Commit aaef31703a0cf6a733e651885bfb49edc3ac6774
1 parent
3231300bb9
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
libceph: do not crash on large auth tickets
Large (greater than 32k, the value of PAGE_ALLOC_COSTLY_ORDER) auth tickets will have their buffers vmalloc'ed, which leads to the following crash in crypto: [ 28.685082] BUG: unable to handle kernel paging request at ffffeb04000032c0 [ 28.686032] IP: [<ffffffff81392b42>] scatterwalk_pagedone+0x22/0x80 [ 28.686032] PGD 0 [ 28.688088] Oops: 0000 [#1] PREEMPT SMP [ 28.688088] Modules linked in: [ 28.688088] CPU: 0 PID: 878 Comm: kworker/0:2 Not tainted 3.17.0-vm+ #305 [ 28.688088] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 28.688088] Workqueue: ceph-msgr con_work [ 28.688088] task: ffff88011a7f9030 ti: ffff8800d903c000 task.ti: ffff8800d903c000 [ 28.688088] RIP: 0010:[<ffffffff81392b42>] [<ffffffff81392b42>] scatterwalk_pagedone+0x22/0x80 [ 28.688088] RSP: 0018:ffff8800d903f688 EFLAGS: 00010286 [ 28.688088] RAX: ffffeb04000032c0 RBX: ffff8800d903f718 RCX: ffffeb04000032c0 [ 28.688088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8800d903f750 [ 28.688088] RBP: ffff8800d903f688 R08: 00000000000007de R09: ffff8800d903f880 [ 28.688088] R10: 18df467c72d6257b R11: 0000000000000000 R12: 0000000000000010 [ 28.688088] R13: ffff8800d903f750 R14: ffff8800d903f8a0 R15: 0000000000000000 [ 28.688088] FS: 00007f50a41c7700(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000 [ 28.688088] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 28.688088] CR2: ffffeb04000032c0 CR3: 00000000da3f3000 CR4: 00000000000006b0 [ 28.688088] Stack: [ 28.688088] ffff8800d903f698 ffffffff81392ca8 ffff8800d903f6e8 ffffffff81395d32 [ 28.688088] ffff8800dac96000 ffff880000000000 ffff8800d903f980 ffff880119b7e020 [ 28.688088] ffff880119b7e010 0000000000000000 0000000000000010 0000000000000010 [ 28.688088] Call Trace: [ 28.688088] [<ffffffff81392ca8>] scatterwalk_done+0x38/0x40 [ 28.688088] [<ffffffff81392ca8>] scatterwalk_done+0x38/0x40 [ 28.688088] [<ffffffff81395d32>] blkcipher_walk_done+0x182/0x220 [ 28.688088] [<ffffffff813990bf>] crypto_cbc_encrypt+0x15f/0x180 [ 28.688088] [<ffffffff81399780>] ? crypto_aes_set_key+0x30/0x30 [ 28.688088] [<ffffffff8156c40c>] ceph_aes_encrypt2+0x29c/0x2e0 [ 28.688088] [<ffffffff8156d2a3>] ceph_encrypt2+0x93/0xb0 [ 28.688088] [<ffffffff8156d7da>] ceph_x_encrypt+0x4a/0x60 [ 28.688088] [<ffffffff8155b39d>] ? ceph_buffer_new+0x5d/0xf0 [ 28.688088] [<ffffffff8156e837>] ceph_x_build_authorizer.isra.6+0x297/0x360 [ 28.688088] [<ffffffff8112089b>] ? kmem_cache_alloc_trace+0x11b/0x1c0 [ 28.688088] [<ffffffff8156b496>] ? ceph_auth_create_authorizer+0x36/0x80 [ 28.688088] [<ffffffff8156ed83>] ceph_x_create_authorizer+0x63/0xd0 [ 28.688088] [<ffffffff8156b4b4>] ceph_auth_create_authorizer+0x54/0x80 [ 28.688088] [<ffffffff8155f7c0>] get_authorizer+0x80/0xd0 [ 28.688088] [<ffffffff81555a8b>] prepare_write_connect+0x18b/0x2b0 [ 28.688088] [<ffffffff81559289>] try_read+0x1e59/0x1f10 This is because we set up crypto scatterlists as if all buffers were kmalloc'ed. Fix it. Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <idryomov@redhat.com> Reviewed-by: Sage Weil <sage@redhat.com>
Showing 1 changed file with 132 additions and 37 deletions Side-by-side Diff
net/ceph/crypto.c
... | ... | @@ -90,11 +90,82 @@ |
90 | 90 | |
91 | 91 | static const u8 *aes_iv = (u8 *)CEPH_AES_IV; |
92 | 92 | |
93 | +/* | |
94 | + * Should be used for buffers allocated with ceph_kvmalloc(). | |
95 | + * Currently these are encrypt out-buffer (ceph_buffer) and decrypt | |
96 | + * in-buffer (msg front). | |
97 | + * | |
98 | + * Dispose of @sgt with teardown_sgtable(). | |
99 | + * | |
