| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Apr 2021 12:27:17 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Satya Tangirala <satyat@...gle.com>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH v2 2/8] dm,mmc,ufshcd: handle error from
blk_ksm_register()
On Thu, Mar 25, 2021 at 09:26:03PM +0000, Satya Tangirala wrote:
> Handle any error from blk_ksm_register() in the callers. Previously,
> the callers ignored the return value because blk_ksm_register() wouldn't
> fail as long as the request_queue didn't have integrity support too, but
> as this is no longer the case, it's safer for the callers to just handle
> the return value appropriately.
>
> Signed-off-by: Satya Tangirala <satyat@...gle.com>
> ---
> drivers/md/dm-table.c | 3 ++-
> drivers/mmc/core/crypto.c | 6 ++++--
> drivers/scsi/ufs/ufshcd-crypto.c | 6 ++++--
> 3 files changed, 10 insertions(+), 5 deletions(-)
This probably should be 3 patches, one for each subsystem.
> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
> index db18a58adad7..1225b9050f29 100644
> --- a/drivers/md/dm-table.c
> +++ b/drivers/md/dm-table.c
> @@ -1372,7 +1372,8 @@ static void dm_update_keyslot_manager(struct request_queue *q,
>
> /* Make the ksm less restrictive */
> if (!q->ksm) {
> - blk_ksm_register(t->ksm, q);
> + if (WARN_ON(!blk_ksm_register(t->ksm, q)))
> + dm_destroy_keyslot_manager(t->ksm);
> } else {
> blk_ksm_update_capabilities(q->ksm, t->ksm);
> dm_destroy_keyslot_manager(t->ksm);
> diff --git a/drivers/mmc/core/crypto.c b/drivers/mmc/core/crypto.c
> index 419a368f8402..616103393557 100644
> --- a/drivers/mmc/core/crypto.c
> +++ b/drivers/mmc/core/crypto.c
> @@ -21,8 +21,10 @@ void mmc_crypto_set_initial_state(struct mmc_host *host)
>
> void mmc_crypto_setup_queue(struct request_queue *q, struct mmc_host *host)
> {
> - if (host->caps2 & MMC_CAP2_CRYPTO)
> - blk_ksm_register(&host->ksm, q);
> + if (host->caps2 & MMC_CAP2_CRYPTO) {
> + if (WARN_ON(!blk_ksm_register(&host->ksm, q)))
> + host->caps2 &= ~MMC_CAP2_CRYPTO;
> + }
> }
> EXPORT_SYMBOL_GPL(mmc_crypto_setup_queue);
>
> diff --git a/drivers/scsi/ufs/ufshcd-crypto.c b/drivers/scsi/ufs/ufshcd-crypto.c
> index d70cdcd35e43..f47a72fefe9e 100644
> --- a/drivers/scsi/ufs/ufshcd-crypto.c
> +++ b/drivers/scsi/ufs/ufshcd-crypto.c
> @@ -233,6 +233,8 @@ void ufshcd_init_crypto(struct ufs_hba *hba)
> void ufshcd_crypto_setup_rq_keyslot_manager(struct ufs_hba *hba,
> struct request_queue *q)
> {
> - if (hba->caps & UFSHCD_CAP_CRYPTO)
> - blk_ksm_register(&hba->ksm, q);
> + if (hba->caps & UFSHCD_CAP_CRYPTO) {
> + if (WARN_ON(!blk_ksm_register(&hba->ksm, q)))
> + hba->caps &= ~UFSHCD_CAP_CRYPTO;
> + }
It would be helpful to add a comment in each case to explain why the WARN_ON
should never trigger.
Also, clearing UFSHCD_CAP_CRYPTO or MMC_CAP2_CRYPTO doesn't really make sense
here because those capabilities apply to the whole UFS or MMC host controller,
not just to the individual request_queue which failed. (A host controller can
control multiple devices, each of which has its own request_queue.) Isn't
blk_ksm_register() failing already enough to ensure that the inline crypto
support isn't used on that particular request_queue? What is the benefit of
clearing UFSHCD_CAP_CRYPTO and MMC_CAP2_CRYPTO too?
- Eric
Powered by blists - more mailing lists