Commit 687c3c36 authored by Theodore Ts'o's avatar Theodore Ts'o

ext4 crypto: replace some BUG_ON()'s with error checks

Buggy (or hostile) userspace should not be able to cause the kernel to
crash.
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
parent 3684de8c
...@@ -295,7 +295,6 @@ static int ext4_page_crypto(struct inode *inode, ...@@ -295,7 +295,6 @@ static int ext4_page_crypto(struct inode *inode,
else else
res = crypto_ablkcipher_encrypt(req); res = crypto_ablkcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) { if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != &ecr);
wait_for_completion(&ecr.completion); wait_for_completion(&ecr.completion);
res = ecr.res; res = ecr.res;
} }
......
...@@ -120,7 +120,6 @@ static int ext4_fname_encrypt(struct inode *inode, ...@@ -120,7 +120,6 @@ static int ext4_fname_encrypt(struct inode *inode,
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv); ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
res = crypto_ablkcipher_encrypt(req); res = crypto_ablkcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) { if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != &ecr);
wait_for_completion(&ecr.completion); wait_for_completion(&ecr.completion);
res = ecr.res; res = ecr.res;
} }
...@@ -182,7 +181,6 @@ static int ext4_fname_decrypt(struct inode *inode, ...@@ -182,7 +181,6 @@ static int ext4_fname_decrypt(struct inode *inode,
ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv); ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
res = crypto_ablkcipher_decrypt(req); res = crypto_ablkcipher_decrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) { if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != &ecr);
wait_for_completion(&ecr.completion); wait_for_completion(&ecr.completion);
res = ecr.res; res = ecr.res;
} }
......
...@@ -71,7 +71,6 @@ static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE], ...@@ -71,7 +71,6 @@ static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
EXT4_AES_256_XTS_KEY_SIZE, NULL); EXT4_AES_256_XTS_KEY_SIZE, NULL);
res = crypto_ablkcipher_encrypt(req); res = crypto_ablkcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) { if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != &ecr);
wait_for_completion(&ecr.completion); wait_for_completion(&ecr.completion);
res = ecr.res; res = ecr.res;
} }
...@@ -208,7 +207,12 @@ int _ext4_get_encryption_info(struct inode *inode) ...@@ -208,7 +207,12 @@ int _ext4_get_encryption_info(struct inode *inode)
goto out; goto out;
} }
crypt_info->ci_keyring_key = keyring_key; crypt_info->ci_keyring_key = keyring_key;
BUG_ON(keyring_key->type != &key_type_logon); if (keyring_key->type != &key_type_logon) {
printk_once(KERN_WARNING
"ext4: key type must be logon\n");
res = -ENOKEY;
goto out;
}
ukp = ((struct user_key_payload *)keyring_key->payload.data); ukp = ((struct user_key_payload *)keyring_key->payload.data);
if (ukp->datalen != sizeof(struct ext4_encryption_key)) { if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
res = -EINVAL; res = -EINVAL;
...@@ -217,7 +221,13 @@ int _ext4_get_encryption_info(struct inode *inode) ...@@ -217,7 +221,13 @@ int _ext4_get_encryption_info(struct inode *inode)
master_key = (struct ext4_encryption_key *)ukp->data; master_key = (struct ext4_encryption_key *)ukp->data;
BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE != BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
EXT4_KEY_DERIVATION_NONCE_SIZE); EXT4_KEY_DERIVATION_NONCE_SIZE);
BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE); if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
printk_once(KERN_WARNING
"ext4: key size incorrect: %d\n",
master_key->size);
res = -ENOKEY;
goto out;
}
res = ext4_derive_key_aes(ctx.nonce, master_key->raw, res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
raw_key); raw_key);
if (res) if (res)
......
...@@ -150,7 +150,8 @@ int ext4_is_child_context_consistent_with_parent(struct inode *parent, ...@@ -150,7 +150,8 @@ int ext4_is_child_context_consistent_with_parent(struct inode *parent,
if ((parent == NULL) || (child == NULL)) { if ((parent == NULL) || (child == NULL)) {
pr_err("parent %p child %p\n", parent, child); pr_err("parent %p child %p\n", parent, child);
BUG_ON(1); WARN_ON(1); /* Should never happen */
return 0;
} }
/* no restrictions if the parent directory is not encrypted */ /* no restrictions if the parent directory is not encrypted */
if (!ext4_encrypted_inode(parent)) if (!ext4_encrypted_inode(parent))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment