Re: [PATCH net] rxrpc: Fix an assertion in rxrpc_read()

2017-02-24 Thread David Miller 
From: David Howells 
Date: Fri, 24 Feb 2017 12:33:09 +

> From: Marc Dionne 
> 
> In the rxrpc_read() function, which allows a user to read the contents of a
> key, we miscalculate the expected length of an encoded rxkad token by not
> taking into account the key length.  However, the data is stored later
> anyway with an ENCODE_DATA() call - and an assertion failure then ensues
> when the lengths are checked at the end.
> 
> Fix this by including the key length in the token size estimation.
> 
> The following assertion is produced:
 ...
> Signed-off-by: Marc Dionne 
> Signed-off-by: David Howells 

Applied.

[PATCH net] rxrpc: Fix an assertion in rxrpc_read()

2017-02-24 Thread David Howells 
From: Marc Dionne 

In the rxrpc_read() function, which allows a user to read the contents of a
key, we miscalculate the expected length of an encoded rxkad token by not
taking into account the key length.  However, the data is stored later
anyway with an ENCODE_DATA() call - and an assertion failure then ensues
when the lengths are checked at the end.

Fix this by including the key length in the token size estimation.

The following assertion is produced:

Assertion failed - 384(0x180) == 380(0x17c) is false
[ cut here ]
kernel BUG at ../net/rxrpc/key.c:1221!
invalid opcode:  [#1] SMP
Modules linked in:
CPU: 2 PID: 2957 Comm: keyctl Not tainted 4.10.0-fscache+ #483
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
task: 8804013a8500 task.stack: 8804013ac000
RIP: 0010:rxrpc_read+0x10de/0x11b6
RSP: 0018:8804013afe48 EFLAGS: 00010296
RAX: 003b RBX: 0003 RCX: 
RDX: 00040001 RSI: 00f6 RDI: 0300
RBP: 8804013afed8 R08: 0001 R09: 0001
R10: 8804013afd90 R11: 0002 R12: 5575f7c911b4
R13: 5575f7c911b3 R14: 0157 R15: 880408a5d640
FS:  7f8dfbc73700() GS:88041fb0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 5575f7c91008 CR3: 00040120a000 CR4: 001406e0
Call Trace:
 keyctl_read_key+0xb6/0xd7
 SyS_keyctl+0x83/0xe7
 do_syscall_64+0x80/0x191
 entry_SYSCALL64_slow_path+0x25/0x25

Signed-off-by: Marc Dionne 
Signed-off-by: David Howells 
---

 net/rxrpc/key.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 18c737a61d80..0a4e28477ad9 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -1065,7 +1065,7 @@ static long rxrpc_read(const struct key *key,
 
switch (token->security_index) {
case RXRPC_SECURITY_RXKAD:
-   toksize += 8 * 4;   /* viceid, kvno, key*2, begin,
+   toksize += 9 * 4;   /* viceid, kvno, key*2 + len, 
begin,
 * end, primary, tktlen */
toksize += RND(token->kad->ticket_len);
break;