[PATCH 8/8] ext4 crypto: allocate the right amount of memory for the on-disk symlink

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: Theodore Ts'o <tytso@mit.edu>
To: Ext4 Developers List <linux-ext4@vger.kernel.org>
Cc: jaegeuk@kernel.org, mhalcrow@google.com, Theodore Ts'o <tytso@mit.edu>
Subject: [PATCH 8/8] ext4 crypto: allocate the right amount of memory for the on-disk symlink
Date: Thu, 28 May 2015 19:47:47 -0400	[thread overview]
Message-ID: <1432856867-5710-8-git-send-email-tytso@mit.edu> (raw)
In-Reply-To: <1432856867-5710-1-git-send-email-tytso@mit.edu>

Previously we were taking the required padding when allocating space
for the on-disk symlink.  This caused a buffer overrun which could
trigger a krenel crash when running fsstress.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/ext4/crypto_fname.c | 25 +++++++++++++++----------
 fs/ext4/ext4.h         |  1 +
 fs/ext4/namei.c        | 32 +++++++++++++++++++++-----------
 3 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
index 23af41f..7dc4eb5 100644
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c
@@ -262,8 +262,20 @@ u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
 	return ((size+blksize-1)/blksize)*blksize;
 }
 
-/**
- * ext4_fname_crypto_alloc_obuff() -
+unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen)
+{
+	struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
+	int padding = 32;
+
+	if (ci)
+		padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
+	if (ilen < EXT4_CRYPTO_BLOCK_SIZE)
+		ilen = EXT4_CRYPTO_BLOCK_SIZE;
+	return ext4_fname_crypto_round_up(ilen, padding);
+}
+
+/*
+ * ext4_fname_crypto_alloc_buffer() -
  *
  * Allocates an output buffer that is sufficient for the crypto operation
  * specified by the context and the direction.
@@ -271,15 +283,8 @@ u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
 int ext4_fname_crypto_alloc_buffer(struct inode *inode,
 				   u32 ilen, struct ext4_str *crypto_str)
 {
-	unsigned int olen;
-	int padding = 16;
-	struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
+	unsigned int olen = ext4_fname_encrypted_size(inode, ilen);
 
-	if (ci)
-		padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
-	if (padding < EXT4_CRYPTO_BLOCK_SIZE)
-		padding = EXT4_CRYPTO_BLOCK_SIZE;
-	olen = ext4_fname_crypto_round_up(ilen, padding);
 	crypto_str->len = olen;
 	if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
 		olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index bd8d32d..730c88d 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2090,6 +2090,7 @@ static inline int ext4_sb_has_crypto(struct super_block *sb)
 /* crypto_fname.c */
 bool ext4_valid_filenames_enc_mode(uint32_t mode);
 u32 ext4_fname_crypto_round_up(u32 size, u32 blksize);
+unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen);
 int ext4_fname_crypto_alloc_buffer(struct inode *inode,
 				   u32 ilen, struct ext4_str *crypto_str);
 int _ext4_fname_disk_to_usr(struct inode *inode,
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 401b099..bda4a5d 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3039,10 +3039,23 @@ static int ext4_symlink(struct inode *dir,
 
 	encryption_required = (ext4_encrypted_inode(dir) ||
 			       DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb)));
-	if (encryption_required)
-		disk_link.len = encrypted_symlink_data_len(len) + 1;
-	if (disk_link.len > dir->i_sb->s_blocksize)
-		return -ENAMETOOLONG;
+	if (encryption_required) {
+		err = ext4_get_encryption_info(dir);
+		if (err)
+			return err;
+		if (ext4_encryption_info(dir) == NULL)
+			return -EPERM;
+		disk_link.len = (ext4_fname_encrypted_size(dir, len) +
+				 sizeof(struct ext4_encrypted_symlink_data));
+		sd = kzalloc(disk_link.len, GFP_KERNEL);
+		if (!sd)
+			return -ENOMEM;
+	}
+
+	if (disk_link.len > dir->i_sb->s_blocksize) {
+		err = -ENAMETOOLONG;
+		goto err_free_sd;
+	}
 
 	dquot_initialize(dir);
 
@@ -3073,18 +3086,14 @@ static int ext4_symlink(struct inode *dir,
 	if (IS_ERR(inode)) {
 		if (handle)
 			ext4_journal_stop(handle);
-		return PTR_ERR(inode);
+		err = PTR_ERR(inode);
+		goto err_free_sd;
 	}
 
 	if (encryption_required) {
 		struct qstr istr;
 		struct ext4_str ostr;
 
-		sd = kzalloc(disk_link.len, GFP_NOFS);
-		if (!sd) {
-			err = -ENOMEM;
-			goto err_drop_inode;
-		}
 		istr.name = (const unsigned char *) symname;
 		istr.len = len;
 		ostr.name = sd->encrypted_path;
@@ -3156,10 +3165,11 @@ static int ext4_symlink(struct inode *dir,
 err_drop_inode:
 	if (handle)
 		ext4_journal_stop(handle);
-	kfree(sd);
 	clear_nlink(inode);
 	unlock_new_inode(inode);
 	iput(inode);
+err_free_sd:
+	kfree(sd);
 	return err;
 }
 
-- 
2.3.0

next prev parent reply	other threads:[~2015-05-28 23:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-28 23:47 [PATCH 1/8] ext4 crypto: fix memory leaks in ext4_encrypted_zeroout Theodore Ts'o
2015-05-28 23:47 ` [PATCH 2/8] ext4 crypto: set up encryption info for new inodes in ext4_inherit_context() Theodore Ts'o
2015-05-28 23:47 ` [PATCH 3/8] ext4 crypto: make sure the encryption info is initialized on opendir(2) Theodore Ts'o
2015-05-28 23:47 ` [PATCH 4/8] ext4 crypto: encrypt tmpfile located in encryption protected directory Theodore Ts'o
2015-05-29 11:09   ` Albino Biasutti Neto
2015-05-29 16:33     ` Theodore Ts'o
2015-05-30 10:45       ` Albino Biasutti Neto
2015-05-28 23:47 ` [PATCH 5/8] ext4 crypto: enforce crypto policy restrictions on cross-renames Theodore Ts'o
2015-05-28 23:47 ` [PATCH 6/8] ext4 crypto: policies may only be set on directories Theodore Ts'o
2015-05-28 23:47 ` [PATCH 7/8] ext4 crypto: clean up error handling in ext4_fname_setup_filename Theodore Ts'o
2015-05-28 23:47 ` Theodore Ts'o [this message]
2015-05-29 18:08 ` [PATCH 1/8] ext4 crypto: fix memory leaks in ext4_encrypted_zeroout Jaegeuk Kim
2015-05-31 14:26   ` Theodore Ts'o
2015-06-01 21:56     ` Jaegeuk Kim

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:23af41f dfblob:7dc4eb5 dfblob:bd8d32d dfblob:730c88d
dfblob:401b099 dfblob:bda4a5d )
 OR (
bs:"[PATCH 8/8] ext4 crypto: allocate the right amount of memory for the on-disk symlink" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1432856867-5710-8-git-send-email-tytso@mit.edu \
    --to=tytso@mit.edu \
    --cc=jaegeuk@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=mhalcrow@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox