[v4,1/3] nvme-auth: alloc nvme_dhchap_key as single buffer
Commit Message
Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
V2 -> V3: initial version
V3 -> V4: added function to get size of key struct
drivers/nvme/common/auth.c | 35 ++++++++++++++++++++++++-----------
include/linux/nvme-auth.h | 4 +++-
2 files changed, 27 insertions(+), 12 deletions(-)
Comments
Hi Mark,
kernel test robot noticed the following build warnings:
[auto build test WARNING on hch-configfs/for-next]
[also build test WARNING on linus/master v6.6-rc6 next-20231017]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Mark-O-Donovan/nvme-auth-alloc-nvme_dhchap_key-as-single-buffer/20231017-185421
base: git://git.infradead.org/users/hch/configfs.git for-next
patch link: https://lore.kernel.org/r/20231017105251.3274652-2-shiftee%40posteo.net
patch subject: [PATCH v4 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172318.IgK0V5EX-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172318.IgK0V5EX-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310172318.IgK0V5EX-lkp@intel.com/
All warnings (new ones prefixed by >>):
drivers/nvme/common/auth.c: In function 'nvme_auth_transform_key':
>> drivers/nvme/common/auth.c:253:21: warning: the comparison will always evaluate as 'true' for the address of 'key' will never be NULL [-Waddress]
253 | if (!key || !key->key) {
| ^
In file included from drivers/nvme/common/auth.c:15:
include/linux/nvme-auth.h:14:12: note: 'key' declared here
14 | u8 key[];
| ^~~
vim +253 drivers/nvme/common/auth.c
f50fff73d620cd Hannes Reinecke 2022-06-27 244
f50fff73d620cd Hannes Reinecke 2022-06-27 245 u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
f50fff73d620cd Hannes Reinecke 2022-06-27 246 {
f50fff73d620cd Hannes Reinecke 2022-06-27 247 const char *hmac_name;
f50fff73d620cd Hannes Reinecke 2022-06-27 248 struct crypto_shash *key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27 249 struct shash_desc *shash;
f50fff73d620cd Hannes Reinecke 2022-06-27 250 u8 *transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 251 int ret;
f50fff73d620cd Hannes Reinecke 2022-06-27 252
f50fff73d620cd Hannes Reinecke 2022-06-27 @253 if (!key || !key->key) {
f50fff73d620cd Hannes Reinecke 2022-06-27 254 pr_warn("No key specified\n");
f50fff73d620cd Hannes Reinecke 2022-06-27 255 return ERR_PTR(-ENOKEY);
f50fff73d620cd Hannes Reinecke 2022-06-27 256 }
f50fff73d620cd Hannes Reinecke 2022-06-27 257 if (key->hash == 0) {
f50fff73d620cd Hannes Reinecke 2022-06-27 258 transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27 259 return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
f50fff73d620cd Hannes Reinecke 2022-06-27 260 }
f50fff73d620cd Hannes Reinecke 2022-06-27 261 hmac_name = nvme_auth_hmac_name(key->hash);
f50fff73d620cd Hannes Reinecke 2022-06-27 262 if (!hmac_name) {
f50fff73d620cd Hannes Reinecke 2022-06-27 263 pr_warn("Invalid key hash id %d\n", key->hash);
f50fff73d620cd Hannes Reinecke 2022-06-27 264 return ERR_PTR(-EINVAL);
f50fff73d620cd Hannes Reinecke 2022-06-27 265 }
f50fff73d620cd Hannes Reinecke 2022-06-27 266
f50fff73d620cd Hannes Reinecke 2022-06-27 267 key_tfm = crypto_alloc_shash(hmac_name, 0, 0);
f50fff73d620cd Hannes Reinecke 2022-06-27 268 if (IS_ERR(key_tfm))
f50fff73d620cd Hannes Reinecke 2022-06-27 269 return (u8 *)key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27 270
f50fff73d620cd Hannes Reinecke 2022-06-27 271 shash = kmalloc(sizeof(struct shash_desc) +
f50fff73d620cd Hannes Reinecke 2022-06-27 272 crypto_shash_descsize(key_tfm),
f50fff73d620cd Hannes Reinecke 2022-06-27 273 GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27 274 if (!shash) {
f50fff73d620cd Hannes Reinecke 2022-06-27 275 ret = -ENOMEM;
f50fff73d620cd Hannes Reinecke 2022-06-27 276 goto out_free_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 277 }
f50fff73d620cd Hannes Reinecke 2022-06-27 278
f50fff73d620cd Hannes Reinecke 2022-06-27 279 transformed_key = kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27 280 if (!transformed_key) {
f50fff73d620cd Hannes Reinecke 2022-06-27 281 ret = -ENOMEM;
f50fff73d620cd Hannes Reinecke 2022-06-27 282 goto out_free_shash;
f50fff73d620cd Hannes Reinecke 2022-06-27 283 }
f50fff73d620cd Hannes Reinecke 2022-06-27 284
f50fff73d620cd Hannes Reinecke 2022-06-27 285 shash->tfm = key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27 286 ret = crypto_shash_setkey(key_tfm, key->key, key->len);
