[thirdparty/kernel/stable-queue.git] / releases / 2.6.38.8 / ecryptfs-allow-2-scatterlist-entries-for-encrypted.patch

From 8d08dab786ad5cc2aca2bf870de370144b78c85a Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Date: Tue, 17 May 2011 00:50:33 -0500
Subject: eCryptfs: Allow 2 scatterlist entries for encrypted
 filenames

From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

commit 8d08dab786ad5cc2aca2bf870de370144b78c85a upstream.

The buffers allocated while encrypting and decrypting long filenames can
sometimes straddle two pages. In this situation, virt_to_scatterlist()
will return -ENOMEM, causing the operation to fail and the user will get
scary error messages in their logs:

kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting
to convert filename memory to scatterlist; expected rc = 1; got rc =
[-12]. block_aligned_filename_size = [272]
kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70
packet; rc = [-12]
kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to
encrypt filename; rc = [-12]
kernel: ecryptfs_lookup: Error attempting to encrypt and encode
filename; rc = [-12]

The solution is to allow up to 2 scatterlist entries to be used.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/ecryptfs/keystore.c |   46 +++++++++++++++++++++-------------------------
 1 file changed, 21 insertions(+), 25 deletions(-)

--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -492,8 +492,8 @@ struct ecryptfs_write_tag_70_packet_sill
 	struct mutex *tfm_mutex;
 	char *block_aligned_filename;
 	struct ecryptfs_auth_tok *auth_tok;
-	struct scatterlist src_sg;
-	struct scatterlist dst_sg;
+	struct scatterlist src_sg[2];
+	struct scatterlist dst_sg[2];
 	struct blkcipher_desc desc;
 	char iv[ECRYPTFS_MAX_IV_BYTES];
 	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
@@ -709,23 +709,21 @@ ecryptfs_write_tag_70_packet(char *dest,
 	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
 	       filename_size);
 	rc = virt_to_scatterlist(s->block_aligned_filename,
-				 s->block_aligned_filename_size, &s->src_sg, 1);
-	if (rc != 1) {
+				 s->block_aligned_filename_size, s->src_sg, 2);
+	if (rc < 1) {
 		printk(KERN_ERR "%s: Internal error whilst attempting to "
-		       "convert filename memory to scatterlist; "
-		       "expected rc = 1; got rc = [%d]. "
+		       "convert filename memory to scatterlist; rc = [%d]. "
 		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
 		       s->block_aligned_filename_size);
 		goto out_release_free_unlock;
 	}
 	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
-				 &s->dst_sg, 1);
-	if (rc != 1) {
+				 s->dst_sg, 2);
+	if (rc < 1) {
 		printk(KERN_ERR "%s: Internal error whilst attempting to "
 		       "convert encrypted filename memory to scatterlist; "
-		       "expected rc = 1; got rc = [%d]. "
-		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
-		       s->block_aligned_filename_size);
+		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+		       __func__, rc, s->block_aligned_filename_size);
 		goto out_release_free_unlock;
 	}
 	/* The characters in the first block effectively do the job
@@ -748,7 +746,7 @@ ecryptfs_write_tag_70_packet(char *dest,
 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
 		goto out_release_free_unlock;
 	}
-	rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+	rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
 					 s->block_aligned_filename_size);
 	if (rc) {
 		printk(KERN_ERR "%s: Error attempting to encrypt filename; "
@@ -782,8 +780,8 @@ struct ecryptfs_parse_tag_70_packet_sill
 	struct mutex *tfm_mutex;
 	char *decrypted_filename;
 	struct ecryptfs_auth_tok *auth_tok;
-	struct scatterlist src_sg;
-	struct scatterlist dst_sg;
+	struct scatterlist src_sg[2];
+	struct scatterlist dst_sg[2];
 	struct blkcipher_desc desc;
 	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
 	char iv[ECRYPTFS_MAX_IV_BYTES];
@@ -890,13 +888,12 @@ ecryptfs_parse_tag_70_packet(char **file
