Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'ceph-for-5.11-rc5' of git://github.com/ceph/ceph-client

Pull ceph fixes from Ilya Dryomov:
"A patch to zero out sensitive cryptographic data and two minor
cleanups prompted by the fact that a bunch of code was moved in this
cycle"

* tag 'ceph-for-5.11-rc5' of git://github.com/ceph/ceph-client:
libceph: fix "Boolean result is used in bitwise operation" warning
libceph, ceph: disambiguate ceph_connection_operations handlers
libceph: zero out session key and connection secret

+107 -88
+17 -17
fs/ceph/mds_client.c
··· 5038 5038 return; 5039 5039 } 5040 5040 5041 - static struct ceph_connection *con_get(struct ceph_connection *con) 5041 + static struct ceph_connection *mds_get_con(struct ceph_connection *con) 5042 5042 { 5043 5043 struct ceph_mds_session *s = con->private; 5044 5044 ··· 5047 5047 return NULL; 5048 5048 } 5049 5049 5050 - static void con_put(struct ceph_connection *con) 5050 + static void mds_put_con(struct ceph_connection *con) 5051 5051 { 5052 5052 struct ceph_mds_session *s = con->private; 5053 5053 ··· 5058 5058 * if the client is unresponsive for long enough, the mds will kill 5059 5059 * the session entirely. 5060 5060 */ 5061 - static void peer_reset(struct ceph_connection *con) 5061 + static void mds_peer_reset(struct ceph_connection *con) 5062 5062 { 5063 5063 struct ceph_mds_session *s = con->private; 5064 5064 struct ceph_mds_client *mdsc = s->s_mdsc; ··· 5067 5067 send_mds_reconnect(mdsc, s); 5068 5068 } 5069 5069 5070 - static void dispatch(struct ceph_connection *con, struct ceph_msg *msg) 5070 + static void mds_dispatch(struct ceph_connection *con, struct ceph_msg *msg) 5071 5071 { 5072 5072 struct ceph_mds_session *s = con->private; 5073 5073 struct ceph_mds_client *mdsc = s->s_mdsc; ··· 5125 5125 * Note: returned pointer is the address of a structure that's 5126 5126 * managed separately. Caller must *not* attempt to free it. 5127 5127 */ 5128 - static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, 5129 - int *proto, int force_new) 5128 + static struct ceph_auth_handshake * 5129 + mds_get_authorizer(struct ceph_connection *con, int *proto, int force_new) 5130 5130 { 5131 5131 struct ceph_mds_session *s = con->private; 5132 5132 struct ceph_mds_client *mdsc = s->s_mdsc; ··· 5142 5142 return auth; 5143 5143 } 5144 5144 5145 - static int add_authorizer_challenge(struct ceph_connection *con, 5145 + static int mds_add_authorizer_challenge(struct ceph_connection *con, 5146 5146 void *challenge_buf, int challenge_buf_len) 5147 5147 { 5148 5148 struct ceph_mds_session *s = con->private; ··· 5153 5153 challenge_buf, challenge_buf_len); 5154 5154 } 5155 5155 5156 - static int verify_authorizer_reply(struct ceph_connection *con) 5156 + static int mds_verify_authorizer_reply(struct ceph_connection *con) 5157 5157 { 5158 5158 struct ceph_mds_session *s = con->private; 5159 5159 struct ceph_mds_client *mdsc = s->s_mdsc; ··· 5165 5165 NULL, NULL, NULL, NULL); 5166 5166 } 5167 5167 5168 - static int invalidate_authorizer(struct ceph_connection *con) 5168 + static int mds_invalidate_authorizer(struct ceph_connection *con) 5169 5169 { 5170 5170 struct ceph_mds_session *s = con->private; 5171 5171 struct ceph_mds_client *mdsc = s->s_mdsc; ··· 5288 