[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <098fb386-0309-4313-866a-38e12b54c02a@linux.dev>
Date: Thu, 7 Dec 2023 12:14:12 +0000
From: Vadim Fedorenko <vadim.fedorenko@...ux.dev>
To: Dan Carpenter <dan.carpenter@...aro.org>, oe-kbuild@...ts.linux.dev,
Vadim Fedorenko <vadfed@...a.com>, Jakub Kicinski <kuba@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>, Andrii Nakryiko
<andrii@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
Mykola Lysenko <mykolal@...com>, Herbert Xu <herbert@...dor.apana.org.au>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev, netdev@...r.kernel.org,
linux-crypto@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP
programs
On 05/12/2023 21:56, Dan Carpenter wrote:
> Hi Vadim,
>
> kernel test robot noticed the following build warnings:
>
> url: https://github.com/intel-lab-lkp/linux/commits/Vadim-Fedorenko/bpf-crypto-add-skcipher-to-bpf-crypto/20231202-091254
> base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
> patch link: https://lore.kernel.org/r/20231202010604.1877561-1-vadfed%40meta.com
> patch subject: [PATCH bpf-next v7 1/3] bpf: make common crypto API for TC/XDP programs
> config: x86_64-randconfig-161-20231202 (https://download.01.org/0day-ci/archive/20231206/202312060647.2JfAE3rk-lkp@intel.com/config)
> compiler: clang version 16.0.4 (https://github.com/llvm/llvm-project.git ae42196bc493ffe877a7e3dff8be32035dea4d07)
> reproduce: (https://download.01.org/0day-ci/archive/20231206/202312060647.2JfAE3rk-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
> | Closes: https://lore.kernel.org/r/202312060647.2JfAE3rk-lkp@intel.com/
>
> smatch warnings:
> kernel/bpf/crypto.c:192 bpf_crypto_ctx_create() error: we previously assumed 'ctx' could be null (see line 165)
> kernel/bpf/crypto.c:192 bpf_crypto_ctx_create() error: potentially dereferencing uninitialized 'ctx'.
>
> vim +/ctx +192 kernel/bpf/crypto.c
>
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 122 __bpf_kfunc struct bpf_crypto_ctx *
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 123 bpf_crypto_ctx_create(const char *type__str, const char *algo__str,
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 124 const struct bpf_dynptr_kern *pkey,
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 125 unsigned int authsize, int *err)
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 126 {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 127 const struct bpf_crypto_type *type = bpf_crypto_get_type(type__str);
>
> Delete this assignment. (Duplicated).
>
Ah, yeah, will remove it.
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 128 struct bpf_crypto_ctx *ctx;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 129 const u8 *key;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 130 u32 key_len;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 131
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 132 type = bpf_crypto_get_type(type__str);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 133 if (IS_ERR(type)) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 134 *err = PTR_ERR(type);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 135 return NULL;
>
> Why doesn't this function just return error pointers?
bpf_kfuncs cannot return error pointers, it makes BPF verifier very unhappy.
>
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 136 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 137
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 138 if (!type->has_algo(algo__str)) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 139 *err = -EOPNOTSUPP;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 140 goto err;
>
> ctx is uninitialized on this path.
>
Yep, it was already highlighted in the feedback, thanks.
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 141 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 142
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 143 if (!authsize && type->setauthsize) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 144 *err = -EOPNOTSUPP;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 145 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 146 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 147
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 148 if (authsize && !type->setauthsize) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 149 *err = -EOPNOTSUPP;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 150 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 151 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 152
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 153 key_len = __bpf_dynptr_size(pkey);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 154 if (!key_len) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 155 *err = -EINVAL;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 156 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 157 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 158 key = __bpf_dynptr_data(pkey, key_len);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 159 if (!key) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 160 *err = -EINVAL;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 161 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 162 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 163
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 164 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 @165 if (!ctx) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 166 *err = -ENOMEM;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 167 goto err;
>
> ctx is NULL here.
>
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 168 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 169
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 170 ctx->type = type;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 171 ctx->tfm = type->alloc_tfm(algo__str);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 172 if (IS_ERR(ctx->tfm)) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 173 *err = PTR_ERR(ctx->tfm);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 174 ctx->tfm = NULL;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 175 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 176 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 177
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 178 if (authsize) {
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 179 *err = type->setauthsize(ctx->tfm, authsize);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 180 if (*err)
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 181 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 182 }
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 183
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 184 *err = type->setkey(ctx->tfm, key, key_len);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 185 if (*err)
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 186 goto err;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 187
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 188 refcount_set(&ctx->usage, 1);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 189
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 190 return ctx;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 191 err:
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 @192 if (ctx->tfm)
> ^^^^^^^^
> NULL dereference. These two error handling bugs in three lines of code
> are canonical One Err Label type bugs. Better to do a ladder where each
> error label frees the last thing that was allocated. Easier to review.
> Then you could delete the "ctx->tfm = NULL;" assignment on line 174.
>
> return ctx;
>
> err_free_tfm:
> type->free_tfm(ctx->tfm);
> err_free_ctx:
> kfree(ctx);
> err_module_put:
> module_put(type->owner);
>
> return NULL;
>
> I have written about this at length on my blog:
> https://staticthinking.wordpress.com/2022/04/28/free-the-last-thing-style/
Thanks, very good blog post, I'll follow this way in the next version.
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 193 type->free_tfm(ctx->tfm);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 194 kfree(ctx);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 195 module_put(type->owner);
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 196
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 197 return NULL;
> 0c47cb96ac404e Vadim Fedorenko 2023-12-01 198 }
>
Powered by blists - more mailing lists