 	}
 	mutex_lock(s->tfm_mutex);
 	rc = virt_to_scatterlist(&data[(*packet_size)],
-				 s->block_aligned_filename_size, &s->src_sg, 1);
-	if (rc != 1) {
+				 s->block_aligned_filename_size, s->src_sg, 2);
+	if (rc < 1) {
 		printk(KERN_ERR "%s: Internal error whilst attempting to "
 		       "convert encrypted filename memory to scatterlist; "
-		       "expected rc = 1; got rc = [%d]. "
-		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
-		       s->block_aligned_filename_size);
+		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+		       __func__, rc, s->block_aligned_filename_size);
 		goto out_unlock;
 	}
 	(*packet_size) += s->block_aligned_filename_size;
@@ -910,13 +907,12 @@ ecryptfs_parse_tag_70_packet(char **file
 		goto out_unlock;
 	}
 	rc = virt_to_scatterlist(s->decrypted_filename,
-				 s->block_aligned_filename_size, &s->dst_sg, 1);
-	if (rc != 1) {
+				 s->block_aligned_filename_size, s->dst_sg, 2);
+	if (rc < 1) {
 		printk(KERN_ERR "%s: Internal error whilst attempting to "
 		       "convert decrypted filename memory to scatterlist; "
-		       "expected rc = 1; got rc = [%d]. "
-		       "block_aligned_filename_size = [%zd]\n", __func__, rc,
-		       s->block_aligned_filename_size);
+		       "rc = [%d]. block_aligned_filename_size = [%zd]\n",
+		       __func__, rc, s->block_aligned_filename_size);
 		goto out_free_unlock;
 	}
 	/* The characters in the first block effectively do the job of
@@ -956,7 +952,7 @@ ecryptfs_parse_tag_70_packet(char **file
 		       mount_crypt_stat->global_default_fn_cipher_key_bytes);
 		goto out_free_unlock;
 	}
-	rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
+	rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
 					 s->block_aligned_filename_size);
 	if (rc) {
 		printk(KERN_ERR "%s: Error attempting to decrypt filename; "
Commit	Line	Data
1c258d2c GKH	1	From 8d08dab786ad5cc2aca2bf870de370144b78c85a Mon Sep 17 00:00:00 2001
	2	From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	3	Date: Tue, 17 May 2011 00:50:33 -0500
	4	Subject: eCryptfs: Allow 2 scatterlist entries for encrypted
	5	filenames
	6
	7	From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	8
	9	commit 8d08dab786ad5cc2aca2bf870de370144b78c85a upstream.
	10
	11	The buffers allocated while encrypting and decrypting long filenames can
	12	sometimes straddle two pages. In this situation, virt_to_scatterlist()
	13	will return -ENOMEM, causing the operation to fail and the user will get
	14	scary error messages in their logs:
	15
	16	kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting
	17	to convert filename memory to scatterlist; expected rc = 1; got rc =
	18	[-12]. block_aligned_filename_size = [272]
	19	kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70
	20	packet; rc = [-12]
	21	kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to
	22	encrypt filename; rc = [-12]
	23	kernel: ecryptfs_lookup: Error attempting to encrypt and encode
	24	filename; rc = [-12]
	25
	26	The solution is to allow up to 2 scatterlist entries to be used.
	27
	28	Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	29	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	30
	31	---
	32	fs/ecryptfs/keystore.c \| 46 +++++++++++++++++++++-------------------------
	33	1 file changed, 21 insertions(+), 25 deletions(-)
	34
	35	--- a/fs/ecryptfs/keystore.c
	36	+++ b/fs/ecryptfs/keystore.c
	37	@@ -492,8 +492,8 @@ struct ecryptfs_write_tag_70_packet_sill
	38	struct mutex *tfm_mutex;
	39	char *block_aligned_filename;
	40	struct ecryptfs_auth_tok *auth_tok;
	41	- struct scatterlist src_sg;
	42	- struct scatterlist dst_sg;
	43	+ struct scatterlist src_sg[2];
	44	+ struct scatterlist dst_sg[2];
	45	struct blkcipher_desc desc;
	46	char iv[ECRYPTFS_MAX_IV_BYTES];
	47	char hash[ECRYPTFS_TAG_70_DIGEST_SIZE];
	48	@@ -709,23 +709,21 @@ ecryptfs_write_tag_70_packet(char *dest,
	49	memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename,
