Re: [PATCH -next,v2] gss_krb5: refactor code to return correct PTR_ERR in krb5_DK

cuigaosheng <cuigaosheng1@xxxxxxxxxx> · Sat, 13 Jul 2024 10:59:16 +0800

Thanks for reviewing this patch.

I think this modification makes sense, for example, if 
crypto_sync_skcipher_setkey

return -ENOMEM, it's better to return -ENOMEM than to return -EINVAL,

just like elsewhere.

On 2024/7/12 22:28, Chuck Lever wrote:
On Fri, Jul 12, 2024 at 09:39:08AM -0400, Chuck Lever wrote:
On Fri, Jul 12, 2024 at 03:24:23PM +0800, Gaosheng Cui wrote:
Refactor the code in krb5_DK to return PTR_ERR when an error occurs.
My understanding of the current code is that if either
crypto_alloc_sync_skcipher() or crypto_sync_skcipher_blocksize()
fails, then krb5_DK() returns -EINVAL. At the only call site for
krb5_DK(), that return code is unconditionally discarded. Thus I
don't see that the proposed change is necessary or improves
anything.
My understanding is wrong  ;-)

The return code isn't discarded. A non-zero return code from
krb5_DK() is carried back up the call stack. The logic in
krb5_derive_key_v2() does not use the kernel's usual error flow
form, so I missed this.

However, it still isn't clear to me why the error behavior here
needs to change. It's possible, for example, that -EINVAL is
perfectly adequate to indicate when sync_skcipher() can't find the
specified encryption algorithm (gk5e->encrypt_name).

Specifying the wrong encryption type: -EINVAL. That makes sense.


Signed-off-by: Gaosheng Cui <cuigaosheng1@xxxxxxxxxx>
---
v2: Update IS_ERR to PTR_ERR, thanks very much!
  net/sunrpc/auth_gss/gss_krb5_keys.c | 8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c
index 4eb19c3a54c7..5ac8d06ab2c0 100644
--- a/net/sunrpc/auth_gss/gss_krb5_keys.c
+++ b/net/sunrpc/auth_gss/gss_krb5_keys.c
@@ -164,10 +164,14 @@ static int krb5_DK(const struct gss_krb5_enctype *gk5e,
  		goto err_return;
  
  	cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
-	if (IS_ERR(cipher))
+	if (IS_ERR(cipher)) {
+		ret = PTR_ERR(cipher);
  		goto err_return;
+	}
+
  	blocksize = crypto_sync_skcipher_blocksize(cipher);
-	if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len))
+	ret = crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len);
+	if (ret)
  		goto err_free_cipher;
  
  	ret = -ENOMEM;
--
2.25.1

--
Chuck Lever








