fscrypt: stop pretending that key setup is nofs-safe
fscrypt_get_encryption_info() has never actually been safe to call in a context that needs GFP_NOFS, since it calls crypto_alloc_skcipher(). crypto_alloc_skcipher() isn't GFP_NOFS-safe, even if called under memalloc_nofs_save(). This is because it may load kernel modules, and also because it internally takes crypto_alg_sem. Other tasks can do GFP_KERNEL allocations while holding crypto_alg_sem for write. The use of fscrypt_init_mutex isn't GFP_NOFS-safe either. So, stop pretending that fscrypt_get_encryption_info() is nofs-safe. I.e., when it allocates memory, just use GFP_KERNEL instead of GFP_NOFS. Note, another reason to do this is that GFP_NOFS is deprecated in favor of using memalloc_nofs_save() in the proper places. Acked-by: Jeff Layton <jlayton@kernel.org> Link: https://lore.kernel.org/r/20200917041136.178600-10-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Родитель
4cc1a3e7e8
Коммит
9dad5feb49
|
@ -106,7 +106,7 @@ int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
|
|||
crypto_cfg.data_unit_size = sb->s_blocksize;
|
||||
crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci);
|
||||
num_devs = fscrypt_get_num_devices(sb);
|
||||
devs = kmalloc_array(num_devs, sizeof(*devs), GFP_NOFS);
|
||||
devs = kmalloc_array(num_devs, sizeof(*devs), GFP_KERNEL);
|
||||
if (!devs)
|
||||
return -ENOMEM;
|
||||
fscrypt_get_devices(sb, num_devs, devs);
|
||||
|
@ -135,9 +135,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
|
|||
struct fscrypt_blk_crypto_key *blk_key;
|
||||
int err;
|
||||
int i;
|
||||
unsigned int flags;
|
||||
|
||||
blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_NOFS);
|
||||
blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_KERNEL);
|
||||
if (!blk_key)
|
||||
return -ENOMEM;
|
||||
|
||||
|
@ -166,10 +165,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
|
|||
}
|
||||
queue_refs++;
|
||||
|
||||
flags = memalloc_nofs_save();
|
||||
err = blk_crypto_start_using_key(&blk_key->base,
|
||||
blk_key->devs[i]);
|
||||
memalloc_nofs_restore(flags);
|
||||
if (err) {
|
||||
fscrypt_err(inode,
|
||||
"error %d starting to use blk-crypto", err);
|
||||
|
|
|
@ -488,7 +488,7 @@ fscrypt_setup_encryption_info(struct inode *inode,
|
|||
if (res)
|
||||
return res;
|
||||
|
||||
crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_NOFS);
|
||||
crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_KERNEL);
|
||||
if (!crypt_info)
|
||||
return -ENOMEM;
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ static int derive_key_aes(const u8 *master_key,
|
|||
goto out;
|
||||
}
|
||||
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
|
||||
req = skcipher_request_alloc(tfm, GFP_NOFS);
|
||||
req = skcipher_request_alloc(tfm, GFP_KERNEL);
|
||||
if (!req) {
|
||||
res = -ENOMEM;
|
||||
goto out;
|
||||
|
@ -99,7 +99,7 @@ find_and_lock_process_key(const char *prefix,
|
|||
const struct user_key_payload *ukp;
|
||||
const struct fscrypt_key *payload;
|
||||
|
||||
description = kasprintf(GFP_NOFS, "%s%*phN", prefix,
|
||||
description = kasprintf(GFP_KERNEL, "%s%*phN", prefix,
|
||||
FSCRYPT_KEY_DESCRIPTOR_SIZE, descriptor);
|
||||
if (!description)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
@ -228,7 +228,7 @@ fscrypt_get_direct_key(const struct fscrypt_info *ci, const u8 *raw_key)
|
|||
return dk;
|
||||
|
||||
/* Nope, allocate one. */
|
||||
dk = kzalloc(sizeof(*dk), GFP_NOFS);
|
||||
dk = kzalloc(sizeof(*dk), GFP_KERNEL);
|
||||
if (!dk)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
refcount_set(&dk->dk_refcount, 1);
|
||||
|
@ -272,7 +272,7 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci,
|
|||
* This cannot be a stack buffer because it will be passed to the
|
||||
* scatterlist crypto API during derive_key_aes().
|
||||
*/
|
||||
derived_key = kmalloc(ci->ci_mode->keysize, GFP_NOFS);
|
||||
derived_key = kmalloc(ci->ci_mode->keysize, GFP_KERNEL);
|
||||
if (!derived_key)
|
||||
return -ENOMEM;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче