Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
libceph: align session_key and con_secret to 16 bytes
crypto_shash_setkey() and crypto_aead_setkey() will do a (small)
GFP_ATOMIC allocation to align the key if it isn't suitably aligned.
It's not a big deal, but at the same time easy to avoid.
The actual alignment requirement is dynamic, queryable with
crypto_shash_alignmask() and crypto_aead_alignmask(), but shouldn't
be stricter than 16 bytes for our algorithms.
Fixes: cd1a677cad99 ("libceph, ceph: implement msgr2.1 protocol (crc and secure modes)")
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+10
-2
+10
-2
net/ceph/messenger_v2.c
+10
-2
net/ceph/messenger_v2.c
···
2033
2033
return -EINVAL;
2034
2034
}
2035
2035
2036
+
/*
2037
+
* Align session_key and con_secret to avoid GFP_ATOMIC allocation
2038
+
* inside crypto_shash_setkey() and crypto_aead_setkey() called from
2039
+
* setup_crypto(). __aligned(16) isn't guaranteed to work for stack
2040
+
* objects, so do it by hand.
2041
+
*/
2036
2042
static int process_auth_done(struct ceph_connection *con, void *p, void *end)
2037
2043
{
2038
-
u8 session_key[CEPH_KEY_LEN];
2039
-
u8 con_secret[CEPH_MAX_CON_SECRET_LEN];
2044
+
u8 session_key_buf[CEPH_KEY_LEN + 16];
2045
+
u8 con_secret_buf[CEPH_MAX_CON_SECRET_LEN + 16];
2046
+
u8 *session_key = PTR_ALIGN(&session_key_buf[0], 16);
2047
+
u8 *con_secret = PTR_ALIGN(&con_secret_buf[0], 16);
2040
2048
int session_key_len, con_secret_len;
2041
2049
int payload_len;
2042
2050
u64 global_id;