From: Eric Biggers <ebiggers@kernel.org>
To: Cheng-Yang Chou <yphbchou0911@gmail.com>, herbert@gondor.apana.org.au
Cc: davem@davemloft.net, catalin.marinas@arm.com, will@kernel.org,
linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, jserv@ccns.ncku.edu.tw
Subject: Re: [PATCH v2] crypto: arm64/aes-neonbs - Move key expansion off the stack
Date: Mon, 9 Mar 2026 13:48:08 -0700 [thread overview]
Message-ID: <20260309204808.GC2048@quark> (raw)
In-Reply-To: <20260306213502.GB9593@quark>
On Fri, Mar 06, 2026 at 01:35:02PM -0800, Eric Biggers wrote:
> On Fri, Mar 06, 2026 at 02:42:54PM +0800, Cheng-Yang Chou wrote:
> > aesbs_setkey() and aesbs_cbc_ctr_setkey() allocate struct crypto_aes_ctx
> > on the stack. On arm64, the kernel-mode NEON context is also stored on
> > the stack, causing the combined frame size to exceed 1024 bytes and
> > triggering -Wframe-larger-than= warnings.
> >
> > Allocate struct crypto_aes_ctx on the heap instead and use
> > kfree_sensitive() to ensure the key material is zeroed on free.
> > Use a goto-based cleanup path to ensure kfree_sensitive() is always
> > called.
> >
> > Signed-off-by: Cheng-Yang Chou <yphbchou0911@gmail.com>
> > ---
> > Changes in v1:
> > - Replace memzero_explicit() + kfree() with kfree_sensitive()
> > (Eric Biggers)
> > - Link to v1: https://lore.kernel.org/all/20260305183229.150599-1-yphbchou0911@gmail.com/
> >
> > arch/arm64/crypto/aes-neonbs-glue.c | 37 ++++++++++++++++++-----------
> > 1 file changed, 23 insertions(+), 14 deletions(-)
>
> Looks okay for now, though as I mentioned I'd like to eventually
> refactor this code to not need so much temporary space.
>
> I'll plan to take this through the libcrypto-fixes tree. Herbert, let
> me know if you prefer to take it instead.
>
> I'll plan to add:
>
> Fixes: 4fa617cc6851 ("arm64/fpsimd: Allocate kernel mode FP/SIMD buffers on the stack")
>
> ... since that is the change that put the stack usage over the "limit".
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-fixes
- Eric
prev parent reply other threads:[~2026-03-09 20:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-06 6:42 [PATCH v2] crypto: arm64/aes-neonbs - Move key expansion off the stack Cheng-Yang Chou
2026-03-06 21:35 ` Eric Biggers
2026-03-07 1:09 ` Herbert Xu
2026-03-09 20:48 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260309204808.GC2048@quark \
--to=ebiggers@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=jserv@ccns.ncku.edu.tw \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
--cc=yphbchou0911@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.