| Message ID | 300a0376-f003-4862-bb16-7e004733c9c1@web.de (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | lib: Extending support for scope-based resource management | expand |
Hi Markus,
kernel test robot noticed the following build warnings:
[auto build test WARNING on akpm-mm/mm-nonmm-unstable]
[also build test WARNING on herbert-crypto-2.6/master herbert-cryptodev-2.6/master linus/master v6.12-rc3 next-20241015]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Markus-Elfring/crypto-lib-mpi-Extend-support-for-scope-based-resource-management/20241012-231156
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-nonmm-unstable
patch link: https://lore.kernel.org/r/300a0376-f003-4862-bb16-7e004733c9c1%40web.de
patch subject: [PATCH v3 2/3] lib/digsig: Use scope-based resource management for two MPI variables in digsig_verify_rsa()
config: arm-randconfig-002-20241016 (https://download.01.org/0day-ci/archive/20241016/202410160438.SOIZeFku-lkp@intel.com/config)
compiler: clang version 20.0.0git (https://github.com/llvm/llvm-project 70e0a7e7e6a8541bcc46908c592eed561850e416)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241016/202410160438.SOIZeFku-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202410160438.SOIZeFku-lkp@intel.com/
All warnings (new ones prefixed by >>):
In file included from lib/digsig.c:25:
In file included from include/linux/mpi.h:21:
In file included from include/linux/scatterlist.h:8:
In file included from include/linux/mm.h:2213:
include/linux/vmstat.h:518:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
518 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
| ~~~~~~~~~~~ ^ ~~~
>> lib/digsig.c:176:3: warning: label at end of compound statement is a C23 extension [-Wc23-extensions]
176 | }
| ^
lib/digsig.c:178:2: warning: label at end of compound statement is a C23 extension [-Wc23-extensions]
178 | }
| ^
3 warnings generated.
vim +176 lib/digsig.c
16
17 #include <linux/err.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/key.h>
21 #include <linux/crypto.h>
22 #include <crypto/hash.h>
23 #include <crypto/sha1.h>
24 #include <keys/user-type.h>
> 25 #include <linux/mpi.h>
26 #include <linux/digsig.h>
27
28 static struct crypto_shash *shash;
29
30 static const char *pkcs_1_v1_5_decode_emsa(const unsigned char *msg,
31 unsigned long msglen,
32 unsigned long modulus_bitlen,
33 unsigned long *outlen)
34 {
35 unsigned long modulus_len, ps_len, i;
36
37 modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
38
39 /* test message size */
40 if ((msglen > modulus_len) || (modulus_len < 11))
41 return NULL;
42
43 /* separate encoded message */
44 if (msg[0] != 0x00 || msg[1] != 0x01)
45 return NULL;
46
47 for (i = 2; i < modulus_len - 1; i++)
48 if (msg[i] != 0xFF)
49 break;
50
51 /* separator check */
52 if (msg[i] != 0)
53 /* There was no octet with hexadecimal value 0x00
54 to separate ps from m. */
55 return NULL;
56
57 ps_len = i - 2;
58
59 *outlen = (msglen - (2 + ps_len + 1));
60
61 return msg + 2 + ps_len + 1;
62 }
63
64 /*
65 * RSA Signature verification with public key
66 */
67 static int digsig_verify_rsa(struct key *key,
68 const char *sig, int siglen,
69 const char *h, int hlen)
70 {
71 int err = -EINVAL;
72 unsigned long len;
73 unsigned long mlen, mblen;
74 unsigned int l;
75 int head, i;
76 unsigned char *out1 = NULL;
77 const char *m;
78 MPI pkey[2];
79 uint8_t *p, *datap;
80 const uint8_t *endp;
81 const struct user_key_payload *ukp;
82 struct pubkey_hdr *pkh;
83
84 down_read(&key->sem);
85 ukp = user_key_payload_locked(key);
86
87 if (!ukp) {
88 /* key was revoked before we acquired its semaphore */
89 err = -EKEYREVOKED;
90 goto err1;
91 }
92
93 if (ukp->datalen < sizeof(*pkh))
94 goto err1;
95
96 pkh = (struct pubkey_hdr *)ukp->data;
97
98 if (pkh->version != 1)
99 goto err1;
100
101 if (pkh->algo != PUBKEY_ALGO_RSA)
102 goto err1;
103
104 if (pkh->nmpi != 2)
105 goto err1;
106
107 datap = pkh->mpi;
108 endp = ukp->data + ukp->datalen;
109
110 for (i = 0; i < pkh->nmpi; i++) {
111 unsigned int remaining = endp - datap;
112 pkey[i] = mpi_read_from_buffer(datap, &remaining);
113 if (IS_ERR(pkey[i])) {
114 err = PTR_ERR(pkey[i]);
115 goto free_keys;
116 }
117 datap += remaining;
118 }
119
120 mblen = mpi_get_nbits(pkey[0]);
121 mlen = DIV_ROUND_UP(mblen, 8);
122
123 if (mlen == 0) {
124 err = -EINVAL;
125 goto free_keys;
126 }
127
128 err = -ENOMEM;
129
130 out1 = kzalloc(mlen, GFP_KERNEL);
131 if (!out1)
132 goto free_keys;
133
134 {
135 unsigned int nret = siglen;
136 MPI in __free(mpi_free) = mpi_read_from_buffer(sig, &nret);
137
138 if (IS_ERR(in)) {
139 err = PTR_ERR(in);
140 goto in_exit;
141 }
142
143 {
144 MPI res __free(mpi_free) = mpi_alloc(mpi_get_nlimbs(in) * 2);
145
146 if (!res)
147 goto res_exit;
148
149 err = mpi_powm(res, in, pkey[1], pkey[0]);
150 if (err)
151 goto res_exit;
152
153 if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
154 err = -EINVAL;
155 goto res_exit;
156 }
157
158 p = mpi_get_buffer(res, &l, NULL);
159 if (!p) {
160 err = -EINVAL;
161 goto res_exit;
162 }
163
164 len = mlen;
165 head = len - l;
166 memset(out1, 0, head);
167 memcpy(out1 + head, p, l);
168
169 kfree(p);
170
171 m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
172
173 if (!m || len != hlen || memcmp(m, h, hlen))
174 err = -EINVAL;
175 res_exit:
> 176 }
177 in_exit:
178 }
179
180 kfree(out1);
181 free_keys:
182 while (--i >= 0)
183 mpi_free(pkey[i]);
184 err1:
185 up_read(&key->sem);
186
187 return err;
188 }
189
Hi Markus,
kernel test robot noticed the following build errors:
[auto build test ERROR on akpm-mm/mm-nonmm-unstable]
[also build test ERROR on herbert-crypto-2.6/master herbert-cryptodev-2.6/master linus/master v6.12-rc3 next-20241016]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Markus-Elfring/crypto-lib-mpi-Extend-support-for-scope-based-resource-management/20241012-231156
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-nonmm-unstable
patch link: https://lore.kernel.org/r/300a0376-f003-4862-bb16-7e004733c9c1%40web.de
patch subject: [PATCH v3 2/3] lib/digsig: Use scope-based resource management for two MPI variables in digsig_verify_rsa()
config: hexagon-randconfig-r064-20241016 (https://download.01.org/0day-ci/archive/20241016/202410161914.lY62TWL3-lkp@intel.com/config)
compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20241016/202410161914.lY62TWL3-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202410161914.lY62TWL3-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from lib/digsig.c:25:
In file included from include/linux/mpi.h:21:
In file included from include/linux/scatterlist.h:9:
In file included from arch/hexagon/include/asm/io.h:328:
include/asm-generic/io.h:548:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:561:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) ((__force __u16)(__le16)(x))
^
In file included from lib/digsig.c:25:
In file included from include/linux/mpi.h:21:
In file included from include/linux/scatterlist.h:9:
In file included from arch/hexagon/include/asm/io.h:328:
include/asm-generic/io.h:574:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
^
In file included from lib/digsig.c:25:
In file included from include/linux/mpi.h:21:
In file included from include/linux/scatterlist.h:9:
In file included from arch/hexagon/include/asm/io.h:328:
include/asm-generic/io.h:585:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:595:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:605:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
>> lib/digsig.c:176:3: error: expected statement
}
^
lib/digsig.c:178:2: error: expected statement
}
^
6 warnings and 2 errors generated.
vim +176 lib/digsig.c
63
64 /*
65 * RSA Signature verification with public key
66 */
67 static int digsig_verify_rsa(struct key *key,
68 const char *sig, int siglen,
69 const char *h, int hlen)
70 {
71 int err = -EINVAL;
72 unsigned long len;
73 unsigned long mlen, mblen;
74 unsigned int l;
75 int head, i;
76 unsigned char *out1 = NULL;
77 const char *m;
78 MPI pkey[2];
79 uint8_t *p, *datap;
80 const uint8_t *endp;
81 const struct user_key_payload *ukp;
82 struct pubkey_hdr *pkh;
83
84 down_read(&key->sem);
85 ukp = user_key_payload_locked(key);
86
87 if (!ukp) {
88 /* key was revoked before we acquired its semaphore */
89 err = -EKEYREVOKED;
90 goto err1;
91 }
92
93 if (ukp->datalen < sizeof(*pkh))
94 goto err1;
95
