• Colin Ian King's avatar
    eCryptfs: Clear ECRYPTFS_NEW_FILE flag during truncate · 012660d6
    Colin Ian King authored
    BugLink: http://bugs.launchpad.net/bugs/745836
    
    The ECRYPTFS_NEW_FILE crypt_stat flag is set upon creation of a new
    eCryptfs file. When the flag is set, eCryptfs reads directly from the
    lower filesystem when bringing a page up to date. This means that no
    offset translation (for the eCryptfs file metadata in the lower file)
    and no decryption is performed. The flag is cleared just before the
    first write is completed (at the beginning of ecryptfs_write_begin()).
    
    It was discovered that if a new file was created and then extended with
    truncate, the ECRYPTFS_NEW_FILE flag was not cleared. If pages
    corresponding to this file are ever reclaimed, any subsequent reads
    would result in userspace seeing eCryptfs file metadata and encrypted
    file contents instead of the expected decrypted file contents.
    
    Data corruption is possible if the file is written to before the
    eCryptfs directory is unmounted. The data written will be copied into
    pages which have been read directly from the lower file rather than
    zeroed pages, as would be expected after extending the file with
    truncate.
    
    This flag, and the functionality that used it, was removed in upstream
    kernels in 2.6.39 with the following commits:
    
    bd4f0fe8
    fed8859bSigned-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
    Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Acked-by: default avatarAndy Whitcroft <apw@canonical.com>
    Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
    Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
    012660d6
inode.c 33.7 KB