1. 12 Dec, 2016 25 commits
  2. 11 Dec, 2016 13 commits
  3. 14 Nov, 2016 2 commits
    • Eric Biggers's avatar
      fscrypto: don't use on-stack buffer for key derivation · a6e08912
      Eric Biggers authored
      With the new (in 4.9) option to use a virtually-mapped stack
      (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
      the scatterlist crypto API because they may not be directly mappable to
      struct page.  get_crypt_info() was using a stack buffer to hold the
      output from the encryption operation used to derive the per-file key.
      Fix it by using a heap buffer.
      
      This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
      because this allowed the BUG in sg_set_buf() to be triggered.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      a6e08912
    • Eric Biggers's avatar
      fscrypto: don't use on-stack buffer for filename encryption · 08ae877f
      Eric Biggers authored
      With the new (in 4.9) option to use a virtually-mapped stack
      (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for
      the scatterlist crypto API because they may not be directly mappable to
      struct page.  For short filenames, fname_encrypt() was encrypting a
      stack buffer holding the padded filename.  Fix it by encrypting the
      filename in-place in the output buffer, thereby making the temporary
      buffer unnecessary.
      
      This bug could most easily be observed in a CONFIG_DEBUG_SG kernel
      because this allowed the BUG in sg_set_buf() to be triggered.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      08ae877f