Re: [PATCH 11/12] nvmet-auth: Diffie-Hellman key exchange support

Sunday, 12 September 2021

Hi Hannes,

I love your patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[also build test WARNING on v5.14 next-20210910]
[cannot apply to cryptodev/master crypto/master linux-nvme/for-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:   
https://github.com/0day-ci/linux/commits/Hannes-Reinecke/nvme-In-band-aut...
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
bf9f243f23e6623f310ba03fbb14e10ec3a61290
config: powerpc-randconfig-s032-20210911 (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 11.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.4-dirty
        #
https://github.com/0day-ci/linux/commit/3439accdd50a505d2d15d42f298b5e2d7...
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review
Hannes-Reinecke/nvme-In-band-authentication-support/20210910-144627
        git checkout 3439accdd50a505d2d15d42f298b5e2d727a5607
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1
CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=powerpc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp(a)intel.com&gt;

sparse warnings: (new ones prefixed by >>)
   drivers/nvme/target/fabrics-cmd-auth.c:20:30: sparse: sparse: invalid assignment: |=
   drivers/nvme/target/fabrics-cmd-auth.c:20:30: sparse:    left side has type restricted
__le32
   drivers/nvme/target/fabrics-cmd-auth.c:20:30: sparse:    right side has type int
...
> drivers/nvme/target/fabrics-cmd-auth.c:108:49: sparse: sparse:
incorrect type in argument 3 (different base types) @@     expected int buf_size @@    
got restricted __le16 [usertype] dhvlen @@   
drivers/nvme/target/fabrics-cmd-auth.c:108:49: sparse:     expected int buf_size
   drivers/nvme/target/fabrics-cmd-auth.c:108:49: sparse:     got restricted __le16
[usertype] dhvlen
...
> drivers/nvme/target/fabrics-cmd-auth.c:344:30: sparse: sparse:
incorrect type in assignment (different base types) @@     expected restricted __le16
[usertype] dhvlen @@     got unsigned int [usertype] dh_keysize @@   
drivers/nvme/target/fabrics-cmd-auth.c:344:30: sparse:     expected restricted __le16
[usertype] dhvlen
   drivers/nvme/target/fabrics-cmd-auth.c:344:30: sparse:     got unsigned int [usertype]
dh_keysize
   drivers/nvme/target/fabrics-cmd-auth.c:346:55: sparse: sparse: incorrect type in
argument 3 (different base types) @@     expected int buf_size @@     got restricted
__le16 [usertype] dhvlen @@
   drivers/nvme/target/fabrics-cmd-auth.c:346:55: sparse:     expected int buf_size
   drivers/nvme/target/fabrics-cmd-auth.c:346:55: sparse:     got restricted __le16
[usertype] dhvlen
   drivers/nvme/target/fabrics-cmd-auth.c:383:20: sparse: sparse: incorrect type in
assignment (different base types) @@     expected restricted __le16 [usertype] t_id @@    
got restricted __le32 [usertype] @@
   drivers/nvme/target/fabrics-cmd-auth.c:383:20: sparse:     expected restricted __le16
[usertype] t_id
   drivers/nvme/target/fabrics-cmd-auth.c:383:20: sparse:     got restricted __le32
[usertype]

vim +108 drivers/nvme/target/fabrics-cmd-auth.c

    14	
    15	void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req)
    16	{
    17		/* Initialize in-band authentication */
    18		req->sq->authenticated = false;
    19		req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
...
 20		req->cqe->result.u32 |= 0x2 << 16;     21	}
    22	
    23	static u16 nvmet_auth_negotiate(struct nvmet_req *req, void *d)
    24	{
    25		struct nvmet_ctrl *ctrl = req->sq->ctrl;
    26		struct nvmf_auth_dhchap_negotiate_data *data = d;
    27		int i, hash_id, null_dh = -1;
    28	
    29		pr_debug("%s: ctrl %d qid %d: data sc_d %d napd %d authid %d halen %d dhlen
%d\n",
    30			 __func__, ctrl->cntlid, req->sq->qid,
    31			 data->sc_c, data->napd, data->auth_protocol[0].dhchap.authid,
    32			 data->auth_protocol[0].dhchap.halen,
    33			 data->auth_protocol[0].dhchap.dhlen);
    34		req->sq->dhchap_tid = le16_to_cpu(data->t_id);
    35		if (data->sc_c)
    36			return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    37	
    38		if (data->napd != 1)
    39			return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
    40	
    41		if (data->auth_protocol[0].dhchap.authid !=
    42		    NVME_AUTH_DHCHAP_AUTH_ID)
    43			return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
    44	
    45		hash_id = 0;
    46		for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) {
    47			if (ctrl->shash_id != data->auth_protocol[0].dhchap.idlist[i])
    48				continue;
    49			hash_id = ctrl->shash_id;
    50			break;
    51		}
    52		if (hash_id == 0) {
    53			pr_debug("%s: ctrl %d qid %d: no usable hash found\n",
    54				 __func__, ctrl->cntlid, req->sq->qid);
    55			return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
    56		}
    57	
    58		for (i = data->auth_protocol[0].dhchap.halen;
    59		     i < data->auth_protocol[0].dhchap.halen +
    60			     data->auth_protocol[0].dhchap.dhlen; i++) {
    61			int dhgid = data->auth_protocol[0].dhchap.idlist[i];
    62	
    63			if (dhgid == NVME_AUTH_DHCHAP_DHGROUP_NULL) {
    64				null_dh = dhgid;
    65				continue;
    66			}
    67			if (ctrl->dh_tfm && ctrl->dh_gid == dhgid) {
    68				pr_debug("%s: ctrl %d qid %d: reusing existing DH group %d\n",
    69					 __func__, ctrl->cntlid, req->sq->qid, dhgid);
    70				break;
    71			}
    72			if (nvmet_setup_dhgroup(ctrl, dhgid) < 0)
    73				continue;
    74			if (nvme_auth_gen_privkey(ctrl->dh_tfm, dhgid) == 0)
    75				break;
    76			crypto_free_kpp(ctrl->dh_tfm);
    77			ctrl->dh_tfm = NULL;
    78			ctrl->dh_gid = 0;
    79		}
    80		if (!ctrl->dh_tfm && null_dh < 0) {
    81			pr_debug("%s: ctrl %d qid %d: no DH group selected\n",
    82				 __func__, ctrl->cntlid, req->sq->qid);
    83			return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
    84		}
    85		pr_debug("%s: ctrl %d qid %d: DH group %s (%d)\n",
    86			 __func__, ctrl->cntlid, req->sq->qid,
    87			 nvme_auth_dhgroup_name(ctrl->dh_gid), ctrl->dh_gid);
    88		return 0;
    89	}
    90	
    91	static u16 nvmet_auth_reply(struct nvmet_req *req, void *d)
    92	{
    93		struct nvmet_ctrl *ctrl = req->sq->ctrl;
    94		struct nvmf_auth_dhchap_reply_data *data = d;
    95		int hash_len = crypto_shash_digestsize(ctrl->shash_tfm);
    96		u8 *response;
    97	
    98		pr_debug("%s: ctrl %d qid %d: data hl %d cvalid %d dhvlen %d\n",
    99			 __func__, ctrl->cntlid, req->sq->qid,
   100			 data->hl, data->cvalid, data->dhvlen);
   101		if (data->hl != hash_len)
   102			return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
   103	
   104		if (data->dhvlen) {
   105			if (!ctrl->dh_tfm)
   106				return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
   107			if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl,
...
 108						    data->dhvlen) < 0)    109				return
NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
   110		}
   111	
   112		response = kmalloc(data->hl, GFP_KERNEL);
   113		if (!response)
   114			return NVME_AUTH_DHCHAP_FAILURE_FAILED;
   115	
   116		if (nvmet_auth_host_hash(req, response, data->hl) < 0) {
   117			pr_debug("ctrl %d qid %d DH-HMAC-CHAP hash failed\n",
   118				 ctrl->cntlid, req->sq->qid);
   119			kfree(response);
   120			return NVME_AUTH_DHCHAP_FAILURE_FAILED;
   121		}
   122	
   123		if (memcmp(data->rval, response, data->hl)) {
   124			pr_info("ctrl %d qid %d DH-HMAC-CHAP response mismatch\n",
   125				ctrl->cntlid, req->sq->qid);
   126			kfree(response);
   127			return NVME_AUTH_DHCHAP_FAILURE_FAILED;
   128		}
   129		kfree(response);
   130		pr_info("ctrl %d qid %d DH-HMAC-CHAP host authenticated\n",
   131			ctrl->cntlid, req->sq->qid);
   132		if (data->cvalid) {
   133			req->sq->dhchap_c2 = kmalloc(data->hl, GFP_KERNEL);
   134			if (!req->sq->dhchap_c2)
   135				return NVME_AUTH_DHCHAP_FAILURE_FAILED;
   136			memcpy(req->sq->dhchap_c2, data->rval + data->hl, data->hl);
   137	
   138			pr_debug("ctrl %d qid %d challenge %*ph\n",
   139				 ctrl->cntlid, req->sq->qid, data->hl,
   140				 req->sq->dhchap_c2);
   141			req->sq->dhchap_s2 = le32_to_cpu(data->seqnum);
   142		} else
   143			req->sq->dhchap_c2 = NULL;
   144	
   145		return 0;
   146	}
   147	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

2022

2021

2020

2019