From: Andi Kleen <andi@firstfloor.org>
To: tyhicks@linux.vnet.ibm.com, gregkh@suse.de, ak@linux.intel.com,
linux-kernel@vger.kernel.org, stable@kernel.org,
tim.bird@am.sony.com
Subject: [PATCH] [23/99] eCryptfs: Allow 2 scatterlist entries for encrypted
Date: Wed, 27 Jul 2011 14:48:21 -0700 (PDT) [thread overview]
Message-ID: <20110727214821.B686F2403FF@tassilo.jf.intel.com> (raw)
In-Reply-To: <20110727247.325703029@firstfloor.org>
2.6.35-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
commit 8d08dab786ad5cc2aca2bf870de370144b78c85a upstream.
The buffers allocated while encrypting and decrypting long filenames can
sometimes straddle two pages. In this situation, virt_to_scatterlist()
will return -ENOMEM, causing the operation to fail and the user will get
scary error messages in their logs:
kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting
to convert filename memory to scatterlist; expected rc = 1; got rc =
[-12]. block_aligned_filename_size = [272]
kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70
packet; rc = [-12]
kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to
encrypt filename; rc = [-12]
kernel: ecryptfs_lookup: Error attempting to encrypt and encode
filename; rc = [-12]
The solution is to allow up to 2 scatterlist entries to be used.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
fs/ecryptfs/keystore.c | 46 +++++++++++++++++++++-------------------------
1 file changed, 21 insertions(+), 25 deletions(-)
Index: linux-2.6.35.y/fs/ecryptfs/keystore.c
===================================================================
--- linux-2.6.35.y.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.35.y/fs/ecryptfs/keystore.c
@@ -482,8 +482,8 @@ struct ecryptfs_write_tag_70_packet_sill
struct mutex *tfm_mutex;
char *block_aligned_filename;
struct ecryptfs_auth_tok *auth_tok;
- struct scatterlist src_sg;
- struct scatterlist dst_sg;
+ struct scatterlist src_sg[2];
+ struct scatterlist dst_sg[2];
struct blkcipher_desc desc;
char iv[ECRYPTFS_MAX_IV_BYTES];
char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -696,23 +696,21 @@ ecryptfs_write_tag_70_packet(char *dest,
memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
filename_size);
rc = virt_to_scatterlist(s->block_aligned_filename,
- s->block_aligned_filename_size, &s->src_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->src_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
- "convert filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
+ "convert filename memory to scatterlist; rc = [%d]. "
"block_aligned_filename_size = [%zd]\n", __func__, rc,
s->block_aligned_filename_size);
goto out_release_free_unlock;
}
rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
- &s->dst_sg, 1);
- if (rc != 1) {
+ s->dst_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert encrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_release_free_unlock;
}
/* The characters in the first block effectively do the job
@@ -735,7 +733,7 @@ ecryptfs_write_tag_70_packet(char *dest,
mount_crypt_stat->global_default_fn_cipher_key_bytes);
goto out_release_free_unlock;
}
- rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+ rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
s->block_aligned_filename_size);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -767,8 +765,8 @@ struct ecryptfs_parse_tag_70_packet_sill
struct mutex *tfm_mutex;
char *decrypted_filename;
struct ecryptfs_auth_tok *auth_tok;
- struct scatterlist src_sg;
- struct scatterlist dst_sg;
+ struct scatterlist src_sg[2];
+ struct scatterlist dst_sg[2];
struct blkcipher_desc desc;
char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -873,13 +871,12 @@ ecryptfs_parse_tag_70_packet(char **file
}
mutex_lock(s->tfm_mutex);
rc = virt_to_scatterlist(&data[(*packet_size)],
