lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <759b865987073bd0746c3e9e38b437515b1f249d.camel@intel.com>
Date:   Thu, 28 Mar 2019 15:44:13 +0000
From:   "Derrick, Jonathan" <jonathan.derrick@...el.com>
To:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "zub@...ux.fjfi.cvut.cz" <zub@...ux.fjfi.cvut.cz>,
        "linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
        "sbauer@...donthack.me" <sbauer@...donthack.me>,
        "axboe@...nel.dk" <axboe@...nel.dk>
CC:     "jonas.rabenstein@...dium.uni-erlangen.de" 
        <jonas.rabenstein@...dium.uni-erlangen.de>
Subject: Re: [PATCH 14/16] block: sed-opal: pass steps via argument rather
 than via opal_dev

Acked-by: Jon Derrick <jonathan.derrick@...el.com>

On Thu, 2019-02-14 at 01:16 +0100, David Kozub wrote:
> The steps argument is only read by the next function, so it can
> be passed directly as an argument rather than via opal_dev.
> 
> Normally, the steps is an array on the stack, so the pointer stops
> being valid then the function that set opal_dev.steps returns.
> If opal_dev.steps was not set to NULL before return it would become
> a dangling pointer. When the steps are passed as argument this
> becomes easier to see and more difficult to misuse.
> 
> Signed-off-by: David Kozub <zub@...ux.fjfi.cvut.cz>
> ---
>  block/sed-opal.c | 158 +++++++++++++++++++++----------------------
> ----
>  1 file changed, 69 insertions(+), 89 deletions(-)
> 
> diff --git a/block/sed-opal.c b/block/sed-opal.c
> index be0d633783c8..f027c0cb682e 100644
> --- a/block/sed-opal.c
> +++ b/block/sed-opal.c
> @@ -85,7 +85,6 @@ struct opal_dev {
>  	void *data;
>  	sec_send_recv *send_recv;
>  
> -	const struct opal_step *steps;
>  	struct mutex dev_lock;
>  	u16 comid;
>  	u32 hsn;
> @@ -382,37 +381,34 @@ static void check_geometry(struct opal_dev
> *dev, const void *data)
>  	dev->lowest_lba = geo->lowest_aligned_lba;
>  }
>  
> -static int next(struct opal_dev *dev)
> +static int next(struct opal_dev *dev, const struct opal_step *steps,
> +		size_t n_steps)
>  {
>  	const struct opal_step *step;
> -	int state = 0, error = 0;
> +	size_t state;
> +	int error = 0;
>  
> -	do {
> -		step = &dev->steps[state];
> -		if (!step->fn)
> -			break;
> +	for (state = 0; state < n_steps; state++) {
> +		step = &steps[state];
>  
>  		error = step->fn(dev, step->data);
> -		if (error) {
> -			pr_debug("Step %d (%pS) failed with error %d:
> %s\n",
> -				 state, step->fn, error,
> -				 opal_error_to_human(error));
> -
> -			/* For each OPAL command we do a discovery0
> then we
> -			 * start some sort of session.
> -			 * If we haven't passed state 1 then there was
> an error
> -			 * on discovery0 or during the attempt to start
> a
> -			 * session. Therefore we shouldn't attempt to
> terminate
> -			 * a session, as one has not yet been created.
> -			 */
> -			if (state > 1) {
> -				end_opal_session_error(dev);
> -				return error;
> -			}
> +		if (error)
> +			goto out_error;
> +	}
>  
> -		}
> -		state++;
> -	} while (!error);
> +	return 0;
> +
> +out_error:
> +	/*
> +	 * For each OPAL command the first step in steps does a
> discovery0
> +	 * and the second step starts some sort of session. If an error
> occurred
> +	 * in the first two steps (and thus stopping the loop with
> state <= 1)
> +	 * then there was an error before or during the attempt to
> start a
> +	 * session. Therefore we shouldn't attempt to terminate a
> session, as
> +	 * one has not yet been created.
