FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 11-12-2008, 11:27 PM
Michael Halcrow
 
Default Error when copying directory tree with Nautilus to ~/Private using ecryptfs

On Wed, Nov 12, 2008 at 12:36:10PM -0600, Michael Halcrow wrote:
> Looks like crypt_stat->key is not page-aligned on this older AMD
> architecture. This is a legitimate bug in eCryptfs and needs to be
> fixed upstream. I think I will just grab a page via page_alloc() to
> use as a temporary buffer for the crypto API scatterlist ops.

On second thought, it might make more sense just to allocate a couple
of scatterlist structs on the stack every time instead. See if this
patch resolves the problem. It tests fine for me on my Intel
processor, and I expect it will resolve the problem on the AMD
architecture.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>

---

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index e22bc39..0d713b6 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1037,17 +1037,14 @@ static int
decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
struct ecryptfs_crypt_stat *crypt_stat)
{
- struct scatterlist dst_sg;
- struct scatterlist src_sg;
+ struct scatterlist dst_sg[2];
+ struct scatterlist src_sg[2];
struct mutex *tfm_mutex;
struct blkcipher_desc desc = {
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
};
int rc = 0;

- sg_init_table(&dst_sg, 1);
- sg_init_table(&src_sg, 1);
-
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(
KERN_DEBUG, "Session key encryption key (size [%d]):
",
@@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
}
rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
auth_tok->session_key.encrypted_key_size,
- &src_sg, 1);
- if (rc != 1) {
+ src_sg, 2);
+ if (rc < 1 || rc > 2) {
printk(KERN_ERR "Internal error whilst attempting to convert "
"auth_tok->session_key.encrypted_key to scatterlist; "
"expected rc = 1; got rc = [%d]. "
@@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
auth_tok->session_key.encrypted_key_size;
rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
auth_tok->session_key.decrypted_key_size,
- &dst_sg, 1);
- if (rc != 1) {
+ dst_sg, 2);
+ if (rc < 1 || rc > 2) {
printk(KERN_ERR "Internal error whilst attempting to convert "
"auth_tok->session_key.decrypted_key to scatterlist; "
"expected rc = 1; got rc = [%d]
", rc);
@@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
rc = -EINVAL;
goto out;
}
- rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg,
+ rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
auth_tok->session_key.encrypted_key_size);
mutex_unlock(tfm_mutex);
if (unlikely(rc)) {
@@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
size_t i;
size_t encrypted_session_key_valid = 0;
char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
- struct scatterlist dst_sg;
- struct scatterlist src_sg;
+ struct scatterlist dst_sg[2];
+ struct scatterlist src_sg[2];
struct mutex *tfm_mutex = NULL;
u8 cipher_code;
size_t packet_size_length;
@@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
ecryptfs_dump_hex(session_key_encryption_key, 16);
}
rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
- &src_sg, 1);
- if (rc != 1) {
+ src_sg, 2);
+ if (rc < 1 || rc > 2) {
ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
"for crypt_stat session key; expected rc = 1; "
"got rc = [%d]. key_rec->enc_key_size = [%d]
",
@@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
goto out;
}
rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
- &dst_sg, 1);
- if (rc != 1) {
+ dst_sg, 2);
+ if (rc < 1 || rc > 2) {
ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
"for crypt_stat encrypted session key; "
"expected rc = 1; got rc = [%d]. "
@@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
rc = 0;
ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key
",
crypt_stat->key_size);
- rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg,
+ rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
(*key_rec).enc_key_size);
mutex_unlock(tfm_mutex);
if (rc) {


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 11-13-2008, 11:09 PM
"Paulo J. S. Silva"
 
Default Error when copying directory tree with Nautilus to ~/Private using ecryptfs

Hi,

I downloaded the 2.6.27-7.16 Ubuntu kernel source and applied your patch
(it applied almost cleanly, just the last hunks had a 2 line offset).

I have installed the new kernel and the problem is gone. Good job! Maybe
you should post the patch to the original bug report to let others try
it.

Now a naive question: if I keep the patched kernel and it is upgraded in
the future by the Ubuntu upgrade utility, do I risk to corrupt Private
folder? If I can, I would love to keep the new kernel and use the
Private folder, but I don't want to risk probable corruption.

best,

Paulo

Em Qua, 2008-11-12 ąs 18:27 -0600, Michael Halcrow escreveu:
> On Wed, Nov 12, 2008 at 12:36:10PM -0600, Michael Halcrow wrote:
> > Looks like crypt_stat->key is not page-aligned on this older AMD
> > architecture. This is a legitimate bug in eCryptfs and needs to be
> > fixed upstream. I think I will just grab a page via page_alloc() to
> > use as a temporary buffer for the crypto API scatterlist ops.
>
> On second thought, it might make more sense just to allocate a couple
> of scatterlist structs on the stack every time instead. See if this
> patch resolves the problem. It tests fine for me on my Intel
> processor, and I expect it will resolve the problem on the AMD
> architecture.
>
> Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
>
> ---
>
> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
> index e22bc39..0d713b6 100644
> --- a/fs/ecryptfs/keystore.c
> +++ b/fs/ecryptfs/keystore.c
> @@ -1037,17 +1037,14 @@ static int
> decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> struct ecryptfs_crypt_stat *crypt_stat)
> {
> - struct scatterlist dst_sg;
> - struct scatterlist src_sg;
> + struct scatterlist dst_sg[2];
> + struct scatterlist src_sg[2];
> struct mutex *tfm_mutex;
> struct blkcipher_desc desc = {
> .flags = CRYPTO_TFM_REQ_MAY_SLEEP
> };
> int rc = 0;
>
> - sg_init_table(&dst_sg, 1);
> - sg_init_table(&src_sg, 1);
> -
> if (unlikely(ecryptfs_verbosity > 0)) {
> ecryptfs_printk(
> KERN_DEBUG, "Session key encryption key (size [%d]):
",
> @@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> }
> rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
> auth_tok->session_key.encrypted_key_size,
> - &src_sg, 1);
> - if (rc != 1) {
> + src_sg, 2);
> + if (rc < 1 || rc > 2) {
> printk(KERN_ERR "Internal error whilst attempting to convert "
> "auth_tok->session_key.encrypted_key to scatterlist; "
> "expected rc = 1; got rc = [%d]. "
> @@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> auth_tok->session_key.encrypted_key_size;
> rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
> auth_tok->session_key.decrypted_key_size,
> - &dst_sg, 1);
> - if (rc != 1) {
> + dst_sg, 2);
> + if (rc < 1 || rc > 2) {
> printk(KERN_ERR "Internal error whilst attempting to convert "
> "auth_tok->session_key.decrypted_key to scatterlist; "
> "expected rc = 1; got rc = [%d]
", rc);
> @@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> rc = -EINVAL;
> goto out;
> }
> - rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg,
> + rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
> auth_tok->session_key.encrypted_key_size);
> mutex_unlock(tfm_mutex);
> if (unlikely(rc)) {
> @@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> size_t i;
> size_t encrypted_session_key_valid = 0;
> char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
> - struct scatterlist dst_sg;
> - struct scatterlist src_sg;
> + struct scatterlist dst_sg[2];
> + struct scatterlist src_sg[2];
> struct mutex *tfm_mutex = NULL;
> u8 cipher_code;
> size_t packet_size_length;
> @@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> ecryptfs_dump_hex(session_key_encryption_key, 16);
> }
> rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
> - &src_sg, 1);
> - if (rc != 1) {
> + src_sg, 2);
> + if (rc < 1 || rc > 2) {
> ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
> "for crypt_stat session key; expected rc = 1; "
> "got rc = [%d]. key_rec->enc_key_size = [%d]
",
> @@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> goto out;
> }
> rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
> - &dst_sg, 1);
> - if (rc != 1) {
> + dst_sg, 2);
> + if (rc < 1 || rc > 2) {
> ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
> "for crypt_stat encrypted session key; "
> "expected rc = 1; got rc = [%d]. "
> @@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> rc = 0;
> ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key
",
> crypt_stat->key_size);
> - rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg,
> + rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
> (*key_rec).enc_key_size);
> mutex_unlock(tfm_mutex);
> if (rc) {
>


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 01:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org