[Bug 292429] Re: Error when copying directory tree with Nautilus to ~/Private using ecryptfs
Paulo J. S. Silva
pjssilva at ime.usp.br
Fri Nov 14 00:09:39 UTC 2008
Hi,
I downloaded the 2.6.27-7.16 Ubuntu kernel source and applied your patch
(it applied almost cleanly, just the last hunks had a 2 line offset).
I have installed the new kernel and the problem is gone. Good job! Maybe
you should post the patch to the original bug report to let others try
it.
Now a naive question: if I keep the patched kernel and it is upgraded in
the future by the Ubuntu upgrade utility, do I risk to corrupt Private
folder? If I can, I would love to keep the new kernel and use the
Private folder, but I don't want to risk probable corruption.
best,
Paulo
Em Qua, 2008-11-12 às 18:27 -0600, Michael Halcrow escreveu:
> On Wed, Nov 12, 2008 at 12:36:10PM -0600, Michael Halcrow wrote:
> > Looks like crypt_stat->key is not page-aligned on this older AMD
> > architecture. This is a legitimate bug in eCryptfs and needs to be
> > fixed upstream. I think I will just grab a page via page_alloc() to
> > use as a temporary buffer for the crypto API scatterlist ops.
>
> On second thought, it might make more sense just to allocate a couple
> of scatterlist structs on the stack every time instead. See if this
> patch resolves the problem. It tests fine for me on my Intel
> processor, and I expect it will resolve the problem on the AMD
> architecture.
>
> Signed-off-by: Michael Halcrow <mhalcrow at us.ibm.com>
>
> ---
>
> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
> index e22bc39..0d713b6 100644
> --- a/fs/ecryptfs/keystore.c
> +++ b/fs/ecryptfs/keystore.c
> @@ -1037,17 +1037,14 @@ static int
> decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> struct ecryptfs_crypt_stat *crypt_stat)
> {
> - struct scatterlist dst_sg;
> - struct scatterlist src_sg;
> + struct scatterlist dst_sg[2];
> + struct scatterlist src_sg[2];
> struct mutex *tfm_mutex;
> struct blkcipher_desc desc = {
> .flags = CRYPTO_TFM_REQ_MAY_SLEEP
> };
> int rc = 0;
>
> - sg_init_table(&dst_sg, 1);
> - sg_init_table(&src_sg, 1);
> -
> if (unlikely(ecryptfs_verbosity > 0)) {
> ecryptfs_printk(
> KERN_DEBUG, "Session key encryption key (size [%d]):\n",
> @@ -1066,8 +1063,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> }
> rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key,
> auth_tok->session_key.encrypted_key_size,
> - &src_sg, 1);
> - if (rc != 1) {
> + src_sg, 2);
> + if (rc < 1 || rc > 2) {
> printk(KERN_ERR "Internal error whilst attempting to convert "
> "auth_tok->session_key.encrypted_key to scatterlist; "
> "expected rc = 1; got rc = [%d]. "
> @@ -1079,8 +1076,8 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> auth_tok->session_key.encrypted_key_size;
> rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key,
> auth_tok->session_key.decrypted_key_size,
> - &dst_sg, 1);
> - if (rc != 1) {
> + dst_sg, 2);
> + if (rc < 1 || rc > 2) {
> printk(KERN_ERR "Internal error whilst attempting to convert "
> "auth_tok->session_key.decrypted_key to scatterlist; "
> "expected rc = 1; got rc = [%d]\n", rc);
> @@ -1096,7 +1093,7 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> rc = -EINVAL;
> goto out;
> }
> - rc = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg,
> + rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg,
> auth_tok->session_key.encrypted_key_size);
> mutex_unlock(tfm_mutex);
> if (unlikely(rc)) {
> @@ -1539,8 +1536,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> size_t i;
> size_t encrypted_session_key_valid = 0;
> char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES];
> - struct scatterlist dst_sg;
> - struct scatterlist src_sg;
> + struct scatterlist dst_sg[2];
> + struct scatterlist src_sg[2];
> struct mutex *tfm_mutex = NULL;
> u8 cipher_code;
> size_t packet_size_length;
> @@ -1619,8 +1616,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> ecryptfs_dump_hex(session_key_encryption_key, 16);
> }
> rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size,
> - &src_sg, 1);
> - if (rc != 1) {
> + src_sg, 2);
> + if (rc < 1 || rc > 2) {
> ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
> "for crypt_stat session key; expected rc = 1; "
> "got rc = [%d]. key_rec->enc_key_size = [%d]\n",
> @@ -1629,8 +1626,8 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> goto out;
> }
> rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size,
> - &dst_sg, 1);
> - if (rc != 1) {
> + dst_sg, 2);
> + if (rc < 1 || rc > 2) {
> ecryptfs_printk(KERN_ERR, "Error generating scatterlist "
> "for crypt_stat encrypted session key; "
> "expected rc = 1; got rc = [%d]. "
> @@ -1651,7 +1648,7 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes,
> rc = 0;
> ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes of the key\n",
> crypt_stat->key_size);
> - rc = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg,
> + rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg,
> (*key_rec).enc_key_size);
> mutex_unlock(tfm_mutex);
> if (rc) {
>
More information about the kernel-team
mailing list