lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Feb 2024 14:44:46 +0100 (CET)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Arnd Bergmann <arnd@...nel.org>
cc: Alasdair Kergon <agk@...hat.com>, Mike Snitzer <snitzer@...nel.org>, 
    dm-devel@...ts.linux.dev, Arnd Bergmann <arnd@...db.de>, 
    Eric Biggers <ebiggers@...gle.com>, Yu Zhe <yuzhe@...china.com>, 
    linux-kernel@...r.kernel.org
Subject: Re: [PATCH] dm-integrity: reduce stack usage for recheck

Hi


On Sat, 24 Feb 2024, Arnd Bergmann wrote:

> From: Arnd Bergmann <arnd@...db.de>
> 
> The newly added integrity_recheck() function has another larger stack
> allocation, just like its caller integrity_metadata(). When it gets
> inlined, the combination of the two exceeds the warning limit for 32-bit
> architectures and possibly risks an overflow when this is called from
> a deep call chain through a file system:
> 
> drivers/md/dm-integrity.c:1767:13: error: stack frame size (1048) exceeds limit (1024) in 'integrity_metadata' [-Werror,-Wframe-larger-than]
>  1767 | static void integrity_metadata(struct work_struct *w)
> 
> Since the caller at this point is done using its checksum buffer,
> just reuse the same buffer in the new function to avoid the double
> allocation.

OK, thanks.

But, the function integrity_recheck shouldn't be inlined at all, because 
it is only called on authentication error. So, I'll post your patch with 
"noinline" being added.

Mikulas

> Fixes: c88f5e553fe3 ("dm-integrity: recheck the integrity tag after a failure")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  drivers/md/dm-integrity.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
> index 143f6c223b0e..82023f1f3df0 100644
> --- a/drivers/md/dm-integrity.c
> +++ b/drivers/md/dm-integrity.c
> @@ -1691,14 +1691,13 @@ static void integrity_sector_checksum(struct dm_integrity_c *ic, sector_t sector
>  	get_random_bytes(result, ic->tag_size);
>  }
>  
> -static void integrity_recheck(struct dm_integrity_io *dio)
> +static void integrity_recheck(struct dm_integrity_io *dio, char *checksum)
>  {
>  	struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io));
>  	struct dm_integrity_c *ic = dio->ic;
>  	struct bvec_iter iter;
>  	struct bio_vec bv;
>  	sector_t sector, logical_sector, area, offset;
> -	char checksum_onstack[max_t(size_t, HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)];
>  	struct page *page;
>  	void *buffer;
>  
> @@ -1735,8 +1734,8 @@ static void integrity_recheck(struct dm_integrity_io *dio)
>  			}
>  
>  			integrity_sector_checksum(ic, logical_sector, buffer,
> -						  checksum_onstack);
> -			r = dm_integrity_rw_tag(ic, checksum_onstack, &dio->metadata_block,
> +						  checksum);
> +			r = dm_integrity_rw_tag(ic, checksum, &dio->metadata_block,
>  						&dio->metadata_offset, ic->tag_size, TAG_CMP);
>  			if (r) {
>  				if (r > 0) {
> @@ -1851,7 +1850,7 @@ static void integrity_metadata(struct work_struct *w)
>  						checksums_ptr - checksums, dio->op == REQ_OP_READ ? TAG_CMP : TAG_WRITE);
>  			if (unlikely(r)) {
>  				if (r > 0) {
> -					integrity_recheck(dio);
> +					integrity_recheck(dio, checksums);
>  					goto skip_io;
>  				}
>  				if (likely(checksums != checksums_onstack))
> -- 
> 2.39.2
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