| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Oct 2023 17:32:19 +0800
From: kernel test robot <lkp@...el.com>
To: Vadim Fedorenko <vadfed@...a.com>, Jakub Kicinski <kuba@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Andrii Nakryiko <andrii@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Mykola Lysenko <mykolal@...com>
Cc: oe-kbuild-all@...ts.linux.dev, Vadim Fedorenko <vadfed@...a.com>,
bpf@...r.kernel.org, netdev@...r.kernel.org,
linux-crypto@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/2] bpf: add skcipher API support to TC/XDP
programs
Hi Vadim,
kernel test robot noticed the following build warnings:
[auto build test WARNING on bpf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Vadim-Fedorenko/selftests-bpf-crypto-skcipher-algo-selftests/20231028-020332
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/r/20231027172039.1365917-1-vadfed%40meta.com
patch subject: [PATCH bpf-next v2 1/2] bpf: add skcipher API support to TC/XDP programs
config: x86_64-randconfig-001-20231029 (https://download.01.org/0day-ci/archive/20231029/202310291759.z9P4QJvI-lkp@intel.com/config)
compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231029/202310291759.z9P4QJvI-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310291759.z9P4QJvI-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> kernel/bpf/crypto.c:72:1: warning: no previous declaration for 'bpf_crypto_skcipher_ctx_create' [-Wmissing-declarations]
bpf_crypto_skcipher_ctx_create(const struct bpf_dynptr_kern *palgo,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> kernel/bpf/crypto.c:140:1: warning: no previous declaration for 'bpf_crypto_skcipher_ctx_acquire' [-Wmissing-declarations]
bpf_crypto_skcipher_ctx_acquire(struct bpf_crypto_skcipher_ctx *ctx)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> kernel/bpf/crypto.c:154:18: warning: no previous declaration for 'bpf_crypto_skcipher_ctx_release' [-Wmissing-declarations]
__bpf_kfunc void bpf_crypto_skcipher_ctx_release(struct bpf_crypto_skcipher_ctx *ctx)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> kernel/bpf/crypto.c:208:17: warning: no previous declaration for 'bpf_crypto_skcipher_decrypt' [-Wmissing-declarations]
__bpf_kfunc int bpf_crypto_skcipher_decrypt(struct bpf_crypto_skcipher_ctx *ctx,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
>> kernel/bpf/crypto.c:225:17: warning: no previous declaration for 'bpf_crypto_skcipher_encrypt' [-Wmissing-declarations]
__bpf_kfunc int bpf_crypto_skcipher_encrypt(struct bpf_crypto_skcipher_ctx *ctx,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/bpf_crypto_skcipher_ctx_create +72 kernel/bpf/crypto.c
58
59 /**
60 * bpf_crypto_skcipher_ctx_create() - Create a mutable BPF crypto context.
61 *
62 * Allocates a crypto context that can be used, acquired, and released by
63 * a BPF program. The crypto context returned by this function must either
64 * be embedded in a map as a kptr, or freed with bpf_crypto_skcipher_ctx_release().
65 *
66 * bpf_crypto_skcipher_ctx_create() allocates memory using the BPF memory
67 * allocator, and will not block. It may return NULL if no memory is available.
68 * @algo: bpf_dynptr which holds string representation of algorithm.
69 * @key: bpf_dynptr which holds cipher key to do crypto.
70 */
71 __bpf_kfunc struct bpf_crypto_skcipher_ctx *
> 72 bpf_crypto_skcipher_ctx_create(const struct bpf_dynptr_kern *palgo,
73 const struct bpf_dynptr_kern *pkey, int *err)
74 {
75 struct bpf_crypto_skcipher_ctx *ctx;
76 char *algo;
77
78 if (__bpf_dynptr_size(palgo) > CRYPTO_MAX_ALG_NAME) {
79 *err = -EINVAL;
80 return NULL;
81 }
82
83 algo = __bpf_dynptr_data_ptr(palgo);
84
85 if (!crypto_has_skcipher(algo, CRYPTO_ALG_TYPE_SKCIPHER, CRYPTO_ALG_TYPE_MASK)) {
86 *err = -EOPNOTSUPP;
87 return NULL;
88 }
89
90 ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
91 if (!ctx) {
92 *err = -ENOMEM;
93 return NULL;
94 }
95
96 memset(ctx, 0, sizeof(*ctx));
97
98 ctx->tfm = crypto_alloc_sync_skcipher(algo, 0, 0);
99 if (IS_ERR(ctx->tfm)) {
100 *err = PTR_ERR(ctx->tfm);
101 ctx->tfm = NULL;
102 goto err;
103 }
104
105 *err = crypto_sync_skcipher_setkey(ctx->tfm, __bpf_dynptr_data_ptr(pkey),
106 __bpf_dynptr_size(pkey));
107 if (*err)
108 goto err;
109
110 refcount_set(&ctx->usage, 1);
111
112 return ctx;
113 err:
114 if (ctx->tfm)
115 crypto_free_sync_skcipher(ctx->tfm);
116 kfree(ctx);
117
118 return NULL;
119 }
120
121 static void crypto_free_sync_skcipher_cb(struct rcu_head *head)
122 {
123 struct bpf_crypto_skcipher_ctx *ctx;
124
125 ctx = container_of(head, struct bpf_crypto_skcipher_ctx, rcu);
126 crypto_free_sync_skcipher(ctx->tfm);
127 kfree(ctx);
128 }
129
130 /**
131 * bpf_crypto_skcipher_ctx_acquire() - Acquire a reference to a BPF crypto context.
132 * @ctx: The BPF crypto context being acquired. The ctx must be a trusted
133 * pointer.
134 *
135 * Acquires a reference to a BPF crypto context. The context returned by this function
136 * must either be embedded in a map as a kptr, or freed with
137 * bpf_crypto_skcipher_ctx_release().
138 */
139 __bpf_kfunc struct bpf_crypto_skcipher_ctx *
> 140 bpf_crypto_skcipher_ctx_acquire(struct bpf_crypto_skcipher_ctx *ctx)
141 {
142 refcount_inc(&ctx->usage);
143 return ctx;
144 }
145
146 /**
147 * bpf_crypto_skcipher_ctx_release() - Release a previously acquired BPF crypto context.
148 * @ctx: The crypto context being released.
149 *
150 * Releases a previously acquired reference to a BPF cpumask. When the final
151 * reference of the BPF cpumask has been released, it is subsequently freed in
152 * an RCU callback in the BPF memory allocator.
153 */
> 154 __bpf_kfunc void bpf_crypto_skcipher_ctx_release(struct bpf_crypto_skcipher_ctx *ctx)
155 {
156 if (refcount_dec_and_test(&ctx->usage))
157 call_rcu(&ctx->rcu, crypto_free_sync_skcipher_cb);
158 }
159
160 static int bpf_crypto_skcipher_crypt(struct crypto_sync_skcipher *tfm,
161 const struct bpf_dynptr_kern *src,
162 struct bpf_dynptr_kern *dst,
163 const struct bpf_dynptr_kern *iv,
164 bool decrypt)
165 {
166 struct skcipher_request *req = NULL;
167 struct scatterlist sgin, sgout;
168 int err;
169
170 if (crypto_sync_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
171 return -EINVAL;
172
173 if (__bpf_dynptr_is_rdonly(dst))
174 return -EINVAL;
175
176 if (!__bpf_dynptr_size(dst) || !__bpf_dynptr_size(src))
177 return -EINVAL;
178
179 if (__bpf_dynptr_size(iv) != crypto_sync_skcipher_ivsize(tfm))
180 return -EINVAL;
181
182 req = skcipher_request_alloc(&tfm->base, GFP_ATOMIC);
183 if (!req)
184 return -ENOMEM;
185
186 sg_init_one(&sgin, __bpf_dynptr_data_ptr(src), __bpf_dynptr_size(src));
187 sg_init_one(&sgout, __bpf_dynptr_data_ptr(dst), __bpf_dynptr_size(dst));
188
189 skcipher_request_set_crypt(req, &sgin, &sgout, __bpf_dynptr_size(src),
190 __bpf_dynptr_data_ptr(iv));
191
192 err = decrypt ? crypto_skcipher_decrypt(req) : crypto_skcipher_encrypt(req);
193
194 skcipher_request_free(req);
195
196 return err;
197 }
198
199 /**
200 * bpf_crypto_skcipher_decrypt() - Decrypt buffer using configured context and IV provided.
201 * @ctx: The crypto context being used. The ctx must be a trusted pointer.
202 * @src: bpf_dynptr to the encrypted data. Must be a trusted pointer.
203 * @dst: bpf_dynptr to the buffer where to store the result. Must be a trusted pointer.
204 * @iv: bpf_dynptr to IV data to be used by decryptor.
205 *
206 * Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
207 */
> 208 __bpf_kfunc int bpf_crypto_skcipher_decrypt(struct bpf_crypto_skcipher_ctx *ctx,
209 const struct bpf_dynptr_kern *src,
210 struct bpf_dynptr_kern *dst,
211 const struct bpf_dynptr_kern *iv)
212 {
213 return bpf_crypto_skcipher_crypt(ctx->tfm, src, dst, iv, true);
214 }
215
216 /**
217 * bpf_crypto_skcipher_encrypt() - Encrypt buffer using configured context and IV provided.
218 * @ctx: The crypto context being used. The ctx must be a trusted pointer.
219 * @src: bpf_dynptr to the plain data. Must be a trusted pointer.
220 * @dst: bpf_dynptr to buffer where to store the result. Must be a trusted pointer.
221 * @iv: bpf_dynptr to IV data to be used by decryptor.
222 *
223 * Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
224 */
> 225 __bpf_kfunc int bpf_crypto_skcipher_encrypt(struct bpf_crypto_skcipher_ctx *ctx,
226 const struct bpf_dynptr_kern *src,
227 struct bpf_dynptr_kern *dst,
228 const struct bpf_dynptr_kern *iv)
229 {
230 return bpf_crypto_skcipher_crypt(ctx->tfm, src, dst, iv, false);
231 }
232
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists