]>
Commit | Line | Data |
---|---|---|
1c258d2c GKH |
1 | From 8d08dab786ad5cc2aca2bf870de370144b78c85a Mon Sep 17 00:00:00 2001 |
2 | From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
3 | Date: Tue, 17 May 2011 00:50:33 -0500 | |
4 | Subject: eCryptfs: Allow 2 scatterlist entries for encrypted | |
5 | filenames | |
6 | ||
7 | From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
8 | ||
9 | commit 8d08dab786ad5cc2aca2bf870de370144b78c85a upstream. | |
10 | ||
11 | The buffers allocated while encrypting and decrypting long filenames can | |
12 | sometimes straddle two pages. In this situation, virt_to_scatterlist() | |
13 | will return -ENOMEM, causing the operation to fail and the user will get | |
14 | scary error messages in their logs: | |
15 | ||
16 | kernel: ecryptfs_write_tag_70_packet: Internal error whilst attempting | |
17 | to convert filename memory to scatterlist; expected rc = 1; got rc = | |
18 | [-12]. block_aligned_filename_size = [272] | |
19 | kernel: ecryptfs_encrypt_filename: Error attempting to generate tag 70 | |
20 | packet; rc = [-12] | |
21 | kernel: ecryptfs_encrypt_and_encode_filename: Error attempting to | |
22 | encrypt filename; rc = [-12] | |
23 | kernel: ecryptfs_lookup: Error attempting to encrypt and encode | |
24 | filename; rc = [-12] | |
25 | ||
26 | The solution is to allow up to 2 scatterlist entries to be used. | |
27 | ||
28 | Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
29 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
30 | ||
31 | --- | |
32 | fs/ecryptfs/keystore.c | 46 +++++++++++++++++++++------------------------- | |
33 | 1 file changed, 21 insertions(+), 25 deletions(-) | |
34 | ||
35 | --- a/fs/ecryptfs/keystore.c | |
36 | +++ b/fs/ecryptfs/keystore.c | |
37 | @@ -492,8 +492,8 @@ struct ecryptfs_write_tag_70_packet_sill | |
38 | struct mutex *tfm_mutex; | |
39 | char *block_aligned_filename; | |
40 | struct ecryptfs_auth_tok *auth_tok; | |
41 | - struct scatterlist src_sg; | |
42 | - struct scatterlist dst_sg; | |
43 | + struct scatterlist src_sg[2]; | |
44 | + struct scatterlist dst_sg[2]; | |
45 | struct blkcipher_desc desc; | |
46 | char iv[ECRYPTFS_MAX_IV_BYTES]; | |
47 | char hash[ECRYPTFS_TAG_70_DIGEST_SIZE]; | |
48 | @@ -709,23 +709,21 @@ ecryptfs_write_tag_70_packet(char *dest, | |
49 | memcpy(&s->block_aligned_filename[s->num_rand_bytes], filename, | |
50 | filename_size); | |
51 | rc = virt_to_scatterlist(s->block_aligned_filename, | |
52 | - s->block_aligned_filename_size, &s->src_sg, 1); | |
53 | - if (rc != 1) { | |
54 | + s->block_aligned_filename_size, s->src_sg, 2); | |
55 | + if (rc < 1) { | |
56 | printk(KERN_ERR "%s: Internal error whilst attempting to " | |
57 | - "convert filename memory to scatterlist; " | |
58 | - "expected rc = 1; got rc = [%d]. " | |
59 | + "convert filename memory to scatterlist; rc = [%d]. " | |
60 | "block_aligned_filename_size = [%zd]\n", __func__, rc, | |
61 | s->block_aligned_filename_size); | |
62 | goto out_release_free_unlock; | |
63 | } | |
64 | rc = virt_to_scatterlist(&dest[s->i], s->block_aligned_filename_size, | |
65 | - &s->dst_sg, 1); | |
66 | - if (rc != 1) { | |
67 | + s->dst_sg, 2); | |
68 | + if (rc < 1) { | |
69 | printk(KERN_ERR "%s: Internal error whilst attempting to " | |
70 | "convert encrypted filename memory to scatterlist; " | |
71 | - "expected rc = 1; got rc = [%d]. " | |
72 | - "block_aligned_filename_size = [%zd]\n", __func__, rc, | |
73 | - s->block_aligned_filename_size); | |
74 | + "rc = [%d]. block_aligned_filename_size = [%zd]\n", | |
75 | + __func__, rc, s->block_aligned_filename_size); | |
76 | goto out_release_free_unlock; | |
77 | } | |
78 | /* The characters in the first block effectively do the job | |
79 | @@ -748,7 +746,7 @@ ecryptfs_write_tag_70_packet(char *dest, | |
80 | mount_crypt_stat->global_default_fn_cipher_key_bytes); | |
81 | goto out_release_free_unlock; | |
82 | } | |
83 | - rc = crypto_blkcipher_encrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, | |
84 | + rc = crypto_blkcipher_encrypt_iv(&s->desc, s->dst_sg, s->src_sg, | |
85 | s->block_aligned_filename_size); | |
86 | if (rc) { | |
87 | printk(KERN_ERR "%s: Error attempting to encrypt filename; " | |
88 | @@ -782,8 +780,8 @@ struct ecryptfs_parse_tag_70_packet_sill | |
89 | struct mutex *tfm_mutex; | |
90 | char *decrypted_filename; | |
91 | struct ecryptfs_auth_tok *auth_tok; | |
92 | - struct scatterlist src_sg; | |
93 | - struct scatterlist dst_sg; | |
94 | + struct scatterlist src_sg[2]; | |
95 | + struct scatterlist dst_sg[2]; | |
96 | struct blkcipher_desc desc; | |
97 | char fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX + 1]; | |
98 | char iv[ECRYPTFS_MAX_IV_BYTES]; | |
99 | @@ -890,13 +888,12 @@ ecryptfs_parse_tag_70_packet(char **file | |
100 | } | |
101 | mutex_lock(s->tfm_mutex); | |
102 | rc = virt_to_scatterlist(&data[(*packet_size)], | |
103 | - s->block_aligned_filename_size, &s->src_sg, 1); | |
104 | - if (rc != 1) { | |
105 | + s->block_aligned_filename_size, s->src_sg, 2); | |
106 | + if (rc < 1) { | |
107 | printk(KERN_ERR "%s: Internal error whilst attempting to " | |
108 | "convert encrypted filename memory to scatterlist; " | |
109 | - "expected rc = 1; got rc = [%d]. " | |
110 | - "block_aligned_filename_size = [%zd]\n", __func__, rc, | |
111 | - s->block_aligned_filename_size); | |
112 | + "rc = [%d]. block_aligned_filename_size = [%zd]\n", | |
113 | + __func__, rc, s->block_aligned_filename_size); | |
114 | goto out_unlock; | |
115 | } | |
116 | (*packet_size) += s->block_aligned_filename_size; | |
117 | @@ -910,13 +907,12 @@ ecryptfs_parse_tag_70_packet(char **file | |
118 | goto out_unlock; | |
119 | } | |
120 | rc = virt_to_scatterlist(s->decrypted_filename, | |
121 | - s->block_aligned_filename_size, &s->dst_sg, 1); | |
122 | - if (rc != 1) { | |
123 | + s->block_aligned_filename_size, s->dst_sg, 2); | |
124 | + if (rc < 1) { | |
125 | printk(KERN_ERR "%s: Internal error whilst attempting to " | |
126 | "convert decrypted filename memory to scatterlist; " | |
127 | - "expected rc = 1; got rc = [%d]. " | |
128 | - "block_aligned_filename_size = [%zd]\n", __func__, rc, | |
129 | - s->block_aligned_filename_size); | |
130 | + "rc = [%d]. block_aligned_filename_size = [%zd]\n", | |
131 | + __func__, rc, s->block_aligned_filename_size); | |
132 | goto out_free_unlock; | |
133 | } | |
134 | /* The characters in the first block effectively do the job of | |
135 | @@ -956,7 +952,7 @@ ecryptfs_parse_tag_70_packet(char **file | |
136 | mount_crypt_stat->global_default_fn_cipher_key_bytes); | |
137 | goto out_free_unlock; | |
138 | } | |
139 | - rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, | |
140 | + rc = crypto_blkcipher_decrypt_iv(&s->desc, s->dst_sg, s->src_sg, | |
141 | s->block_aligned_filename_size); | |
142 | if (rc) { | |
143 | printk(KERN_ERR "%s: Error attempting to decrypt filename; " |