Re: [PATCH 1/1] crypto: arm64/aes-neonbs - Move key expansion off the stack

Next message: Shashank Balaji: "[PATCH v2 0/2] x86/x2apic: Fix hangup of defconfig kernel on resume from s2ram"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v8 1/2] net: mhi: Enable Ethernet interface support"
In reply to: Cheng-Yang Chou: "Re: [PATCH 1/1] crypto: arm64/aes-neonbs - Move key expansion off the stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Fri Mar 06 2026 - 00:55:54 EST

On Fri, Mar 06, 2026 at 01:46:33PM +0800, Cheng-Yang Chou wrote:
> Hi Eric,
>
> On Thu, Mar 05, 2026 at 11:38:47AM -0800, Eric Biggers wrote:
> > Instead of memzero_explicit() followed by kfree(), just use
> > kfree_sensitive().
> >
> > Also, single patches should not have a cover letter. Just send a single
> > patch email with all the details in the patch itself.
> >
> > As for the actual change, I guess it's okay for now. Ideally we'd
> > refactor the aes-bs key preparation to not need temporary space.
>
> Thanks for the feedback.
> I'll send a v2 to address your comments.
>
> The arm implementation also allocates struct crypto_aes_ctx on the
> stack in aesbs_setkey(). Should I include a fix for it as well?
> Note that I can only test on arm64.
>
> Also, I'd be happy to help with the refactoring if you can point me
> in the right direction.

arm doesn't store the kernel-mode NEON context on the stack, so a
similar change shouldn't be needed there. This issue showed up only
because arm64 started doing that, which made the stack memory used by
aesbs_setkey() exceed ~1000 bytes due to the crypto_aes_ctx and the
kernel-mode NEON context each using about 500.

- Eric