Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp331826rdg;
        Tue, 10 Oct 2023 11:29:21 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFLSh12GZgRbhg8aVU/A3u30WegcOmGxY16eYoAEQ5p1E4WuMkiTpWu5TqS0PPYOkHIjNYB
X-Received: by 2002:a05:6358:4311:b0:13a:4120:ce2e with SMTP id r17-20020a056358431100b0013a4120ce2emr17982723rwc.20.1696962561047;
        Tue, 10 Oct 2023 11:29:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696962561; cv=none;
        d=google.com; s=arc-20160816;
        b=ZDZY4B9hiOqZ2SJzDm9VFTyorm75YBlMQOb9YfO3y+U8X2+bflvM59XdBVI1w+uk0T
         M2EzeUqZshlQoD3cRDbz2X3uNEocz5VJ8XGSI0olGufe0QvfRWtv/TarnbTFS/0gNc54
         CRqBHihn4iYWqireeJuIt7Hs+5VhCu+n5xKCEyFWZIfUGk/j4iyC7vbaVmobw96ZwmRj
         PqOjsTIAcUTlrO0YrOdNht287fQSBegYaZtXqnpE/8Ol4SBKs31+Xrzn7Eg81FRzn5gr
         hMcad+7WjT9gmlgKZFFrLRZVAn1PrSYIJg6LBVcZkXxiuJqg2ZgEEGe6aixCeos8jDel
         AOEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=3MMknBzgIfNoTzZSRTfijrObIQYsZ5aDutyDdN6x4cs=;
        fh=nDumsva7RNeqtypnVt0ObH3sWclc8it08LmkYtgrd+k=;
        b=L8qj+hjMnXZmOKfhmb38XMeNWWVJ76yhGSiKYaIoVtzHzFm46FQ1ypkVVQZ6dFsJis
         UwU+nohLOQcDHNRKmreSKQ7tVrb6yB7uKcJFFOMIu4n13MbXD5lxCe1lXEJQmEJugJSM
         Hp/akGxnC0Q7CywZ93RrTmxg6I16XlVm3J9PioqGd3+fzXoc1fcyrvLRfCcdacM6EZAZ
         SY1R5YQHgR6mseN8CXnfhFh7mVoA062uuEdXVEVCevXv7AKn36ZxNaImrbZRJg+ijj1H
         VdG3sEDlJzGhAihGnlt2pWhJOrGsZRp6sMT3he8uFLSZkygcgze+Eh83nnXCJ6/6p0Sb
         XXNg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b="e55G/scP";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
        by mx.google.com with ESMTPS id p13-20020a056a000a0d00b0068fb6fc3ff1si10692505pfh.209.2023.10.10.11.29.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Oct 2023 11:29:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b="e55G/scP";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id C3284802091E;
	Tue, 10 Oct 2023 11:29:18 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343545AbjJJS3L (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Tue, 10 Oct 2023 14:29:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37038 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232809AbjJJS3K (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 10 Oct 2023 14:29:10 -0400
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3ED7C9D
        for <linux-kernel@vger.kernel.org>; Tue, 10 Oct 2023 11:29:09 -0700 (PDT)
Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-9ad8a822508so1092905966b.0
        for <linux-kernel@vger.kernel.org>; Tue, 10 Oct 2023 11:29:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google; t=1696962547; x=1697567347; darn=vger.kernel.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=3MMknBzgIfNoTzZSRTfijrObIQYsZ5aDutyDdN6x4cs=;
        b=e55G/scPCQ8vVPQsNbMc6NkJ3/S05qZhg4z18EW+UfZrGTNDT+zvWdPE7/dKtkYz/0
         7no6vQ5Dn1sG+/qN+NCbLuNmitdkVLT9ltM0iokBQ1aAi2d/m/4Yc5nOKWZ1ZsAQR68N
         LvMbpWrATqqWsjgxg6IN8CtaRUlMi1tIEr4aM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1696962547; x=1697567347;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=3MMknBzgIfNoTzZSRTfijrObIQYsZ5aDutyDdN6x4cs=;
        b=HIvIzCa9X4S6/lGaWlwlkjGoIcDLpxgsiNlNeKqvnnHoLF7ta4WszE5tlIq5OGQija
         k1sNUMLrumibWzl4MdjN5ynceBuooVlfZ1bV42i40diIgJQsbDklubpRAzfJMYF3VJgA
         eU+cR7UJaBvHstAS5zo/UrsiBI3Xr785VFQkaiu78leTfT8g1wFvwI7IKV8GRKqQjeaR
         tSNxE7PNE3lAy5trZilP6lmHJ5/VMTh1GWhMo4diGpMv3uxrHxQgzIOOAqGsLDnHVWdz
         vZBLjjyYOD3IKpNjwYAdZ6YCogXrFv6/H4H3OJiM4DLgrQe1NtF3Q1oMFfqPpxbrhkXD
         Z9Zg==
X-Gm-Message-State: AOJu0YxmklVTgMfBwuqUD3uXZG2Nkpve7vjmED+6OYbxdB6ZGl2nwWWS
        W5IyCn2+5WVTBjxD5eLfr3GP3JYMQO/zrqCOMSNHyVPk
X-Received: by 2002:a17:906:5188:b0:9ad:e7d8:1e26 with SMTP id y8-20020a170906518800b009ade7d81e26mr16545188ejk.57.1696962547547;
        Tue, 10 Oct 2023 11:29:07 -0700 (PDT)
Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com. [209.85.218.49])
        by smtp.gmail.com with ESMTPSA id l12-20020a170906078c00b00992b510089asm8673296ejc.84.2023.10.10.11.29.06
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 10 Oct 2023 11:29:06 -0700 (PDT)
Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-99bdeae1d0aso1090450566b.1
        for <linux-kernel@vger.kernel.org>; Tue, 10 Oct 2023 11:29:06 -0700 (PDT)
X-Received: by 2002:a17:906:53:b0:9b2:be4e:4940 with SMTP id
 19-20020a170906005300b009b2be4e4940mr16536884ejg.61.1696962546177; Tue, 10
 Oct 2023 11:29:06 -0700 (PDT)
MIME-Version: 1.0
References: <20231006051801.423973-1-sumit.garg@linaro.org>
In-Reply-To: <20231006051801.423973-1-sumit.garg@linaro.org>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Tue, 10 Oct 2023 11:28:49 -0700
X-Gmail-Original-Message-ID: <CAHk-=whOPoLaWM8S8GgoOPT7a2+nMH5h3TLKtn=R_3w4R1_Uvg@mail.gmail.com>
Message-ID: <CAHk-=whOPoLaWM8S8GgoOPT7a2+nMH5h3TLKtn=R_3w4R1_Uvg@mail.gmail.com>
Subject: Re: [PATCH v2] KEYS: trusted: Remove redundant static calls usage
To:     Sumit Garg <sumit.garg@linaro.org>,
        David Howells <dhowells@redhat.com>
Cc:     jarkko@kernel.org, peterz@infradead.org, zohar@linux.ibm.com,
        linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
        jejb@linux.ibm.com, David.Kaplan@amd.com, bp@alien8.de,
        mingo@kernel.org, x86@kernel.org, regressions@leemhuis.info,
        Hyeonggon Yoo <42.hyeyoo@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 10 Oct 2023 11:29:18 -0700 (PDT)
X-Spam-Level: **

On Thu, 5 Oct 2023 at 22:18, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> Static calls invocations aren't well supported from module __init and
> __exit functions. Especially the static call from cleanup_trusted() led
> to a crash on x86 kernel with CONFIG_DEBUG_VIRTUAL=y.
>
> However, the usage of static call invocations for trusted_key_init()
> and trusted_key_exit() don't add any value from either a performance or
> security perspective. Hence switch to use indirect function calls instead.

I applied this patch to my tree, since it is a fix for the issue, and
doesn't change any logic otherwise.

However, I do note that the code logic is completely broken. It was
broken before too, and apparently causes no problems, but it's still
wrong.

That's a separate issue, and would want a separate patch, but since I
noticed it when applying this one, I'm replying here:

> +               trusted_key_exit = trusted_key_sources[i].ops->exit;
>                 migratable = trusted_key_sources[i].ops->migratable;
>
> -               ret = static_call(trusted_key_init)();
> +               ret = trusted_key_sources[i].ops->init();
>                 if (!ret)
>                         break;

Note how this sets "trusted_key_exit" even when the ->init() function fails.

Then we potentially do the module exit:

>  static void __exit cleanup_trusted(void)
>  {
> -       static_call_cond(trusted_key_exit)();
> +       if (trusted_key_exit)
> +               (*trusted_key_exit)();
>  }

With an exit function that doesn't match a successful init() call.

Now, *normally* this isn't a problem, because if the init() call
fails, we'll go on to the next one, and if they *all* fail, we'll fail
the module load, and we obviously won't call the cleanup_trusted()
function at all.

EXCEPT.

We have this:

        /*
         * encrypted_keys.ko depends on successful load of this module even if
         * trusted key implementation is not found.
         */
        if (ret == -ENODEV)
                return 0;

so that init() may actually have failed, and we still succeed in
loading the module, and now we will call that exit function to clean
up something that was never successfully done.

This hopefully doesn't matter in practice, and the cleanup function
will just not do anything, but it is illogical and inconsistent. So I
think it should be fixed. But as mentioned, this is a separate issue
from the whole "you currently can't do static calls from __exit
functions" issue.

                  Linus