- s->block_aligned_filename_size, &s->src_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->src_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert encrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_unlock;
}
(*packet_size) += s->block_aligned_filename_size;
@@ -893,13 +890,12 @@ ecryptfs_parse_tag_70_packet(char **file
goto out_unlock;
}
rc = virt_to_scatterlist(s->decrypted_filename,
- s->block_aligned_filename_size, &s->dst_sg, 1);
- if (rc != 1) {
+ s->block_aligned_filename_size, s->dst_sg, 2);
+ if (rc < 1) {
printk(KERN_ERR "%s: Internal error whilst attempting to "
"convert decrypted filename memory to scatterlist; "
- "expected rc = 1; got rc = [%d]. "
- "block_aligned_filename_size = [%zd]\n", __func__, rc,
- s->block_aligned_filename_size);
+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+ __func__, rc, s->block_aligned_filename_size);
goto out_free_unlock;
}
/* The characters in the first block effectively do the job of
@@ -938,7 +934,7 @@ ecryptfs_parse_tag_70_packet(char **file
mount_crypt_stat->global_default_fn_cipher_key_bytes);
goto out_free_unlock;
}
- rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+ rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
s->block_aligned_filename_size);
if (rc) {
printk(KERN_ERR "%s: Error attempting to decrypt filename; "
next prev parent reply other threads:[~2011-07-27 21:48 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-27 21:47 [PATCH] [0/99] 2.6.35.14 longterm review Andi Kleen
2011-07-27 21:47 ` [PATCH] [1/99] x86, amd: Do not enable ARAT feature on AMD processors below Andi Kleen
2011-07-27 21:48 ` [PATCH] [2/99] x86, amd: Use _safe() msr access for GartTlbWlk disable code Andi Kleen
2011-07-27 21:48 ` [PATCH] [3/99] rcu: Fix unpaired rcu_irq_enter() from locking selftests Andi Kleen
2011-07-27 21:48 ` [PATCH] [4/99] staging: usbip: fix wrong endian conversion Andi Kleen
2011-07-27 21:48 ` [PATCH] [5/99] Fix for buffer overflow in ldm_frag_add not sufficient Andi Kleen
2011-07-27 21:48 ` [PATCH] [6/99] seqlock: Don't smp_rmb in seqlock reader spin loop Andi Kleen
2011-07-27 21:48 ` [PATCH] [7/99] ALSA: HDA: Use one dmic only for Dell Studio 1558 Andi Kleen
2011-07-27 21:48 ` [PATCH] [8/99] ASoC: Ensure output PGA is enabled for line outputs in Andi Kleen
2011-07-27 21:48 ` [PATCH] [9/99] ASoC: Add some missing volume update bit sets for wm_hubs Andi Kleen
2011-07-27 21:48 ` [PATCH] [10/99] mm/page_alloc.c: prevent unending loop in Andi Kleen
2011-07-27 21:48 ` [PATCH] [11/99] loop: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
2011-07-27 21:48 ` [PATCH] [12/99] loop: handle on-demand devices correctly Andi Kleen
2011-07-27 21:48 ` [PATCH] [13/99] USB: CP210x Add 4 Device IDs for AC-Services Devices Andi Kleen
2011-07-27 21:48 ` [PATCH] [14/99] USB: moto_modem: Add USB identifier for the Motorola VE240 Andi Kleen
2011-07-27 21:48 ` [PATCH] [15/99] USB: serial: ftdi_sio: adding support for TavIR STK500 Andi Kleen
2011-07-27 21:48 ` [PATCH] [16/99] USB: gamin_gps: Fix for data transfer problems in native Andi Kleen
2011-07-27 21:48 ` [PATCH] [17/99] usb/gadget: at91sam9g20 fix end point max packet size Andi Kleen
2011-07-27 21:48 ` [PATCH] [18/99] usb: gadget: rndis: don't test against req->length Andi Kleen
2011-07-27 21:48 ` [PATCH] [19/99] xhci: Fix full speed bInterval encoding Andi Kleen
2011-07-27 21:48 ` [PATCH] [20/99] OHCI: work around for nVidia shutdown problem Andi Kleen
2011-07-27 21:48 ` [PATCH] [21/99] OHCI: fix regression caused by nVidia shutdown workaround Andi Kleen
2011-07-27 21:48 ` [PATCH] [22/99] p54usb: add zoom 4410 usbid Andi Kleen
2011-07-27 21:48 ` Andi Kleen [this message]
2011-07-27 21:48 ` [PATCH] [24/99] UBIFS: fix a rare memory leak in ro to rw remounting path Andi Kleen
2011-07-27 21:48 ` [PATCH] [25/99] i8k: Avoid lahf in 64-bit code Andi Kleen
2011-07-27 21:48 ` [PATCH] [26/99] cpuidle: menu: fixed wrapping timers at 4.294 seconds Andi Kleen
