diff options
author | David Howells <dhowells@redhat.com> | 2018-02-22 17:38:34 +0300 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2018-02-22 17:58:38 +0300 |
commit | d9f4bb1a0f4db493efe6d7c58ffe696a57de7eb3 (patch) | |
tree | 259ac728946dd076a4b118f6e504929fe42b08d4 /Documentation/filesystems/inotify.txt | |
parent | 4b34968e77ad09628cfb3c4a7daf2adc2cefc6e8 (diff) | |
download | linux-d9f4bb1a0f4db493efe6d7c58ffe696a57de7eb3.tar.xz |
KEYS: Use individual pages in big_key for crypto buffers
kmalloc() can't always allocate large enough buffers for big_key to use for
crypto (1MB + some metadata) so we cannot use that to allocate the buffer.
Further, vmalloc'd pages can't be passed to sg_init_one() and the aead
crypto accessors cannot be called progressively and must be passed all the
data in one go (which means we can't pass the data in one block at a time).
Fix this by allocating the buffer pages individually and passing them
through a multientry scatterlist to the crypto layer. This has the bonus
advantage that we don't have to allocate a contiguous series of pages.
We then vmap() the page list and pass that through to the VFS read/write
routines.
This can trigger a warning:
WARNING: CPU: 0 PID: 60912 at mm/page_alloc.c:3883 __alloc_pages_nodemask+0xb7c/0x15f8
([<00000000002acbb6>] __alloc_pages_nodemask+0x1ee/0x15f8)
[<00000000002dd356>] kmalloc_order+0x46/0x90
[<00000000002dd3e0>] kmalloc_order_trace+0x40/0x1f8
[<0000000000326a10>] __kmalloc+0x430/0x4c0
[<00000000004343e4>] big_key_preparse+0x7c/0x210
[<000000000042c040>] key_create_or_update+0x128/0x420
[<000000000042e52c>] SyS_add_key+0x124/0x220
[<00000000007bba2c>] system_call+0xc4/0x2b0
from the keyctl/padd/useradd test of the keyutils testsuite on s390x.
Note that it might be better to shovel data through in page-sized lumps
instead as there's no particular need to use a monolithic buffer unless the
kernel itself wants to access the data.
Fixes: 13100a72f40f ("Security: Keys: Big keys stored encrypted")
Reported-by: Paul Bunyan <pbunyan@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Kirill Marinushkin <k.marinushkin@gmail.com>
Diffstat (limited to 'Documentation/filesystems/inotify.txt')
0 files changed, 0 insertions, 0 deletions