From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: "open list, ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
david <david@sigma-star.at>, David Howells <dhowells@redhat.com>,
davem <davem@davemloft.net>, festevam <festevam@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
James Bottomley <jejb@linux.ibm.com>,
James Morris <jmorris@namei.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>, linux-imx <linux-imx@nxp.com>,
kernel <kernel@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
"Serge E. Hallyn" <serge@hallyn.com>,
shawnguo <shawnguo@kernel.org>
Subject: Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys
Date: Wed, 14 Jul 2021 13:01:11 +0200 [thread overview]
Message-ID: <efa704fa-7817-7654-7664-447fa56e5ab2@pengutronix.de> (raw)
In-Reply-To: <1409091619.25467.1626259183269.JavaMail.zimbra@nod.at>
Hi,
On 14.07.21 12:39, Richard Weinberger wrote:
> Ahmad,
>
> ----- Ursprüngliche Mail -----
>> Von: "Ahmad Fatoum" <a.fatoum@pengutronix.de>
>> Let's trade reviews to get the ball rolling?
>
> Sounds like a fair deal. :-)
:)
> [...]
>
>>> --- a/drivers/crypto/mxs-dcp.c
>>> +++ b/drivers/crypto/mxs-dcp.c
>>> @@ -15,6 +15,7 @@
>>> #include <linux/platform_device.h>
>>> #include <linux/stmp_device.h>
>>> #include <linux/clk.h>
>>> +#include <linux/mxs-dcp.h>
>>
>> The CAAM specific headers are in <soc/fsl/*.h>.
>> Should this be done likewise here as well?
>
> I have no preferences. If soc/fsl/ is the way to go, fine by me.
I think it's the more appropriate place, but if the maintainers
are fine with <linux/mxs-dcp.h>, I don't mind.
>
> [...]
>
>>> @@ -219,15 +224,18 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
>>> struct dcp *sdcp = global_sdcp;
>>> struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan];
>>> struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);
>>> + dma_addr_t src_phys, dst_phys, key_phys = {0};
>>
>> Why = {0}; ? dma_addr_t is a scalar type and the value is always
>> written here before access.
>
> Initializing a scalar with {} is allowed in C, the braces are optional.
> I like the braces because it works even when the underlaying type changes.
> But that's just a matter of taste.
>
> key_phys is initialized because it triggered a false positive gcc warning
> on one of my targets. Let me re-run again to be sure, the code saw a lot of
> refactoring since that.
>
> [...]
>
>>> +static int mxs_dcp_aes_setrefkey(struct crypto_skcipher *tfm, const u8 *key,
>>> + unsigned int len)
>>> +{
>>> + struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm);
>>> + int ret = -EINVAL;
>>> +
>>> + if (len != DCP_PAES_KEYSIZE)
>>> + goto out;
>>
>> Nitpick: there is no cleanup, so why not return -EINVAL here
>> and unconditionally return 0 below?
>
> What is the benefit?
Similar to why you wouldn't write:
if (len == DCP_PAES_KEYSIZE) {
/* longer code block */
}
return ret;
Code is easier to scan through with early-exits.
> Usually I try to use goto to have a single exit point of a function
> but I don't have a strong preference...
It's just a nitpick. I am fine with it either way.
>>> +
>>> + actx->key_len = len;
>>> + actx->refkey = true;
>>> +
>>> + switch (key[0]) {
>>> + case DCP_PAES_KEY_SLOT0:
>>> + case DCP_PAES_KEY_SLOT1:
>>> + case DCP_PAES_KEY_SLOT2:
>>> + case DCP_PAES_KEY_SLOT3:
>>> + case DCP_PAES_KEY_UNIQUE:
>>> + case DCP_PAES_KEY_OTP:
>>> + memcpy(actx->key, key, len);
>>> + ret = 0;
>>> + }
>>
>> In the error case you return -EINVAL below, but you still write
>> into actx. Is that intentional?
>
> You mean acts->key_len and actk->refkey?
> Is this a problem?
It's easier to reason about code when it doesn't leave objects
it operates on in invalid states on failure. Changing key_len,
but leaving actx->key uninitialized is surprising IMO.
I can't judge whether this is a problem in practice, but less
surprises are a worthwhile goal.
Cheers,
Ahmad
>
> Thanks,
> //richard
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
WARNING: multiple messages have this Message-ID (diff)
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: "open list, ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
david <david@sigma-star.at>, David Howells <dhowells@redhat.com>,
davem <davem@davemloft.net>, festevam <festevam@gmail.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
James Bottomley <jejb@linux.ibm.com>,
James Morris <jmorris@namei.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>, linux-imx <linux-imx@nxp.com>,
kernel <kernel@pengutronix.de>,
Sascha Hauer <s.hauer@pengutronix.de>,
"Serge E. Hallyn" <serge@hallyn.com>,
shawnguo <shawnguo@kernel.org>
Subject: Re: [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys
Date: Wed, 14 Jul 2021 13:01:11 +0200 [thread overview]
Message-ID: <efa704fa-7817-7654-7664-447fa56e5ab2@pengutronix.de> (raw)
In-Reply-To: <1409091619.25467.1626259183269.JavaMail.zimbra@nod.at>
Hi,
On 14.07.21 12:39, Richard Weinberger wrote:
> Ahmad,
>
> ----- Ursprüngliche Mail -----
>> Von: "Ahmad Fatoum" <a.fatoum@pengutronix.de>
>> Let's trade reviews to get the ball rolling?
>
> Sounds like a fair deal. :-)
:)
> [...]
>
>>> --- a/drivers/crypto/mxs-dcp.c
>>> +++ b/drivers/crypto/mxs-dcp.c
>>> @@ -15,6 +15,7 @@
>>> #include <linux/platform_device.h>
>>> #include <linux/stmp_device.h>
>>> #include <linux/clk.h>
>>> +#include <linux/mxs-dcp.h>
>>
>> The CAAM specific headers are in <soc/fsl/*.h>.
>> Should this be done likewise here as well?
>
> I have no preferences. If soc/fsl/ is the way to go, fine by me.
I think it's the more appropriate place, but if the maintainers
are fine with <linux/mxs-dcp.h>, I don't mind.
>
> [...]
>
>>> @@ -219,15 +224,18 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx,
>>> struct dcp *sdcp = global_sdcp;
>>> struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan];
>>> struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);
>>> + dma_addr_t src_phys, dst_phys, key_phys = {0};
>>
>> Why = {0}; ? dma_addr_t is a scalar type and the value is always
>> written here before access.
>
> Initializing a scalar with {} is allowed in C, the braces are optional.
> I like the braces because it works even when the underlaying type changes.
> But that's just a matter of taste.
>
> key_phys is initialized because it triggered a false positive gcc warning
> on one of my targets. Let me re-run again to be sure, the code saw a lot of
> refactoring since that.
>
> [...]
>
>>> +static int mxs_dcp_aes_setrefkey(struct crypto_skcipher *tfm, const u8 *key,
>>> + unsigned int len)
>>> +{
>>> + struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm);
>>> + int ret = -EINVAL;
>>> +
>>> + if (len != DCP_PAES_KEYSIZE)
>>> + goto out;
>>
>> Nitpick: there is no cleanup, so why not return -EINVAL here
>> and unconditionally return 0 below?
>
> What is the benefit?
Similar to why you wouldn't write:
if (len == DCP_PAES_KEYSIZE) {
/* longer code block */
}
return ret;
Code is easier to scan through with early-exits.
> Usually I try to use goto to have a single exit point of a function
> but I don't have a strong preference...
It's just a nitpick. I am fine with it either way.
>>> +
>>> + actx->key_len = len;
>>> + actx->refkey = true;
>>> +
>>> + switch (key[0]) {
>>> + case DCP_PAES_KEY_SLOT0:
>>> + case DCP_PAES_KEY_SLOT1:
>>> + case DCP_PAES_KEY_SLOT2:
>>> + case DCP_PAES_KEY_SLOT3:
>>> + case DCP_PAES_KEY_UNIQUE:
>>> + case DCP_PAES_KEY_OTP:
>>> + memcpy(actx->key, key, len);
>>> + ret = 0;
>>> + }
>>
>> In the error case you return -EINVAL below, but you still write
>> into actx. Is that intentional?
>
> You mean acts->key_len and actk->refkey?
> Is this a problem?
It's easier to reason about code when it doesn't leave objects
it operates on in invalid states on failure. Changing key_len,
but leaving actx->key uninitialized is surprising IMO.
I can't judge whether this is a problem in practice, but less
surprises are a worthwhile goal.
Cheers,
Ahmad
>
> Thanks,
> //richard
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-07-14 11:01 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 20:16 [PATCH 0/3] DCP as trusted keys backend Richard Weinberger
2021-06-14 20:16 ` Richard Weinberger
2021-06-14 20:16 ` [PATCH 1/3] crypto: mxs-dcp: Add support for hardware provided keys Richard Weinberger
2021-06-14 20:16 ` Richard Weinberger
2021-06-25 12:21 ` Richard Weinberger
2021-06-25 12:21 ` Richard Weinberger
2021-06-25 12:28 ` Herbert Xu
2021-06-25 12:28 ` Herbert Xu
2021-06-25 13:12 ` Richard Weinberger
2021-06-25 13:12 ` Richard Weinberger
2021-07-14 9:24 ` Ahmad Fatoum
2021-07-14 9:24 ` Ahmad Fatoum
2021-07-14 10:39 ` Richard Weinberger
2021-07-14 10:39 ` Richard Weinberger
2021-07-14 11:01 ` Ahmad Fatoum [this message]
2021-07-14 11:01 ` Ahmad Fatoum
2021-06-14 20:16 ` [PATCH 2/3] KEYS: trusted: Introduce support for NXP DCP-based trusted keys Richard Weinberger
2021-06-14 20:16 ` Richard Weinberger
2021-07-14 9:29 ` Ahmad Fatoum
2021-07-14 9:29 ` Ahmad Fatoum
2021-07-14 10:44 ` Richard Weinberger
2021-07-14 10:44 ` Richard Weinberger
2021-07-21 17:17 ` Ahmad Fatoum
2021-07-21 17:17 ` Ahmad Fatoum
2021-06-14 20:16 ` [PATCH 3/3] doc: trusted-encrypted: add DCP as new trust source Richard Weinberger
2021-06-14 20:16 ` Richard Weinberger
2021-07-14 9:32 ` Ahmad Fatoum
2021-07-14 9:32 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efa704fa-7817-7654-7664-447fa56e5ab2@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=festevam@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=s.hauer@pengutronix.de \
--cc=serge@hallyn.com \
--cc=shawnguo@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.