From: Eric Biggers <ebiggers@kernel.org>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: Milan Broz <gmazyland@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
dm-devel@lists.linux.dev
Subject: Re: dm-crypt: Extend state buffer size in crypt_iv_lmk_one
Date: Mon, 23 Jun 2025 18:22:38 +0000 [thread overview]
Message-ID: <20250623182238.GA1261119@google.com> (raw)
In-Reply-To: <cc21e81d-e03c-a8c8-e32c-f4e52ce18891@redhat.com>
On Mon, Jun 23, 2025 at 11:40:39AM +0200, Mikulas Patocka wrote:
>
>
> On Fri, 20 Jun 2025, Milan Broz wrote:
>
> > Hi,
> >
> > On 6/20/25 6:09 AM, Herbert Xu wrote:
> > > The output buffer size of of crypto_shash_export is returned by
> > > crypto_shash_statesize. Alternatively HASH_MAX_STATESIZE may be
> > > used for stack buffers.
> > >
> > > Fixes: 8cf4c341f193 ("crypto: md5-generic - Use API partial block handling")
> > > Reported-by: Milan Broz <gmazyland@gmail.com>
> > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> >
> > Yes, that fixes the issue, thanks!
> >
> > Tested-by: Milan Broz <gmazyland@gmail.com>
> >
> > Mikulas, I think this should go through DM tree, could you send it for 6.16?
> > The full patch is here
> > https://lore.kernel.org/linux-crypto/aFTe3kDZXCAzcwNq@gondor.apana.org.au/T/#u
> >
> > > diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
> > > index 9dfdb63220d7..cb4617df7356 100644
> > > --- a/drivers/md/dm-crypt.c
> > > +++ b/drivers/md/dm-crypt.c
> > > @@ -517,7 +517,10 @@ static int crypt_iv_lmk_one(struct crypt_config *cc, u8
> > > *iv,
> > > {
> > > struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
> > > SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
> > > - struct md5_state md5state;
> > > + union {
> > > + struct md5_state md5state;
> > > + u8 state[HASH_MAX_STATESIZE];
> > > + } u;
>
> Hi
>
> 345 bytes on the stack - I think it's too much, given the fact that it
> already uses 345 bytes (from SHASH_DESC_ON_STACK) and it may be called in
> a tasklet context. I'd prefer a solution that allocates less bytes.
Of course, the correct solution is to just add MD5 support to lib/crypto/ and
use that here. All that's needed is a single MD5 context (88 bytes), and direct
calls to the MD5 code...
- Eric
next prev parent reply other threads:[~2025-06-23 18:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 21:17 OOPs in 6.16-rc2 crypto_shash_export due to partial block handling Milan Broz
2025-06-20 4:09 ` dm-crypt: Extend state buffer size in crypt_iv_lmk_one Herbert Xu
2025-06-20 8:04 ` Milan Broz
2025-06-23 9:40 ` Mikulas Patocka
2025-06-23 11:11 ` [v2 PATCH] " Herbert Xu
2025-06-23 11:55 ` Milan Broz
2025-06-23 12:42 ` Mikulas Patocka
2025-06-23 18:22 ` Eric Biggers [this message]
2025-06-24 16:59 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250623182238.GA1261119@google.com \
--to=ebiggers@kernel.org \
--cc=agk@redhat.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mpatocka@redhat.com \
--cc=snitzer@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).