Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1153909rdb; Tue, 30 Jan 2024 09:20:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0xYFB/4sn8R2p2fMSBmKaskpz3CJzizd7yD88SFPjou0WDnt0UDq+BCpgbaU4l87ghhf0 X-Received: by 2002:aa7:da84:0:b0:55f:3cb:d02e with SMTP id q4-20020aa7da84000000b0055f03cbd02emr4462960eds.16.1706635238125; Tue, 30 Jan 2024 09:20:38 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706635238; cv=pass; d=google.com; s=arc-20160816; b=qEOux0yY4MFmC6WcB6LFaFyZTDEXtU+tdzru8fsy6ZzFdzgQKxTeA9U+YUrHib5gNS ox7IUibzf4I2/zF1f/3mXqDiUfSLnwt5b9YdNa8pa1u976z6VlOvCNyuiSF29ssafleQ meYyePsp5HQ5JQa51//K/iKVOa3IuNup+Asn7+WCYbov/NODl0RXjs2Iu2Rdkj/8zn/W AJK0rqjA4JWDBypR1+8YgBcpz76xYN00hvWMym1Z3YocFxa5FHNnHoDDL0wv01hH063F z2g0EozvP7Z/5RO43FMiImII5sDuWG4fq7/saJlSwUvBqfuyqVUPxDIdIidA/qulRVVM dC/w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=O3LPLMoc9YgElnKRL7bVuyhCK8aw3RfajzrdgA5Pkws=; fh=1r14HE3iBm4GYMEj5WYr6YfDjpn2z3H13Q4DkxQ4flk=; b=HwawGSkkXYw+isMkL2fab9fDpwvhhxaJXqeTcBI+2VfGFd+5IbKUVT2RdWD0C5MeGo nvKiOpCa8zZW3sRYe497TZYZlHOtUhQrwf7BbpT0A+hFBkSt6BQcqEQ7opcxVTD6tRdo 0e78hk8IapO+7FSS9ArzEcI63OaMa/Op1pLD5RJzR/Szmpxh63rcmd8w5L7PAWWXgTgz 3BBft1V4uf4MJTX75CXtJ4iC1uBX/TbTtahN1yJmwyVQmZUmamxYNwizY5iUNOr1VX18 phtdNWAKf5qu9eernpQhyVUaOqNTCSyUbNgcmhf/8R+cdWAe+yJ33BFmol+0XSYhiuWQ Cgqw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="uB/iUg4J"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-45032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45032-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id c20-20020a50d654000000b0055f352dae85si1001411edj.185.2024.01.30.09.20.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 09:20:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-45032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="uB/iUg4J"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-45032-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-45032-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B57BD1F24B88 for ; Tue, 30 Jan 2024 17:20:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B068C129A8C; Tue, 30 Jan 2024 17:20:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uB/iUg4J" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8159364AC; Tue, 30 Jan 2024 17:20:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706635224; cv=none; b=TUqcOmtKeoKppyr2f3VspgB5WTiVuEetHanGOBFS6PSp/+KbSMRhSHCUp9Klh1FaY3CkivHFubC50VTTUJmaNrVUXTtWukUreqoWor2u3BQ9MgbpfhRu9sYUmuE8ZKoBIQoGMMT97aLEvMsUai4mxJpuAKBMaOVNNBpt7DzgfLw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706635224; c=relaxed/simple; bh=yd0LIoYb6RMZkeRHe2+uLX6chAwA3W/kYb0I/6Z7rbA=; h=Content-Type:Mime-Version:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=jFr/xRnUple4EqTVHWCqVbvDBh7jkB/LRPJhUkXE9gzNVo1x8Oly568FW8Hos9JoG1qUWDQ7gHmuCW8C45mNos6jtN1r691lcYQJpjHLVVCqAJ+mST0RoHr21p22grvSY5509JWRCXjKIjb5DxsVBEqGSNzf6IsvFmxzDTZYEGo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uB/iUg4J; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8217AC433C7; Tue, 30 Jan 2024 17:20:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1706635224; bh=yd0LIoYb6RMZkeRHe2+uLX6chAwA3W/kYb0I/6Z7rbA=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=uB/iUg4JZ4B+omyXHjyZK2SGuWHBL7QKCZuMAke6JmpTJS6pi+MOueBbl+9O8EWSa Qi9Po5utKks8La3c7HYPvSR0WgPetrYXDWjLHgLV09FPUq8povDcj5Z5Wh/lON/oHJ 0R+Dq8wvy/FF0BwSzdzlkITTclCwiYEpzdPyw/Z/eQoowZ8y0qrOmazIBq4YT8vKlp lrJEgfsHmJbBTGWxll1+JcmTSf5pe75TMHIDwjk0GWGooIfgcWWHqdELTxruLdzMwB XZGEbd7eCgkShwBtQpwoS4BqhAbGvnFYcIJH5aJK4bF0Qsrzbib+o2TW6sGWv6RJhC pI4onO9EZ1MwA== Content-Type: multipart/mixed; boundary=cd8ba6b13b7a1f2b1f2526f12f6cd200967ddb0152adf8a67df1cb348e72 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Date: Tue, 30 Jan 2024 19:20:18 +0200 Message-Id: Cc: "Jiang, Dave" , "linux-integrity@vger.kernel.org" , "linux-cxl@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "Williams, Dan J" , "keyrings@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "nvdimm@lists.linux.dev" Subject: Re: [PATCH] KEYS: encrypted: Add check for strsep From: "Jarkko Sakkinen" To: "Jarkko Sakkinen" , "Verma, Vishal L" , "zohar@linux.ibm.com" , "paul@paul-moore.com" , "dhowells@redhat.com" , "yaelt@google.com" , "serge@hallyn.com" , "nichen@iscas.ac.cn" , "sumit.garg@linaro.org" , "jmorris@namei.org" X-Mailer: aerc 0.15.2 References: <20231108073627.1063464-1-nichen@iscas.ac.cn> <4d3465b48b9c5a87deb385b15bf5125fc1704019.camel@intel.com> In-Reply-To: --cd8ba6b13b7a1f2b1f2526f12f6cd200967ddb0152adf8a67df1cb348e72 Content-Type: multipart/alternative; boundary=881a4053c71afff8675be592295d16a64045cfd6f860722a752edc836342 --881a4053c71afff8675be592295d16a64045cfd6f860722a752edc836342 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Type: text/plain; charset=UTF-8 On Tue Jan 30, 2024 at 7:19 PM EET, Jarkko Sakkinen wrote: > On Wed Jan 24, 2024 at 8:21 PM EET, Verma, Vishal L wrote: > > On Wed, 2023-11-08 at 07:36 +0000, Chen Ni wrote: > > > Add check for strsep() in order to transfer the error. > > >=20 > > > Fixes: cd3bc044af48 ("KEYS: encrypted: Instantiate key with user- > > > provided decrypted data") > > > Signed-off-by: Chen Ni > > > --- > > > =C2=A0security/keys/encrypted-keys/encrypted.c | 4 ++++ > > > =C2=A01 file changed, 4 insertions(+) > > >=20 > > > diff --git a/security/keys/encrypted-keys/encrypted.c > > > b/security/keys/encrypted-keys/encrypted.c > > > index 8af2136069d2..76f55dd13cb8 100644 > > > --- a/security/keys/encrypted-keys/encrypted.c > > > +++ b/security/keys/encrypted-keys/encrypted.c > > > @@ -237,6 +237,10 @@ static int datablob_parse(char *datablob, const > > > char **format, > > > =C2=A0 break; > > > =C2=A0 } > > > =C2=A0 *decrypted_data =3D strsep(&datablob, " \t"); > > > + if (!*decrypted_data) { > > > + pr_info("encrypted_key: decrypted_data is > > > missing\n"); > > > + break; > > > + } > > > > Hello, > > > > This patch seems to break keyring usage in CXL and NVDIMM, with the > > "decrypted_data is missing" error path being hit. Reverting this commit > > fixes the tests. I'm not sure if there are valid scenarios where this i= s > > expected to be empty? > > > > Here's an strace snippet of where the error occurs: > > > > keyctl(KEYCTL_SEARCH, KEY_SPEC_USER_KEYRING, "user", "nvdimm-master"= , 0) =3D 76300785 > > openat(AT_FDCWD, "/sys/devices/platform/cxl_acpi.0/root0/nvdimm-brid= ge0/ndbus0/nmem0/state", O_RDONLY|O_CLOEXEC) =3D 3 > > read(3, "idle\n", 1024) =3D 5 > > close(3) =3D 0 > > keyctl(KEYCTL_SEARCH, KEY_SPEC_USER_KEYRING, "encrypted", "nvdimm:0"= , 0) =3D -1 ENOKEY (Required key not available) > > uname({sysname=3D"Linux", nodename=3D"fedora", ...}) =3D 0 > > newfstatat(AT_FDCWD, "/etc/ndctl/keys/nvdimm_0_fedora.blob", 0x7fff2= 3fbc210, 0) =3D -1 ENOENT (No such file or directory) > > add_key("encrypted", "nvdimm:0", "new enc32 user:nvdimm-master 32", = 31, KEY_SPEC_USER_KEYRING) =3D -1 EINVAL (Invalid argument) > > =20 > > I think removing the klog message does not make sense meaning > that the recent revert was wrong action taken. > > Instead necessary actions to retain backwards compatibility > must be taken, meaning that the branch should set "ret =3D 0;". > > Motivation to keep it is dead obvious: your examples show that > it can reveal potentially incorrect behaviour in user space > software packages. It is info-level to mark that it can be > also false positive. I.e. the revert commit takes away > functionality that previously caused kernel masking a > potential bug. > > Please revert the revert. > > BR, Jarkko See the attached patch. BR, Jarkko --881a4053c71afff8675be592295d16a64045cfd6f860722a752edc836342-- --cd8ba6b13b7a1f2b1f2526f12f6cd200967ddb0152adf8a67df1cb348e72 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=0001-KEYS-encrypted-Return-0-for-empty-decrypted-data.patch Content-Type: text/x-patch; charset=utf-8; name=0001-KEYS-encrypted-Return-0-for-empty-decrypted-data.patch RnJvbSBjZGZhNDIwM2M4NjQxMmFmMzliMjMyZWFhNzQwMTU5MTQ1MTY1OWRlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKYXJra28gU2Fra2luZW4gPGphcmtrb0BrZXJuZWwub3JnPgpE YXRlOiBUdWUsIDMwIEphbiAyMDI0IDE5OjExOjUwICswMjAwClN1YmplY3Q6IFtQQVRDSF0gS0VZ UzogZW5jcnlwdGVkOiBSZXR1cm4gMCBmb3IgZW1wdHkgZGVjcnlwdGVkIGRhdGEKClJldHVybiAw IHRvIHJldHVybiBiYWNrd2FyZHMgY29tcHRpYmlsaXR5IGJ1dCAqZG8ga2VlcCogdGhlIGtsb2cg ZW50cnkKZm9yIGZvcmVzaW5jcyBzYWtlLgoKRml4ZXM6IGI0YWYwOTZiNWRmNSAoIktFWVM6IGVu Y3J5cHRlZDogQWRkIGNoZWNrIGZvciBzdHJzZXAiKQpMaW5rOiBodHRwczovL2xvcmUua2VybmVs Lm9yZy9rZXlyaW5ncy80ZDM0NjViNDhiOWM1YTg3ZGViMzg1YjE1YmY1MTI1ZmMxNzA0MDE5LmNh bWVsQGludGVsLmNvbS8KU2lnbmVkLW9mZi1ieTogSmFya2tvIFNha2tpbmVuIDxqYXJra29Aa2Vy bmVsLm9yZz4KLS0tCiBzZWN1cml0eS9rZXlzL2VuY3J5cHRlZC1rZXlzL2VuY3J5cHRlZC5jIHwg MSArCiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKykKCmRpZmYgLS1naXQgYS9zZWN1cml0 eS9rZXlzL2VuY3J5cHRlZC1rZXlzL2VuY3J5cHRlZC5jIGIvc2VjdXJpdHkva2V5cy9lbmNyeXB0 ZWQta2V5cy9lbmNyeXB0ZWQuYwppbmRleCA3NmY1NWRkMTNjYjguLmUzMTczMTQxMDI3ZSAxMDA2 NDQKLS0tIGEvc2VjdXJpdHkva2V5cy9lbmNyeXB0ZWQta2V5cy9lbmNyeXB0ZWQuYworKysgYi9z ZWN1cml0eS9rZXlzL2VuY3J5cHRlZC1rZXlzL2VuY3J5cHRlZC5jCkBAIC0yMjUsNiArMjI1LDcg QEAgc3RhdGljIGludCBkYXRhYmxvYl9wYXJzZShjaGFyICpkYXRhYmxvYiwgY29uc3QgY2hhciAq KmZvcm1hdCwKIAkJKmRlY3J5cHRlZF9kYXRhbGVuID0gc3Ryc2VwKCZkYXRhYmxvYiwgIiBcdCIp OwogCQlpZiAoISpkZWNyeXB0ZWRfZGF0YWxlbikgewogCQkJcHJfaW5mbygiZW5jcnlwdGVkX2tl eToga2V5bGVuIHBhcmFtZXRlciBpcyBtaXNzaW5nXG4iKTsKKwkJCXJldCA9IDA7CiAJCQlnb3Rv IG91dDsKIAkJfQogCX0KLS0gCjIuNDAuMQoK --cd8ba6b13b7a1f2b1f2526f12f6cd200967ddb0152adf8a67df1cb348e72--