5288 } 5289 5289 5290 5290 static const struct ceph_connection_operations mds_con_ops = { 5291 - .get = con_get, 5292 - .put = con_put, 5293 - .dispatch = dispatch, 5294 - .get_authorizer = get_authorizer, 5295 - .add_authorizer_challenge = add_authorizer_challenge, 5296 - .verify_authorizer_reply = verify_authorizer_reply, 5297 - .invalidate_authorizer = invalidate_authorizer, 5298 - .peer_reset = peer_reset, 5291 + .get = mds_get_con, 5292 + .put = mds_put_con, 5299 5293 .alloc_msg = mds_alloc_msg, 5294 + .dispatch = mds_dispatch, 5295 + .peer_reset = mds_peer_reset, 5296 + .get_authorizer = mds_get_authorizer, 5297 + .add_authorizer_challenge = mds_add_authorizer_challenge, 5298 + .verify_authorizer_reply = mds_verify_authorizer_reply, 5299 + .invalidate_authorizer = mds_invalidate_authorizer, 5300 5300 .sign_message = mds_sign_message, 5301 5301 .check_message_signature = mds_check_message_signature, 5302 5302 .get_auth_request = mds_get_auth_request,
+34 -23
net/ceph/auth_x.c
··· 569 569 return -ERANGE; 570 570 } 571 571 572 + static int decode_con_secret(void **p, void *end, u8 *con_secret, 573 + int *con_secret_len) 574 + { 575 + int len; 576 + 577 + ceph_decode_32_safe(p, end, len, bad); 578 + ceph_decode_need(p, end, len, bad); 579 + 580 + dout("%s len %d\n", __func__, len); 581 + if (con_secret) { 582 + if (len > CEPH_MAX_CON_SECRET_LEN) { 583 + pr_err("connection secret too big %d\n", len); 584 + goto bad_memzero; 585 + } 586 + memcpy(con_secret, *p, len); 587 + *con_secret_len = len; 588 + } 589 + memzero_explicit(*p, len); 590 + *p += len; 591 + return 0; 592 + 593 + bad_memzero: 594 + memzero_explicit(*p, len); 595 + bad: 596 + pr_err("failed to decode connection secret\n"); 597 + return -EINVAL; 598 + } 599 + 572 600 static int handle_auth_session_key(struct ceph_auth_client *ac, 573 601 void **p, void *end, 574 602 u8 *session_key, int *session_key_len, ··· 640 612 dout("%s decrypted %d bytes\n", __func__, ret); 641 613 dend = dp + ret; 642 614 643 - ceph_decode_32_safe(&dp, dend, len, e_inval); 644 - if (len > CEPH_MAX_CON_SECRET_LEN) { 645 - pr_err("connection secret too big %d\n", len); 646 - return -EINVAL; 647 - } 648 - 649 - dout("%s connection secret len %d\n", __func__, len); 650 - if (con_secret) { 651 - memcpy(con_secret, dp, len); 652 - *con_secret_len = len; 653 - } 615 + ret = decode_con_secret(&dp, dend, con_secret, con_secret_len); 616 + if (ret) 617 + return ret; 654 618 } 655 619 656 620 /* service tickets */ ··· 848 828 { 849 829 void *dp, *dend; 850 830 u8 struct_v; 851 - int len; 852 831 int ret; 853 832 854 833 dp = *p + ceph_x_encrypt_offset(); ··· 862 843 ceph_decode_64_safe(&dp, dend, *nonce_plus_one, e_inval); 863 844 dout("%s nonce_plus_one %llu\n", __func__, *nonce_plus_one); 864 845 if (struct_v >= 2) { 865 - ceph_decode_32_safe(&dp, dend, len, e_inval); 866 - if (len > CEPH_MAX_CON_SECRET_LEN) { 867 - pr_err("connection secret too big %d\n", len); 868 - return -EINVAL; 869 - } 870 - 871 - dout("%s connection secret len %d\n", __func__, len); 872 - if (con_secret) { 873 - memcpy(con_secret, dp, len); 874 - *con_secret_len = len; 875 - } 846 + ret = decode_con_secret(&dp, dend, con_secret, con_secret_len); 847 + if (ret) 848 + return ret; 876 849 } 877 850 878 851 return 0;
+2 -1
net/ceph/crypto.c
··· 96 96 key->len = ceph_decode_16(p); 97 97 ceph_decode_need(p, end, key->len, bad); 98 98 ret = set_secret(key, *p); 99 + memzero_explicit(*p, key->len); 99 100 *p += key->len; 100 101 return ret; 101 102 ··· 135 134 void ceph_crypto_key_destroy(struct ceph_crypto_key *key) 136 135 { 137 136 if (key) { 138 - kfree(key->key); 137 + kfree_sensitive(key->key); 139 138 key->key = NULL; 140 139 if (key->tfm) { 141 140 crypto_free_sync_skcipher(key->tfm);
+1 -1
net/ceph/messenger_v1.c
··· 1100 1100 if (ret < 0) 1101 1101 return ret; 1102 1102 1103 - BUG_ON(!con->in_msg ^ skip); 1103 + BUG_ON((!con->in_msg) ^ skip); 1104 1104 if (skip) { 1105 1105 /* skip this message */ 1106 1106 dout("alloc_msg said skip message\n");
+26 -19
net/ceph/messenger_v2.c
··· 689 689 } 690 690 691 691 static int setup_crypto(struct ceph_connection *con, 692 - u8 *session_key, int session_key_len, 693 - u8 *con_secret, int con_secret_len) 692 + const u8 *session_key, int session_key_len, 693 + const u8 *con_secret, int con_secret_len) 694 694 { 695 695 unsigned int noio_flag; 696 - void *p; 697 696 int ret; 698 697 699 698 dout("%s con %p con_mode %d session_key_len %d con_secret_len %d\n", ··· 750 751 return ret; 751 752 } 752 753 753 - p = con_secret; 754 - WARN_ON((unsigned long)p & crypto_aead_alignmask(con->v2.gcm_tfm)); 755 - ret = crypto_aead_setkey(con->v2.gcm_tfm, p, CEPH_GCM_KEY_LEN); 754 + WARN_ON((unsigned long)con_secret & 755 + crypto_aead_alignmask(con->v2.gcm_tfm)); 756 + ret = crypto_aead_setkey(con->v2.gcm_tfm, con_secret, CEPH_GCM_KEY_LEN); 756 757 if (ret) { 757 758 pr_err("failed to set gcm key: %d\n", ret); 758 759 return ret; 759 760 } 760 761 761 - p += CEPH_GCM_KEY_LEN; 762 762 WARN_ON(crypto_aead_ivsize(con->v2.gcm_tfm) != CEPH_GCM_IV_LEN); 763 763 ret = crypto_aead_setauthsize(con->v2.gcm_tfm, CEPH_GCM_TAG_LEN); 764 764 if (ret) { ··· 775 777 aead_request_set_callback(con->v2.gcm_req, CRYPTO_TFM_REQ_MAY_BACKLOG, 776 778 crypto_req_done, &con->v2.gcm_wait); 777 779 778 - memcpy(&con->v2.in_gcm_nonce, p, CEPH_GCM_IV_LEN); 779 - memcpy(&con->v2.out_gcm_nonce, p + CEPH_GCM_IV_LEN, CEPH_GCM_IV_LEN); 780 + memcpy(&con->v2.in_gcm_nonce, con_secret + CEPH_GCM_KEY_LEN, 781 + CEPH_GCM_IV_LEN); 782 + memcpy(&con->v2.out_gcm_nonce, 783 + con_secret + CEPH_GCM_KEY_LEN + CEPH_GCM_IV_LEN, 784 + CEPH_GCM_IV_LEN); 780 785 return 0; /* auth_x, secure mode */ 781 786 } 782 787 ··· 801 800 desc->tfm = con->v2.hmac_tfm; 802 801 ret = crypto_shash_init(desc); 803 802 if (ret) 804 - return ret; 803 + goto out; 805 804 806 805 for (i = 0; i < kvec_cnt; i++) { 807 806 WARN_ON((unsigned long)kvecs[i].iov_base & ··· 809 808 ret = crypto_shash_update(desc, kvecs[i].iov_base, 810 809 kvecs[i].iov_len); 811 810 if (ret) 812 - return ret; 811 + goto out; 813 812 } 814 813 815 814 ret = crypto_shash_final(desc, hmac); 816 - if (ret) 817 - return ret; 818 815 816 + out: 819 817 shash_desc_zero(desc); 820 - return 0; /* auth_x, both plain and secure modes */ 818 + return ret; /* auth_x, both plain and secure modes */ 821 819 } 822 820 823 821 static void gcm_inc_nonce(struct ceph_gcm_nonce *nonce) ··· 2072 2072 if (con->state != CEPH_CON_S_V2_AUTH) { 2073 2073 dout("%s con %p state changed to %d\n", __func__, con, 2074 2074 