Re: [PATCH v2] async_pq: Remove VLA usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 10, 2018 at 1:57 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Sat, May 5, 2018 at 12:58 AM, Kyle Spiers <ksspiers@xxxxxxxxxx> wrote:
>> In the quest to remove VLAs from the kernel[1], this moves the
>> allocation of coefs and blocks from the stack to being kmalloc()ed.
>>
>> [1] https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Kyle Spiers <ksspiers@xxxxxxxxxx>
>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
>
> Is this something that should go via Vinod, Dan, or direct through
> Herbert's crypto tree?

Friendly ping. Any news on this patch?

Thanks!

-Kees

>
> Thanks!
>
> -Kees
>
>> ---
>> Forgot to add slab.h
>> ---
>>  crypto/async_tx/async_pq.c  | 18 ++++++++++++++----
>>  crypto/async_tx/raid6test.c |  9 ++++++++-
>>  2 files changed, 22 insertions(+), 5 deletions(-)
>>
>> diff --git a/crypto/async_tx/async_pq.c b/crypto/async_tx/async_pq.c
>> index 56bd612927ab..af1912313a23 100644
>> --- a/crypto/async_tx/async_pq.c
>> +++ b/crypto/async_tx/async_pq.c
>> @@ -194,9 +194,9 @@ async_gen_syndrome(struct page **blocks, unsigned int offset, int disks,
>>             (src_cnt <= dma_maxpq(device, 0) ||
>>              dma_maxpq(device, DMA_PREP_CONTINUE) > 0) &&
>>             is_dma_pq_aligned(device, offset, 0, len)) {
>> -               struct dma_async_tx_descriptor *tx;
>> +               struct dma_async_tx_descriptor *tx = NULL;
>>                 enum dma_ctrl_flags dma_flags = 0;
>> -               unsigned char coefs[src_cnt];
>> +               unsigned char *coefs;
>>                 int i, j;
>>
>>                 /* run the p+q asynchronously */
>> @@ -207,6 +207,9 @@ async_gen_syndrome(struct page **blocks, unsigned int offset, int disks,
>>                  * sources and update the coefficients accordingly
>>                  */
>>                 unmap->len = len;
>> +               coefs = kmalloc_array(src_cnt, sizeof(*coefs), GFP_KERNEL);
>> +               if (!coefs)
>> +                       goto out;
>>                 for (i = 0, j = 0; i < src_cnt; i++) {
>>                         if (blocks[i] == NULL)
>>                                 continue;
>> @@ -240,7 +243,9 @@ async_gen_syndrome(struct page **blocks, unsigned int offset, int disks,
>>                 }
>>
>>                 tx = do_async_gen_syndrome(chan, coefs, j, unmap, dma_flags, submit);
>> +out:
>>                 dmaengine_unmap_put(unmap);
>> +               kfree(coefs);
>>                 return tx;
>>         }
>>
>> @@ -298,8 +303,8 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks,
>>  {
>>         struct dma_chan *chan = pq_val_chan(submit, blocks, disks, len);
>>         struct dma_device *device = chan ? chan->device : NULL;
>> -       struct dma_async_tx_descriptor *tx;
>> -       unsigned char coefs[disks-2];
>> +       struct dma_async_tx_descriptor *tx = NULL;
>> +       unsigned char *coefs = NULL;
>>         enum dma_ctrl_flags dma_flags = submit->cb_fn ? DMA_PREP_INTERRUPT : 0;
>>         struct dmaengine_unmap_data *unmap = NULL;
>>
>> @@ -318,6 +323,9 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks,
>>                          __func__, disks, len);
>>
>>                 unmap->len = len;
>> +               coefs = kmalloc_array(disks - 2, sizeof(*coefs), GFP_KERNEL);
>> +               if (!coefs)
>> +                       goto out;
>>                 for (i = 0; i < disks-2; i++)
>>                         if (likely(blocks[i])) {
>>                                 unmap->addr[j] = dma_map_page(dev, blocks[i],
>> @@ -423,6 +431,8 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks,
>>                 async_tx_sync_epilog(submit);
>>                 tx = NULL;
>>         }
>> +out:
>> +       kfree(coefs);
>>         dmaengine_unmap_put(unmap);
>>
>>         return tx;
>> diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
>> index dad95f45b88f..4237a5ae8f42 100644
>> --- a/crypto/async_tx/raid6test.c
>> +++ b/crypto/async_tx/raid6test.c
>> @@ -24,6 +24,7 @@
>>  #include <linux/mm.h>
>>  #include <linux/random.h>
>>  #include <linux/module.h>
>> +#include <linux/slab.h>
>>
>>  #undef pr
>>  #define pr(fmt, args...) pr_info("raid6test: " fmt, ##args)
>> @@ -81,11 +82,16 @@ static void raid6_dual_recov(int disks, size_t bytes, int faila, int failb, stru
>>                         init_async_submit(&submit, 0, NULL, NULL, NULL, addr_conv);
>>                         tx = async_gen_syndrome(ptrs, 0, disks, bytes, &submit);
>>                 } else {
>> -                       struct page *blocks[disks];
>> +                       struct page **blocks;
>>                         struct page *dest;
>>                         int count = 0;
>>                         int i;
>>
>> +                       blocks = kmalloc_array(disks, sizeof(*blocks),
>> +                                                       GFP_KERNEL);
>> +                       if (!blocks)
>> +                               return;
>> +
>>                         /* data+Q failure.  Reconstruct data from P,
>>                          * then rebuild syndrome
>>                          */
>> @@ -101,6 +107,7 @@ static void raid6_dual_recov(int disks, size_t bytes, int faila, int failb, stru
>>
>>                         init_async_submit(&submit, 0, tx, NULL, NULL, addr_conv);
>>                         tx = async_gen_syndrome(ptrs, 0, disks, bytes, &submit);
>> +                       kfree(blocks);
>>                 }
>>         } else {
>>                 if (failb == disks-2) {
>> --
>> 2.17.0.441.gb46fe60e1d-goog
>>
>
>
>
> --
> Kees Cook
> Pixel Security



-- 
Kees Cook
Pixel Security



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux