1. Patchew
  2. linux
  3. View series

[PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive

Vitaliy Shevtsov posted 1 patch 2 months, 1 week ago 
drivers/nvme/target/auth.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive
Posted by Vitaliy Shevtsov 2 months, 1 week ago 
ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()
for the same controller. So it's better to nullify it after release on
error path in order to avoid double free later in nvmet_destroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
Cc: stable@vger.kernel.org
Signed-off-by: Vitaliy Shevtsov <v.shevtsov@maxima.ru>
---
 drivers/nvme/target/auth.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index e900525b7866..7bca64de4a2f 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -101,6 +101,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
 			pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
 				 __func__, ctrl->cntlid, ret);
 			kfree_sensitive(ctrl->dh_key);
+			ctrl->dh_key = NULL;
 			return ret;
 		}
 		ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);
-- 
2.46.1
Re: [PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive
Posted by Christoph Hellwig 2 months, 1 week ago 
Looks good:

Reviewed-by: Christoph Hellwig <hch@lst.de>
Re: [PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive
Posted by Fedor Pchelkin 1 month ago 
On 2024-09-17 Christoph Hellwig wrote:
> Looks good:
> 
> Reviewed-by: Christoph Hellwig <hch@lst.de>

I suspect the patch has been lost - it's still missing on nvme-6.12 or
nvme-6.13 at git.infradead.org/nvme.git.

--
Thanks,
Fedor
Re: [PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive
Posted by Keith Busch 1 month ago 
On Fri, Oct 25, 2024 at 04:01:18PM +0300, Fedor Pchelkin wrote:
> I suspect the patch has been lost - it's still missing on nvme-6.12 or
> nvme-6.13 at git.infradead.org/nvme.git.

Thanks for the ping. Patch applied to nvme-6.12.
Re: [PATCH] nvmet-auth: assign dh_key to NULL after kfree_sensitive
Posted by Hannes Reinecke 2 months, 1 week ago 
On 9/16/24 19:41, Vitaliy Shevtsov wrote:
> ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()
> for the same controller. So it's better to nullify it after release on
> error path in order to avoid double free later in nvmet_destroy_auth().
> 
> Found by Linux Verification Center (linuxtesting.org) with Svace.
> 
> Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Vitaliy Shevtsov <v.shevtsov@maxima.ru>
> ---
>   drivers/nvme/target/auth.c | 1 +
>   1 file changed, 1 insertion(+)
> 
Now that is obviously correct.

Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.