aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorMichael Halcrow <mhalcrow@us.ibm.com>2008-11-19 18:36:28 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-11-19 21:49:58 -0500
commitac97b9f9a2d0b83488e0bbcb8517b229d5c9b142 (patch)
tree118785d6a53390fb15177fc762f744a1bc0a79a4 /fs
parent3b45d6380c392e402adc460e4ccf7d41e0caf82a (diff)
eCryptfs: Allocate up to two scatterlists for crypto ops on keys
I have received some reports of out-of-memory errors on some older AMD architectures. These errors are what I would expect to see if crypt_stat->key were split between two separate pages. eCryptfs should not assume that any of the memory sent through virt_to_scatterlist() is all contained in a single page, and so this patch allocates two scatterlist structs instead of one when processing keys. I have received confirmation from one person affected by this bug that this patch resolves the issue for him, and so I am submitting it for inclusion in a future stable release. Note that virt_to_scatterlist() runs sg_init_table() on the scatterlist structs passed to it, so the calls to sg_init_table() in decrypt_passphrase_encrypted_session_key() are redundant. Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Reported-by: Paulo J. S. Silva <pjssilva@ime.usp.br> Cc: "Leon Woestenberg" <leon.woestenberg@gmail.com> Cc: Tim Gardner <tim.gardner@canonical.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/ecryptfs/keystore.c31
1 files changed, 14 insertions, 17 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e22bc396134..0d713b69194 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1037,17 +1037,14 @@ static int
1037decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 1037decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1038 struct ecryptfs_crypt_stat *crypt_stat) 1038 struct ecryptfs_crypt_stat *crypt_stat)
1039{ 1039{
1040 struct scatterlist dst_sg; 1040 struct scatterlist dst_sg[2];
1041 struct scatterlist src_sg; 1041 struct scatterlist src_sg[2];
1042 struct mutex *tfm_mutex; 1042 struct mutex *tfm_mutex;
1043 struct blkcipher_desc desc = { 1043 struct blkcipher_desc desc = {
1044 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 1044 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1045 }; 1045 };
1046 int rc = 0; 1046 int rc = 0;
1047 1047
1048 sg_init_table(&dst_sg, 1);
1049 sg_init_table(&src_sg, 1);
1050
1051 if (unlikely(ecryptfs_verbosity > 0)) { 1048 if (unlikely(ecryptfs_verbosity > 0)) {
1052 ecryptfs_printk( 1049 ecryptfs_printk(
1053 KERN_DEBUG, "Session key encryption key (size [%d]):\n", 1050 KERN_DEBUG, "Session key encryption key (size [%d]):\n",
@@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1066 } 1063 }
1067 rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, 1064 rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1068 auth_tok->session_key.encrypted_key_size, 1065 auth_tok->session_key.encrypted_key_size,
1069 &src_sg, 1); 1066 src_sg, 2);
1070 if (rc != 1) { 1067 if (rc < 1 || rc > 2) {
1071 printk(KERN_ERR "Internal error whilst attempting to convert " 1068 printk(KERN_ERR "Internal error whilst attempting to convert "
1072 "auth_tok->session_key.encrypted_key to scatterlist; " 1069 "auth_tok->session_key.encrypted_key to scatterlist; "
1073 "expected rc = 1; got rc = [%d]. " 1070 "expected rc = 1; got rc = [%d]. "
@@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1079 auth_tok->session_key.encrypted_key_size; 1076 auth_tok->session_key.encrypted_key_size;
1080 rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, 1077 rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1081 auth_tok->session_key.decrypted_key_size, 1078 auth_tok->session_key.decrypted_key_size,
1082 &dst_sg, 1); 1079 dst_sg, 2);
1083 if (rc != 1) { 1080 if (rc < 1 || rc > 2) {
1084 printk(KERN_ERR "Internal error whilst attempting to convert " 1081 printk(KERN_ERR "Internal error whilst attempting to convert "
1085 "auth_tok->session_key.decrypted_key to scatterlist; " 1082 "auth_tok->session_key.decrypted_key to scatterlist; "
1086 "expected rc = 1; got rc = [%d]\n", rc); 1083 "expected rc = 1; got rc = [%d]\n", rc);
@@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1096 rc = -EINVAL; 1093 rc = -EINVAL;
1097 goto out; 1094 goto out;
1098 } 1095 }
1099 rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg, 1096 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1100 auth_tok->session_key.encrypted_key_size); 1097 auth_tok->session_key.encrypted_key_size);
1101 mutex_unlock(tfm_mutex); 1098 mutex_unlock(tfm_mutex);
1102 if (unlikely(rc)) { 1099 if (unlikely(rc)) {
@@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1539 size_t i; 1536 size_t i;
1540 size_t encrypted_session_key_valid = 0; 1537 size_t encrypted_session_key_valid = 0;
1541 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 1538 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
1542 struct scatterlist dst_sg; 1539 struct scatterlist dst_sg[2];
1543 struct scatterlist src_sg; 1540 struct scatterlist src_sg[2];
1544 struct mutex *tfm_mutex = NULL; 1541 struct mutex *tfm_mutex = NULL;
1545 u8 cipher_code; 1542 u8 cipher_code;
1546 size_t packet_size_length; 1543 size_t packet_size_length;
@@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1619 ecryptfs_dump_hex(session_key_encryption_key, 16); 1616 ecryptfs_dump_hex(session_key_encryption_key, 16);
1620 } 1617 }
1621 rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, 1618 rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
1622 &src_sg, 1); 1619 src_sg, 2);
1623 if (rc != 1) { 1620 if (rc < 1 || rc > 2) {
1624 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1621 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1625 "for crypt_stat session key; expected rc = 1; " 1622 "for crypt_stat session key; expected rc = 1; "
1626 "got rc = [%d]. key_rec->enc_key_size = [%d]\n", 1623 "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
@@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1629 goto out; 1626 goto out;
1630 } 1627 }
1631 rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, 1628 rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
1632 &dst_sg, 1); 1629 dst_sg, 2);
1633 if (rc != 1) { 1630 if (rc < 1 || rc > 2) {
1634 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1631 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1635 "for crypt_stat encrypted session key; " 1632 "for crypt_stat encrypted session key; "
1636 "expected rc = 1; got rc = [%d]. " 1633 "expected rc = 1; got rc = [%d]. "
@@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1651 rc = 0; 1648 rc = 0;
1652 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 1649 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
1653 crypt_stat->key_size); 1650 crypt_stat->key_size);
1654 rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg, 1651 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
1655 (*key_rec).enc_key_size); 1652 (*key_rec).enc_key_size);
1656 mutex_unlock(tfm_mutex); 1653 mutex_unlock(tfm_mutex);
1657 if (rc) { 1654 if (rc) {