[ Relevant upstream commit:
1b53cf9815bb4744958d41f3795d5d5a1d365e2d ]
This fixes the same problem as upstream commit
1b53cf9815bb: "fscrypt:
remove broken support for detecting keyring key revocation".
Specifically, key revocations racing with readpage operations will
cause the kernel to crash and burn with a BUG_ON or a NULL pointer
dereference in a block I/O callback stemming from an ext4_readpage()
operation.
This fix is needed to fix prevent xfstests test runs from crashing
while running the generic/421 test.
The root cause is different in the 4.1 kernel, however, since the
4.1's encryption handling is so _primitive_ compared to later kernels.
The code isn't actually explicitly checking for revoked keys.
Instead, the code is neededly regenerating the per-file encryption key
on every mmap() or open() or directory operation (in the case of a
directory inode). Yelch!
If the file is already opened and actively being read, and while an
open() is racing with the read operations, after the user's master key
has been revoked, there will be the same net effect as the problem
fixed by upstream commit
1b53cf9815bb --- the per-file key will be
marked as invalid and this will cause a BUG_ON.
The AOSP 3.18 and 4.4 android-common kernels have a much more modern
version of ext4 encryption have been backported, which incldes a
backport of upstream commit
1b53cf9815bb. This is a (at least)
dozen-plus commits, and isn't really suitable for the Upstream LTS
kernel. So instead, this is the simplest bug which fixes the same
high-level issue as the upstream commit, without dragging in all of
the other non-bug-fix improvements to ext4 encryption found in newer
kernels.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
if (res == 0)
return NULL;
- if (!ext4_has_encryption_key(inode))
- ext4_generate_encryption_key(inode);
+ res = ext4_generate_encryption_key(inode);
+ if (res)
+ return ERR_PTR(res);
/* Get a crypto context based on the key.
* A new context is allocated if no context matches the requested key.
struct ext4_encryption_context ctx;
struct user_key_payload *ukp;
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
- int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
- EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
- &ctx, sizeof(ctx));
+ int res;
+
+ mutex_lock(&ei->i_encryption_lock);
+ if (ext4_has_encryption_key(inode)) {
+ mutex_unlock(&ei->i_encryption_lock);
+ return 0;
+ }
+
+ res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
+ EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
+ &ctx, sizeof(ctx));
if (res != sizeof(ctx)) {
if (res > 0)
key_put(keyring_key);
if (res < 0)
crypt_key->mode = EXT4_ENCRYPTION_MODE_INVALID;
+ mutex_unlock(&ei->i_encryption_lock);
return res;
}
#ifdef CONFIG_EXT4_FS_ENCRYPTION
/* Encryption params */
struct ext4_encryption_key i_encryption_key;
+ struct mutex i_encryption_lock;
#endif
};
init_rwsem(&ei->xattr_sem);
init_rwsem(&ei->i_data_sem);
init_rwsem(&ei->i_mmap_sem);
+#ifdef CONFIG_EXT4_FS_ENCRYPTION
+ mutex_init(&ei->i_encryption_lock);
+#endif
inode_init_once(&ei->vfs_inode);
}
projects / thirdparty / kernel / stable.git / commitdiff
