diff options
author | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2011-05-17 01:50:33 -0400 |
---|---|---|
committer | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2011-05-27 12:46:14 -0400 |
commit | 8d08dab786ad5cc2aca2bf870de370144b78c85a (patch) | |
tree | dda63612924a6eb53500952e00a2bc4f05f2d150 /fs/ecryptfs/keystore.c | |
parent | 07850552b92b3637fa56767b5e460b4238014447 (diff) |
eCryptfs: Allow 2 scatterlist entries for encrypted filenames
The buffers allocated while encrypting and decrypting long filenames can
sometimes straddle two pages. In this situation, virt_to_scatterlist()
will return -ENOMEM, causing the operation to fail and the user will get
scary error messages in their logs:
kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting
to convert filename memory to scatterlist; expected rc = 1; got rc =
[-12]. block_aligned_filename_size = [272]
kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70
packet; rc = [-12]
kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to
encrypt filename; rc = [-12]
kernel: ecryptfs_lookup: Error attempting to encrypt and encode
filename; rc = [-12]
The solution is to allow up to 2 scatterlist entries to be used.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: <stable@kernel.org>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r-- | fs/ecryptfs/keystore.c | 46 |
1 files changed, 21 insertions, 25 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 03e609c45012..27a7fefb83eb 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -599,8 +599,8 @@ struct ecryptfs_write_tag_70_packet_silly_stack { | |||
599 | struct mutex *tfm_mutex; | 599 | struct mutex *tfm_mutex; |
600 | char *block_aligned_filename; | 600 | char *block_aligned_filename; |
601 | struct ecryptfs_auth_tok *auth_tok; | 601 | struct ecryptfs_auth_tok *auth_tok; |
602 | struct scatterlist src_sg; | 602 | struct scatterlist src_sg[2]; |
603 | struct scatterlist dst_sg; | 603 | struct scatterlist dst_sg[2]; |
604 | struct blkcipher_desc desc; | 604 | struct blkcipher_desc desc; |
605 | char iv[ECRYPTFS_MAX_IV_BYTES]; | 605 | char iv[ECRYPTFS_MAX_IV_BYTES]; |
606 | char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; | 606 | char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; |
@@ -816,23 +816,21 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
816 | memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, | 816 | memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, |
817 | filename_size); | 817 | filename_size); |
818 | rc = virt_to_scatterlist(s->block_aligned_filename, | 818 | rc = virt_to_scatterlist(s->block_aligned_filename, |
819 | s->block_aligned_filename_size, &s->src_sg, 1); | 819 | s->block_aligned_filename_size, s->src_sg, 2); |
820 | if (rc != 1) { | 820 | if (rc < 1) { |
821 | printk(KERN_ERR "%s: Internal error whilst attempting to " | 821 | printk(KERN_ERR "%s: Internal error whilst attempting to " |
822 | "convert filename memory to scatterlist; " | 822 | "convert filename memory to scatterlist; rc = [%d]. " |
823 | "expected rc = 1; got rc = [%d]. " | ||
824 | "block_aligned_filename_size = [%zd]\n", __func__, rc, | 823 | "block_aligned_filename_size = [%zd]\n", __func__, rc, |
825 | s->block_aligned_filename_size); | 824 | s->block_aligned_filename_size); |
826 | goto out_release_free_unlock; | 825 | goto out_release_free_unlock; |
827 | } | 826 | } |
828 | rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, | 827 | rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, |
829 | &s->dst_sg, 1); | 828 | s->dst_sg, 2); |
830 | if (rc != 1) { | 829 | if (rc < 1) { |
831 | printk(KERN_ERR "%s: Internal error whilst attempting to " | 830 | printk(KERN_ERR "%s: Internal error whilst attempting to " |
832 | "convert encrypted filename memory to scatterlist; " | 831 | "convert encrypted filename memory to scatterlist; " |
833 | "expected rc = 1; got rc = [%d]. " | 832 | "rc = [%d]. block_aligned_filename_size = [%zd]\n", |
834 | "block_aligned_filename_size = [%zd]\n", __func__, rc, | 833 | __func__, rc, s->block_aligned_filename_size); |
835 | s->block_aligned_filename_size); | ||
836 | goto out_release_free_unlock; | 834 | goto out_release_free_unlock; |
837 | } | 835 | } |
838 | /* The characters in the first block effectively do the job | 836 | /* The characters in the first block effectively do the job |
