From bcca323cb778d3ab9bf3b16e041ede5e67b18ff8 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 15 Jul 2018 11:39:07 +0200 Subject: [PATCH] contentenc: reserve one extra block in pool plaintext buffers File holes and -fsck can cause unaligned read accesses, which means we have to decrypt one extra plaintext block. xfstests generic/083 manage to crash -fsck like this: generic/083 2018/07/14 15:25:21 wrong len=266240, want=131072 panic: wrong len=266240, want=131072 goroutine 1 [running]: log.Panicf(0x67fc00, 0x15, 0xc4204fec90, 0x2, 0x2) /usr/local/go/src/log/log.go:333 +0xda github.com/rfjakob/gocryptfs/internal/contentenc.(*bPool).Put(0xc4200d4800, 0xc4202f2000, 0x21000, 0x41000) /home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/contentenc/bpool.go:27 +0x15d github.com/rfjakob/gocryptfs/internal/fusefrontend.(*File).doRead(0xc4200b4500, 0xc42019e000, 0x0, 0x20000, 0x28400, 0x20000, 0xc42019e000, 0xc4204ff008, 0x435164, 0xc420000180) /home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:227 +0xba9 github.com/rfjakob/gocryptfs/internal/fusefrontend.(*File).Read(0xc4200b4500, 0xc42019e000, 0x20000, 0x20000, 0x28400, 0x0, 0x0, 0x0) /home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:246 +0x23e main.(*fsckObj).file(0xc420069320, 0xc42001a630, 0x21) /home/jakob/go/src/github.com/rfjakob/gocryptfs/fsck.go:126 +0x21f main.(*fsckObj).dir(0xc420069320, 0xc420014dc0, 0x1d) /home/jakob/go/src/github.com/rfjakob/gocryptfs/fsck.go:76 +0x387 main.(*fsckObj).dir(0xc420069320, 0xc42021dae0, 0x19) /home/jakob/go/src/github.com/rfjakob/gocryptfs/fsck.go:74 +0x347 --- internal/contentenc/content.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 76b486d..57ad489 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -71,15 +71,17 @@ type ContentEnc struct { // New returns an initialized ContentEnc instance. func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc { - cipherBS := plainBS + uint64(cc.IVLen) + cryptocore.AuthTagLen - // Take IV and GHASH overhead into account. - cReqSize := int(fuse.MAX_KERNEL_WRITE / plainBS * cipherBS) - // An unaligned read (could happen with O_DIRECT?) may touch one - // additional ciphertext block. Reserve space for it. - cReqSize += int(cipherBS) if fuse.MAX_KERNEL_WRITE%plainBS != 0 { log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE) } + cipherBS := plainBS + uint64(cc.IVLen) + cryptocore.AuthTagLen + // Take IV and GHASH overhead into account. + cReqSize := int(fuse.MAX_KERNEL_WRITE / plainBS * cipherBS) + // Unaligned reads (happens during fsck, could also happen with O_DIRECT?) + // touch one additional ciphertext and plaintext block. Reserve space for the + // extra block. + cReqSize += int(cipherBS) + pReqSize := fuse.MAX_KERNEL_WRITE + int(plainBS) c := &ContentEnc{ cryptoCore: cc, plainBS: plainBS, @@ -90,7 +92,7 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEn cBlockPool: newBPool(int(cipherBS)), CReqPool: newBPool(cReqSize), pBlockPool: newBPool(int(plainBS)), - PReqPool: newBPool(fuse.MAX_KERNEL_WRITE), + PReqPool: newBPool(pReqSize), } return c }