From nobody Thu Apr 9 18:55:12 2026 Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AF50370D54 for ; Fri, 6 Mar 2026 06:43:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772779389; cv=none; b=WfS9SXnWkeNfMdjv+ysVQuJkf60hrntVmXWG0OsTE0uMo1v6GXknSDW45f5IyHYc8P97qgRH0IR+0kAm/P/1NINXaprni/0Fho0LqlL8O1lepKkHtzFB2eww6BpcVcL+y8c1/tXHzjmj5fW2E+T1O5RTHNjM29ZYV7GZxXOWIN0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772779389; c=relaxed/simple; bh=WTSm68jH8PQSZso+MBpBdL/R1lZqKRsqj7qp1sf6HQA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=pxpiZHt8ju3L+Gf3CHwrwmxIJUIcTFy8uveVeHpBvtKiQtNXWp8vi+qnHWBIsuc9WFCDPjaAq7xe6yWJ9UcLTkRB9iAFSUynNe5qlrIrqsIQ9PY3ZkCtpwdKz5hv+/mBe4GqskKG90ITEnjPqJDDF/dTY8Px+IZyRFgtgMY6rAg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=egsJ39M4; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="egsJ39M4" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-3598a09fcb3so2326072a91.0 for ; Thu, 05 Mar 2026 22:43:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772779388; x=1773384188; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=11+RTC5t0MsdYzyhRjOIFhJd9Jd2+UWG3tuKjDCny7k=; b=egsJ39M4uerykHgLQsaysYmlzVq8jTAWdu/lcXX4naaPKi8CK8gClnXw9+yQtMN2zg TvmzYt6/yAu6MMhl1oRqEjvOxe50yE62Fn4LZg4V3rekzaLeQ5Fe+oF/9sA5StsTKg/4 1nzKb0plMieUVqyI/XKvexdbHw3WVNcWTbs1gg1PJfHKnzjf1+4lAofG7btS/fdc5Mkv wWOFpVzSRCjScuIoqyg5DQexhcBmO+asgt3NMDiEYDuJCCkaK57n2eC5WYvBoQUTHD1x 5zJJyO0Dhs87piNzGLD8+aMwgtovQAO0EF+3P56ytqoFzkBfzvzPpbxa7x7VQVcSF7fv m/tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772779388; x=1773384188; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=11+RTC5t0MsdYzyhRjOIFhJd9Jd2+UWG3tuKjDCny7k=; b=Fmeuv/u/Z4e1WdI1OvUyaS6oytyiVYnvnkSUKc+1s38MMB9OHzc2iF59Y1aArpK3Rt pe3nMdxeZh+1eihzyl8YfBBF6a0z1bUQvQtJVKr/fmAzRW7jdUlX1udquF+oY0xmvETC iivP9m8b3iCwtM21vz7zWaxio7IZN5xn9ye8/0B/Td6J7z4zwLxYVKvhA/OGa5gwnYfR lnmm0nbJZ3UBae3ZY2X4qqpPY5Y/DFGelsBrfCZmhtlBNX9fSIp/+28EUDOZo8WiHuec fL55ZxJ0aFc62bdhsEjN+gxxvGQJhH+yJw7mSWOdCVCEO1C/QPZndO/nZF9c7gtp5LzS 2CQA== X-Forwarded-Encrypted: i=1; AJvYcCVstdbAx7DgzTNn4+69YEwBVIX0pLR25yIE6wuRRpv2NLZthjoglmx/mJt28B2VsrRTxokyQwiacwkM12g=@vger.kernel.org X-Gm-Message-State: AOJu0YyaJ0LxrgSDOSKz4wdfFxyV9ukSHwp3ysD7d8463XH6YyQ7r44q 1+kLH/M/YkOzW1RqdV+Xu6WvRNEcp54WxhzwO8jPKNbxZmD8OsFp2Jkh X-Gm-Gg: ATEYQzysBpxbuYGnBXvwg0xzGY8nxcvlk6ezxBmT/nFdZnrzd/9pUzrmgAaquUq6y02 VCgzpR8mxIBYRT4FTqzonNKyxHQiOpTLHmZ83sP2EcJNh41qFdPhAjiyYsF9XTQgjSKh5AQ2bxT qTjCtpiSPgbhhZAcJO6o/WASo/ZBmmV3p/Ew/rpUNHkHniycY01BrktVkJx/5Jq/gUIvoWdukze O6jbNg3FyYR5vocXU/6z/zFUiamEpRFyUeOoy9Cwtg9nKlvgGZmkhSwhpSM/z11NG+JqQQpFJCE TpgMBGDk6PFBaHemZHykw1qkEII+w56oFEDgGFBd0CK7kWxooZBlVt16ijDGFFdETw7bULoK2Y/ RALd5IlZkUQffHFiaDuKcLRv+RDsVUiWgapSqsCbAFm+0UDD7R3Q/zzfGXIDk+sIUdRQNbYXWCv DJtgAM+/T6KDKq3lUcOAqyOCnf23FW+A== X-Received: by 2002:a17:902:da8a:b0:2ae:450c:951e with SMTP id d9443c01a7336-2ae82388a53mr13181935ad.17.1772779387493; Thu, 05 Mar 2026 22:43:07 -0800 (PST) Received: from arm-server.. ([2001:288:7001:2724:1a31:bfff:fe58:b622]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2ae840b2e9dsm11892375ad.85.2026.03.05.22.43.