New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove checks for null out value in encryption paths #10015
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can’t speak to the design questions, but with the assumptions discussed, the code changes appear correct to me.
Forgot to mention, but the diff is I think best viewed ignoring whitespace, it's more clear what is cleaned up then. |
Codecov Report
@@ Coverage Diff @@
## master #10015 +/- ##
==========================================
+ Coverage 79.26% 79.49% +0.22%
==========================================
Files 385 385
Lines 122389 122347 -42
==========================================
+ Hits 97016 97258 +242
+ Misses 25373 25089 -284
Continue to review full report at Codecov.
|
Thanks for your analysis, I'll try to comprehend it but I'm currently quite busy so it may take a while. |
I suspect this build is failing because of a few reasons:
I'm not sure if any of the above is easy to fix, but it does explain the relatively low patch coverage %. |
There's one additional non-obvious issue as well. The CI builder which performs the coverage analysis currently does not support the needed instructions, so it will not run this code. The optimized code will be used by the other CI instances so it was tested successfully. But the coverage reporting for this particular change will be misleading. Knowing that in advance I'm not too concerned about it, but thank you for investigating the results. |
@behlendorf Is there anything I can do here to move this PR forward? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry about the delay. This looks right to me.
@AttilaFueloep Ah, no problem! I don't think that changes the issue that the patch coverage job fails though. It means we move which code is covered, but it will mark code not running now as covered and vice versa. Also the code for other modes than GCM or CCM would still not be covered. |
Now that #10029 has been merged would you mind rebasing this PR on master and force updating the PR. |
@behlendorf Done! |
The check style failure doesn't seem to be related to any changes here:
|
Whoops, looks like that minor style issue snuck in accidentally. Yes, it's totally unrelated to this change. We'll get it sorted out right away. |
Not exactly, the coverage job runs ztest (and ZTS) and ztest uses the
That's true. Sorry for the delay, I'm going to have a look now. |
I can follow your analysis and the changes look good to me, with one exception: Wouldn't you want to remove all occurrences of the macro Not sure about
Yes, I think that's a good idea, let alone someone adding code which tries to use inplace operations. |
@AttilaFueloep You are right, I think both of these can be dropped as well. The I'll update this PR to also including removing those bits. |
These paths are never exercised, as the parameters given are always different cipher and plaintext `crypto_data_t` pointers. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #10015 +/- ##
==========================================
+ Coverage 79.17% 79.44% +0.26%
==========================================
Files 385 385
Lines 122445 122403 -42
==========================================
+ Hits 96949 97241 +292
+ Misses 25496 25162 -334
Continue to review full report at Codecov.
|
@behlendorf Is this good to go? |
@dbussink yup, sorry about the delay. I'll get this merged right away. Thanks. |
These paths are never exercised, as the parameters given are always different cipher and plaintext `crypto_data_t` pointers. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Attila Fueloep <attila@fueloep.org> Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Closes openzfs#9661 Closes openzfs#10015
Motivation and Context
This change is driven by the discussion in #9661 and the new AES GCM optimizations that were recently added that assume
out != NULL
in these code paths. Investigation found that these code paths are dead and can be cleaned up.Resolves #9661
Description
There were two callsites in
crypto_update_iov
&crypto_update_uio
where a potentialNULL
value forout
was passed down. This was happening when the input & output were the same values.All calls of these two methods are in
module/icp/io/aes.c
inaes_encrypt_update
,aes_decrypt_update
,aes_encrypt_atomic
&aes_decrypt_atomic
. These are set as function pointers in thecrypto_cipher_ops_t
configuration for the AES module.Going back to all calls into these functions, it shows there none of them have the same
plaintext
&ciphertext
passed in. Takingcrypto_encrypt
&crypto_decrypt
specifically, these are called inmodule/os/linux/zfs/zio_crypt.c
with a differentplaindata
andcipherdata
allocated on the stack there.All other functions are never used, I guess due to it being a generic encryption interface in
icp
, where thezfs
module never needs all of these and only usescrypto_encrypt
&crypto_decrypt
.I added the assertions as a safety mechanism for now. I don't know if that's considered a good practice in cases like this, or that I should remove these?
How Has This Been Tested?
This build successfully and tests locally seem to pass. Different local runs show different unrelated tests sometimes failing, I guess those are inconsistent then.
Types of changes
Checklist:
Signed-off-by
.