blk-crypto: make blk_crypto_evict_key() more robust
stable inclusion from stable-v5.10.180 commit 701a8220762ff90615dc91d3543f789391b63298 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8DDFN Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=701a8220762ff90615dc91d3543f789391b63298 -------------------------------- commit 5c7cb944 upstream. If blk_crypto_evict_key() sees that the key is still in-use (due to a bug) or that ->keyslot_evict failed, it currently just returns while leaving the key linked into the keyslot management structures. However, blk_crypto_evict_key() is only called in contexts such as inode eviction where failure is not an option. So actually the caller proceeds with freeing the blk_crypto_key regardless of the return value of blk_crypto_evict_key(). These two assumptions don't match, and the result is that there can be a use-after-free in blk_crypto_reprogram_all_keys() after one of these errors occurs. (Note, these errors *shouldn't* happen; we're just talking about what happens if they do anyway.) Fix this by making blk_crypto_evict_key() unlink the key from the keyslot management structures even on failure. Also improve some comments. Fixes: 1b262839 ("block: Keyslot Manager for Inline Encryption") Cc: stable@vger.kernel.org Signed-off-by:Eric Biggers <ebiggers@google.com> Reviewed-by:
Loading
Please sign in to comment