4548b63
From patchwork Mon Oct 17 20:40:22 2016
4548b63
Content-Type: text/plain; charset="utf-8"
4548b63
MIME-Version: 1.0
4548b63
Content-Transfer-Encoding: 7bit
4548b63
Subject: Fix BUG() in calc_seckey()
4548b63
From: Sachin Prabhu <sprabhu@redhat.com>
4548b63
X-Patchwork-Id: 9380527
4548b63
Message-Id: <1476736822-30098-1-git-send-email-sprabhu@redhat.com>
4548b63
To: linux-cifs <linux-cifs@vger.kernel.org>
4548b63
Date: Mon, 17 Oct 2016 16:40:22 -0400
4548b63
4548b63
Andy Lutromirski's new virtually mapped kernel stack allocations moves
4548b63
kernel stacks the vmalloc area. This triggers the bug
4548b63
 kernel BUG at ./include/linux/scatterlist.h:140!
4548b63
at calc_seckey()->sg_init()
4548b63
4548b63
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
4548b63
Reviewed-by: Jeff Layton <jlayton@redhat.com>
4548b63
---
4548b63
 fs/cifs/cifsencrypt.c | 11 ++++++++---
4548b63
 1 file changed, 8 insertions(+), 3 deletions(-)
4548b63
4548b63
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
4548b63
index 8347c90..5eb0412 100644
4548b63
--- a/fs/cifs/cifsencrypt.c
4548b63
+++ b/fs/cifs/cifsencrypt.c
4548b63
@@ -808,7 +808,11 @@ calc_seckey(struct cifs_ses *ses)
4548b63
 	struct crypto_skcipher *tfm_arc4;
4548b63
 	struct scatterlist sgin, sgout;
4548b63
 	struct skcipher_request *req;
4548b63
-	unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
4548b63
+	unsigned char *sec_key;
4548b63
+
4548b63
+	sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
4548b63
+	if (sec_key == NULL)
4548b63
+		return -ENOMEM;
4548b63
 
4548b63
 	get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
4548b63
 
4548b63
@@ -816,7 +820,7 @@ calc_seckey(struct cifs_ses *ses)
4548b63
 	if (IS_ERR(tfm_arc4)) {
4548b63
 		rc = PTR_ERR(tfm_arc4);
4548b63
 		cifs_dbg(VFS, "could not allocate crypto API arc4\n");
4548b63
-		return rc;
4548b63
+		goto out;
4548b63
 	}
4548b63
 
4548b63
 	rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
4548b63
@@ -854,7 +858,8 @@ calc_seckey(struct cifs_ses *ses)
4548b63
 
4548b63
 out_free_cipher:
4548b63
 	crypto_free_skcipher(tfm_arc4);
4548b63
-
4548b63
+out:
4548b63
+	kfree(sec_key);
4548b63
 	return rc;
4548b63
 }
4548b63