aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/crypto.c15
-rw-r--r--fs/ecryptfs/keystore.c31
2 files changed, 22 insertions, 24 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 06db79d05c12..6046239465a1 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1251,6 +1251,7 @@ struct kmem_cache *ecryptfs_header_cache_2;
1251/** 1251/**
1252 * ecryptfs_write_headers_virt 1252 * ecryptfs_write_headers_virt
1253 * @page_virt: The virtual address to write the headers to 1253 * @page_virt: The virtual address to write the headers to
1254 * @max: The size of memory allocated at page_virt
1254 * @size: Set to the number of bytes written by this function 1255 * @size: Set to the number of bytes written by this function
1255 * @crypt_stat: The cryptographic context 1256 * @crypt_stat: The cryptographic context
1256 * @ecryptfs_dentry: The eCryptfs dentry 1257 * @ecryptfs_dentry: The eCryptfs dentry
@@ -1278,7 +1279,8 @@ struct kmem_cache *ecryptfs_header_cache_2;
1278 * 1279 *
1279 * Returns zero on success 1280 * Returns zero on success
1280 */ 1281 */
1281static int ecryptfs_write_headers_virt(char *page_virt, size_t *size, 1282static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
1283 size_t *size,
1282 struct ecryptfs_crypt_stat *crypt_stat, 1284 struct ecryptfs_crypt_stat *crypt_stat,
1283 struct dentry *ecryptfs_dentry) 1285 struct dentry *ecryptfs_dentry)
1284{ 1286{
@@ -1296,7 +1298,7 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t *size,
1296 offset += written; 1298 offset += written;
1297 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat, 1299 rc = ecryptfs_generate_key_packet_set((page_virt + offset), crypt_stat,
1298 ecryptfs_dentry, &written, 1300 ecryptfs_dentry, &written,
1299 PAGE_CACHE_SIZE - offset); 1301 max - offset);
1300 if (rc) 1302 if (rc)
1301 ecryptfs_printk(KERN_WARNING, "Error generating key packet " 1303 ecryptfs_printk(KERN_WARNING, "Error generating key packet "
1302 "set; rc = [%d]\n", rc); 1304 "set; rc = [%d]\n", rc);
@@ -1368,14 +1370,14 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1368 goto out; 1370 goto out;
1369 } 1371 }
1370 /* Released in this function */ 1372 /* Released in this function */
1371 virt = kzalloc(crypt_stat->num_header_bytes_at_front, GFP_KERNEL); 1373 virt = (char *)get_zeroed_page(GFP_KERNEL);
1372 if (!virt) { 1374 if (!virt) {
1373 printk(KERN_ERR "%s: Out of memory\n", __func__); 1375 printk(KERN_ERR "%s: Out of memory\n", __func__);
1374 rc = -ENOMEM; 1376 rc = -ENOMEM;
1375 goto out; 1377 goto out;
1376 } 1378 }
1377 rc = ecryptfs_write_headers_virt(virt, &size, crypt_stat, 1379 rc = ecryptfs_write_headers_virt(virt, PAGE_CACHE_SIZE, &size,
1378 ecryptfs_dentry); 1380 crypt_stat, ecryptfs_dentry);
1379 if (unlikely(rc)) { 1381 if (unlikely(rc)) {
1380 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n", 1382 printk(KERN_ERR "%s: Error whilst writing headers; rc = [%d]\n",
1381 __func__, rc); 1383 __func__, rc);
@@ -1393,8 +1395,7 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
1393 goto out_free; 1395 goto out_free;
1394 } 1396 }
1395out_free: 1397out_free:
1396 memset(virt, 0, crypt_stat->num_header_bytes_at_front); 1398 free_page((unsigned long)virt);
1397 kfree(virt);
1398out: 1399out:
1399 return rc; 1400 return rc;
1400} 1401}
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e22bc3961345..0d713b691941 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1037,17 +1037,14 @@ static int
1037decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, 1037decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1038 struct ecryptfs_crypt_stat *crypt_stat) 1038 struct ecryptfs_crypt_stat *crypt_stat)
1039{ 1039{
1040 struct scatterlist dst_sg; 1040 struct scatterlist dst_sg[2];
1041 struct scatterlist src_sg; 1041 struct scatterlist src_sg[2];
1042 struct mutex *tfm_mutex; 1042 struct mutex *tfm_mutex;
1043 struct blkcipher_desc desc = { 1043 struct blkcipher_desc desc = {
1044 .flags = CRYPTO_TFM_REQ_MAY_SLEEP 1044 .flags = CRYPTO_TFM_REQ_MAY_SLEEP
1045 }; 1045 };
1046 int rc = 0; 1046 int rc = 0;
1047 1047
1048 sg_init_table(&dst_sg, 1);
1049 sg_init_table(&src_sg, 1);
1050
1051 if (unlikely(ecryptfs_verbosity > 0)) { 1048 if (unlikely(ecryptfs_verbosity > 0)) {
1052 ecryptfs_printk( 1049 ecryptfs_printk(
1053 KERN_DEBUG, "Session key encryption key (size [%d]):\n", 1050 KERN_DEBUG, "Session key encryption key (size [%d]):\n",
@@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1066 } 1063 }
