kernel/linux.git/net/ceph/crypto.c, branch v7.0.11Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0.112026-02-22T01:09:51+00:00Convert 'alloc_obj' family to use the new default GFP_KERNEL argument2026-02-22T01:09:51+00:00Linus Torvaldstorvalds@linux-foundation.org2026-02-22T00:37:42+00:00urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43
This was done entirely with mindless brute force, using
git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' |
xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/'
to convert the new alloc_obj() users that had a simple GFP_KERNEL
argument to just drop that argument.
Note that due to the extreme simplicity of the scripting, any slightly
more complex cases spread over multiple lines would not be triggered:
they definitely exist, but this covers the vast bulk of the cases, and
the resulting diff is also then easier to check automatically.
For the same reason the 'flex' versions will be done as a separate
conversion.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
treewide: Replace kmalloc with kmalloc_obj for non-scalar types2026-02-21T09:02:28+00:00Kees Cookkees@kernel.org2026-02-21T07:49:23+00:00urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:
Single allocations: kmalloc(sizeof(TYPE), ...)
are replaced with: kmalloc_obj(TYPE, ...)
Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with: kmalloc_objs(TYPE, COUNT, ...)
Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...)
(where TYPE may also be *VAR)
The resulting allocations no longer return "void *", instead returning
"TYPE *".
Signed-off-by: Kees Cook <kees@kernel.org>
libceph: adapt ceph_x_challenge_blob hashing and msgr1 message signing2026-02-09T11:29:22+00:00Ilya Dryomovidryomov@gmail.com2025-07-12T15:11:55+00:00urn:sha1:8356b4b1103b8c970648c94bab724aa30e42d869
The existing approach where ceph_x_challenge_blob is encrypted with the
client's secret key and then the digest derived from the ciphertext is
used for the test doesn't work with CEPH_CRYPTO_AES256KRB5 because the
confounder randomizes the ciphertext: the client and the server get two
different ciphertexts and therefore two different digests.
msgr1 signatures are affected the same way: a digest derived from the
ciphertext for the message's "sigblock" is what becomes a signature and
the two sides disagree on the expected value.
For CEPH_CRYPTO_AES256KRB5 (and potential future encryption schemes),
switch to HMAC-SHA256 function keyed in the same way as the existing
encryption. For CEPH_CRYPTO_AES, everything is preserved as is.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: add support for CEPH_CRYPTO_AES256KRB52026-02-09T11:29:22+00:00Ilya Dryomovidryomov@gmail.com2025-12-22T19:41:27+00:00urn:sha1:b7cc142dbafeaf6c053284ca9121b9f70b6d6d06
This is based on AES256-CTS-HMAC384-192 crypto algorithm per RFC 8009
(i.e. Kerberos 5, hence the name) with custom-defined key usage numbers.
The implementation allows a given key to have/be linked to between one
and three usage numbers.
The existing CEPH_CRYPTO_AES remains in place and unchanged. The
usage_slot parameter that needed to be added to ceph_crypt() and its
wrappers is simply ignored there.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: introduce ceph_crypto_key_prepare()2026-02-09T11:29:22+00:00Ilya Dryomovidryomov@gmail.com2025-12-22T18:44:24+00:00urn:sha1:6cec0b61aacce4da5125b21c718189f0dc11eb51
In preparation for bringing in a new encryption scheme/key type,
decouple decoding or cloning the key from allocating required crypto
API objects and setting them up. The rationale is that a) in some
cases a shallow clone is sufficient and b) ceph_crypto_key_prepare()
may grow additional parameters that would be inconvenient to provide
at the point the key is originally decoded.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: generalize ceph_x_encrypt_offset() and ceph_x_encrypt_buflen()2026-02-09T11:29:21+00:00Ilya Dryomovidryomov@gmail.com2025-07-05T09:28:21+00:00urn:sha1:0ee8bccf7396d50726c9c8dd3135fb64a9fe8426
- introduce the notion of a data offset for ceph_x_encrypt_offset()
to allow for e.g. confounder to be prepended before the encryption
header in the future. For CEPH_CRYPTO_AES, the data offset is 0
(i.e. nothing is prepended).
- adjust ceph_x_encrypt_buflen() accordingly and make it account for
PKCS#7 padding that is used by CEPH_CRYPTO_AES precisely instead of
just always adding 16.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: define and enforce CEPH_MAX_KEY_LEN2026-02-09T11:29:21+00:00Ilya Dryomovidryomov@gmail.com2025-07-04T14:30:50+00:00urn:sha1:ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf
When decoding the key, verify that the key material would fit into
a fixed-size buffer in process_auth_done() and generally has a sane
length.
The new CEPH_MAX_KEY_LEN check replaces the existing check for a key
with no key material which is a) not universal since CEPH_CRYPTO_NONE
has to be excluded and b) doesn't provide much value since a smaller
than needed key is just as invalid as no key -- this has to be handled
elsewhere anyway.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: Remove unused ceph_crypto_key_encode2024-11-18T16:34:35+00:00Dr. David Alan Gilbertlinux@treblig.org2024-10-06T01:19:55+00:00urn:sha1:3e0f59f09e3f319b6652e5b4523fe02d965515a5
ceph_crypto_key_encode() was added in 2010's commit
8b6e4f2d8b21 ("ceph: aes crypto and base64 encode/decode helpers")
but has remained unused (the decode is used).
Remove it.
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
mm: allow !GFP_KERNEL allocations for kvmalloc2022-01-15T14:30:29+00:00Michal Hockomhocko@suse.com2022-01-14T22:07:07+00:00urn:sha1:a421ef303008b0ceee2cfc625c3246fa7654b0ca
Support for GFP_NO{FS,IO} and __GFP_NOFAIL has been implemented by
previous patches so we can allow the support for kvmalloc. This will
allow some external users to simplify or completely remove their
helpers.
GFP_NOWAIT semantic hasn't been supported so far but it hasn't been
explicitly documented so let's add a note about that.
ceph_kvmalloc is the first helper to be dropped and changed to kvmalloc.
Link: https://lkml.kernel.org/r/20211122153233.9924-5-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Neil Brown <neilb@suse.de>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
libceph: zero out session key and connection secret2021-01-04T16:31:32+00:00Ilya Dryomovidryomov@gmail.com2020-12-22T18:00:48+00:00urn:sha1:10f42b3e648377b2f2f323a5530354710616c6cc
Try and avoid leaving bits and pieces of session key and connection
secret (gets split into GCM key and a pair of GCM IVs) around.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>