con->state); 2075 - return -EAGAIN; 2075 + ret = -EAGAIN; 2076 + goto out; 2076 2077 } 2077 2078 2078 2079 dout("%s con %p handle_auth_done ret %d\n", __func__, con, ret); 2079 2080 if (ret) 2080 - return ret; 2081 + goto out; 2081 2082 2082 2083 ret = setup_crypto(con, session_key, session_key_len, con_secret, 2083 2084 con_secret_len); 2084 2085 if (ret) 2085 - return ret; 2086 + goto out; 2086 2087 2087 2088 reset_out_kvecs(con); 2088 2089 ret = prepare_auth_signature(con); 2089 2090 if (ret) { 2090 2091 pr_err("prepare_auth_signature failed: %d\n", ret); 2091 - return ret; 2092 + goto out; 2092 2093 } 2093 2094 2094 2095 con->state = CEPH_CON_S_V2_AUTH_SIGNATURE; 2095 - return 0; 2096 + 2097 + out: 2098 + memzero_explicit(session_key_buf, sizeof(session_key_buf)); 2099 + memzero_explicit(con_secret_buf, sizeof(con_secret_buf)); 2100 + return ret; 2096 2101 2097 2102 bad: 2098 2103 pr_err("failed to decode auth_done\n"); ··· 3441 3436 } 3442 3437 3443 3438 con->v2.con_mode = CEPH_CON_MODE_UNKNOWN; 3439 + memzero_explicit(&con->v2.in_gcm_nonce, CEPH_GCM_IV_LEN); 3440 + memzero_explicit(&con->v2.out_gcm_nonce, CEPH_GCM_IV_LEN); 3444 3441 3445 3442 if (con->v2.hmac_tfm) { 3446 3443 crypto_free_shash(con->v2.hmac_tfm);
+7 -7
net/ceph/mon_client.c
··· 1433 1433 /* 1434 1434 * handle incoming message 1435 1435 */ 1436 - static void dispatch(struct ceph_connection *con, struct ceph_msg *msg) 1436 + static void mon_dispatch(struct ceph_connection *con, struct ceph_msg *msg) 1437 1437 { 1438 1438 struct ceph_mon_client *monc = con->private; 1439 1439 int type = le16_to_cpu(msg->hdr.type); ··· 1565 1565 * will come from the messenger workqueue, which is drained prior to 1566 1566 * mon_client destruction. 1567 1567 */ 1568 - static struct ceph_connection *con_get(struct ceph_connection *con) 1568 + static struct ceph_connection *mon_get_con(struct ceph_connection *con) 1569 1569 { 1570 1570 return con; 1571 1571 } 1572 1572 1573 - static void con_put(struct ceph_connection *con) 1573 + static void mon_put_con(struct ceph_connection *con) 1574 1574 { 1575 1575 } 1576 1576 1577 1577 static const struct ceph_connection_operations mon_con_ops = { 1578 - .get = con_get, 1579 - .put = con_put, 1580 - .dispatch = dispatch, 1581 - .fault = mon_fault, 1578 + .get = mon_get_con, 1579 + .put = mon_put_con, 1582 1580 .alloc_msg = mon_alloc_msg, 1581 + .dispatch = mon_dispatch, 1582 + .fault = mon_fault, 1583 1583 .get_auth_request = mon_get_auth_request, 1584 1584 .handle_auth_reply_more = mon_handle_auth_reply_more, 1585 1585 .handle_auth_done = mon_handle_auth_done,
+20 -20
net/ceph/osd_client.c
··· 5412 5412 /* 5413 5413 * handle incoming message 5414 5414 */ 5415 - static void dispatch(struct ceph_connection *con, struct ceph_msg *msg) 5415 + static void osd_dispatch(struct ceph_connection *con, struct ceph_msg *msg) 5416 5416 { 5417 5417 struct ceph_osd *osd = con->private; 5418 5418 struct ceph_osd_client *osdc = osd->o_osdc; ··· 5534 5534 return m; 5535 5535 } 5536 5536 5537 - static struct ceph_msg *alloc_msg(struct ceph_connection *con, 5538 - struct ceph_msg_header *hdr, 5539 - int *skip) 5537 + static struct ceph_msg *osd_alloc_msg(struct ceph_connection *con, 5538 + struct ceph_msg_header *hdr, 5539 + int *skip) 5540 5540 { 5541 5541 struct ceph_osd *osd = con->private; 5542 5542 int type = le16_to_cpu(hdr->type); ··· 5560 5560 /* 5561 5561 * Wrappers to refcount containing ceph_osd struct 5562 5562 */ 5563 - static struct ceph_connection *get_osd_con(struct ceph_connection *con) 5563 + static struct ceph_connection *osd_get_con(struct ceph_connection *con) 5564 5564 { 5565 5565 struct ceph_osd *osd = con->private; 5566 5566 if (get_osd(osd)) ··· 5568 5568 return NULL; 5569 5569 } 5570 5570 5571 - static void put_osd_con(struct ceph_connection *con) 5571 + static void osd_put_con(struct ceph_connection *con) 5572 5572 { 5573 5573 struct ceph_osd *osd = con->private; 5574 5574 put_osd(osd); ··· 5582 5582 * Note: returned pointer is the address of a structure that's 5583 5583 * managed separately. Caller must *not* attempt to free it. 5584 5584 */ 5585 - static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, 5586 - int *proto, int force_new) 5585 + static struct ceph_auth_handshake * 5586 + osd_get_authorizer(struct ceph_connection *con, int *proto, int force_new) 5587 5587 { 5588 5588 struct ceph_osd *o = con->private; 5589 5589 struct ceph_osd_client *osdc = o->o_osdc; ··· 5599 5599 return auth; 5600 5600 } 5601 5601 5602 - static int add_authorizer_challenge(struct ceph_connection *con, 5602 + static int osd_add_authorizer_challenge(struct ceph_connection *con, 5603 5603 void *challenge_buf, int challenge_buf_len) 5604 5604 { 5605 5605 struct ceph_osd *o = con->private; ··· 5610 5610 challenge_buf, challenge_buf_len); 5611 5611 } 5612 5612 5613 - static int verify_authorizer_reply(struct ceph_connection *con) 5613 + static int osd_verify_authorizer_reply(struct ceph_connection *con) 5614 5614 { 5615 5615 struct ceph_osd *o = con->private; 5616 5616 struct ceph_osd_client *osdc = o->o_osdc; ··· 5622 5622 NULL, NULL, NULL, NULL); 5623 5623 } 5624 5624 5625 - static int invalidate_authorizer(struct ceph_connection *con) 5625 + static int osd_invalidate_authorizer(struct ceph_connection *con) 5626 5626 { 5627 5627 struct ceph_osd *o = con->private; 5628 5628 struct ceph_osd_client *osdc = o->o_osdc; ··· 5731 5731 } 5732 5732 5733 5733 static const struct ceph_connection_operations osd_con_ops = { 5734 - .get = get_osd_con, 5735 - .put = put_osd_con, 5736 - .dispatch = dispatch, 5737 - .get_authorizer = get_authorizer, 5738 - .add_authorizer_challenge = add_authorizer_challenge, 5739 - .verify_authorizer_reply = verify_authorizer_reply, 5740 - .invalidate_authorizer = invalidate_authorizer, 5741 - .alloc_msg = alloc_msg, 5734 + .get = osd_get_con, 5735 + .put = osd_put_con, 5736 + .alloc_msg = osd_alloc_msg, 5737 + .dispatch = osd_dispatch, 5738 + .fault = osd_fault, 5742 5739 .reencode_message = osd_reencode_message, 5740 + .get_authorizer = osd_get_authorizer, 5741 + .add_authorizer_challenge = osd_add_authorizer_challenge, 5742 + .verify_authorizer_reply = osd_verify_authorizer_reply, 5743 + .invalidate_authorizer = osd_invalidate_authorizer, 5743 5744 .sign_message = osd_sign_message, 5744 5745 .check_message_signature = osd_check_message_signature, 5745 - .fault = osd_fault, 5746 5746 .get_auth_request = osd_get_auth_request, 5747 5747 .handle_auth_reply_more = osd_handle_auth_reply_more, 5748 5748 .handle_auth_done = osd_handle_auth_done,