diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2008-11-19 18:36:28 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-11-19 21:49:58 -0500 |
commit | ac97b9f9a2d0b83488e0bbcb8517b229d5c9b142 (patch) | |
tree | 118785d6a53390fb15177fc762f744a1bc0a79a4 | |
parent | 3b45d6380c392e402adc460e4ccf7d41e0caf82a (diff) |
eCryptfs: Allocate up to two scatterlists for crypto ops on keys
I have received some reports of out-of-memory errors on some older AMD
architectures. These errors are what I would expect to see if
crypt_stat->key were split between two separate pages. eCryptfs should
not assume that any of the memory sent through virt_to_scatterlist() is
all contained in a single page, and so this patch allocates two
scatterlist structs instead of one when processing keys. I have received
confirmation from one person affected by this bug that this patch resolves
the issue for him, and so I am submitting it for inclusion in a future
stable release.
Note that virt_to_scatterlist() runs sg_init_table() on the scatterlist
structs passed to it, so the calls to sg_init_table() in
decrypt_passphrase_encrypted_session_key() are redundant.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Reported-by: Paulo J. S. Silva <pjssilva@ime.usp.br>
Cc: "Leon Woestenberg" <leon.woestenberg@gmail.com>
Cc: Tim Gardner <tim.gardner@canonical.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/ecryptfs/keystore.c | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index e22bc3961345..0d713b691941 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -1037,17 +1037,14 @@ static int | |||
1037 | decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | 1037 | decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
1038 | struct ecryptfs_crypt_stat *crypt_stat) | 1038 | struct ecryptfs_crypt_stat *crypt_stat) |
1039 | { | 1039 | { |
1040 | struct scatterlist dst_sg; | 1040 | struct scatterlist dst_sg[2]; |
1041 | struct scatterlist src_sg; | 1041 | struct scatterlist src_sg[2]; |
1042 | struct mutex *tfm_mutex; | 1042 | struct mutex *tfm_mutex; |
1043 | struct blkcipher_desc desc = { | 1043 | struct blkcipher_desc desc = { |
1044 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP | 1044 | .flags = CRYPTO_TFM_REQ_MAY_SLEEP |
1045 | }; | 1045 | }; |
1046 | int rc = 0; | 1046 | int rc = 0; |
1047 | 1047 | ||
1048 | sg_init_table(&dst_sg, 1); | ||
1049 | sg_init_table(&src_sg, 1); | ||
1050 | |||
1051 | if (unlikely(ecryptfs_verbosity > 0)) { | 1048 | if (unlikely(ecryptfs_verbosity > 0)) { |
1052 | ecryptfs_printk( | 1049 | ecryptfs_printk( |
1053 | KERN_DEBUG, "Session key encryption key (size [%d]):\n", | 1050 | KERN_DEBUG, "Session key encryption key (size [%d]):\n", |
@@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
1066 | } | 1063 | } |
1067 | rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, | 1064 | rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, |
1068 | auth_tok->session_key.encrypted_key_size, | 1065 | auth_tok->session_key.encrypted_key_size, |
1069 | &src_sg, 1); | 1066 | src_sg, 2); |
1070 | if (rc != 1) { | 1067 | if (rc < 1 || rc > 2) { |
1071 | printk(KERN_ERR "Internal error whilst attempting to convert " | 1068 | printk(KERN_ERR "Internal error whilst attempting to convert " |
1072 | "auth_tok->session_key.encrypted_key to scatterlist; " | 1069 | "auth_tok->session_key.encrypted_key to scatterlist; " |
1073 | "expected rc = 1; got rc = [%d]. " | 1070 | "expected rc = 1; got rc = [%d]. " |
@@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
1079 | auth_tok->session_key.encrypted_key_size; | 1076 | auth_tok->session_key.encrypted_key_size; |
1080 | rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, | 1077 | rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, |
1081 | auth_tok->session_key.decrypted_key_size, | 1078 | auth_tok->session_key.decrypted_key_size, |
1082 | &dst_sg, 1); | 1079 | dst_sg, 2); |
1083 | if (rc != 1) { | 1080 | if (rc < 1 || rc > 2) { |
1084 | printk(KERN_ERR "Internal error whilst attempting to convert " | 1081 | printk(KERN_ERR "Internal error whilst attempting to convert " |
1085 | "auth_tok->session_key.decrypted_key to scatterlist; " | 1082 | "auth_tok->session_key.decrypted_key to scatterlist; " |
1086 | "expected rc = 1; got rc = [%d]\n", rc); | 1083 | "expected rc = 1; got rc = [%d]\n", rc); |
@@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
1096 | rc = -EINVAL; | 1093 | rc = -EINVAL; |
1097 | goto out; | 1094 | goto out; |
1098 | } | 1095 | } |
1099 | rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg, | 1096 | rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, |
1100 | auth_tok->session_key.encrypted_key_size); | 1097 | auth_tok->session_key.encrypted_key_size); |
1101 | mutex_unlock(tfm_mutex); | 1098 | mutex_unlock(tfm_mutex); |
1102 | if (unlikely(rc)) { | 1099 | if (unlikely(rc)) { |
@@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
1539 | size_t i; | 1536 | size_t i; |
1540 | size_t encrypted_session_key_valid = 0; | 1537 | size_t encrypted_session_key_valid = 0; |
1541 | char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; | 1538 | char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; |
1542 | struct scatterlist dst_sg; | 1539 | struct scatterlist dst_sg[2]; |
1543 | struct scatterlist src_sg; | 1540 | struct scatterlist src_sg[2]; |
1544 | struct mutex *tfm_mutex = NULL; | 1541 | struct mutex *tfm_mutex = NULL; |
1545 | u8 cipher_code; | 1542 | u8 cipher_code; |
1546 | size_t packet_size_length; | 1543 | size_t packet_size_length; |
@@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
1619 | ecryptfs_dump_hex(session_key_encryption_key, 16); | 1616 | ecryptfs_dump_hex(session_key_encryption_key, 16); |
1620 | } | 1617 | } |
1621 | rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, | 1618 | rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, |
1622 | &src_sg, 1); | 1619 | src_sg, 2); |
1623 | if (rc != 1) { | 1620 | if (rc < 1 || rc > 2) { |
1624 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " | 1621 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " |
1625 | "for crypt_stat session key; expected rc = 1; " | 1622 | "for crypt_stat session key; expected rc = 1; " |
1626 | "got rc = [%d]. key_rec->enc_key_size = [%d]\n", | 1623 | "got rc = [%d]. key_rec->enc_key_size = [%d]\n", |
@@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
1629 | goto out; | 1626 | goto out; |
1630 | } | 1627 | } |
1631 | rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, | 1628 | rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, |
1632 | &dst_sg, 1); | 1629 | dst_sg, 2); |
1633 | if (rc != 1) { | 1630 | if (rc < 1 || rc > 2) { |
1634 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " | 1631 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " |
1635 | "for crypt_stat encrypted session key; " | 1632 | "for crypt_stat encrypted session key; " |
1636 | "expected rc = 1; got rc = [%d]. " | 1633 | "expected rc = 1; got rc = [%d]. " |
@@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
1651 | rc = 0; | 1648 | rc = 0; |
1652 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", | 1649 | ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", |
1653 | crypt_stat->key_size); | 1650 | crypt_stat->key_size); |
1654 | rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg, | 1651 | rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, |
1655 | (*key_rec).enc_key_size); | 1652 | (*key_rec).enc_key_size); |
1656 | mutex_unlock(tfm_mutex); | 1653 | mutex_unlock(tfm_mutex); |
1657 | if (rc) { | 1654 | if (rc) { |