2011-07-27 21:48 ` [PATCH] [27/99] dm table: reject devices without request fns Andi Kleen
2011-07-27 21:48 ` [PATCH] [28/99] atm: expose ATM device index in sysfs Andi Kleen
2011-07-27 21:48 ` [PATCH] [29/99] brd: limit 'max_part' module param to DISK_MAX_PARTS Andi Kleen
2011-07-27 21:48 ` [PATCH] [30/99] brd: handle on-demand devices correctly Andi Kleen
2011-07-27 21:48 ` [PATCH] [31/99] SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change Andi Kleen
2011-07-27 21:48 ` [PATCH] [32/99] PCI: Add quirk for setting valid class for TI816X Endpoint Andi Kleen
2011-07-27 21:48 ` [PATCH] [33/99] xen mmu: fix a race window causing leave_mm BUG() Andi Kleen
2011-07-27 21:48 ` [PATCH] [34/99] UBIFS: fix shrinker object count reports Andi Kleen
2011-07-27 21:48 ` [PATCH] [35/99] UBIFS: fix memory leak on error path Andi Kleen
2011-07-27 21:48 ` [PATCH] [36/99] nbd: limit module parameters to a sane value Andi Kleen
2011-07-27 21:48 ` [PATCH] [37/99] block: export blk_{get,put}_queue() Andi Kleen
2011-07-27 21:48 ` [PATCH] [38/99] Fix oops caused by queue refcounting failure Andi Kleen
2011-07-27 21:48 ` [PATCH] [39/99] mm: fix ENOSPC returned by handle_mm_fault() Andi Kleen
2011-07-27 21:48 ` [PATCH] [40/99] PCI: Set PCIE maxpayload for card during hotplug insertion Andi Kleen
2011-07-27 21:48 ` [PATCH] [41/99] nl80211: fix check for valid SSID size in scan operations Andi Kleen
2011-07-27 21:48 ` [PATCH] [42/99] lockdep: Fix lock_is_held() on recursion Andi Kleen
2011-07-27 21:48 ` [PATCH] [43/99] drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007 Andi Kleen
2011-07-27 21:48 ` [PATCH] [44/99] drm/radeon/kms: fix for radeon on systems >4GB without Andi Kleen
2011-07-27 21:48 ` [PATCH] [45/99] fat: Fix corrupt inode flags when remove ATTR_SYS flag Andi Kleen
2011-07-27 21:48 ` [PATCH] [46/99] xen: off by one errors in multicalls.c Andi Kleen
2011-07-27 21:48 ` [PATCH] [47/99] x86/amd-iommu: Fix 3 possible endless loops Andi Kleen
2011-07-27 21:48 ` [PATCH] [48/99] USB: cdc-acm: Adding second ACM channel support for Nokia E7 Andi Kleen
2011-07-27 21:48 ` [PATCH] [49/99] USB: core: Tolerate protocol stall during hub and port Andi Kleen
2011-07-27 21:48 ` [PATCH] [50/99] USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Andi Kleen
2011-07-27 21:48 ` [PATCH] [51/99] USB: xhci - fix interval calculation for FS isoc endpoints Andi Kleen
2011-07-27 21:48 ` [PATCH] [52/99] ALSA: hda: Fix quirk for Dell Inspiron 910 Andi Kleen
2011-07-27 21:48 ` [PATCH] [53/99] oprofile, dcookies: Fix possible circular locking dependency Andi Kleen
2011-07-27 21:48 ` [PATCH] [54/99] CPUFREQ: Remove cpufreq_stats sysfs entries on module unload Andi Kleen
2011-07-27 21:48 ` [PATCH] [55/99] md: check ->hot_remove_disk when removing disk Andi Kleen
2011-07-27 21:48 ` [PATCH] [56/99] md/raid5: fix raid5_set_bi_hw_segments Andi Kleen
2011-07-27 21:48 ` [PATCH] [57/99] exec: delay address limit change until point of no return Andi Kleen
2011-07-27 21:48 ` [PATCH] [58/99] netfilter: IPv6: initialize TOS field in REJECT target module Andi Kleen
2011-07-27 21:48 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
2011-07-28 1:51 ` Fernando Luis Vazquez Cao
2011-07-28 1:53 ` [STABLE] [PATCH] IGMP snooping: set mrouters_only flag for IPv4 traffic properly Fernando Luis Vazquez Cao
2011-07-28 1:54 ` [STABLE][PATCH] IGMP snooping: set mrouters_only flag for IPv6 " Fernando Luis Vazquez Cao
2011-07-28 23:54 ` [PATCH] [59/99] netfilter: IPv6: fix DSCP mangle code Andi Kleen
2011-07-27 21:48 ` [PATCH] [60/99] xen: events: do not unmask event channels on resume Andi Kleen
2011-07-27 21:49 ` [PATCH] [61/99] genirq: Add IRQF_FORCE_RESUME Andi Kleen
2011-07-27 21:49 ` [PATCH] [62/99] xen: Use IRQF_FORCE_RESUME Andi Kleen
2011-07-27 21:49 ` [PATCH] [63/99] time: Compensate for rounding on odd-frequency clocksources Andi Kleen
