[PATCH 4.14] sunrpc: fix 4 more call sites that were using stack memory with a scatterlist
(cherry picked from commit e7afe6c1d486b516ed586dcc10b3e7e3e85a9c2b)
While trying to reproduce a reported kernel panic on arm64, I discovered that AUTH_GSS basically doesn't work at all with older enctypes on arm64 systems with CONFIG_VMAP_STACK enabled. It turns out there still a few places using stack memory with scatterlists, causing krb5_encrypt() and krb5_decrypt() to produce incorrect results (or a BUG if CONFIG_DEBUG_SG is enabled).
Tested with cthon on v4.0/v4.1/v4.2 with krb5/krb5i/krb5p using des3-cbc-sha1 and arcfour-hmac-md5.
Signed-off-by: Scott Mayhew smayhew@redhat.com Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields bfields@redhat.com
Conflicts: net/sunrpc/auth_gss/gss_krb5_seqnum.c --- net/sunrpc/auth_gss/gss_krb5_seqnum.c | 49 +++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c index c8b9082..2d2ed67 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c +++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c @@ -44,7 +44,7 @@ unsigned char *cksum, unsigned char *buf) { struct crypto_skcipher *cipher; - unsigned char plain[8]; + unsigned char *plain; s32 code;
dprintk("RPC: %s:\n", __func__); @@ -53,6 +53,10 @@ if (IS_ERR(cipher)) return PTR_ERR(cipher);
+ plain = kmalloc(8, GFP_NOFS); + if (!plain) + return -ENOMEM; + plain[0] = (unsigned char) ((seqnum >> 24) & 0xff); plain[1] = (unsigned char) ((seqnum >> 16) & 0xff); plain[2] = (unsigned char) ((seqnum >> 8) & 0xff); @@ -69,6 +73,7 @@ code = krb5_encrypt(cipher, cksum, plain, buf, 8); out: crypto_free_skcipher(cipher); + kfree(plain); return code; } s32 @@ -78,12 +83,17 @@ u32 seqnum, unsigned char *cksum, unsigned char *buf) { - unsigned char plain[8]; + unsigned char *plain; + s32 code;
if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_make_rc4_seq_num(kctx, direction, seqnum, cksum, buf);
+ plain = kmalloc(8, GFP_NOFS); + if (!plain) + return -ENOMEM; + plain[0] = (unsigned char) (seqnum & 0xff); plain[1] = (unsigned char) ((seqnum >> 8) & 0xff); plain[2] = (unsigned char) ((seqnum >> 16) & 0xff); @@ -94,7 +104,9 @@ plain[6] = direction; plain[7] = direction;
- return krb5_encrypt(key, cksum, plain, buf, 8); + code = krb5_encrypt(key, cksum, plain, buf, 8); + kfree(plain); + return code; }
static s32 @@ -102,7 +114,7 @@ unsigned char *buf, int *direction, s32 *seqnum) { struct crypto_skcipher *cipher; - unsigned char plain[8]; + unsigned char *plain; s32 code;
dprintk("RPC: %s:\n", __func__); @@ -115,20 +127,28 @@ if (code) goto out;
+ plain = kmalloc(8, GFP_NOFS); + if (!plain) { + code = -ENOMEM; + goto out; + } + code = krb5_decrypt(cipher, cksum, buf, plain, 8); if (code) - goto out; + goto out_plain;
if ((plain[4] != plain[5]) || (plain[4] != plain[6]) || (plain[4] != plain[7])) { code = (s32)KG_BAD_SEQ; - goto out; + goto out_plain; }
*direction = plain[4];
*seqnum = ((plain[0] << 24) | (plain[1] << 16) | (plain[2] << 8) | (plain[3])); +out_plain: + kfree(plain); out: crypto_free_skcipher(cipher); return code; @@ -141,26 +161,33 @@ int *direction, u32 *seqnum) { s32 code; - unsigned char plain[8]; struct crypto_skcipher *key = kctx->seq; + unsigned char *plain;
dprintk("RPC: krb5_get_seq_num:\n");
if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_get_rc4_seq_num(kctx, cksum, buf, direction, seqnum); + plain = kmalloc(8, GFP_NOFS); + if (!plain) + return -ENOMEM;
if ((code = krb5_decrypt(key, cksum, buf, plain, 8))) - return code; + goto out;
if ((plain[4] != plain[5]) || (plain[4] != plain[6]) || - (plain[4] != plain[7])) - return (s32)KG_BAD_SEQ; + (plain[4] != plain[7])) { + code = (s32)KG_BAD_SEQ; + goto out; + }
*direction = plain[4];
*seqnum = ((plain[0]) | (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));
- return 0; +out: + kfree(plain); + return code; }
ACK.--b.
On Tue, Feb 19, 2019 at 02:36:16PM -0500, Scott Mayhew wrote:
(cherry picked from commit e7afe6c1d486b516ed586dcc10b3e7e3e85a9c2b)
While trying to reproduce a reported kernel panic on arm64, I discovered that AUTH_GSS basically doesn't work at all with older enctypes on arm64 systems with CONFIG_VMAP_STACK enabled. It turns out there still a few places using stack memory with scatterlists, causing krb5_encrypt() and krb5_decrypt() to produce incorrect results (or a BUG if CONFIG_DEBUG_SG is enabled).
Tested with cthon on v4.0/v4.1/v4.2 with krb5/krb5i/krb5p using des3-cbc-sha1 and arcfour-hmac-md5.
Signed-off-by: Scott Mayhew smayhew@redhat.com Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields bfields@redhat.com
Conflicts: net/sunrpc/auth_gss/gss_krb5_seqnum.c
net/sunrpc/auth_gss/gss_krb5_seqnum.c | 49 +++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c index c8b9082..2d2ed67 100644 --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c +++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c @@ -44,7 +44,7 @@ unsigned char *cksum, unsigned char *buf) { struct crypto_skcipher *cipher;
- unsigned char plain[8];
- unsigned char *plain; s32 code;
dprintk("RPC: %s:\n", __func__); @@ -53,6 +53,10 @@ if (IS_ERR(cipher)) return PTR_ERR(cipher);
- plain = kmalloc(8, GFP_NOFS);
- if (!plain)
return -ENOMEM;- plain[0] = (unsigned char) ((seqnum >> 24) & 0xff); plain[1] = (unsigned char) ((seqnum >> 16) & 0xff); plain[2] = (unsigned char) ((seqnum >> 8) & 0xff);
@@ -69,6 +73,7 @@ code = krb5_encrypt(cipher, cksum, plain, buf, 8); out: crypto_free_skcipher(cipher);
- kfree(plain); return code;
} s32 @@ -78,12 +83,17 @@ u32 seqnum, unsigned char *cksum, unsigned char *buf) {
- unsigned char plain[8];
- unsigned char *plain;
- s32 code;
if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_make_rc4_seq_num(kctx, direction, seqnum, cksum, buf);
- plain = kmalloc(8, GFP_NOFS);
- if (!plain)
return -ENOMEM;- plain[0] = (unsigned char) (seqnum & 0xff); plain[1] = (unsigned char) ((seqnum >> 8) & 0xff); plain[2] = (unsigned char) ((seqnum >> 16) & 0xff);
@@ -94,7 +104,9 @@ plain[6] = direction; plain[7] = direction;
- return krb5_encrypt(key, cksum, plain, buf, 8);
- code = krb5_encrypt(key, cksum, plain, buf, 8);
- kfree(plain);
- return code;
} static s32 @@ -102,7 +114,7 @@ unsigned char *buf, int *direction, s32 *seqnum) { struct crypto_skcipher *cipher;
- unsigned char plain[8];
- unsigned char *plain; s32 code;
dprintk("RPC: %s:\n", __func__); @@ -115,20 +127,28 @@ if (code) goto out;
- plain = kmalloc(8, GFP_NOFS);
- if (!plain) {
code = -ENOMEM;goto out;- }
- code = krb5_decrypt(cipher, cksum, buf, plain, 8); if (code)
goto out;
goto out_plain;if ((plain[4] != plain[5]) || (plain[4] != plain[6]) || (plain[4] != plain[7])) { code = (s32)KG_BAD_SEQ;
goto out;
goto out_plain;*direction = plain[4]; *seqnum = ((plain[0] << 24) | (plain[1] << 16) | (plain[2] << 8) | (plain[3])); +out_plain:
- kfree(plain);
out: crypto_free_skcipher(cipher); return code; @@ -141,26 +161,33 @@ int *direction, u32 *seqnum) { s32 code;
- unsigned char plain[8]; struct crypto_skcipher *key = kctx->seq;
- unsigned char *plain;
dprintk("RPC: krb5_get_seq_num:\n"); if (kctx->enctype == ENCTYPE_ARCFOUR_HMAC) return krb5_get_rc4_seq_num(kctx, cksum, buf, direction, seqnum);
- plain = kmalloc(8, GFP_NOFS);
- if (!plain)
return -ENOMEM;if ((code = krb5_decrypt(key, cksum, buf, plain, 8)))
return code;
goto out;if ((plain[4] != plain[5]) || (plain[4] != plain[6]) ||
(plain[4] != plain[7]))return (s32)KG_BAD_SEQ;
(plain[4] != plain[7])) {code = (s32)KG_BAD_SEQ;goto out;- }
*direction = plain[4]; *seqnum = ((plain[0]) | (plain[1] << 8) | (plain[2] << 16) | (plain[3] << 24));
- return 0;
+out:
- kfree(plain);
- return code;
}
1.8.3.1
linux-stable-mirror@lists.linaro.org
-
J. Bruce Fields -
Scott Mayhew