@@ -855,7 +853,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
855 | mount_crypt_stat->global_default_fn_cipher_key_bytes); | 853 | mount_crypt_stat->global_default_fn_cipher_key_bytes); |
856 | goto out_release_free_unlock; | 854 | goto out_release_free_unlock; |
857 | } | 855 | } |
858 | rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, | 856 | rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, |
859 | s->block_aligned_filename_size); | 857 | s->block_aligned_filename_size); |
860 | if (rc) { | 858 | if (rc) { |
861 | printk(KERN_ERR "%s: Error attempting to encrypt filename; " | 859 | printk(KERN_ERR "%s: Error attempting to encrypt filename; " |
@@ -891,8 +889,8 @@ struct ecryptfs_parse_tag_70_packet_silly_stack { | |||
891 | struct mutex *tfm_mutex; | 889 | struct mutex *tfm_mutex; |
892 | char *decrypted_filename; | 890 | char *decrypted_filename; |
893 | struct ecryptfs_auth_tok *auth_tok; | 891 | struct ecryptfs_auth_tok *auth_tok; |
894 | struct scatterlist src_sg; | 892 | struct scatterlist src_sg[2]; |
895 | struct scatterlist dst_sg; | 893 | struct scatterlist dst_sg[2]; |
896 | struct blkcipher_desc desc; | 894 | struct blkcipher_desc desc; |
897 | char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; | 895 | char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; |
898 | char iv[ECRYPTFS_MAX_IV_BYTES]; | 896 | char iv[ECRYPTFS_MAX_IV_BYTES]; |
@@ -1008,13 +1006,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
1008 | } | 1006 | } |
1009 | mutex_lock(s->tfm_mutex); | 1007 | mutex_lock(s->tfm_mutex); |
1010 | rc = virt_to_scatterlist(&data[(*packet_size)], | 1008 | rc = virt_to_scatterlist(&data[(*packet_size)], |
1011 | s->block_aligned_filename_size, &s->src_sg, 1); | 1009 | s->block_aligned_filename_size, s->src_sg, 2); |
1012 | if (rc != 1) { | 1010 | if (rc < 1) { |
1013 | printk(KERN_ERR "%s: Internal error whilst attempting to " | 1011 | printk(KERN_ERR "%s: Internal error whilst attempting to " |
1014 | "convert encrypted filename memory to scatterlist; " | 1012 | "convert encrypted filename memory to scatterlist; " |
1015 | "expected rc = 1; got rc = [%d]. " | 1013 | "rc = [%d]. block_aligned_filename_size = [%zd]\n", |
1016 | "block_aligned_filename_size = [%zd]\n", __func__, rc, | 1014 | __func__, rc, s->block_aligned_filename_size); |
1017 | s->block_aligned_filename_size); | ||
1018 | goto out_unlock; | 1015 | goto out_unlock; |
1019 | } | 1016 | } |
1020 | (*packet_size) += s->block_aligned_filename_size; | 1017 | (*packet_size) += s->block_aligned_filename_size; |
@@ -1028,13 +1025,12 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
1028 | goto out_unlock; | 1025 | goto out_unlock; |
1029 | } | 1026 | } |
1030 | rc = virt_to_scatterlist(s->decrypted_filename, | 1027 | rc = virt_to_scatterlist(s->decrypted_filename, |
1031 | s->block_aligned_filename_size, &s->dst_sg, 1); | 1028 | s->block_aligned_filename_size, s->dst_sg, 2); |
1032 | if (rc != 1) { | 1029 | if (rc < 1) { |
1033 | printk(KERN_ERR "%s: Internal error whilst attempting to " | 1030 | printk(KERN_ERR "%s: Internal error whilst attempting to " |
1034 | "convert decrypted filename memory to scatterlist; " | 1031 | "convert decrypted filename memory to scatterlist; " |
1035 | "expected rc = 1; got rc = [%d]. " | 1032 | "rc = [%d]. block_aligned_filename_size = [%zd]\n", |
1036 | "block_aligned_filename_size = [%zd]\n", __func__, rc, | 1033 | __func__, rc, s->block_aligned_filename_size); |
1037 | s->block_aligned_filename_size); | ||
1038 | goto out_free_unlock; | 1034 | goto out_free_unlock; |
1039 | } | 1035 | } |
1040 | /* The characters in the first block effectively do the job of | 1036 | /* The characters in the first block effectively do the job of |
@@ -1065,7 +1061,7 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
1065 | mount_crypt_stat->global_default_fn_cipher_key_bytes); | 1061 | mount_crypt_stat->global_default_fn_cipher_key_bytes); |
1066 | goto out_free_unlock; | 1062 | goto out_free_unlock; |
1067 | } | 1063 | } |
1068 | rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, | 1064 | rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, |
1069 | s->block_aligned_filename_size); | 1065 | s->block_aligned_filename_size); |
1070 | if (rc) { | 1066 | if (rc) { |
1071 | printk(KERN_ERR "%s: Error attempting to decrypt filename; " | 1067 | printk(KERN_ERR "%s: Error attempting to decrypt filename; " |