ANDROID: dm-default-key: Prevent kernel crash on invalid table
When trying to create a device with an invalid table configuration,
kernel would panic:
For instance, table (note the number of argument 2, should be 1):
"0 <size> default-key aes-xts-plain64 <secret> 0 <dev> 0 2 allow_discards"
Instead of an expected error message in kmsg:
device-mapper: table: 254:24: default-key: Invalid number of feature args (-EINVAL)
the kernel crashes:
[ 48.701559] BUG: kernel NULL pointer dereference, address: 0000000000000040
...
[ 48.701702] ? exc_page_fault+0x4f/0xa0
[ 48.701709] ? asm_exc_page_fault+0x22/0x30
[ 48.701717] ? __blk_crypto_evict_key+0x18/0x190
[ 48.701722] blk_crypto_evict_key+0x41/0x90
[ 48.701731] default_key_ctr+0x22a/0x670 [dm_default_key 3355aa60cc2e380cc7745b7937dd463f0a9bc032]
[ 48.701745] dm_table_add_target+0x1de/0x380
[ 48.701754] table_load+0x13b/0x3e0
[ 48.701763] ? __pfx_table_load+0x10/0x10
[ 48.701769] ctl_ioctl+0x180/0x240
[ 48.701777] dm_ctl_ioctl+0xe/0x20
The problem is the key is not initialized yet when the optional
arguments are parsed. __blk_crypto_cfg_supported() expects the
blk_crypto_config to be valid, but since it is not, return true and
__blk_crypto_evict_key() gets called with a NULL profile argument.
Prevent calling blk_crypto_evict_key() when the key size is not yet set.
Bug: 160885805
Change-Id: Ife6f42bb0e32dff5173e77fadda1ed23bac7c8a9
Signed-off-by:
Gwendal Grignou <gwendal@google.com>
Loading
Please sign in to comment