f50fff73d620cd Hannes Reinecke 2022-06-27 287 if (ret < 0)
80e2768496a494 Dan Carpenter 2022-07-18 288 goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 289 ret = crypto_shash_init(shash);
f50fff73d620cd Hannes Reinecke 2022-06-27 290 if (ret < 0)
80e2768496a494 Dan Carpenter 2022-07-18 291 goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 292 ret = crypto_shash_update(shash, nqn, strlen(nqn));
f50fff73d620cd Hannes Reinecke 2022-06-27 293 if (ret < 0)
80e2768496a494 Dan Carpenter 2022-07-18 294 goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 295 ret = crypto_shash_update(shash, "NVMe-over-Fabrics", 17);
f50fff73d620cd Hannes Reinecke 2022-06-27 296 if (ret < 0)
80e2768496a494 Dan Carpenter 2022-07-18 297 goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27 298 ret = crypto_shash_final(shash, transformed_key);
80e2768496a494 Dan Carpenter 2022-07-18 299 if (ret < 0)
80e2768496a494 Dan Carpenter 2022-07-18 300 goto out_free_transformed_key;
80e2768496a494 Dan Carpenter 2022-07-18 301
80e2768496a494 Dan Carpenter 2022-07-18 302 kfree(shash);
80e2768496a494 Dan Carpenter 2022-07-18 303 crypto_free_shash(key_tfm);
80e2768496a494 Dan Carpenter 2022-07-18 304
80e2768496a494 Dan Carpenter 2022-07-18 305 return transformed_key;
80e2768496a494 Dan Carpenter 2022-07-18 306
80e2768496a494 Dan Carpenter 2022-07-18 307 out_free_transformed_key:
80e2768496a494 Dan Carpenter 2022-07-18 308 kfree_sensitive(transformed_key);
f50fff73d620cd Hannes Reinecke 2022-06-27 309 out_free_shash:
f50fff73d620cd Hannes Reinecke 2022-06-27 310 kfree(shash);
f50fff73d620cd Hannes Reinecke 2022-06-27 311 out_free_key:
f50fff73d620cd Hannes Reinecke 2022-06-27 312 crypto_free_shash(key_tfm);
80e2768496a494 Dan Carpenter 2022-07-18 313
f50fff73d620cd Hannes Reinecke 2022-06-27 314 return ERR_PTR(ret);
f50fff73d620cd Hannes Reinecke 2022-06-27 315 }
f50fff73d620cd Hannes Reinecke 2022-06-27 316 EXPORT_SYMBOL_GPL(nvme_auth_transform_key);
f50fff73d620cd Hannes Reinecke 2022-06-27 317
@@ -150,6 +150,14 @@ size_t nvme_auth_hmac_hash_len(u8 hmac_id)
}
EXPORT_SYMBOL_GPL(nvme_auth_hmac_hash_len);
+u32 nvme_auth_key_struct_size(u32 key_len)
+{
+ struct nvme_dhchap_key key;
+
+ return struct_size(&key, key, key_len);
+}
+EXPORT_SYMBOL_GPL(nvme_auth_key_struct_size);
+
struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
u8 key_hash)
{
@@ -163,14 +171,9 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
p = strrchr(secret, ':');
if (p)
allocated_len = p - secret;
- key = kzalloc(sizeof(*key), GFP_KERNEL);
+ key = nvme_auth_alloc_key(allocated_len, 0);
if (!key)
return ERR_PTR(-ENOMEM);
- key->key = kzalloc(allocated_len, GFP_KERNEL);
- if (!key->key) {
- ret = -ENOMEM;
- goto out_free_key;
- }
key_len = base64_decode(secret, allocated_len, key->key);
if (key_len < 0) {
@@ -213,19 +216,29 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
key->hash = key_hash;
return key;
out_free_secret:
- kfree_sensitive(key->key);
-out_free_key:
- kfree(key);
+ nvme_auth_free_key(key);
return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(nvme_auth_extract_key);
+struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash)
+{
+ u32 num_bytes = nvme_auth_key_struct_size(len);
+ struct nvme_dhchap_key *key = kzalloc(num_bytes, GFP_KERNEL);
+
+ if (key) {
+ key->len = len;
+ key->hash = hash;
+ }
+ return key;
+}
+EXPORT_SYMBOL_GPL(nvme_auth_alloc_key);
+
void nvme_auth_free_key(struct nvme_dhchap_key *key)
{
if (!key)
return;
- kfree_sensitive(key->key);
- kfree(key);
+ kfree_sensitive(key);
}
EXPORT_SYMBOL_GPL(nvme_auth_free_key);
@@ -9,9 +9,9 @@
#include <crypto/kpp.h>
struct nvme_dhchap_key {
- u8 *key;
size_t len;
u8 hash;
+ u8 key[];
};
u32 nvme_auth_get_seqnum(void);
@@ -24,9 +24,11 @@ const char *nvme_auth_digest_name(u8 hmac_id);
size_t nvme_auth_hmac_hash_len(u8 hmac_id);
u8 nvme_auth_hmac_id(const char *hmac_name);
+u32 nvme_auth_key_struct_size(u32 key_len);
struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
u8 key_hash);
void nvme_auth_free_key(struct nvme_dhchap_key *key);
+struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash);
u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn);
int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key);
int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,