From patchwork Thu Nov 3 22:03:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9411577 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2DD3960234 for ; Thu, 3 Nov 2016 22:04:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1DD342AF60 for ; Thu, 3 Nov 2016 22:04:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 120AF2AF65; Thu, 3 Nov 2016 22:04:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B129B2AF60 for ; Thu, 3 Nov 2016 22:04:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758992AbcKCWEh (ORCPT ); Thu, 3 Nov 2016 18:04:37 -0400 Received: from mail-pf0-f180.google.com ([209.85.192.180]:35831 "EHLO mail-pf0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758947AbcKCWEd (ORCPT ); Thu, 3 Nov 2016 18:04:33 -0400 Received: by mail-pf0-f180.google.com with SMTP id i88so38169065pfk.2 for ; Thu, 03 Nov 2016 15:04:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=X6yjaIx2oy9AsIHlpwj5BjCJ4VUeQlS6H7mCNhMb0Cs=; b=hbU/xu/OopPHU6OkMDPPYzIP14VGytmoZ+YFfUFlmPGb2QjGqxEGmHZKdcC6PIc7Ly 6jyCgrRcNepTm6OrOOyPAkxoyl3gqOsWDs+rjYmkXr7o1qXOba8rhoV7cSb9JJmMbYoj zruMrcn8E9eJmUWld2Xbso1NakfIqluI2D+tFTmEedUxbWlpmcRPodyI6AvP2id+aujn Xw8Z9AywmuMXPLrMq+w31y8hWMqRad++mRz42lSvv9g0apbHYscMTXhtizHSC36dgRrm 5cU9nI9+qcWkYOilqrIpyt6HflstggwYPJeHku1nDOfGR+rbgnEHUnDq8V9xja7OrapV 4/hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=X6yjaIx2oy9AsIHlpwj5BjCJ4VUeQlS6H7mCNhMb0Cs=; b=Uvsf3FbdvWZHznDB5kmp1KZxKvuZeB+fxY+diNq1cYVZvSOjHfum4oJZV1C/HR/mDu VLlWHmWO+8Z1MXnb2C09nTk1YkL9ri80CQRSA2IpH9VNHurPXj82lY3J2Noz8A9a5H3E zPcsLI9uWx36CpjqvGA9H4SMxNc3hL7BD0l1x+1JP2Sj13kAgfnG9XwGv3iX2XlUM0rn 4Y7CuU5LcVY6qX5hlLKuzLD365ccBHWdyH+EEknFk7TeCoG0XOlFc7lR9/vcvxqVuBc2 UCEMQHK0BmqG5G08yAczlbiGiby3LBO5Q9NQqzsGYvoBXDCtFW6C30GQdMHCSyalUL/a ufqg== X-Gm-Message-State: ABUngvdMmSlFonavY3aOLWVW4OCcVv6fmc0T3dYtl967b5wpzz+z+lLw54DoXhYaxyheX44Y X-Received: by 10.99.212.69 with SMTP id i5mr17132259pgj.39.1478210672136; Thu, 03 Nov 2016 15:04:32 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.154]) by smtp.gmail.com with ESMTPSA id j68sm14895997pfk.95.2016.11.03.15.04.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 03 Nov 2016 15:04:31 -0700 (PDT) From: Eric Biggers To: linux-fsdevel@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-crypto@vger.kernel.org, tytso@mit.edu, jaegeuk@kernel.org, richard@nod.at, luto@kernel.org, Eric Biggers Subject: [PATCH 2/2] fscrypto: don't use on-stack buffer for key derivation Date: Thu, 3 Nov 2016 15:03:02 -0700 Message-Id: <1478210582-86338-2-git-send-email-ebiggers@google.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1478210582-86338-1-git-send-email-ebiggers@google.com> References: <1478210582-86338-1-git-send-email-ebiggers@google.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. get_crypt_info() was using a stack buffer to hold the output from the encryption operation used to derive the per-file key. Fix it by using a heap buffer. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Signed-off-by: Eric Biggers Reviewed-by: Richard Weinberger --- fs/crypto/keyinfo.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 82f0285..67fb6d8 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -185,7 +185,7 @@ int get_crypt_info(struct inode *inode) struct crypto_skcipher *ctfm; const char *cipher_str; int keysize; - u8 raw_key[FS_MAX_KEY_SIZE]; + u8 *raw_key = NULL; int res; res = fscrypt_initialize(); @@ -238,6 +238,15 @@ int get_crypt_info(struct inode *inode) if (res) goto out; + /* + * This cannot be a stack buffer because it is passed to the scatterlist + * crypto API as part of key derivation. + */ + res = -ENOMEM; + raw_key = kmalloc(FS_MAX_KEY_SIZE, GFP_NOFS); + if (!raw_key) + goto out; + if (fscrypt_dummy_context_enabled(inode)) { memset(raw_key, 0x42, FS_AES_256_XTS_KEY_SIZE); goto got_key; @@ -276,7 +285,8 @@ int get_crypt_info(struct inode *inode) if (res) goto out; - memzero_explicit(raw_key, sizeof(raw_key)); + kzfree(raw_key); + raw_key = NULL; if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) { put_crypt_info(crypt_info); goto retry; @@ -287,7 +297,7 @@ int get_crypt_info(struct inode *inode) if (res == -ENOKEY) res = 0; put_crypt_info(crypt_info); - memzero_explicit(raw_key, sizeof(raw_key)); + kzfree(raw_key); return res; }