On Wed, Sep 5, 2018 at 1:33 AM, Lars Ellenberg <lars.ellenberg@xxxxxxxxxx> wrote: > On Tue, Sep 04, 2018 at 08:04:18PM -0700, Kees Cook wrote: >> On Mon, Sep 3, 2018 at 11:04 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> > On Mon, Aug 6, 2018 at 4:32 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> >> In preparing to remove all stack VLA usage from the kernel[1], this >> >> removes the discouraged use of AHASH_REQUEST_ON_STACK in favor of >> >> the smaller SHASH_DESC_ON_STACK by converting from ahash-wrapped-shash >> >> to direct shash. By removing a layer of indirection this both improves >> >> performance and reduces stack usage. The stack allocation will be made >> >> a fixed size in a later patch to the crypto subsystem. >> >> >> >> The bulk of the lines in this change are simple s/ahash/shash/, but the >> >> main logic differences are in drbd_csum_ee() and drbd_csum_bio(), which >> >> externalizes the page walking with k(un)map_atomic() instead of using >> >> scattergather. >> > >> > Hi Lars! How does this look to you? If you can Ack I assume Jens would >> > be able to take this. > > Sure, I should have ACKed it a month ago already. As I said, I believe > you the crypto. And you added the kmap_atomic as I pointed out. > All good. Great, thanks! Jens, can you take this? >> FWIW I've tested a simple drbd configuration before/after this change >> and things seem to be working correctly. > > You'd need "data-integrity-alg" set (or "verify-alg", and then have it > do an online-verify) to excercise the crypto stuff, > and you'd need a highmem system (are these still out there?) > to have the kmap not be a no-op. But I don't see any potential problem. While I don't have a highmem system, I've confirmed that data-integrity-alg and verify-alg are both working for me. Thanks! -Kees -- Kees Cook Pixel Security