1067 rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, 1064 rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
1068 auth_tok->session_key.encrypted_key_size, 1065 auth_tok->session_key.encrypted_key_size,
1069 &src_sg, 1); 1066 src_sg, 2);
1070 if (rc != 1) { 1067 if (rc < 1 || rc > 2) {
1071 printk(KERN_ERR "Internal error whilst attempting to convert " 1068 printk(KERN_ERR "Internal error whilst attempting to convert "
1072 "auth_tok->session_key.encrypted_key to scatterlist; " 1069 "auth_tok->session_key.encrypted_key to scatterlist; "
1073 "expected rc = 1; got rc = [%d]. " 1070 "expected rc = 1; got rc = [%d]. "
@@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1079 auth_tok->session_key.encrypted_key_size; 1076 auth_tok->session_key.encrypted_key_size;
1080 rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, 1077 rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
1081 auth_tok->session_key.decrypted_key_size, 1078 auth_tok->session_key.decrypted_key_size,
1082 &dst_sg, 1); 1079 dst_sg, 2);
1083 if (rc != 1) { 1080 if (rc < 1 || rc > 2) {
1084 printk(KERN_ERR "Internal error whilst attempting to convert " 1081 printk(KERN_ERR "Internal error whilst attempting to convert "
1085 "auth_tok->session_key.decrypted_key to scatterlist; " 1082 "auth_tok->session_key.decrypted_key to scatterlist; "
1086 "expected rc = 1; got rc = [%d]\n", rc); 1083 "expected rc = 1; got rc = [%d]\n", rc);
@@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1096 rc = -EINVAL; 1093 rc = -EINVAL;
1097 goto out; 1094 goto out;
1098 } 1095 }
1099 rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg, 1096 rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
1100 auth_tok->session_key.encrypted_key_size); 1097 auth_tok->session_key.encrypted_key_size);
1101 mutex_unlock(tfm_mutex); 1098 mutex_unlock(tfm_mutex);
1102 if (unlikely(rc)) { 1099 if (unlikely(rc)) {
@@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1539 size_t i; 1536 size_t i;
1540 size_t encrypted_session_key_valid = 0; 1537 size_t encrypted_session_key_valid = 0;
1541 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; 1538 char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
1542 struct scatterlist dst_sg; 1539 struct scatterlist dst_sg[2];
1543 struct scatterlist src_sg; 1540 struct scatterlist src_sg[2];
1544 struct mutex *tfm_mutex = NULL; 1541 struct mutex *tfm_mutex = NULL;
1545 u8 cipher_code; 1542 u8 cipher_code;
1546 size_t packet_size_length; 1543 size_t packet_size_length;
@@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1619 ecryptfs_dump_hex(session_key_encryption_key, 16); 1616 ecryptfs_dump_hex(session_key_encryption_key, 16);
1620 } 1617 }
1621 rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, 1618 rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
1622 &src_sg, 1); 1619 src_sg, 2);
1623 if (rc != 1) { 1620 if (rc < 1 || rc > 2) {
1624 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1621 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1625 "for crypt_stat session key; expected rc = 1; " 1622 "for crypt_stat session key; expected rc = 1; "
1626 "got rc = [%d]. key_rec->enc_key_size = [%d]\n", 1623 "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
@@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1629 goto out; 1626 goto out;
1630 } 1627 }
1631 rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, 1628 rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
1632 &dst_sg, 1); 1629 dst_sg, 2);
1633 if (rc != 1) { 1630 if (rc < 1 || rc > 2) {
1634 ecryptfs_printk(KERN_ERR, "Error generating scatterlist " 1631 ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
1635 "for crypt_stat encrypted session key; " 1632 "for crypt_stat encrypted session key; "
1636 "expected rc = 1; got rc = [%d]. " 1633 "expected rc = 1; got rc = [%d]. "
@@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
1651 rc = 0; 1648 rc = 0;
1652 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n", 1649 ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
1653 crypt_stat->key_size); 1650 crypt_stat->key_size);
1654 rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg, 1651 rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
1655 (*key_rec).enc_key_size); 1652 (*key_rec).enc_key_size);
1656 mutex_unlock(tfm_mutex); 1653 mutex_unlock(tfm_mutex);
1657 if (rc) { 1654 if (rc) {
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-15 12:25:50 -0400