2011-07-27 21:49 ` [PATCH] [64/99] Revert "iwlagn: Support new 5000 microcode." Andi Kleen
2011-07-28 8:24 ` Stanislaw Gruszka
2011-07-28 13:45 ` Guy, Wey-Yi
2011-07-28 23:50 ` Andi Kleen
2011-07-28 17:32 ` Andi Kleen
2011-07-29 10:45 ` Stanislaw Gruszka
2011-07-27 21:49 ` [PATCH] [65/99] ksm: fix NULL pointer dereference in scan_get_next_rmap_item() Andi Kleen
2011-07-27 21:49 ` [PATCH] [66/99] migrate: don't account swapcache as shmem Andi Kleen
2011-07-27 21:49 ` [PATCH] [67/99] xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped" Andi Kleen
2011-07-27 21:49 ` [PATCH] [68/99] clocksource: Make watchdog robust vs. interruption Andi Kleen
2011-07-27 21:49 ` [PATCH] [69/99] TTY: ldisc, do not close until there are readers Andi Kleen
2011-07-28 13:29 ` Jiri Slaby
2011-07-27 21:49 ` [PATCH] [70/99] xhci: Reject double add of active endpoints Andi Kleen
2011-07-27 21:49 ` [PATCH] [71/99] PM: Free memory bitmaps if opening /dev/snapshot fails Andi Kleen
2011-07-27 21:49 ` [PATCH] [72/99] ath5k: fix memory leak when fewer than N_PD_CURVES are in use Andi Kleen
2011-07-27 21:49 ` [PATCH] [73/99] mm: fix negative commitlimit when gigantic hugepages are allocated Andi Kleen
2011-07-27 21:49 ` [PATCH] [74/99] uvcvideo: Remove buffers from the queues when freeing Andi Kleen
2011-07-27 21:49 ` [PATCH] [75/99] watchdog: mtx1-wdt: request gpio before using it Andi Kleen
2011-07-27 21:49 ` [PATCH] [76/99] debugobjects: Fix boot crash when kmemleak and debugobjects enabled Andi Kleen
2011-07-27 21:49 ` [PATCH] [77/99] cfq-iosched: fix locking around ioc->ioc_data assignment Andi Kleen
2011-07-27 21:49 ` [PATCH] [78/99] cfq-iosched: fix a rcu warning Andi Kleen
2011-07-27 21:49 ` [PATCH] [79/99] i2c-taos-evm: Fix log messages Andi Kleen
2011-07-27 21:49 ` [PATCH] [80/99] md: avoid endless recovery loop when waiting for fail device to complete Andi Kleen
2011-07-27 21:49 ` [PATCH] [81/99] SUNRPC: Ensure the RPC client only quits on fatal signals Andi Kleen
2011-07-27 21:49 ` [PATCH] [82/99] 6pack,mkiss: fix lock inconsistency Andi Kleen
2011-07-27 21:49 ` [PATCH] [83/99] taskstats: don't allow duplicate entries in listener mode Andi Kleen
2011-07-27 21:49 ` [PATCH] [84/99] USB: don't let errors prevent system sleep Andi Kleen
2011-07-27 21:49 ` [PATCH] [85/99] USB: don't let the hub driver " Andi Kleen
2011-07-27 21:49 ` [PATCH] [86/99] uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc Andi Kleen
2011-07-27 21:49 ` [PATCH] [87/99] inet_diag: fix inet_diag_bc_audit() Andi Kleen
2011-07-27 21:49 ` [PATCH] [88/99] PM / Hibernate: Fix free_unnecessary_pages() Andi Kleen
2011-07-27 21:49 ` [PATCH] [89/99] bug.h: Add WARN_RATELIMIT Andi Kleen
2011-07-27 21:49 ` [PATCH] [90/99] net: filter: Use WARN_RATELIMIT Andi Kleen
2011-07-27 21:49 ` [PATCH] [91/99] af_packet: prevent information leak Andi Kleen
2011-07-27 21:49 ` [PATCH] [92/99] net/ipv4: Check for mistakenly passed in non-IPv4 address Andi Kleen
2011-07-27 21:49 ` [PATCH] [93/99] ipv6/udp: Use the correct variable to determine non-blocking condition Andi Kleen
2011-07-27 21:49 ` [PATCH] [94/99] udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet Andi Kleen
2011-07-27 21:49 ` [PATCH] [95/99] mm: prevent concurrent unmap_mapping_range() on the same Andi Kleen
2011-07-27 21:49 ` [PATCH] [96/99] proc: restrict access to /proc/PID/io Andi Kleen
2011-07-27 21:49 ` [PATCH] [97/99] alpha: fix several security issues Andi Kleen
2011-07-27 21:49 ` [PATCH] [98/99] x86: Make Dell Latitude E5420 use reboot=pci Andi Kleen
2011-07-27 21:49 ` [PATCH] [99/99] x86: Make Dell Latitude E6420 " Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110727214821.B686F2403FF@tassilo.jf.intel.com \
--to=andi@firstfloor.org \
--cc=ak@linux.intel.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
--cc=tim.bird@am.sony.com \
--cc=tyhicks@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox