aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/keystore.c
diff options
context:
space:
mode:
authorTyler Hicks <tyhicks@linux.vnet.ibm.com>2011-05-17 01:50:33 -0400
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>2011-05-27 12:46:14 -0400
commit8d08dab786ad5cc2aca2bf870de370144b78c85a (patch)
treedda63612924a6eb53500952e00a2bc4f05f2d150 /fs/ecryptfs/keystore.c
parent07850552b92b3637fa56767b5e460b4238014447 (diff)
eCryptfs: Allow 2 scatterlist entries for encrypted filenames
The buffers allocated while encrypting and decrypting long filenames can sometimes straddle two pages. In this situation, virt_to_scatterlist() will return -ENOMEM, causing the operation to fail and the user will get scary error messages in their logs: kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting to convert filename memory to scatterlist; expected rc = 1; got rc = [-12]. block_aligned_filename_size = [272] kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70 packet; rc = [-12] kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to encrypt filename; rc = [-12] kernel: ecryptfs_lookup: Error attempting to encrypt and encode filename; rc = [-12] The solution is to allow up to 2 scatterlist entries to be used. Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Cc: <stable@kernel.org>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r--fs/ecryptfs/keystore.c46
1 files changed, 21 insertions, 25 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 03e609c45012..27a7fefb83eb 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -599,8 +599,8 @@ struct ecryptfs_write_tag_70_packet_silly_stack {
599 struct mutex *tfm_mutex; 599 struct mutex *tfm_mutex;
600 char *block_aligned_filename; 600 char *block_aligned_filename;
601 struct ecryptfs_auth_tok *auth_tok; 601 struct ecryptfs_auth_tok *auth_tok;
602 struct scatterlist src_sg; 602 struct scatterlist src_sg[2];
603 struct scatterlist dst_sg; 603 struct scatterlist dst_sg[2];
604 struct blkcipher_desc desc; 604 struct blkcipher_desc desc;
605 char iv[ECRYPTFS_MAX_IV_BYTES]; 605 char iv[ECRYPTFS_MAX_IV_BYTES];
606 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; 606 char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -816,23 +816,21 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
816 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, 816 memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
817 filename_size); 817 filename_size);
818 rc = virt_to_scatterlist(s->block_aligned_filename, 818 rc = virt_to_scatterlist(s->block_aligned_filename,
819 s->block_aligned_filename_size, &s->src_sg, 1); 819 s->block_aligned_filename_size, s->src_sg, 2);
820 if (rc != 1) { 820 if (rc < 1) {
821 printk(KERN_ERR "%s: Internal error whilst attempting to " 821 printk(KERN_ERR "%s: Internal error whilst attempting to "
822 "convert filename memory to scatterlist; " 822 "convert filename memory to scatterlist; rc = [%d]. "
823 "expected rc = 1; got rc = [%d]. "
824 "block_aligned_filename_size = [%zd]\n", __func__, rc, 823 "block_aligned_filename_size = [%zd]\n", __func__, rc,
825 s->block_aligned_filename_size); 824 s->block_aligned_filename_size);
826 goto out_release_free_unlock; 825 goto out_release_free_unlock;
827 } 826 }
828 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, 827 rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
829 &s->dst_sg, 1); 828 s->dst_sg, 2);
830 if (rc != 1) { 829 if (rc < 1) {
831 printk(KERN_ERR "%s: Internal error whilst attempting to " 830 printk(KERN_ERR "%s: Internal error whilst attempting to "
832 "convert encrypted filename memory to scatterlist; " 831 "convert encrypted filename memory to scatterlist; "
833 "expected rc = 1; got rc = [%d]. " 832 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
834 "block_aligned_filename_size = [%zd]\n", __func__, rc, 833 __func__, rc, s->block_aligned_filename_size);
835 s->block_aligned_filename_size);
836 goto out_release_free_unlock; 834 goto out_release_free_unlock;
837 } 835 }
838 /* The characters in the first block effectively do the job 836 /* The characters in the first block effectively do the job
@@ -855,7 +853,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
855 mount_crypt_stat->global_default_fn_cipher_key_bytes); 853 mount_crypt_stat->global_default_fn_cipher_key_bytes);
856 goto out_release_free_unlock; 854 goto out_release_free_unlock;
857 } 855 }
858 rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, 856 rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
859 s->block_aligned_filename_size); 857 s->block_aligned_filename_size);
860 if (rc) { 858 if (rc) {
861 printk(KERN_ERR "%s: Error attempting to encrypt filename; " 859 printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -891,8 +889,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack {
891 struct mutex *tfm_mutex; 889 struct mutex *tfm_mutex;
892 char *decrypted_filename; 890 char *decrypted_filename;
893 struct ecryptfs_auth_tok *auth_tok; 891 struct ecryptfs_auth_tok *auth_tok;
894 struct scatterlist src_sg; 892 struct scatterlist src_sg[2];
895 struct scatterlist dst_sg; 893 struct scatterlist dst_sg[2];
896 struct blkcipher_desc desc; 894 struct blkcipher_desc desc;
897 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; 895 char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
898 char iv[ECRYPTFS_MAX_IV_BYTES]; 896 char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -1008,13 +1006,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1008 } 1006 }
1009 mutex_lock(s->tfm_mutex); 1007 mutex_lock(s->tfm_mutex);
1010 rc = virt_to_scatterlist(&data[(*packet_size)], 1008 rc = virt_to_scatterlist(&data[(*packet_size)],
1011 s->block_aligned_filename_size, &s->src_sg, 1); 1009 s->block_aligned_filename_size, s->src_sg, 2);
1012 if (rc != 1) { 1010 if (rc < 1) {
1013 printk(KERN_ERR "%s: Internal error whilst attempting to " 1011 printk(KERN_ERR "%s: Internal error whilst attempting to "
1014 "convert encrypted filename memory to scatterlist; " 1012 "convert encrypted filename memory to scatterlist; "
1015 "expected rc = 1; got rc = [%d]. " 1013 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1016 "block_aligned_filename_size = [%zd]\n", __func__, rc, 1014 __func__, rc, s->block_aligned_filename_size);
1017 s->block_aligned_filename_size);
1018 goto out_unlock; 1015 goto out_unlock;
1019 } 1016 }
1020 (*packet_size) += s->block_aligned_filename_size; 1017 (*packet_size) += s->block_aligned_filename_size;
@@ -1028,13 +1025,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1028 goto out_unlock; 1025 goto out_unlock;
1029 } 1026 }
1030 rc = virt_to_scatterlist(s->decrypted_filename, 1027 rc = virt_to_scatterlist(s->decrypted_filename,
1031 s->block_aligned_filename_size, &s->dst_sg, 1); 1028 s->block_aligned_filename_size, s->dst_sg, 2);
1032 if (rc != 1) { 1029 if (rc < 1) {
1033 printk(KERN_ERR "%s: Internal error whilst attempting to " 1030 printk(KERN_ERR "%s: Internal error whilst attempting to "
1034 "convert decrypted filename memory to scatterlist; " 1031 "convert decrypted filename memory to scatterlist; "
1035 "expected rc = 1; got rc = [%d]. " 1032 "rc = [%d]. block_aligned_filename_size = [%zd]\n",
1036 "block_aligned_filename_size = [%zd]\n", __func__, rc, 1033 __func__, rc, s->block_aligned_filename_size);
1037 s->block_aligned_filename_size);
1038 goto out_free_unlock; 1034 goto out_free_unlock;
1039 } 1035 }
1040 /* The characters in the first block effectively do the job of 1036 /* The characters in the first block effectively do the job of
@@ -1065,7 +1061,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
1065 mount_crypt_stat->global_default_fn_cipher_key_bytes); 1061 mount_crypt_stat->global_default_fn_cipher_key_bytes);
1066 goto out_free_unlock; 1062 goto out_free_unlock;
1067 } 1063 }
1068 rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, 1064 rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
1069 s->block_aligned_filename_size); 1065 s->block_aligned_filename_size);
1070 if (rc) { 1066 if (rc) {
1071 printk(KERN_ERR "%s: Error attempting to decrypt filename; " 1067 printk(KERN_ERR "%s: Error attempting to decrypt filename; "