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Mar 2026 22:43:07 -0800 (PST) From: Cheng-Yang Chou To: herbert@gondor.apana.org.au, davem@davemloft.net, catalin.marinas@arm.com, will@kernel.org, ebiggers@kernel.org, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: jserv@ccns.ncku.edu.tw, yphbchou0911@gmail.com Subject: [PATCH v2] crypto: arm64/aes-neonbs - Move key expansion off the stack Date: Fri, 6 Mar 2026 14:42:54 +0800 Message-ID: <20260306064254.2079274-1-yphbchou0911@gmail.com> X-Mailer: git-send-email 2.48.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" aesbs_setkey() and aesbs_cbc_ctr_setkey() allocate struct crypto_aes_ctx on the stack. On arm64, the kernel-mode NEON context is also stored on the stack, causing the combined frame size to exceed 1024 bytes and triggering -Wframe-larger-than=3D warnings. Allocate struct crypto_aes_ctx on the heap instead and use kfree_sensitive() to ensure the key material is zeroed on free. Use a goto-based cleanup path to ensure kfree_sensitive() is always called. Signed-off-by: Cheng-Yang Chou --- Changes in v1: - Replace memzero_explicit() + kfree() with kfree_sensitive() (Eric Biggers) - Link to v1: https://lore.kernel.org/all/20260305183229.150599-1-yphbchou0= 911@gmail.com/ arch/arm64/crypto/aes-neonbs-glue.c | 37 ++++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-ne= onbs-glue.c index cb87c8fc66b3..00530b291010 100644 --- a/arch/arm64/crypto/aes-neonbs-glue.c +++ b/arch/arm64/crypto/aes-neonbs-glue.c @@ -76,19 +76,24 @@ static int aesbs_setkey(struct crypto_skcipher *tfm, co= nst u8 *in_key, unsigned int key_len) { struct aesbs_ctx *ctx =3D crypto_skcipher_ctx(tfm); - struct crypto_aes_ctx rk; + struct crypto_aes_ctx *rk; int err; =20 - err =3D aes_expandkey(&rk, in_key, key_len); + rk =3D kmalloc(sizeof(*rk), GFP_KERNEL); + if (!rk) + return -ENOMEM; + + err =3D aes_expandkey(rk, in_key, key_len); if (err) - return err; + goto out; =20 ctx->rounds =3D 6 + key_len / 4; =20 scoped_ksimd() - aesbs_convert_key(ctx->rk, rk.key_enc, ctx->rounds); - - return 0; + aesbs_convert_key(ctx->rk, rk->key_enc, ctx->rounds); +out: + kfree_sensitive(rk); + return err; } =20 static int __ecb_crypt(struct skcipher_request *req, @@ -133,22 +138,26 @@ static int aesbs_cbc_ctr_setkey(struct crypto_skciphe= r *tfm, const u8 *in_key, unsigned int key_len) { struct aesbs_cbc_ctr_ctx *ctx =3D crypto_skcipher_ctx(tfm); - struct crypto_aes_ctx rk; + struct crypto_aes_ctx *rk; int err; =20 - err =3D aes_expandkey(&rk, in_key, key_len); + rk =3D kmalloc(sizeof(*rk), GFP_KERNEL); + if (!rk) + return -ENOMEM; + + err =3D aes_expandkey(rk, in_key, key_len); if (err) - return err; + goto out; =20 ctx->key.rounds =3D 6 + key_len / 4; =20 - memcpy(ctx->enc, rk.key_enc, sizeof(ctx->enc)); + memcpy(ctx->enc, rk->key_enc, sizeof(ctx->enc)); =20 scoped_ksimd() - aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); - memzero_explicit(&rk, sizeof(rk)); - - return 0; + aesbs_convert_key(ctx->key.rk, rk->key_enc, ctx->key.rounds); +out: + kfree_sensitive(rk); + return err; } =20 static int cbc_encrypt(struct skcipher_request *req) --=20 2.48.1