ext4 crypto: replace some BUG_ON()'s with error checks

commit 687c3c36e754a999a8263745b27965128db4fee5 upstream.

Buggy (or hostile) userspace should not be able to cause the kernel to
crash.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
index 45731558138c8e00cb3126f077bb0e9be7714d6f..54a5169327a3f2a38323084b2fb6ffb320f6c1e4 100644 (file)
--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -296,7 +296,6 @@ static int ext4_page_crypto(struct ext4_crypto_ctx *ctx,
        else
                res = crypto_ablkcipher_encrypt(req);
        if (res == -EINPROGRESS || res == -EBUSY) {
-               BUG_ON(req->base.data != &ecr);
                wait_for_completion(&ecr.completion);
                res = ecr.res;
        }

diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
index 7dc4eb55913c445c5065646c99949b66d87979b5..f9d53c2bd75645cb957566b268f012cab3250f6f 100644 (file)
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c
@@ -121,7 +121,6 @@ static int ext4_fname_encrypt(struct inode *inode,
        ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
        res = crypto_ablkcipher_encrypt(req);
        if (res == -EINPROGRESS || res == -EBUSY) {
-               BUG_ON(req->base.data != &ecr);
                wait_for_completion(&ecr.completion);
                res = ecr.res;
        }
@@ -183,7 +182,6 @@ static int ext4_fname_decrypt(struct inode *inode,
        ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
        res = crypto_ablkcipher_decrypt(req);
        if (res == -EINPROGRESS || res == -EBUSY) {
-               BUG_ON(req->base.data != &ecr);
                wait_for_completion(&ecr.completion);
                res = ecr.res;
        }

diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
index 442d24e8efc0cec6281a745384b3139433128ac4..9bad1132ac8f270afd40531ed5eba2755fc67d6e 100644 (file)
--- a/fs/ext4/crypto_key.c
+++ b/fs/ext4/crypto_key.c
@@ -71,7 +71,6 @@ static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
                                     EXT4_AES_256_XTS_KEY_SIZE, NULL);
        res = crypto_ablkcipher_encrypt(req);
        if (res == -EINPROGRESS || res == -EBUSY) {
-               BUG_ON(req->base.data != &ecr);
                wait_for_completion(&ecr.completion);
                res = ecr.res;
        }
@@ -208,7 +207,12 @@ retry:
                goto out;
        }
        crypt_info->ci_keyring_key = keyring_key;
-       BUG_ON(keyring_key->type != &key_type_logon);
+       if (keyring_key->type != &key_type_logon) {
+               printk_once(KERN_WARNING
+                           "ext4: key type must be logon\n");
+               res = -ENOKEY;
+               goto out;
+       }
        ukp = ((struct user_key_payload *)keyring_key->payload.data);
        if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
                res = -EINVAL;
@@ -217,7 +221,13 @@ retry:
        master_key = (struct ext4_encryption_key *)ukp->data;
        BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
                     EXT4_KEY_DERIVATION_NONCE_SIZE);
-       BUG_ON(master_key->size != EXT4_AES_256_XTS_KEY_SIZE);
+       if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
+               printk_once(KERN_WARNING
+                           "ext4: key size incorrect: %d\n",
+                           master_key->size);
+               res = -ENOKEY;
+               goto out;
+       }
        res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
                                  raw_key);
 got_key:

diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
index 02c4e5df7afb92986d13116777194bda133857f9..f92fa93e67f110c73f3a93b1411926b1eda86e64 100644 (file)
--- a/fs/ext4/crypto_policy.c
+++ b/fs/ext4/crypto_policy.c
@@ -137,7 +137,8 @@ int ext4_is_child_context_consistent_with_parent(struct inode *parent,
 
        if ((parent == NULL) || (child == NULL)) {
                pr_err("parent %p child %p\n", parent, child);
-               BUG_ON(1);
+               WARN_ON(1);     /* Should never happen */
+               return 0;
        }
        /* no restrictions if the parent directory is not encrypted */
        if (!ext4_encrypted_inode(parent))