RE: [PATCH v2 1/6] mdev: Introduce sha1 based mdev alias

From: Parav Pandit
Date: Thu Aug 29 2019 - 22:29:46 EST




> -----Original Message-----
> From: Yunsheng Lin <linyunsheng@xxxxxxxxxx>
> Sent: Thursday, August 29, 2019 5:57 PM
> To: Parav Pandit <parav@xxxxxxxxxxxx>; alex.williamson@xxxxxxxxxx; Jiri
> Pirko <jiri@xxxxxxxxxxxx>; kwankhede@xxxxxxxxxx; cohuck@xxxxxxxxxx;
> davem@xxxxxxxxxxxxx
> Cc: kvm@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> netdev@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH v2 1/6] mdev: Introduce sha1 based mdev alias
>
> On 2019/8/29 19:18, Parav Pandit wrote:
> > Some vendor drivers want an identifier for an mdev device that is
> > shorter than the UUID, due to length restrictions in the consumers of
> > that identifier.
> >
> > Add a callback that allows a vendor driver to request an alias of a
> > specified length to be generated for an mdev device. If generated,
> > that alias is checked for collisions.
> >
> > It is an optional attribute.
> > mdev alias is generated using sha1 from the mdev name.
> >
> > Signed-off-by: Parav Pandit <parav@xxxxxxxxxxxx>
> >
> > ---
> > Changelog:
> > v1->v2:
> > - Kept mdev_device naturally aligned
> > - Added error checking for crypt_*() calls
> > - Corrected a typo from 'and' to 'an'
> > - Changed return type of generate_alias() from int to char*
> > v0->v1:
> > - Moved alias length check outside of the parent lock
> > - Moved alias and digest allocation from kvzalloc to kzalloc
> > - &alias[0] changed to alias
> > - alias_length check is nested under get_alias_length callback check
> > - Changed comments to start with an empty line
> > - Fixed cleaunup of hash if mdev_bus_register() fails
> > - Added comment where alias memory ownership is handed over to mdev
> > device
> > - Updated commit log to indicate motivation for this feature
> > ---
> > drivers/vfio/mdev/mdev_core.c | 123
> ++++++++++++++++++++++++++++++-
> > drivers/vfio/mdev/mdev_private.h | 5 +-
> > drivers/vfio/mdev/mdev_sysfs.c | 13 ++--
> > include/linux/mdev.h | 4 +
> > 4 files changed, 135 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/vfio/mdev/mdev_core.c
> > b/drivers/vfio/mdev/mdev_core.c index b558d4cfd082..3bdff0469607
> > 100644
> > --- a/drivers/vfio/mdev/mdev_core.c
> > +++ b/drivers/vfio/mdev/mdev_core.c
> > @@ -10,9 +10,11 @@
> > #include <linux/module.h>
> > #include <linux/device.h>
> > #include <linux/slab.h>
> > +#include <linux/mm.h>
> > #include <linux/uuid.h>
> > #include <linux/sysfs.h>
> > #include <linux/mdev.h>
> > +#include <crypto/hash.h>
> >
> > #include "mdev_private.h"
> >
> > @@ -27,6 +29,8 @@ static struct class_compat *mdev_bus_compat_class;
> > static LIST_HEAD(mdev_list); static DEFINE_MUTEX(mdev_list_lock);
> >
> > +static struct crypto_shash *alias_hash;
> > +
> > struct device *mdev_parent_dev(struct mdev_device *mdev) {
> > return mdev->parent->dev;
> > @@ -150,6 +154,16 @@ int mdev_register_device(struct device *dev, const
> struct mdev_parent_ops *ops)
> > if (!ops || !ops->create || !ops->remove || !ops-
> >supported_type_groups)
> > return -EINVAL;
> >
> > + if (ops->get_alias_length) {
> > + unsigned int digest_size;
> > + unsigned int aligned_len;
> > +
> > + aligned_len = roundup(ops->get_alias_length(), 2);
> > + digest_size = crypto_shash_digestsize(alias_hash);
> > + if (aligned_len / 2 > digest_size)
> > + return -EINVAL;
> > + }
> > +
> > dev = get_device(dev);
> > if (!dev)
> > return -EINVAL;
> > @@ -259,6 +273,7 @@ static void mdev_device_free(struct mdev_device
> *mdev)
> > mutex_unlock(&mdev_list_lock);
> >
> > dev_dbg(&mdev->dev, "MDEV: destroying\n");
> > + kfree(mdev->alias);
> > kfree(mdev);
> > }
> >
> > @@ -269,18 +284,101 @@ static void mdev_device_release(struct device
> *dev)
> > mdev_device_free(mdev);
> > }
> >
> > -int mdev_device_create(struct kobject *kobj,
> > - struct device *dev, const guid_t *uuid)
> > +static const char *
> > +generate_alias(const char *uuid, unsigned int max_alias_len) {
> > + struct shash_desc *hash_desc;
> > + unsigned int digest_size;
> > + unsigned char *digest;
> > + unsigned int alias_len;
> > + char *alias;
> > + int ret;
> > +
> > + /*
> > + * Align to multiple of 2 as bin2hex will generate
> > + * even number of bytes.
> > + */
> > + alias_len = roundup(max_alias_len, 2);
> > + alias = kzalloc(alias_len + 1, GFP_KERNEL);
>
> It seems the mtty_alias_length in mtty.c can be set from module parameter,
> and user can set a very large number, maybe limit the max of the alias_len
> before calling kzalloc?
This is already guarded in mdev_register_device().
User cannot request alias length bigger than the digest size of sha1 (which is 20 bytes).