> +	 */
> +	if (state > 1)
> +		end_opal_session_error(dev);
>  
>  	return error;
>  }
> @@ -1836,17 +1832,13 @@ static int end_opal_session(struct opal_dev
> *dev, void *data)
>  static int end_opal_session_error(struct opal_dev *dev)
>  {
>  	const struct opal_step error_end_session[] = {
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
> -	dev->steps = error_end_session;
> -	return next(dev);
> +	return next(dev, error_end_session,
> ARRAY_SIZE(error_end_session));
>  }
>  
> -static inline void setup_opal_dev(struct opal_dev *dev,
> -				  const struct opal_step *steps)
> +static inline void setup_opal_dev(struct opal_dev *dev)
>  {
> -	dev->steps = steps;
>  	dev->tsn = 0;
>  	dev->hsn = 0;
>  	dev->prev_data = NULL;
> @@ -1855,14 +1847,13 @@ static inline void setup_opal_dev(struct
> opal_dev *dev,
>  static int check_opal_support(struct opal_dev *dev)
>  {
>  	const struct opal_step steps[] = {
> -		{ opal_discovery0, },
> -		{ NULL, }
> +		{ opal_discovery0, }
>  	};
>  	int ret;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, steps, ARRAY_SIZE(steps));
>  	dev->supported = !ret;
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
> @@ -1919,14 +1910,13 @@ static int
> opal_secure_erase_locking_range(struct opal_dev *dev,
>  		{ start_auth_opal_session, opal_session },
>  		{ get_active_key, &opal_session->opal_key.lr },
>  		{ gen_key, },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, erase_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, erase_steps, ARRAY_SIZE(erase_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -1938,14 +1928,13 @@ static int opal_erase_locking_range(struct
> opal_dev *dev,
>  		{ opal_discovery0, },
>  		{ start_auth_opal_session, opal_session },
>  		{ erase_locking_range, opal_session },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, erase_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, erase_steps, ARRAY_SIZE(erase_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -1963,8 +1952,7 @@ static int
> opal_enable_disable_shadow_mbr(struct opal_dev *dev,
>  		{ end_opal_session, },
>  		{ start_admin1LSP_opal_session, &opal_mbr->key },
>  		{ set_mbr_enable_disable, &enable_disable },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -1973,8 +1961,8 @@ static int
> opal_enable_disable_shadow_mbr(struct opal_dev *dev,
>  		return -EINVAL;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, mbr_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -1991,7 +1979,7 @@ static int opal_save(struct opal_dev *dev,
> struct opal_lock_unlock *lk_unlk)
>  	suspend->lr = lk_unlk->session.opal_key.lr;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, NULL);
> +	setup_opal_dev(dev);
>  	add_suspend_info(dev, suspend);
>  	mutex_unlock(&dev->dev_lock);
>  	return 0;
> @@ -2004,8 +1992,7 @@ static int opal_add_user_to_lr(struct opal_dev
> *dev,
>  		{ opal_discovery0, },
>  		{ start_admin1LSP_opal_session, &lk_unlk-
> >session.opal_key },
>  		{ add_user_to_lr, lk_unlk },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -2027,8 +2014,8 @@ static int opal_add_user_to_lr(struct opal_dev
> *dev,
>  	}
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, steps, ARRAY_SIZE(steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2038,14 +2025,13 @@ static int opal_reverttper(struct opal_dev
> *dev, struct opal_key *opal)
>  	const struct opal_step revert_steps[] = {
>  		{ opal_discovery0, },
>  		{ start_SIDASP_opal_session, opal },
> -		{ revert_tper, }, /* controller will terminate session
> */
> -		{ NULL, }
> +		{ revert_tper, } /* controller will terminate session
> */
>  	};
>  	int ret;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, revert_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, revert_steps, ARRAY_SIZE(revert_steps));
>  	mutex_unlock(&dev->dev_lock);
>  
>  	/*
> @@ -2065,19 +2051,20 @@ static int __opal_lock_unlock(struct opal_dev
> *dev,
>  		{ opal_discovery0, },
>  		{ start_auth_opal_session, &lk_unlk->session },
>  		{ lock_unlock_locking_range, lk_unlk },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	const struct opal_step unlock_sum_steps[] = {
>  		{ opal_discovery0, },
>  		{ start_auth_opal_session, &lk_unlk->session },
>  		{ lock_unlock_locking_range_sum, lk_unlk },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  
> -	dev->steps = lk_unlk->session.sum ? unlock_sum_steps :
> unlock_steps;
> -	return next(dev);
> +	if (lk_unlk->session.sum)
> +		return next(dev, unlock_sum_steps,
> +			    ARRAY_SIZE(unlock_sum_steps));
> +	else
> +		return next(dev, unlock_steps,
> ARRAY_SIZE(unlock_steps));
>  }
>  
>  static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key
> *key)
> @@ -2087,12 +2074,10 @@ static int __opal_set_mbr_done(struct
> opal_dev *dev, struct opal_key *key)
>  		{ opal_discovery0, },
>  		{ start_admin1LSP_opal_session, key },
>  		{ set_mbr_done, &mbr_done_tf },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  
> -	dev->steps = mbrdone_step;
> -	return next(dev);
> +	return next(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
>  }
>  
>  static int opal_lock_unlock(struct opal_dev *dev,
> @@ -2119,8 +2104,7 @@ static int opal_take_ownership(struct opal_dev
> *dev, struct opal_key *opal)
>  		{ end_opal_session, },
>  		{ start_SIDASP_opal_session, opal },
>  		{ set_sid_cpin_pin, opal },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -2128,8 +2112,8 @@ static int opal_take_ownership(struct opal_dev
> *dev, struct opal_key *opal)
>  		return -ENODEV;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, owner_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, owner_steps, ARRAY_SIZE(owner_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2142,8 +2126,7 @@ static int opal_activate_lsp(struct opal_dev
> *dev,
>  		{ start_SIDASP_opal_session, &opal_lr_act->key },
>  		{ get_lsp_lifecycle, },
>  		{ activate_lsp, opal_lr_act },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -2151,8 +2134,8 @@ static int opal_activate_lsp(struct opal_dev
> *dev,
>  		return -EINVAL;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, active_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, active_steps, ARRAY_SIZE(active_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2164,14 +2147,13 @@ static int opal_setup_locking_range(struct
> opal_dev *dev,
>  		{ opal_discovery0, },
>  		{ start_auth_opal_session, &opal_lrs->session },
>  		{ setup_locking_range, opal_lrs },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, lr_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, lr_steps, ARRAY_SIZE(lr_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2182,8 +2164,7 @@ static int opal_set_new_pw(struct opal_dev
> *dev, struct opal_new_pw *opal_pw)
>  		{ opal_discovery0, },
>  		{ start_auth_opal_session, &opal_pw->session },
>  		{ set_new_pw, &opal_pw->new_user_pw },
> -		{ end_opal_session, },
> -		{ NULL }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -2194,8 +2175,8 @@ static int opal_set_new_pw(struct opal_dev
> *dev, struct opal_new_pw *opal_pw)
>  		return -EINVAL;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, pw_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, pw_steps, ARRAY_SIZE(pw_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2207,8 +2188,7 @@ static int opal_activate_user(struct opal_dev
> *dev,
>  		{ opal_discovery0, },
>  		{ start_admin1LSP_opal_session, &opal_session->opal_key 
> },
>  		{ internal_activate_user, opal_session },
> -		{ end_opal_session, },
> -		{ NULL, }
> +		{ end_opal_session, }
>  	};
>  	int ret;
>  
> @@ -2220,8 +2200,8 @@ static int opal_activate_user(struct opal_dev
> *dev,
>  	}
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, act_steps);
> -	ret = next(dev);
> +	setup_opal_dev(dev);
> +	ret = next(dev, act_steps, ARRAY_SIZE(act_steps));
>  	mutex_unlock(&dev->dev_lock);
>  	return ret;
>  }
> @@ -2238,7 +2218,7 @@ bool opal_unlock_from_suspend(struct opal_dev
> *dev)
>  		return false;
>  
>  	mutex_lock(&dev->dev_lock);
> -	setup_opal_dev(dev, NULL);
> +	setup_opal_dev(dev);
>  
>  	list_for_each_entry(suspend, &dev->unlk_lst, node) {
>  		dev->tsn = 0;

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3278 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