100 | + * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() | |
101 | + * in cases where a single sg is sufficient. No attempt to reduce the | |
102 | + * number of sgs by squeezing physically contiguous pages together is | |
103 | + * made though, for simplicity. | |
104 | + */ | |
105 | +static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, | |
106 | + const void *buf, unsigned int buf_len) | |
107 | +{ | |
108 | + struct scatterlist *sg; | |
109 | + const bool is_vmalloc = is_vmalloc_addr(buf); | |
110 | + unsigned int off = offset_in_page(buf); | |
111 | + unsigned int chunk_cnt = 1; | |
112 | + unsigned int chunk_len = PAGE_ALIGN(off + buf_len); | |
113 | + int i; | |
114 | + int ret; | |
115 | + | |
116 | + if (buf_len == 0) { | |
117 | + memset(sgt, 0, sizeof(*sgt)); | |
118 | + return -EINVAL; | |
119 | + } | |
120 | + | |
121 | + if (is_vmalloc) { | |
122 | + chunk_cnt = chunk_len >> PAGE_SHIFT; | |
123 | + chunk_len = PAGE_SIZE; | |
124 | + } | |
125 | + | |
126 | + if (chunk_cnt > 1) { | |
127 | + ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); | |
128 | + if (ret) | |
129 | + return ret; | |
130 | + } else { | |
131 | + WARN_ON(chunk_cnt != 1); | |
132 | + sg_init_table(prealloc_sg, 1); | |
133 | + sgt->sgl = prealloc_sg; | |
134 | + sgt->nents = sgt->orig_nents = 1; | |
135 | + } | |
136 | + | |
137 | + for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { | |
138 | + struct page *page; | |
139 | + unsigned int len = min(chunk_len - off, buf_len); | |
140 | + | |
141 | + if (is_vmalloc) | |
142 | + page = vmalloc_to_page(buf); | |
143 | + else | |
144 | + page = virt_to_page(buf); | |
145 | + | |
146 | + sg_set_page(sg, page, len, off); | |
147 | + | |
148 | + off = 0; | |
149 | + buf += len; | |
150 | + buf_len -= len; | |
151 | + } | |
152 | + WARN_ON(buf_len != 0); | |
153 | + | |
154 | + return 0; | |
155 | +} | |
156 | + | |
157 | +static void teardown_sgtable(struct sg_table *sgt) | |
158 | +{ | |
159 | + if (sgt->orig_nents > 1) | |
160 | + sg_free_table(sgt); | |
161 | +} | |
162 | + | |
93 | 163 | static int ceph_aes_encrypt(const void *key, int key_len, |
94 | 164 | void *dst, size_t *dst_len, |
95 | 165 | const void *src, size_t src_len) |
96 | 166 | { |
97 | - struct scatterlist sg_in[2], sg_out[1]; | |
167 | + struct scatterlist sg_in[2], prealloc_sg; | |
168 | + struct sg_table sg_out; | |
98 | 169 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
99 | 170 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; |
100 | 171 | int ret; |
101 | 172 | |
102 | 173 | |
103 | 174 | |
... | ... | @@ -110,16 +181,18 @@ |
110 | 181 | |
111 | 182 | *dst_len = src_len + zero_padding; |
112 | 183 | |
113 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
114 | 184 | sg_init_table(sg_in, 2); |
115 | 185 | sg_set_buf(&sg_in[0], src, src_len); |
116 | 186 | sg_set_buf(&sg_in[1], pad, zero_padding); |
117 | - sg_init_table(sg_out, 1); | |
118 | - sg_set_buf(sg_out, dst, *dst_len); | |
187 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); | |
188 | + if (ret) | |
189 | + goto out_tfm; | |
190 | + | |
191 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
119 | 192 | iv = crypto_blkcipher_crt(tfm)->iv; |
120 | 193 | ivsize = crypto_blkcipher_ivsize(tfm); |
121 | - | |
122 | 194 | memcpy(iv, aes_iv, ivsize); |
195 | + | |
123 | 196 | /* |
124 | 197 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, |
125 | 198 | key, key_len, 1); |
126 | 199 | |
127 | 200 | |
128 | 201 | |
... | ... | @@ -128,16 +201,22 @@ |
128 | 201 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, |
129 | 202 | pad, zero_padding, 1); |
130 | 203 | */ |
131 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | |
204 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, | |
132 | 205 | src_len + zero_padding); |
133 | - crypto_free_blkcipher(tfm); | |
134 | - if (ret < 0) | |
206 | + if (ret < 0) { | |
135 | 207 | pr_err("ceph_aes_crypt failed %d\n", ret); |
208 | + goto out_sg; | |
209 | + } | |
136 | 210 | /* |
137 | 211 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, |
138 | 212 | dst, *dst_len, 1); |
139 | 213 | */ |
140 | - return 0; | |
214 | + | |
215 | +out_sg: | |
216 | + teardown_sgtable(&sg_out); | |
217 | +out_tfm: | |
218 | + crypto_free_blkcipher(tfm); | |
219 | + return ret; | |
141 | 220 | } |
142 | 221 | |
143 | 222 | static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
... | ... | @@ -145,7 +224,8 @@ |
145 | 224 | const void *src1, size_t src1_len, |
146 | 225 | const void *src2, size_t src2_len) |
147 | 226 | { |
148 | - struct scatterlist sg_in[3], sg_out[1]; | |
227 | + struct scatterlist sg_in[3], prealloc_sg; | |
228 | + struct sg_table sg_out; | |
149 | 229 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
150 | 230 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; |
151 | 231 | int ret; |
152 | 232 | |
153 | 233 | |
154 | 234 | |
... | ... | @@ -161,17 +241,19 @@ |
161 | 241 | |
162 | 242 | *dst_len = src1_len + src2_len + zero_padding; |
163 | 243 | |
164 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
165 | 244 | sg_init_table(sg_in, 3); |
166 | 245 | sg_set_buf(&sg_in[0], src1, src1_len); |
167 | 246 | sg_set_buf(&sg_in[1], src2, src2_len); |
168 | 247 | sg_set_buf(&sg_in[2], pad, zero_padding); |
169 | - sg_init_table(sg_out, 1); | |
170 | - sg_set_buf(sg_out, dst, *dst_len); | |
248 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); | |
249 | + if (ret) | |
250 | + goto out_tfm; | |
251 | + | |
252 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
171 | 253 | iv = crypto_blkcipher_crt(tfm)->iv; |
172 | 254 | ivsize = crypto_blkcipher_ivsize(tfm); |
173 | - | |
174 | 255 | memcpy(iv, aes_iv, ivsize); |
256 | + | |
175 | 257 | /* |
176 | 258 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, |
177 | 259 | key, key_len, 1); |
178 | 260 | |
179 | 261 | |
180 | 262 | |
181 | 263 | |
... | ... | @@ -182,23 +264,30 @@ |
182 | 264 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, |
183 | 265 | pad, zero_padding, 1); |
184 | 266 | */ |
185 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | |
267 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, | |
186 | 268 | src1_len + src2_len + zero_padding); |
187 | - crypto_free_blkcipher(tfm); | |
188 | - if (ret < 0) | |
269 | + if (ret < 0) { | |
189 | 270 | pr_err("ceph_aes_crypt2 failed %d\n", ret); |
271 | + goto out_sg; | |
272 | + } | |
190 | 273 | /* |
191 | 274 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, |
192 | 275 | dst, *dst_len, 1); |
193 | 276 | */ |
194 | - return 0; | |
277 | + | |
278 | +out_sg: | |
279 | + teardown_sgtable(&sg_out); | |
280 | +out_tfm: | |
281 | + crypto_free_blkcipher(tfm); | |
282 | + return ret; | |
195 | 283 | } |
196 | 284 | |
197 | 285 | static int ceph_aes_decrypt(const void *key, int key_len, |
198 | 286 | void *dst, size_t *dst_len, |
199 | 287 | const void *src, size_t src_len) |
200 | 288 | { |
201 | - struct scatterlist sg_in[1], sg_out[2]; | |
289 | + struct sg_table sg_in; | |
290 | + struct scatterlist sg_out[2], prealloc_sg; | |
202 | 291 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
203 | 292 | struct blkcipher_desc desc = { .tfm = tfm }; |
204 | 293 | char pad[16]; |
205 | 294 | |
206 | 295 | |
207 | 296 | |
208 | 297 | |
... | ... | @@ -210,16 +299,16 @@ |
210 | 299 | if (IS_ERR(tfm)) |
211 | 300 | return PTR_ERR(tfm); |
212 | 301 | |
213 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
214 | - sg_init_table(sg_in, 1); | |
215 | 302 | sg_init_table(sg_out, 2); |
216 | - sg_set_buf(sg_in, src, src_len); | |
217 | 303 | sg_set_buf(&sg_out[0], dst, *dst_len); |
218 | 304 | sg_set_buf(&sg_out[1], pad, sizeof(pad)); |
305 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); | |
306 | + if (ret) | |
307 | + goto out_tfm; | |
219 | 308 | |
309 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | |
220 | 310 | iv = crypto_blkcipher_crt(tfm)->iv; |
221 | 311 | ivsize = crypto_blkcipher_ivsize(tfm); |
222 | - | |
223 | 312 | memcpy(iv, aes_iv, ivsize); |
224 | 313 | |
225 | 314 | /* |
226 | 315 | |
... | ... | @@ -228,12 +317,10 @@ |
228 | 317 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, |
229 | 318 | src, src_len, 1); |
230 | 319 | */ |
231 | - | |
232 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | |
233 | - crypto_free_blkcipher(tfm); | |
320 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); | |
234 | 321 | if (ret < 0) { |
235 | 322 | pr_err("ceph_aes_decrypt failed %d\n", ret); |
236 | - return ret; | |
323 | + goto out_sg; | |
237 | 324 | } |
238 | 325 | |
239 | 326 | if (src_len <= *dst_len) |
... | ... | @@ -251,7 +338,12 @@ |
251 | 338 | print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, |
252 | 339 | dst, *dst_len, 1); |
253 | 340 | */ |
254 | - return 0; | |
341 | + | |
342 | +out_sg: | |
343 | + teardown_sgtable(&sg_in); | |
344 | +out_tfm: | |
345 | + crypto_free_blkcipher(tfm); | |
346 | + return ret; | |
255 | 347 | } |
256 | 348 | |
257 | 349 | static int ceph_aes_decrypt2(const void *key, int key_len, |
... | ... | @@ -259,7 +351,8 @@ |
259 | 351 | void *dst2, size_t *dst2_len, |
260 | 352 | const void *src, size_t src_len) |
261 | 353 | { |
262 | - struct scatterlist sg_in[1], sg_out[3]; | |
354 | + struct sg_table sg_in; | |
355 | + struct scatterlist sg_out[3], prealloc_sg; | |
263 | 356 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
264 | 357 | struct blkcipher_desc desc = { .tfm = tfm }; |
265 | 358 | char pad[16]; |
266 | 359 | |
267 | 360 | |
... | ... | @@ -271,17 +364,17 @@ |
271 | 364 | if (IS_ERR(tfm)) |
272 | 365 | return PTR_ERR(tfm); |
273 | 366 | |
274 | - sg_init_table(sg_in, 1); | |
275 | - sg_set_buf(sg_in, src, src_len); | |
276 | 367 | sg_init_table(sg_out, 3); |
277 | 368 | sg_set_buf(&sg_out[0], dst1, *dst1_len); |
278 | 369 | sg_set_buf(&sg_out[1], dst2, *dst2_len); |
279 | 370 | sg_set_buf(&sg_out[2], pad, sizeof(pad)); |
371 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); | |
372 | + if (ret) | |
373 | + goto out_tfm; | |
280 | 374 | |
281 | 375 | crypto_blkcipher_setkey((void *)tfm, key, key_len); |
282 | 376 | iv = crypto_blkcipher_crt(tfm)->iv; |
283 | 377 | ivsize = crypto_blkcipher_ivsize(tfm); |
284 | - | |
285 | 378 | memcpy(iv, aes_iv, ivsize); |
286 | 379 | |
287 | 380 | /* |
288 | 381 | |
... | ... | @@ -290,12 +383,10 @@ |
290 | 383 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, |
291 | 384 | src, src_len, 1); |
292 | 385 | */ |
293 | - | |
294 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | |
295 | - crypto_free_blkcipher(tfm); | |
386 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); | |
296 | 387 | if (ret < 0) { |
297 | 388 | pr_err("ceph_aes_decrypt failed %d\n", ret); |
298 | - return ret; | |
389 | + goto out_sg; | |
299 | 390 | } |
300 | 391 | |
301 | 392 | if (src_len <= *dst1_len) |
... | ... | @@ -325,7 +416,11 @@ |
325 | 416 | dst2, *dst2_len, 1); |
326 | 417 | */ |
327 | 418 | |
328 | - return 0; | |
419 | +out_sg: | |
420 | + teardown_sgtable(&sg_in); | |
421 | +out_tfm: | |
422 | + crypto_free_blkcipher(tfm); | |
423 | + return ret; | |
329 | 424 | } |
330 | 425 | |
331 | 426 |