kexec_file: use SHA-256 library API instead of crypto_shash API

This user of SHA-256 does not support any other algorithm, so the
crypto_shash abstraction provides no value. Just use the SHA-256 library
API instead, which is much simpler and easier to use.

Tested with '/sbin/kexec --kexec-file-syscall'.

Link: https://lkml.kernel.org/r/20250428185721.844686-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Eric Biggers and committed by

Andrew Morton 1 year ago f7a667a0 c91d7862

+16 -65

2 changed files

expand all

kernel

Kconfig.kexec

kexec_file.c

+1 -2

kernel/Kconfig.kexec

··· 38 38 config KEXEC_FILE 39 39 bool "Enable kexec file based system call" 40 40 depends on ARCH_SUPPORTS_KEXEC_FILE 41 - select CRYPTO 42 - select CRYPTO_SHA256 41 + select CRYPTO_LIB_SHA256 43 42 select KEXEC_CORE 44 43 help 45 44 This is new version of kexec system call. This system call is

+15 -63

kernel/kexec_file.c

··· 19 19 #include <linux/list.h> 20 20 #include <linux/fs.h> 21 21 #include <linux/ima.h> 22 - #include <crypto/hash.h> 23 22 #include <crypto/sha2.h> 24 23 #include <linux/elf.h> 25 24 #include <linux/elfcore.h> ··· 711 712 /* Calculate and store the digest of segments */ 712 713 static int kexec_calculate_store_digests(struct kimage *image) 713 714 { 714 - struct crypto_shash *tfm; 715 - struct shash_desc *desc; 715 + struct sha256_state state; 716 716 int ret = 0, i, j, zero_buf_sz, sha_region_sz; 717 - size_t desc_size, nullsz; 718 - char *digest; 717 + size_t nullsz; 718 + u8 digest[SHA256_DIGEST_SIZE]; 719 719 void *zero_buf; 720 720 struct kexec_sha_region *sha_regions; 721 721 struct purgatory_info *pi = &image->purgatory_info; ··· 725 727 zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT); 726 728 zero_buf_sz = PAGE_SIZE; 727 729 728 - tfm = crypto_alloc_shash("sha256", 0, 0); 729 - if (IS_ERR(tfm)) { 730 - ret = PTR_ERR(tfm); 731 - goto out; 732 - } 733 - 734 - desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); 735 - desc = kzalloc(desc_size, GFP_KERNEL); 736 - if (!desc) { 737 - ret = -ENOMEM; 738 - goto out_free_tfm; 739 - } 740 - 741 730 sha_region_sz = KEXEC_SEGMENT_MAX * sizeof(struct kexec_sha_region); 742 731 sha_regions = vzalloc(sha_region_sz); 743 - if (!sha_regions) { 744 - ret = -ENOMEM; 745 - goto out_free_desc; 746 - } 732 + if (!sha_regions) 733 + return -ENOMEM; 747 734 748 - desc->tfm = tfm; 749 - 750 - ret = crypto_shash_init(desc); 751 - if (ret < 0) 752 - goto out_free_sha_regions; 753 - 754 - digest = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL); 755 - if (!digest) { 756 - ret = -ENOMEM; 757 - goto out_free_sha_regions; 758 - } 735 + sha256_init(&state); 759 736 760 737 for (j = i = 0; i < image->nr_segments; i++) { 761 738 struct kexec_segment *ksegment; ··· 749 776 if (ksegment->kbuf == pi->purgatory_buf) 750 777 continue; 751 778 752 - ret = crypto_shash_update(desc, ksegment->kbuf, 753 - ksegment->bufsz); 754 - if (ret) 755 - break; 779 + sha256_update(&state, ksegment->kbuf, ksegment->bufsz); 756 780 757 781 /* 758 782 * Assume rest of the buffer is filled with zero and ··· 761 791 762 792 if (bytes > zero_buf_sz) 763 793 bytes = zero_buf_sz; 764 - ret = crypto_shash_update(desc, zero_buf, bytes); 765 - if (ret) 766 - break; 794 + sha256_update(&state, zero_buf, bytes); 767 795 nullsz -= bytes; 768 796 } 769 - 770 - if (ret) 771 - break; 772 797 773 798 sha_regions[j].start = ksegment->mem; 774 799 sha_regions[j].len = ksegment->memsz; 775 800 j++; 776 801 } 777 802 778 - if (!ret) { 779 - ret = crypto_shash_final(desc, digest); 780 - if (ret) 781 - goto out_free_digest; 782 - ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha_regions", 783 - sha_regions, sha_region_sz, 0); 784 - if (ret) 785 - goto out_free_digest; 803 + sha256_final(&state, digest); 786 804 787 - ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha256_digest", 788 - digest, SHA256_DIGEST_SIZE, 0); 789 - if (ret) 790 - goto out_free_digest; 791 - } 805 + ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha_regions", 806 + sha_regions, sha_region_sz, 0); 807 + if (ret) 808 + goto out_free_sha_regions; 792 809 793 - out_free_digest: 794 - kfree(digest); 810 + ret = kexec_purgatory_get_set_symbol(image, "purgatory_sha256_digest", 811 + digest, SHA256_DIGEST_SIZE, 0); 795 812 out_free_sha_regions: 796 813 vfree(sha_regions); 797 - out_free_desc: 798 - kfree(desc); 799 - out_free_tfm: 800 - kfree(tfm); 801 - out: 802 814 return ret; 803 815 } 804 816

Configure Feed

Configure Feed