From: Eric Biggers <ebiggers@kernel.org>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: Milan Broz <gmazyland@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
dm-devel@lists.linux.dev
Subject: Re: dm-crypt: Extend state buffer size in crypt_iv_lmk_one
Date: Mon, 23 Jun 2025 18:22:38 +0000 [thread overview]
Message-ID: <20250623182238.GA1261119@google.com> (raw)
In-Reply-To: <cc21e81d-e03c-a8c8-e32c-f4e52ce18891@redhat.com>
On Mon, Jun 23, 2025 at 11:40:39AM +0200, Mikulas Patocka wrote:
>
>
> On Fri, 20 Jun 2025, Milan Broz wrote:
>
> > Hi,
> >
> > On 6/20/25 6:09 AM, Herbert Xu wrote:
> > > The output buffer size of of crypto_shash_export is returned by
> > > crypto_shash_statesize. Alternatively HASH_MAX_STATESIZE may be
> > > used for stack buffers.
> > >
> > > Fixes: 8cf4c341f193 ("crypto: md5-generic - Use API partial block handling")
> > > Reported-by: Milan Broz <gmazyland@gmail.com>
> > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> >
> > Yes, that fixes the issue, thanks!
> >
> > Tested-by: Milan Broz <gmazyland@gmail.com>
> >
> > Mikulas, I think this should go through DM tree, could you send it for 6.16?
> > The full patch is here
> > https://lore.kernel.org/linux-crypto/aFTe3kDZXCAzcwNq@gondor.apana.org.au/T/#u
> >
> > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> > > index 9dfdb63220d7..cb4617df7356 100644
> > > --- a/drivers/md/dm-crypt.c
> > > +++ b/drivers/md/dm-crypt.c
> > > @@ -517,7 +517,10 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8
> > > *iv,
> > > {
> > > struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
> > > SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
> > > - struct md5_state md5state;
> > > + union {
> > > + struct md5_state md5state;
> > > + u8 state[HASH_MAX_STATESIZE];
> > > + } u;
>
> Hi
>
> 345 bytes on the stack - I think it's too much, given the fact that it
> already uses 345 bytes (from SHASH_DESC_ON_STACK) and it may be called in
> a tasklet context. I'd prefer a solution that allocates less bytes.
Of course, the correct solution is to just add MD5 support to lib/crypto/ and
use that here. All that's needed is a single MD5 context (88 bytes), and direct
calls to the MD5 code...
- Eric
next prev parent reply other threads:[~2025-06-23 18:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 21:17 OOPs in 6.16-rc2 crypto_shash_export due to partial block handling Milan Broz
2025-06-20 4:09 ` dm-crypt: Extend state buffer size in crypt_iv_lmk_one Herbert Xu
2025-06-20 8:04 ` Milan Broz
2025-06-23 9:40 ` Mikulas Patocka
2025-06-23 11:11 ` [v2 PATCH] " Herbert Xu
2025-06-23 11:55 ` Milan Broz
2025-06-23 12:42 ` Mikulas Patocka
2025-06-23 18:22 ` Eric Biggers [this message]
2025-06-24 16:59 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250623182238.GA1261119@google.com \
--to=ebiggers@kernel.org \
--cc=agk@redhat.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.