96 pkh = (struct pubkey_hdr *)ukp->data;
97
98 if (pkh->version != 1)
99 goto err1;
100
101 if (pkh->algo != PUBKEY_ALGO_RSA)
102 goto err1;
103
104 if (pkh->nmpi != 2)
105 goto err1;
106
107 datap = pkh->mpi;
108 endp = ukp->data + ukp->datalen;
109
110 for (i = 0; i < pkh->nmpi; i++) {
111 unsigned int remaining = endp - datap;
112 pkey[i] = mpi_read_from_buffer(datap, &remaining);
113 if (IS_ERR(pkey[i])) {
114 err = PTR_ERR(pkey[i]);
115 goto free_keys;
116 }
117 datap += remaining;
118 }
119
120 mblen = mpi_get_nbits(pkey[0]);
121 mlen = DIV_ROUND_UP(mblen, 8);
122
123 if (mlen == 0) {
124 err = -EINVAL;
125 goto free_keys;
126 }
127
128 err = -ENOMEM;
129
130 out1 = kzalloc(mlen, GFP_KERNEL);
131 if (!out1)
132 goto free_keys;
133
134 {
135 unsigned int nret = siglen;
136 MPI in __free(mpi_free) = mpi_read_from_buffer(sig, &nret);
137
138 if (IS_ERR(in)) {
139 err = PTR_ERR(in);
140 goto in_exit;
141 }
142
143 {
144 MPI res __free(mpi_free) = mpi_alloc(mpi_get_nlimbs(in) * 2);
145
146 if (!res)
147 goto res_exit;
148
149 err = mpi_powm(res, in, pkey[1], pkey[0]);
150 if (err)
151 goto res_exit;
152
153 if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) {
154 err = -EINVAL;
155 goto res_exit;
156 }
157
158 p = mpi_get_buffer(res, &l, NULL);
159 if (!p) {
160 err = -EINVAL;
161 goto res_exit;
162 }
163
164 len = mlen;
165 head = len - l;
166 memset(out1, 0, head);
167 memcpy(out1 + head, p, l);
168
169 kfree(p);
170
171 m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
172
173 if (!m || len != hlen || memcmp(m, h, hlen))
174 err = -EINVAL;
175 res_exit:
> 176 }
177 in_exit:
178 }
179
180 kfree(out1);
181 free_keys:
182 while (--i >= 0)
183 mpi_free(pkey[i]);
184 err1:
185 up_read(&key->sem);
186
187 return err;
188 }
189
diff --git a/lib/digsig.c b/lib/digsig.c index 04b5e55ed95f..2481120094ab 100644 --- a/lib/digsig.c +++ b/lib/digsig.c @@ -71,11 +71,11 @@ static int digsig_verify_rsa(struct key *key, int err = -EINVAL; unsigned long len; unsigned long mlen, mblen; - unsigned nret, l; + unsigned int l; int head, i; unsigned char *out1 = NULL; const char *m; - MPI in = NULL, res = NULL, pkey[2]; + MPI pkey[2]; uint8_t *p, *datap; const uint8_t *endp; const struct user_key_payload *ukp; @@ -112,7 +112,7 @@ static int digsig_verify_rsa(struct key *key, pkey[i] = mpi_read_from_buffer(datap, &remaining); if (IS_ERR(pkey[i])) { err = PTR_ERR(pkey[i]); - goto err; + goto free_keys; } datap += remaining; } @@ -122,57 +122,63 @@ static int digsig_verify_rsa(struct key *key, if (mlen == 0) { err = -EINVAL; - goto err; + goto free_keys; } err = -ENOMEM; out1 = kzalloc(mlen, GFP_KERNEL); if (!out1) - goto err; + goto free_keys; - nret = siglen; - in = mpi_read_from_buffer(sig, &nret); - if (IS_ERR(in)) { - err = PTR_ERR(in); - goto err; - } + { + unsigned int nret = siglen; + MPI in __free(mpi_free) = mpi_read_from_buffer(sig, &nret); - res = mpi_alloc(mpi_get_nlimbs(in) * 2); - if (!res) - goto err; + if (IS_ERR(in)) { + err = PTR_ERR(in); + goto in_exit; + } - err = mpi_powm(res, in, pkey[1], pkey[0]); - if (err) - goto err; + { + MPI res __free(mpi_free) = mpi_alloc(mpi_get_nlimbs(in) * 2); - if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) { - err = -EINVAL; - goto err; - } + if (!res) + goto res_exit; - p = mpi_get_buffer(res, &l, NULL); - if (!p) { - err = -EINVAL; - goto err; - } + err = mpi_powm(res, in, pkey[1], pkey[0]); + if (err) + goto res_exit; - len = mlen; - head = len - l; - memset(out1, 0, head); - memcpy(out1 + head, p, l); + if (mpi_get_nlimbs(res) * BYTES_PER_MPI_LIMB > mlen) { + err = -EINVAL; + goto res_exit; + } - kfree(p); + p = mpi_get_buffer(res, &l, NULL); + if (!p) { + err = -EINVAL; + goto res_exit; + } - m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len); + len = mlen; + head = len - l; + memset(out1, 0, head); + memcpy(out1 + head, p, l); - if (!m || len != hlen || memcmp(m, h, hlen)) - err = -EINVAL; + kfree(p); + + m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len); + + if (!m || len != hlen || memcmp(m, h, hlen)) + err = -EINVAL; +res_exit: + } +in_exit: + } -err: - mpi_free(in); - mpi_free(res); kfree(out1); +free_keys: while (--i >= 0) mpi_free(pkey[i]); err1: