| blob | 5e7d9787e3cec567e71dbc0a1e7dab0874c0537b |
1 ext4 crypto: replace some BUG_ON()'s with error checks
3 Buggy (or hostile) userspace should not be able to cause the kernel to
4 crash.
6 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
7 Cc: stable@vger.kernel.org
8 diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
9 index b4bb1f8..af06830 100644
10 --- a/fs/ext4/crypto.c
11 +++ b/fs/ext4/crypto.c
12 @@ -295,7 +295,6 @@ static int ext4_page_crypto(struct inode *inode,
13 else
14 res = crypto_ablkcipher_encrypt(req);
15 if (res == -EINPROGRESS || res == -EBUSY) {
16 - BUG_ON(req->base.data != &ecr);
17 wait_for_completion(&ecr.completion);
18 res = ecr.res;
19 }
20 diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
21 index 847f919..2fbef8a 100644
22 --- a/fs/ext4/crypto_fname.c
23 +++ b/fs/ext4/crypto_fname.c
24 @@ -120,7 +120,6 @@ static int ext4_fname_encrypt(struct inode *inode,
25 ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
26 res = crypto_ablkcipher_encrypt(req);
27 if (res == -EINPROGRESS || res == -EBUSY) {
28 - BUG_ON(req->base.data != &ecr);
29 wait_for_completion(&ecr.completion);
30 res = ecr.res;
31 }
32 @@ -182,7 +181,6 @@ static int ext4_fname_decrypt(struct inode *inode,
33 ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
34 res = crypto_ablkcipher_decrypt(req);
35 if (res == -EINPROGRESS || res == -EBUSY) {
36 - BUG_ON(req->base.data != &ecr);
37 wait_for_completion(&ecr.completion);
38 res = ecr.res;
39 }
40 diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
41 index 1d510c1..f9270ec 100644
42 --- a/fs/ext4/crypto_key.c
43 +++ b/fs/ext4/crypto_key.c
44 @@ -71,7 +71,6 @@ static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
45 EXT4_AES_256_XTS_KEY_SIZE, NULL);
46 res = crypto_ablkcipher_encrypt(req);
47 if (res == -EINPROGRESS || res == -EBUSY) {
48 - BUG_ON(req->base.data != &ecr);
49 wait_for_completion(&ecr.completion);
50 res = ecr.res;
51 }
52 @@ -208,7 +207,12 @@ retry:
53 goto out;
54 }
55 crypt_info->ci_keyring_key = keyring_key;
56 - BUG_ON(keyring_key->type != &key_type_logon);
57 + if (keyring_key->type != &key_type_logon) {
58 + printk_once(KERN_WARNING
59 + "ext4: key type must be logon\n");
60 + res = -ENOKEY;
61 + goto out;
62 + }
63 ukp = ((struct user_key_payload *)keyring_key->payload.data);
64 if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
65 res = -EINVAL;
66 @@ -217,7 +221,13 @@ retry:
67 master_key = (struct ext4_encryption_key *)ukp->data;
68 BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
69 EXT4_KEY_DERIVATION_NONCE_SIZE);
70 - BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE);
71 + if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
72 + printk_once(KERN_WARNING
73 + "ext4: key size incorrect: %d\n",
74 + master_key->size);
75 + res = -ENOKEY;
76 + goto out;
77 + }
78 res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
79 raw_key);
80 if (res)
81 diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
82 index a640ec2..ad05069 100644
83 --- a/fs/ext4/crypto_policy.c
84 +++ b/fs/ext4/crypto_policy.c
85 @@ -150,7 +150,8 @@ int ext4_is_child_context_consistent_with_parent(struct inode *parent,
87 if ((parent == NULL) || (child == NULL)) {
88 pr_err("parent %p child %p\n", parent, child);
89 - BUG_ON(1);
90 + WARN_ON(1); /* Should never happen */
91 + return 0;
92 }
93 /* no restrictions if the parent directory is not encrypted */
94 if (!ext4_encrypted_inode(parent))