From: Vadim Fedorenko <vadfed@meta.com>
To: Vadim Fedorenko <vadim.fedorenko@linux.dev>,
Martin KaFai Lau <martin.lau@linux.dev>,
Andrii Nakryiko <andrii@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
Mykola Lysenko <mykolal@fb.com>, Jakub Kicinski <kuba@kernel.org>
Cc: Vadim Fedorenko <vadfed@meta.com>, <bpf@vger.kernel.org>
Subject: [PATCH bpf-next v2 2/4] bpf: crypto: make state and IV dynptr nullable
Date: Fri, 10 May 2024 05:28:21 -0700 [thread overview]
Message-ID: <20240510122823.1530682-3-vadfed@meta.com> (raw)
In-Reply-To: <20240510122823.1530682-1-vadfed@meta.com>
Some ciphers do not require state and IV buffer, but with current
implementation 0-sized dynptr is always needed. With adjustment to
verifier we can provide NULL instead of 0-sized dynptr. Make crypto
kfuncs ready for this.
Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
---
kernel/bpf/crypto.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/kernel/bpf/crypto.c b/kernel/bpf/crypto.c
index 2bee4af91e38..ca25ed32e1cb 100644
--- a/kernel/bpf/crypto.c
+++ b/kernel/bpf/crypto.c
@@ -275,7 +275,7 @@ static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx,
if (__bpf_dynptr_is_rdonly(dst))
return -EINVAL;
- siv_len = __bpf_dynptr_size(siv);
+ siv_len = siv ? __bpf_dynptr_size(siv) : 0;
src_len = __bpf_dynptr_size(src);
dst_len = __bpf_dynptr_size(dst);
if (!src_len || !dst_len)
@@ -303,36 +303,36 @@ static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx,
/**
* bpf_crypto_decrypt() - Decrypt buffer using configured context and IV provided.
- * @ctx: The crypto context being used. The ctx must be a trusted pointer.
- * @src: bpf_dynptr to the encrypted data. Must be a trusted pointer.
- * @dst: bpf_dynptr to the buffer where to store the result. Must be a trusted pointer.
- * @siv: bpf_dynptr to IV data and state data to be used by decryptor.
+ * @ctx: The crypto context being used. The ctx must be a trusted pointer.
+ * @src: bpf_dynptr to the encrypted data. Must be a trusted pointer.
+ * @dst: bpf_dynptr to buffer where to store the result. Must be a trusted pointer.
+ * @siv__nullable: bpf_dynptr to IV data and state data to be used by decryptor. May be NULL.
*
* Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
*/
__bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx,
const struct bpf_dynptr_kern *src,
const struct bpf_dynptr_kern *dst,
- const struct bpf_dynptr_kern *siv)
+ const struct bpf_dynptr_kern *siv__nullable)
{
- return bpf_crypto_crypt(ctx, src, dst, siv, true);
+ return bpf_crypto_crypt(ctx, src, dst, siv__nullable, true);
}
/**
* bpf_crypto_encrypt() - Encrypt buffer using configured context and IV provided.
- * @ctx: The crypto context being used. The ctx must be a trusted pointer.
- * @src: bpf_dynptr to the plain data. Must be a trusted pointer.
- * @dst: bpf_dynptr to buffer where to store the result. Must be a trusted pointer.
- * @siv: bpf_dynptr to IV data and state data to be used by decryptor.
+ * @ctx: The crypto context being used. The ctx must be a trusted pointer.
+ * @src: bpf_dynptr to the plain data. Must be a trusted pointer.
+ * @dst: bpf_dynptr to buffer where to store the result. Must be a trusted pointer.
+ * @siv__nullable: bpf_dynptr to IV data and state data to be used by decryptor. May be NULL.
*
* Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
*/
__bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx,
const struct bpf_dynptr_kern *src,
const struct bpf_dynptr_kern *dst,
- const struct bpf_dynptr_kern *siv)
+ const struct bpf_dynptr_kern *siv__nullable)
{
- return bpf_crypto_crypt(ctx, src, dst, siv, false);
+ return bpf_crypto_crypt(ctx, src, dst, siv__nullable, false);
}
__bpf_kfunc_end_defs();
--
2.43.0
next prev parent reply other threads:[~2024-05-10 12:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 12:28 [PATCH bpf-next v2 0/4] bpf: make trusted args nullable Vadim Fedorenko
2024-05-10 12:28 ` [PATCH bpf-next v2 1/4] bpf: verifier: make kfuncs args nullalble Vadim Fedorenko
2024-05-21 19:48 ` Eduard Zingerman
2024-05-10 12:28 ` Vadim Fedorenko [this message]
2024-05-21 19:48 ` [PATCH bpf-next v2 2/4] bpf: crypto: make state and IV dynptr nullable Eduard Zingerman
2024-05-10 12:28 ` [PATCH bpf-next v2 3/4] selftests: bpf: crypto: use NULL instead of 0-sized dynptr Vadim Fedorenko
2024-05-21 19:48 ` Eduard Zingerman
2024-05-10 12:28 ` [PATCH bpf-next v2 4/4] selftests: bpf: crypto: adjust bench to use nullable IV Vadim Fedorenko
2024-05-21 19:49 ` Eduard Zingerman
2024-05-22 18:01 ` Martin KaFai Lau
2024-05-22 18:07 ` Eduard Zingerman
2024-05-22 21:18 ` Vadim Fedorenko
2024-05-21 19:46 ` [PATCH bpf-next v2 0/4] bpf: make trusted args nullable Eduard Zingerman
[not found] ` <912ac775-1505-468b-9030-88cbbf8e30f2@linux.dev>
[not found] ` <836e4a4ca07872fed42c0b2327dddecf47c572c0.camel@gmail.com>
2024-05-22 16:34 ` Vadim Fedorenko
2024-05-22 18:06 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240510122823.1530682-3-vadfed@meta.com \
--to=vadfed@meta.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kuba@kernel.org \
--cc=martin.lau@linux.dev \
--cc=mykolal@fb.com \
--cc=vadim.fedorenko@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox