• David Howells's avatar
    KEYS: Sort out big_key initialisation · 7df3e59c
    David Howells authored
    big_key has two separate initialisation functions, one that registers the
    key type and one that registers the crypto.  If the key type fails to
    register, there's no problem if the crypto registers successfully because
    there's no way to reach the crypto except through the key type.
    
    However, if the key type registers successfully but the crypto does not,
    big_key_rng and big_key_blkcipher may end up set to NULL - but the code
    neither checks for this nor unregisters the big key key type.
    
    Furthermore, since the key type is registered before the crypto, it is
    theoretically possible for the kernel to try adding a big_key before the
    crypto is set up, leading to the same effect.
    
    Fix this by merging big_key_crypto_init() and big_key_init() and calling
    the resulting function late.  If they're going to be encrypted, we
    shouldn't be creating big_keys before we have the facilities to do the
    encryption available.  The key type registration is also moved after the
    crypto initialisation.
    
    The fix also includes message printing on failure.
    
    If the big_key type isn't correctly set up, simply doing:
    
    	dd if=/dev/zero bs=4096 count=1 | keyctl padd big_key a @s
    
    ought to cause an oops.
    
    Fixes: 13100a72 ('Security: Keys: Big keys stored encrypted')
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    cc: Peter Hlavaty <zer0mem@yahoo.com>
    cc: Kirill Marinushkin <k.marinushkin@gmail.com>
    cc: Artem Savkov <asavkov@redhat.com>
    cc: stable@vger.kernel.org
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    7df3e59c
big_key.c 8.5 KB