From: Harald Freudenberger <freude@linux.ibm.com>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, dm-devel@lists.linux.dev
Subject: Re: crypto ahash requests on the stack
Date: Tue, 09 Sep 2025 16:01:45 +0200 [thread overview]
Message-ID: <b20529cc85868607dbec25489daa0404@linux.ibm.com> (raw)
In-Reply-To: <94b8648b-5613-d161-3351-fee1f217c866@redhat.com>
On 2025-08-25 16:23, Mikulas Patocka wrote:
> Hi
>
> I'd like to ask about this condition in crypto_ahash_digest:
> if (ahash_req_on_stack(req) && ahash_is_async(tfm))
> return -EAGAIN;
>
> Can it be removed? Or, is there some reason why you can't have
> asynchronous requests on the stack (such as inability of doing DMA to
> virtually mapped stack)?
>
> Or, should I just clear the flag CRYPTO_TFM_REQ_ON_STACK in my code?
>
> I'm modifying dm-integrity to use asynchronous API so that Harald
> Freudenberger can use it on mainframes (the reason is that his
> implementation only provides asynchronous API) and I would prefer to
> place
> ahash requests on the stack (and wait for them before the function
> exits).
>
> The commit 04bfa4c7d5119ca38f8133bfdae7957a60c8b221 says that we should
> clone the request with HASH_REQUEST_CLONE, but that is not usable in
> dm-integrity, because dm-integrity must work even when the system is
> out
> of memory.
>
> Mikulas
The problem with this 'on the stack' is also with the buffer addresses.
The asynch implementations get scatterlists. By playing around there,
I found out that the addresses in scatterlists are checked:
scatterlist.h:
static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
unsigned int buflen)
{
#ifdef CONFIG_DEBUG_SG
BUG_ON(!virt_addr_valid(buf));
#endif
sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
}
and virt_addr_valid(x) fails on stack addresses (!). I talked with the
s390 subsystem maintainer and he confirms this. So stack addresses can't
be used for scatterlists even when there is no DMA involved.
Harald Freudenberger
next prev parent reply other threads:[~2025-09-09 14:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-25 14:23 crypto ahash requests on the stack Mikulas Patocka
2025-08-27 9:36 ` Herbert Xu
2025-09-01 12:04 ` Mikulas Patocka
2025-09-09 14:01 ` Harald Freudenberger [this message]
2025-09-11 4:46 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b20529cc85868607dbec25489daa0404@linux.ibm.com \
--to=freude@linux.ibm.com \
--cc=davem@davemloft.net \
--cc=dm-devel@lists.linux.dev \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=mpatocka@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox