Linux-NVME Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: linux-nvme@lists.infradead.org, Keith Busch <kbusch@kernel.org>,
	Jens Axboe <axboe@kernel.dk>, Christoph Hellwig <hch@lst.de>,
	Sagi Grimberg <sagi@grimberg.me>
Cc: Eric Biggers <ebiggers@kernel.org>, John Garry <john.g.garry@oracle.com>
Subject: [PATCH] nvme-auth: Avoid C=1 warning in nvme_auth_derive_tls_psk()
Date: Thu, 25 Jun 2026 10:59:11 -0700	[thread overview]
Message-ID: <20260625175911.35094-1-ebiggers@kernel.org> (raw)

The following works fine with gcc and clang, but sparse warns about
label_len not being an actual constant expression:

    const size_t label_len = sizeof(label) - 1;
    ...
    static_assert(label_len <= 255);

Avoid this by giving label an explicit length and using sizeof(label)
instead of label_len.

Reported-by: John Garry <john.g.garry@oracle.com>
Closes: https://lore.kernel.org/linux-nvme/965a37dd-f698-46b6-9623-1099a13f7e60@oracle.com
Fixes: d126cbaa7d9a ("nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()")
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 drivers/nvme/common/auth.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index 77f1d22512f8..e2e0c736540a 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -690,12 +690,11 @@ EXPORT_SYMBOL_GPL(nvme_auth_generate_digest);
  */
 int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 			     const char *psk_digest, u8 **ret_psk)
 {
 	static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
-	static const char label[] = "tls13 nvme-tls-psk";
-	const size_t label_len = sizeof(label) - 1;
+	static const char label[18] = "tls13 nvme-tls-psk";
 	u8 prk[NVME_AUTH_MAX_DIGEST_SIZE];
 	size_t hash_len, ctx_len;
 	u8 *hmac_data = NULL, *tls_key;
 	size_t i;
 	int ret;
@@ -727,11 +726,11 @@ int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 	 * HKDF-Expand-Label (RFC 8446 section 7.1), with output length equal to
 	 * the hash length (so only a single HMAC operation is needed)
 	 */
 
 	hmac_data = kmalloc(/* output length */ 2 +
-			    /* label */ 1 + label_len +
+			    /* label */ 1 + sizeof(label) +
 			    /* context (max) */ 1 + 3 + 1 + strlen(psk_digest) +
 			    /* counter */ 1,
 			    GFP_KERNEL);
 	if (!hmac_data) {
 		ret = -ENOMEM;
@@ -741,14 +740,14 @@ int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 	i = 0;
 	hmac_data[i++] = hash_len >> 8;
 	hmac_data[i++] = hash_len;
 
 	/* label */
-	static_assert(label_len <= 255);
-	hmac_data[i] = label_len;
-	memcpy(&hmac_data[i + 1], label, label_len);
-	i += 1 + label_len;
+	static_assert(sizeof(label) <= 255);
+	hmac_data[i] = sizeof(label);
+	memcpy(&hmac_data[i + 1], label, sizeof(label));
+	i += 1 + sizeof(label);
 
 	/* context */
 	ctx_len = sprintf(&hmac_data[i + 1], "%02d %s", hmac_id, psk_digest);
 	if (ctx_len > 255) {
 		ret = -EINVAL;

base-commit: a142da0b2d32b68a6d1b183343bbe43de8c222f9
-- 
2.54.0



             reply	other threads:[~2026-06-25 17:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-25 17:59 Eric Biggers [this message]
2026-06-26  7:53 ` [PATCH] nvme-auth: Avoid C=1 warning in nvme_auth_derive_tls_psk() John Garry
2026-07-01 11:04 ` Hannes Reinecke
2026-07-06 18:55 ` Keith Busch

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260625175911.35094-1-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=hch@lst.de \
    --cc=john.g.garry@oracle.com \
    --cc=kbusch@kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox