blk-crypto: fix check for too-large dun_bytes

Commit Message

Eric Biggers Aug. 25, 2021, 5:59 a.m. UTC

From: Eric Biggers <ebiggers@google.com>

dun_bytes needs to be less than or equal to the IV size of the
encryption mode, not just less than or equal to BLK_CRYPTO_MAX_IV_SIZE.

Currently this doesn't matter since blk_crypto_init_key() is never
actually passed invalid values, but we might as well fix this.

Fixes: a892c8d52c02 ("block: Inline encryption support for blk-mq")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 block/blk-crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jens Axboe Aug. 25, 2021, 12:45 p.m. UTC | #1

On 8/24/21 11:59 PM, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> dun_bytes needs to be less than or equal to the IV size of the
> encryption mode, not just less than or equal to BLK_CRYPTO_MAX_IV_SIZE.
> 
> Currently this doesn't matter since blk_crypto_init_key() is never
> actually passed invalid values, but we might as well fix this.

Applied, thanks.

Patch

diff --git a/block/blk-crypto.c b/block/blk-crypto.c
index c5bdaafffa29f..103c2e2d50d67 100644
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -332,7 +332,7 @@  int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
 	if (mode->keysize == 0)
 		return -EINVAL;
 
-	if (dun_bytes == 0 || dun_bytes > BLK_CRYPTO_MAX_IV_SIZE)
+	if (dun_bytes == 0 || dun_bytes > mode->ivsize)
 		return -EINVAL;
 
 	if (!is_power_of_2(data_unit_size))