 +1245,7 @@ struct crypto_skcipher *cryptd_skcipher_child(struct cryptd_skcipher *tfm) | |||
| 1243 | { | 1245 | { |
| 1244 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); | 1246 | struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base); |
| 1245 | 1247 | ||
| 1246 | return ctx->child; | 1248 | return &ctx->child->base; |
| 1247 | } | 1249 | } |
| 1248 | EXPORT_SYMBOL_GPL(cryptd_skcipher_child); | 1250 | EXPORT_SYMBOL_GPL(cryptd_skcipher_child); |
| 1249 | 1251 | ||