提交 0440d5c0 编写于 作者: M Mikulas Patocka 提交者: Mike Snitzer

dm crypt: allow unaligned bv_offset

When slub_debug is enabled kmalloc returns unaligned memory. XFS uses
this unaligned memory for its buffers (if an unaligned buffer crosses a
page, XFS frees it and allocates a full page instead - see the function
xfs_buf_allocate_memory).

dm-crypt checks if bv_offset is aligned on page size and these checks
fail with slub_debug and XFS.

Fix this bug by removing the bv_offset checks. Switch to checking if
bv_len is aligned instead of bv_offset (this check should be sufficient
to prevent overruns if a bio with too small bv_len is received).

Fixes: 8f0009a2 ("dm crypt: optionally support larger encryption sector size")
Cc: stable@vger.kernel.org # v4.12+
Reported-by: NBruno Prémont <bonbons@sysophe.eu>
Tested-by: NBruno Prémont <bonbons@sysophe.eu>
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Reviewed-by: NMilan Broz <gmazyland@gmail.com>
Signed-off-by: NMike Snitzer <snitzer@redhat.com>
上级 49de5769
...@@ -1075,7 +1075,7 @@ static int crypt_convert_block_aead(struct crypt_config *cc, ...@@ -1075,7 +1075,7 @@ static int crypt_convert_block_aead(struct crypt_config *cc,
BUG_ON(cc->integrity_iv_size && cc->integrity_iv_size != cc->iv_size); BUG_ON(cc->integrity_iv_size && cc->integrity_iv_size != cc->iv_size);
/* Reject unexpected unaligned bio. */ /* Reject unexpected unaligned bio. */
if (unlikely(bv_in.bv_offset & (cc->sector_size - 1))) if (unlikely(bv_in.bv_len & (cc->sector_size - 1)))
return -EIO; return -EIO;
dmreq = dmreq_of_req(cc, req); dmreq = dmreq_of_req(cc, req);
...@@ -1168,7 +1168,7 @@ static int crypt_convert_block_skcipher(struct crypt_config *cc, ...@@ -1168,7 +1168,7 @@ static int crypt_convert_block_skcipher(struct crypt_config *cc,
int r = 0; int r = 0;
/* Reject unexpected unaligned bio. */ /* Reject unexpected unaligned bio. */
if (unlikely(bv_in.bv_offset & (cc->sector_size - 1))) if (unlikely(bv_in.bv_len & (cc->sector_size - 1)))
return -EIO; return -EIO;
dmreq = dmreq_of_req(cc, req); dmreq = dmreq_of_req(cc, req);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册