Patch "ext4 crypto: replace some BUG_ON()'s with error checks" has been added to the 4.2-stable tree

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Patch "ext4 crypto: replace some BUG_ON()'s with error checks" has been added to the 4.2-stable tree
@ 2015-12-11 17:20 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2015-12-11 17:20 UTC (permalink / raw)
  To: tytso, gregkh; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    ext4 crypto: replace some BUG_ON()'s with error checks

to the 4.2-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-crypto-replace-some-bug_on-s-with-error-checks.patch
and it can be found in the queue-4.2 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 687c3c36e754a999a8263745b27965128db4fee5 Mon Sep 17 00:00:00 2001
From: Theodore Ts'o <tytso@mit.edu>
Date: Sat, 3 Oct 2015 10:49:27 -0400
Subject: ext4 crypto: replace some BUG_ON()'s with error checks

From: Theodore Ts'o <tytso@mit.edu>

commit 687c3c36e754a999a8263745b27965128db4fee5 upstream.

Buggy (or hostile) userspace should not be able to cause the kernel to
crash.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/crypto.c        |    1 -
 fs/ext4/crypto_fname.c  |    2 --
 fs/ext4/crypto_key.c    |   16 +++++++++++++---
 fs/ext4/crypto_policy.c |    3 ++-
 4 files changed, 15 insertions(+), 7 deletions(-)

--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -296,7 +296,6 @@ static int ext4_page_crypto(struct ext4_
 	else
 		res = crypto_ablkcipher_encrypt(req);
 	if (res == -EINPROGRESS || res == -EBUSY) {
-		BUG_ON(req->base.data != &ecr);
 		wait_for_completion(&ecr.completion);
 		res = ecr.res;
 	}
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c
@@ -121,7 +121,6 @@ static int ext4_fname_encrypt(struct ino
 	ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
 	res = crypto_ablkcipher_encrypt(req);
 	if (res == -EINPROGRESS || res == -EBUSY) {
-		BUG_ON(req->base.data != &ecr);
 		wait_for_completion(&ecr.completion);
 		res = ecr.res;
 	}
@@ -183,7 +182,6 @@ static int ext4_fname_decrypt(struct ino
 	ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
 	res = crypto_ablkcipher_decrypt(req);
 	if (res == -EINPROGRESS || res == -EBUSY) {
-		BUG_ON(req->base.data != &ecr);
 		wait_for_completion(&ecr.completion);
 		res = ecr.res;
 	}
--- a/fs/ext4/crypto_key.c
+++ b/fs/ext4/crypto_key.c
@@ -71,7 +71,6 @@ static int ext4_derive_key_aes(char deri
 				     EXT4_AES_256_XTS_KEY_SIZE, NULL);
 	res = crypto_ablkcipher_encrypt(req);
 	if (res == -EINPROGRESS || res == -EBUSY) {
-		BUG_ON(req->base.data != &ecr);
 		wait_for_completion(&ecr.completion);
 		res = ecr.res;
 	}
@@ -208,7 +207,12 @@ retry:
 		goto out;
 	}
 	crypt_info->ci_keyring_key = keyring_key;
-	BUG_ON(keyring_key->type != &key_type_logon);
+	if (keyring_key->type != &key_type_logon) {
+		printk_once(KERN_WARNING
+			    "ext4: key type must be logon\n");
+		res = -ENOKEY;
+		goto out;
+	}
 	ukp = ((struct user_key_payload *)keyring_key->payload.data);
 	if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
 		res = -EINVAL;
@@ -217,7 +221,13 @@ retry:
 	master_key = (struct ext4_encryption_key *)ukp->data;
 	BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
 		     EXT4_KEY_DERIVATION_NONCE_SIZE);
-	BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE);
+	if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
+		printk_once(KERN_WARNING
+			    "ext4: key size incorrect: %d\n",
+			    master_key->size);
+		res = -ENOKEY;
+		goto out;
+	}
 	res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
 				  raw_key);
 got_key:
--- a/fs/ext4/crypto_policy.c
+++ b/fs/ext4/crypto_policy.c
@@ -137,7 +137,8 @@ int ext4_is_child_context_consistent_wit
 
 	if ((parent == NULL) || (child == NULL)) {
 		pr_err("parent %p child %p\n", parent, child);
-		BUG_ON(1);
+		WARN_ON(1);	/* Should never happen */
+		return 0;
 	}
 	/* no restrictions if the parent directory is not encrypted */
 	if (!ext4_encrypted_inode(parent))


Patches currently in stable-queue which might be from tytso@mit.edu are

queue-4.2/ext4-jbd2-ensure-entering-into-panic-after-recording-an-error-in-superblock.patch
queue-4.2/ext4-crypto-replace-some-bug_on-s-with-error-checks.patch
queue-4.2/ext4-crypto-fix-bugs-in-ext4_encrypted_zeroout.patch
queue-4.2/ext4-crypto-fix-memory-leak-in-ext4_bio_write_page.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-12-11 20:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-11 17:20 Patch "ext4 crypto: replace some BUG_ON()'s with error checks" has been added to the 4.2-stable tree gregkh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).