Received: by 10.223.185.116 with SMTP id b49csp1658237wrg; Sat, 24 Feb 2018 01:16:31 -0800 (PST) X-Google-Smtp-Source: AH8x226AfOJU+Q6nvmKqke52DGmYkIu+zS6YAdkvrIAqyr1ECDPWoNPh+3LW4iwSY2sLsMRUyUzi X-Received: by 10.98.31.79 with SMTP id f76mr4445734pff.60.1519463791744; Sat, 24 Feb 2018 01:16:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519463791; cv=none; d=google.com; s=arc-20160816; b=v53W5v9cBweOc+3noSX+04GYFdX7OzN8HE3xj55NHpPmApZFLuOI3s+lb7UVWSU38C d0BXZdr2LVf36nEbG01U9ppR48LhSzRILfpLDB/sFKDYUSaUnHsW2WuNlw95EJ/nds0g 2+1LxIbztbhzeWKhcu6T6Fx2FszlSl8gCOF36CkONJfUuPZnoghZZxM0damp0H9eSeLg wXojadJYTyBiDRv+bd4DxvnomG0vV6wdWmfvmE1ox+93iKjeWYU/Evfrx+4JG/P2CqVN fY09yWKgaPZAq2KXNngRKFskYKavUfmFZstr4E16g0fEtxQbdqftszHfNqkDm4MpOs/X KPig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=80inyeOrYiRrs8NB0V2cH5sBCT/gtjIGCzgKqQfepcw=; b=Na+Fngolwm5CUiIZL5mWly+YjnjrvIUZe2/lrFfU6ii+ihcCg9WkPVNB0Pr+ijWEKl jF2g+WLGIVjVyZqCINI4WKygH7uPoD6gOkjKSwbiLtu+L6LGqejtPlRHFK6W92tm+4Vx 4GItmI133Oet7GhV58B3Een/uuZko/Q9vHKewVFC+NiFPv58rZiVlAgjakRfSnragS4l 11iuv5cSaK2MILzJlCOqEg/BQbXzBVsIApl4bcl07yUhAkK4eaY4MWlLkR2j/5ohhiid Y1xnJMSPjEsSN+fzqZIqcwSEygevvKimMgsUBPx+Uzvi3BnILDDq3/i5/Fy0Ct3Fd+wB I4XQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5-v6si3286200pll.90.2018.02.24.01.16.14; Sat, 24 Feb 2018 01:16:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751351AbeBXJPb (ORCPT + 99 others); Sat, 24 Feb 2018 04:15:31 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:5265 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750905AbeBXJP2 (ORCPT ); Sat, 24 Feb 2018 04:15:28 -0500 Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id BD260226E96D9; Sat, 24 Feb 2018 17:15:13 +0800 (CST) Received: from huawei.com (10.107.193.250) by DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id 14.3.361.1; Sat, 24 Feb 2018 17:15:04 +0800 From: Yunlong Song To: , , , , CC: , , , , , Subject: [PATCH] f2fs: allocate buffer for decrypting filename to avoid panic Date: Sat, 24 Feb 2018 17:14:58 +0800 Message-ID: <1519463698-60555-1-git-send-email-yunlong.song@huawei.com> X-Mailer: git-send-email 1.8.5.2 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.107.193.250] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In some platforms (such as arm), high memory is used, then the decrypting filename will cause panic, the reason see commit 569cf1876a32e574ba8a7fb825cd91bafd003882 ("f2fs crypto: allocate buffer for decrypting filename"): We got dentry pages from high_mem, and its address space directly goes into the decryption path via f2fs_fname_disk_to_usr. But, sg_init_one assumes the address is not from high_mem, so we can get this panic since it doesn't call kmap_high but kunmap_high is triggered at the end. kernel BUG at ../../../../../../kernel/mm/highmem.c:290! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM ... (kunmap_high+0xb0/0xb8) from [] (__kunmap_atomic+0xa0/0xa4) (__kunmap_atomic+0xa0/0xa4) from [] (blkcipher_walk_done+0x128/0x1ec) (blkcipher_walk_done+0x128/0x1ec) from [] (crypto_cbc_decrypt+0xc0/0x170) (crypto_cbc_decrypt+0xc0/0x170) from [] (crypto_cts_decrypt+0xc0/0x114) (crypto_cts_decrypt+0xc0/0x114) from [] (async_decrypt+0x40/0x48) (async_decrypt+0x40/0x48) from [] (f2fs_fname_disk_to_usr+0x124/0x304) (f2fs_fname_disk_to_usr+0x124/0x304) from [] (f2fs_fill_dentries+0xac/0x188) (f2fs_fill_dentries+0xac/0x188) from [] (f2fs_readdir+0x1f0/0x300) (f2fs_readdir+0x1f0/0x300) from [] (vfs_readdir+0x90/0xb4) (vfs_readdir+0x90/0xb4) from [] (SyS_getdents64+0x64/0xcc) (SyS_getdents64+0x64/0xcc) from [] (ret_fast_syscall+0x0/0x30) Howerver, later patches: commit 922ec355f86365388203672119b5bca346a45085 ("f2fs crypto: avoid unneeded memory allocation when {en/de}crypting symlink") commit e06f86e61d7a67fe6e826010f57aa39c674f4b1b ("f2fs crypto: avoid unneeded memory allocation in ->readdir") reverts the codes, which causes panic again in arm, so let's add the old patch again. Signed-off-by: Yunlong Song --- fs/f2fs/dir.c | 7 +++++++ fs/f2fs/namei.c | 10 +++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index f00b5ed..c0cf3e7b 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -825,9 +825,16 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, int save_len = fstr->len; int err; + de_name.name = kmalloc(de_name.len, GFP_NOFS); + if (!de_name.name) + return -ENOMEM; + + memcpy(de_name.name, d->filename[bit_pos], de_name.len); + err = fscrypt_fname_disk_to_usr(d->inode, (u32)de->hash_code, 0, &de_name, fstr); + kfree(de_name.name); if (err) return err; diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index c4c94c7..2cb70c1 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -1170,8 +1170,13 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, /* Symlink is encrypted */ sd = (struct fscrypt_symlink_data *)caddr; - cstr.name = sd->encrypted_path; cstr.len = le16_to_cpu(sd->len); + cstr.name = kmalloc(cstr.len, GFP_NOFS); + if (!cstr.name) { + res = -ENOMEM; + goto errout; + } + memcpy(cstr.name, sd->encrypted_path, cstr.len); /* this is broken symlink case */ if (unlikely(cstr.len == 0)) { @@ -1198,6 +1203,8 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, goto errout; } + kfree(cstr.name); + paddr = pstr.name; /* Null-terminate the name */ @@ -1207,6 +1214,7 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, set_delayed_call(done, kfree_link, paddr); return paddr; errout: + kfree(cstr.name); fscrypt_fname_free_buffer(&pstr); put_page(cpage); return ERR_PTR(res); -- 1.8.5.2