SUNRPC: Revert 561141dd494382217bace4d1a51d08168420eace

Scott reports an occasional scatterlist BUG that is triggered by the
RFC 8009 Kunit test, then says:

> Looking through the git history of the auth_gss code, there are various
> places where static buffers were replaced by dynamically allocated ones
> because they're being used with scatterlists.

Reported-by: Scott Mayhew <smayhew@redhat.com>
Fixes: 561141dd4943 ("SUNRPC: Use a static buffer for the checksum initialization vector")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index b2c1b683a88ee2ece3f5f84ff0af7468f437e13b..d2b02710ab0709dfc92b4ce8e1bc0d892016594e 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -921,8 +921,6 @@ out_err:
  * Caller provides the truncation length of the output token (h) in
  * cksumout.len.
  *
- * Note that for RPCSEC, the "initial cipher state" is always all zeroes.
- *
  * Return values:
  *   %GSS_S_COMPLETE: Digest computed, @cksumout filled in
  *   %GSS_S_FAILURE: Call failed
@@ -933,19 +931,22 @@ u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
                      int body_offset, struct xdr_netobj *cksumout)
 {
        unsigned int ivsize = crypto_sync_skcipher_ivsize(cipher);
-       static const u8 iv[GSS_KRB5_MAX_BLOCKSIZE];
        struct ahash_request *req;
        struct scatterlist sg[1];
+       u8 *iv, *checksumdata;
        int err = -ENOMEM;
-       u8 *checksumdata;
 
        checksumdata = kmalloc(crypto_ahash_digestsize(tfm), GFP_KERNEL);
        if (!checksumdata)
                return GSS_S_FAILURE;
+       /* For RPCSEC, the "initial cipher state" is always all zeroes. */
+       iv = kzalloc(ivsize, GFP_KERNEL);
+       if (!iv)
+               goto out_free_mem;
 
        req = ahash_request_alloc(tfm, GFP_KERNEL);
        if (!req)
-               goto out_free_cksumdata;
+               goto out_free_mem;
        ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
        err = crypto_ahash_init(req);
        if (err)
@@ -969,7 +970,8 @@ u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
 
 out_free_ahash:
        ahash_request_free(req);
-out_free_cksumdata:
+out_free_mem:
+       kfree(iv);
        kfree_sensitive(checksumdata);
        return err ? GSS_S_FAILURE : GSS_S_COMPLETE;
 }