aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2016-11-13 20:35:52 -0500
committerTheodore Ts'o <tytso@mit.edu>2016-11-19 20:56:06 -0500
commit3c7018ebf8dbf14e7cd4f5dc648c51fc979f45bb (patch)
tree6d1f382a088cb398acb0bd9b3d50fe1d577038d4 /fs
parentbc33b0ca11e3df467777a4fa7639ba488c9d4911 (diff)
fscrypto: don't use on-stack buffer for filename encryption
With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. For short filenames, fname_encrypt() was encrypting a stack buffer holding the padded filename. Fix it by encrypting the filename in-place in the output buffer, thereby making the temporary buffer unnecessary. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs')
-rw-r--r--fs/crypto/fname.c53
1 files changed, 21 insertions, 32 deletions
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 9a28133ac3b8..9b774f4b50c8 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -39,65 +39,54 @@ static void fname_crypt_complete(struct crypto_async_request *req, int res)
39static int fname_encrypt(struct inode *inode, 39static int fname_encrypt(struct inode *inode,
40 const struct qstr *iname, struct fscrypt_str *oname) 40 const struct qstr *iname, struct fscrypt_str *oname)
41{ 41{
42 u32 ciphertext_len;
43 struct skcipher_request *req = NULL; 42 struct skcipher_request *req = NULL;
44 DECLARE_FS_COMPLETION_RESULT(ecr); 43 DECLARE_FS_COMPLETION_RESULT(ecr);
45 struct fscrypt_info *ci = inode->i_crypt_info; 44 struct fscrypt_info *ci = inode->i_crypt_info;
46 struct crypto_skcipher *tfm = ci->ci_ctfm; 45 struct crypto_skcipher *tfm = ci->ci_ctfm;
47 int res = 0; 46 int res = 0;
48 char iv[FS_CRYPTO_BLOCK_SIZE]; 47 char iv[FS_CRYPTO_BLOCK_SIZE];
49 struct scatterlist src_sg, dst_sg; 48 struct scatterlist sg;
50 int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK); 49 int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK);
51 char *workbuf, buf[32], *alloc_buf = NULL; 50 unsigned int lim;
52 unsigned lim; 51 unsigned int cryptlen;
53 52
54 lim = inode->i_sb->s_cop->max_namelen(inode); 53 lim = inode->i_sb->s_cop->max_namelen(inode);
55 if (iname->len <= 0 || iname->len > lim) 54 if (iname->len <= 0 || iname->len > lim)
56 return -EIO; 55 return -EIO;
57 56
58 ciphertext_len = max(iname->len, (u32)FS_CRYPTO_BLOCK_SIZE); 57 /*
59 ciphertext_len = round_up(ciphertext_len, padding); 58 * Copy the filename to the output buffer for encrypting in-place and
60 ciphertext_len = min(ciphertext_len, lim); 59 * pad it with the needed number of NUL bytes.
60 */
61 cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE);
62 cryptlen = round_up(cryptlen, padding);
63 cryptlen = min(cryptlen, lim);
64 memcpy(oname->name, iname->name, iname->len);
65 memset(oname->name + iname->len, 0, cryptlen - iname->len);
61 66
62 if (ciphertext_len <= sizeof(buf)) { 67 /* Initialize the IV */
63 workbuf = buf; 68 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
64 } else {
65 alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
66 if (!alloc_buf)
67 return -ENOMEM;
68 workbuf = alloc_buf;
69 }
70 69
71 /* Allocate request */ 70 /* Set up the encryption request */
72 req = skcipher_request_alloc(tfm, GFP_NOFS); 71 req = skcipher_request_alloc(tfm, GFP_NOFS);
73 if (!req) { 72 if (!req) {
74 printk_ratelimited(KERN_ERR 73 printk_ratelimited(KERN_ERR
75 "%s: crypto_request_alloc() failed\n", __func__); 74 "%s: skcipher_request_alloc() failed\n", __func__);
76 kfree(alloc_buf);
77 return -ENOMEM; 75 return -ENOMEM;
78 } 76 }
79 skcipher_request_set_callback(req, 77 skcipher_request_set_callback(req,
80 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP, 78 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
81 fname_crypt_complete, &ecr); 79 fname_crypt_complete, &ecr);
80 sg_init_one(&sg, oname->name, cryptlen);
81 skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv);
82 82
83 /* Copy the input */ 83 /* Do the encryption */
84 memcpy(workbuf, iname->name, iname->len);
85 if (iname->len < ciphertext_len)
86 memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
87
88 /* Initialize IV */
89 memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
90
91 /* Create encryption request */
92 sg_init_one(&src_sg, workbuf, ciphertext_len);
93 sg_init_one(&dst_sg, oname->name, ciphertext_len);
94 skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
95 res = crypto_skcipher_encrypt(req); 84 res = crypto_skcipher_encrypt(req);
96 if (res == -EINPROGRESS || res == -EBUSY) { 85 if (res == -EINPROGRESS || res == -EBUSY) {
86 /* Request is being completed asynchronously; wait for it */
97 wait_for_completion(&ecr.completion); 87 wait_for_completion(&ecr.completion);
98 res = ecr.res; 88 res = ecr.res;
99 } 89 }
100 kfree(alloc_buf);
101 skcipher_request_free(req); 90 skcipher_request_free(req);
102 if (res < 0) { 91 if (res < 0) {
103 printk_ratelimited(KERN_ERR 92 printk_ratelimited(KERN_ERR
@@ -105,7 +94,7 @@ static int fname_encrypt(struct inode *inode,
105 return res; 94 return res;
106 } 95 }
107 96
108 oname->len = ciphertext_len; 97 oname->len = cryptlen;
109 return 0; 98 return 0;
110} 99}
111 100
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-30 02:06:36 -0400