diff mbox series

[net-next] net: tls: Pass union tls_crypto_context pointer to memzero_explicit

Message ID 20240705-tls-memzero-v1-1-0496871cfe9b@kernel.org (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [net-next] net: tls: Pass union tls_crypto_context pointer to memzero_explicit | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 816 this patch: 816
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 821 this patch: 821
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 821 this patch: 821
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 32 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Simon Horman July 5, 2024, 1:41 p.m. UTC
Pass union tls_crypto_context pointer, rather than struct
tls_crypto_info pointer, to memzero_explicit().

The address of the pointer is the same before and after.
But the new construct means that the size of the dereferenced pointer type
matches the size being zeroed. Which aids static analysis.

As reported by Smatch:

  .../tls_main.c:842 do_tls_setsockopt_conf() error: memzero_explicit() 'crypto_info' too small (4 vs 56)

No functional change intended.
Compile tested only.

Signed-off-by: Simon Horman <horms@kernel.org>
---
 net/tls/tls_main.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Przemek Kitszel July 5, 2024, 1:54 p.m. UTC | #1
On 7/5/24 15:41, Simon Horman wrote:
> Pass union tls_crypto_context pointer, rather than struct
> tls_crypto_info pointer, to memzero_explicit().
> 
> The address of the pointer is the same before and after.
> But the new construct means that the size of the dereferenced pointer type
> matches the size being zeroed. Which aids static analysis.
> 
> As reported by Smatch:
> 
>    .../tls_main.c:842 do_tls_setsockopt_conf() error: memzero_explicit() 'crypto_info' too small (4 vs 56)
> 
> No functional change intended.
> Compile tested only.
> 
> Signed-off-by: Simon Horman <horms@kernel.org>

Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
one small nitpick only

> ---
>   net/tls/tls_main.c | 9 ++++++---
>   1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index 90b7f253d363..e712b2faeb81 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -616,6 +616,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
>   	struct tls_crypto_info *alt_crypto_info;
>   	struct tls_context *ctx = tls_get_ctx(sk);
>   	const struct tls_cipher_desc *cipher_desc;
> +	union tls_crypto_context *crypto_ctx;
>   	int rc = 0;
>   	int conf;
>   
> @@ -623,13 +624,15 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
>   		return -EINVAL;
>   
>   	if (tx) {
> -		crypto_info = &ctx->crypto_send.info;
> +		crypto_ctx = &ctx->crypto_send;
>   		alt_crypto_info = &ctx->crypto_recv.info;
>   	} else {
> -		crypto_info = &ctx->crypto_recv.info;
> +		crypto_ctx = &ctx->crypto_recv;
>   		alt_crypto_info = &ctx->crypto_send.info;
>   	}
>   
> +	crypto_info = &crypto_ctx->info;
> +
>   	/* Currently we don't support set crypto info more than one time */
>   	if (TLS_CRYPTO_INFO_READY(crypto_info))
>   		return -EBUSY;
> @@ -710,7 +713,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
>   	return 0;
>   
>   err_crypto_info:
> -	memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
> +	memzero_explicit(crypto_ctx, sizeof(union tls_crypto_context));

nit: That's a good fix to aid static analyzers, and reviewers.
Now it's also easy to follow the standard style and pass
sizeof(*crypto_ctx) instead of the type.

>   	return rc;
>   }
Simon Horman July 5, 2024, 3:21 p.m. UTC | #2
On Fri, Jul 05, 2024 at 03:54:59PM +0200, Przemek Kitszel wrote:
> On 7/5/24 15:41, Simon Horman wrote:
> > Pass union tls_crypto_context pointer, rather than struct
> > tls_crypto_info pointer, to memzero_explicit().
> > 
> > The address of the pointer is the same before and after.
> > But the new construct means that the size of the dereferenced pointer type
> > matches the size being zeroed. Which aids static analysis.
> > 
> > As reported by Smatch:
> > 
> >    .../tls_main.c:842 do_tls_setsockopt_conf() error: memzero_explicit() 'crypto_info' too small (4 vs 56)
> > 
> > No functional change intended.
> > Compile tested only.
> > 
> > Signed-off-by: Simon Horman <horms@kernel.org>
> 
> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
> one small nitpick only

...

> > @@ -710,7 +713,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> >   	return 0;
> >   err_crypto_info:
> > -	memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
> > +	memzero_explicit(crypto_ctx, sizeof(union tls_crypto_context));
> 
> nit: That's a good fix to aid static analyzers, and reviewers.
> Now it's also easy to follow the standard style and pass
> sizeof(*crypto_ctx) instead of the type.

Thanks, that is a good suggestion.
I'll incorporate it in a v2.
diff mbox series

Patch

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 90b7f253d363..e712b2faeb81 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -616,6 +616,7 @@  static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
 	struct tls_crypto_info *alt_crypto_info;
 	struct tls_context *ctx = tls_get_ctx(sk);
 	const struct tls_cipher_desc *cipher_desc;
+	union tls_crypto_context *crypto_ctx;
 	int rc = 0;
 	int conf;
 
@@ -623,13 +624,15 @@  static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
 		return -EINVAL;
 
 	if (tx) {
-		crypto_info = &ctx->crypto_send.info;
+		crypto_ctx = &ctx->crypto_send;
 		alt_crypto_info = &ctx->crypto_recv.info;
 	} else {
-		crypto_info = &ctx->crypto_recv.info;
+		crypto_ctx = &ctx->crypto_recv;
 		alt_crypto_info = &ctx->crypto_send.info;
 	}
 
+	crypto_info = &crypto_ctx->info;
+
 	/* Currently we don't support set crypto info more than one time */
 	if (TLS_CRYPTO_INFO_READY(crypto_info))
 		return -EBUSY;
@@ -710,7 +713,7 @@  static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
 	return 0;
 
 err_crypto_info:
-	memzero_explicit(crypto_info, sizeof(union tls_crypto_context));
+	memzero_explicit(crypto_ctx, sizeof(union tls_crypto_context));
 	return rc;
 }