Re: [PATCH] firmware_loader: use SHA-256 library API instead of crypto_shash API

Next message: Konrad Dybcio: "Re: [PATCH v3 2/2] arm64: dts: qcom: sm8250: Add inline crypto engine"
Previous message: Qais Yousef: "Re: [PATCH 0/6 v8] sched/fair: Add push task mechanism and handle more EAS cases"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Youssef Samir

Date: Tue Mar 10 2026 - 11:14:27 EST

On 3/6/2026 9:20 PM, Eric Biggers wrote:
>
> I guess this further shows that the upgrade to size_t lengths was a good
> idea...
>
> There was recently a similar bug report where on old kernels kexec
> crashed in crypto_sha256_update when loading a file larger than ~2 GB.
> It had already been fixed upstream by the upgrade to size_t lengths.
> However, due to the large number of backports that would have been
> needed, for the 6.1, 6.6, and 6.12 LTS kernels we just went with the
> one-line fix "crypto: sha256 - fix crash at kexec"
> (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-6.12.y&id=70165dc3ec8cff702da7b8b122c44575ee3111d6).
>
> That increased the supported length in 6.1, and 6.6, and 6.12 from ~2 GB
> to ~4 GB. Your "6.8.0-62-generic" distro kernel must be missing that
> commit. You should first ask your distro to cherry-pick that commit
> from 6.12, and it will fix the problem for sizes < ~4 GB.
Thanks, that fixes the issue :) I will request from them to cherry-pick it.
>
> Do you need support for sizes > ~4 GB? If so, then we can come up with
> a solution for that in the LTS kernels. (Besides just doing a lot of
> backports, one option would be to replace the call to
> crypto_shash_digest() with a multi-step incremental computation.)
No need, 4GB is way larger than our image size already.

Thanks
- Youssef