	50	filename_size);
	51	rc = virt_to_scatterlist(s->block_aligned_filename,
	52	- s->block_aligned_filename_size, &s->src_sg, 1);
	53	- if (rc != 1) {
	54	+ s->block_aligned_filename_size, s->src_sg, 2);
	55	+ if (rc < 1) {
	56	printk(KERN_ERR "%s: Internal error whilst attempting to "
	57	- "convert filename memory to scatterlist; "
	58	- "expected rc = 1; got rc = [%d]. "
	59	+ "convert filename memory to scatterlist; rc = [%d]. "
	60	"block_aligned_filename_size = [%zd]\n", __func__, rc,
	61	s->block_aligned_filename_size);
	62	goto out_release_free_unlock;
	63	}
	64	rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size,
65	- &s->dst_sg, 1);
66	- if (rc != 1) {
67	+ s->dst_sg, 2);
68	+ if (rc < 1) {
69	printk(KERN_ERR "%s: Internal error whilst attempting to "
70	"convert encrypted filename memory to scatterlist; "
71	- "expected rc = 1; got rc = [%d]. "
72	- "block_aligned_filename_size = [%zd]\n", __func__, rc,
73	- s->block_aligned_filename_size);
74	+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
75	+ __func__, rc, s->block_aligned_filename_size);
76	goto out_release_free_unlock;
77	}
78	/* The characters in the first block effectively do the job
79	@@ -748,7 +746,7 @@ ecryptfs_write_tag_70_packet(char *dest,
80	mount_crypt_stat->global_default_fn_cipher_key_bytes);
81	goto out_release_free_unlock;
82	}
83	- rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
84	+ rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg,
85	s->block_aligned_filename_size);
86	if (rc) {
87	printk(KERN_ERR "%s: Error attempting to encrypt filename; "
88	@@ -782,8 +780,8 @@ struct ecryptfs_parse_tag_70_packet_sill
89	struct mutex *tfm_mutex;
90	char *decrypted_filename;
91	struct ecryptfs_auth_tok *auth_tok;
92	- struct scatterlist src_sg;
93	- struct scatterlist dst_sg;
94	+ struct scatterlist src_sg[2];
95	+ struct scatterlist dst_sg[2];
96	struct blkcipher_desc desc;
97	char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1];
98	char iv[ECRYPTFS_MAX_IV_BYTES];
99	@@ -890,13 +888,12 @@ ecryptfs_parse_tag_70_packet(char **file
100	}
101	mutex_lock(s->tfm_mutex);
102	rc = virt_to_scatterlist(&data[(*packet_size)],
103	- s->block_aligned_filename_size, &s->src_sg, 1);
104	- if (rc != 1) {
105	+ s->block_aligned_filename_size, s->src_sg, 2);
106	+ if (rc < 1) {
107	printk(KERN_ERR "%s: Internal error whilst attempting to "
108	"convert encrypted filename memory to scatterlist; "
109	- "expected rc = 1; got rc = [%d]. "
110	- "block_aligned_filename_size = [%zd]\n", __func__, rc,
111	- s->block_aligned_filename_size);
112	+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
113	+ __func__, rc, s->block_aligned_filename_size);
114	goto out_unlock;
115	}
116	(*packet_size) += s->block_aligned_filename_size;
117	@@ -910,13 +907,12 @@ ecryptfs_parse_tag_70_packet(char **file
118	goto out_unlock;
119	}
120	rc = virt_to_scatterlist(s->decrypted_filename,
121	- s->block_aligned_filename_size, &s->dst_sg, 1);
122	- if (rc != 1) {
123	+ s->block_aligned_filename_size, s->dst_sg, 2);
124	+ if (rc < 1) {
125	printk(KERN_ERR "%s: Internal error whilst attempting to "
126	"convert decrypted filename memory to scatterlist; "
127	- "expected rc = 1; got rc = [%d]. "
128	- "block_aligned_filename_size = [%zd]\n", __func__, rc,
129	- s->block_aligned_filename_size);
130	+ "rc = [%d]. block_aligned_filename_size = [%zd]\n",
131	+ __func__, rc, s->block_aligned_filename_size);
132	goto out_free_unlock;
133	}
134	/* The characters in the first block effectively do the job of
135	@@ -956,7 +952,7 @@ ecryptfs_parse_tag_70_packet(char **file
136	mount_crypt_stat->global_default_fn_cipher_key_bytes);
137	goto out_free_unlock;
138	}
139	- rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg,
140	+ rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg,
141	s->block_aligned_filename_size);
142	if (rc) {
143	printk(KERN_ERR "%s: Error attempting to decrypt filename; "