Commit b987c759 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'ecryptfs-4.7-rc7-fixes' of...

Merge tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs fixes from Tyler Hicks:
 "Provide a more concise fix for CVE-2016-1583:
   - Additionally fixes linux-stable regressions caused by the
     cherry-picking of the original fix

  Some very minor changes that have queued up:
   - Fix typos in code comments
   - Remove unnecessary check for NULL before destroying kmem_cache"

* tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  ecryptfs: don't allow mmap when the lower fs doesn't support it
  Revert "ecryptfs: forbid opening files without mmap handler"
  ecryptfs: fix spelling mistakes
  eCryptfs: fix typos in comment
  ecryptfs: drop null test before destroy functions
parents b89c44bb f0fe970d
...@@ -45,7 +45,7 @@ ...@@ -45,7 +45,7 @@
* ecryptfs_to_hex * ecryptfs_to_hex
* @dst: Buffer to take hex character representation of contents of * @dst: Buffer to take hex character representation of contents of
* src; must be at least of size (src_size * 2) * src; must be at least of size (src_size * 2)
* @src: Buffer to be converted to a hex string respresentation * @src: Buffer to be converted to a hex string representation
* @src_size: number of bytes to convert * @src_size: number of bytes to convert
*/ */
void ecryptfs_to_hex(char *dst, char *src, size_t src_size) void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
...@@ -60,7 +60,7 @@ void ecryptfs_to_hex(char *dst, char *src, size_t src_size) ...@@ -60,7 +60,7 @@ void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
* ecryptfs_from_hex * ecryptfs_from_hex
* @dst: Buffer to take the bytes from src hex; must be at least of * @dst: Buffer to take the bytes from src hex; must be at least of
* size (src_size / 2) * size (src_size / 2)
* @src: Buffer to be converted from a hex string respresentation to raw value * @src: Buffer to be converted from a hex string representation to raw value
* @dst_size: size of dst buffer, or number of hex characters pairs to convert * @dst_size: size of dst buffer, or number of hex characters pairs to convert
*/ */
void ecryptfs_from_hex(char *dst, char *src, int dst_size) void ecryptfs_from_hex(char *dst, char *src, int dst_size)
...@@ -953,7 +953,7 @@ struct ecryptfs_cipher_code_str_map_elem { ...@@ -953,7 +953,7 @@ struct ecryptfs_cipher_code_str_map_elem {
}; };
/* Add support for additional ciphers by adding elements here. The /* Add support for additional ciphers by adding elements here. The
* cipher_code is whatever OpenPGP applicatoins use to identify the * cipher_code is whatever OpenPGP applications use to identify the
* ciphers. List in order of probability. */ * ciphers. List in order of probability. */
static struct ecryptfs_cipher_code_str_map_elem static struct ecryptfs_cipher_code_str_map_elem
ecryptfs_cipher_code_str_map[] = { ecryptfs_cipher_code_str_map[] = {
...@@ -1410,7 +1410,7 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, ...@@ -1410,7 +1410,7 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
* *
* Common entry point for reading file metadata. From here, we could * Common entry point for reading file metadata. From here, we could
* retrieve the header information from the header region of the file, * retrieve the header information from the header region of the file,
* the xattr region of the file, or some other repostory that is * the xattr region of the file, or some other repository that is
* stored separately from the file itself. The current implementation * stored separately from the file itself. The current implementation
* supports retrieving the metadata information from the file contents * supports retrieving the metadata information from the file contents
* and from the xattr region. * and from the xattr region.
......
...@@ -169,9 +169,22 @@ static int read_or_initialize_metadata(struct dentry *dentry) ...@@ -169,9 +169,22 @@ static int read_or_initialize_metadata(struct dentry *dentry)
return rc; return rc;
} }
static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
{
struct file *lower_file = ecryptfs_file_to_lower(file);
/*
* Don't allow mmap on top of file systems that don't support it
* natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
* allows recursive mounting, this will need to be extended.
*/
if (!lower_file->f_op->mmap)
return -ENODEV;
return generic_file_mmap(file, vma);
}
/** /**
* ecryptfs_open * ecryptfs_open
* @inode: inode speciying file to open * @inode: inode specifying file to open
* @file: Structure to return filled in * @file: Structure to return filled in
* *
* Opens the file specified by inode. * Opens the file specified by inode.
...@@ -240,7 +253,7 @@ static int ecryptfs_open(struct inode *inode, struct file *file) ...@@ -240,7 +253,7 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
/** /**
* ecryptfs_dir_open * ecryptfs_dir_open
* @inode: inode speciying file to open * @inode: inode specifying file to open
* @file: Structure to return filled in * @file: Structure to return filled in
* *
* Opens the file specified by inode. * Opens the file specified by inode.
...@@ -403,7 +416,7 @@ const struct file_operations ecryptfs_main_fops = { ...@@ -403,7 +416,7 @@ const struct file_operations ecryptfs_main_fops = {
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
.compat_ioctl = ecryptfs_compat_ioctl, .compat_ioctl = ecryptfs_compat_ioctl,
#endif #endif
.mmap = generic_file_mmap, .mmap = ecryptfs_mmap,
.open = ecryptfs_open, .open = ecryptfs_open,
.flush = ecryptfs_flush, .flush = ecryptfs_flush,
.release = ecryptfs_release, .release = ecryptfs_release,
......
...@@ -25,7 +25,6 @@ ...@@ -25,7 +25,6 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/wait.h> #include <linux/wait.h>
#include <linux/mount.h> #include <linux/mount.h>
#include <linux/file.h>
#include "ecryptfs_kernel.h" #include "ecryptfs_kernel.h"
struct ecryptfs_open_req { struct ecryptfs_open_req {
...@@ -148,7 +147,7 @@ int ecryptfs_privileged_open(struct file **lower_file, ...@@ -148,7 +147,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR; flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
(*lower_file) = dentry_open(&req.path, flags, cred); (*lower_file) = dentry_open(&req.path, flags, cred);
if (!IS_ERR(*lower_file)) if (!IS_ERR(*lower_file))
goto have_file; goto out;
if ((flags & O_ACCMODE) == O_RDONLY) { if ((flags & O_ACCMODE) == O_RDONLY) {
rc = PTR_ERR((*lower_file)); rc = PTR_ERR((*lower_file));
goto out; goto out;
...@@ -166,16 +165,8 @@ int ecryptfs_privileged_open(struct file **lower_file, ...@@ -166,16 +165,8 @@ int ecryptfs_privileged_open(struct file **lower_file,
mutex_unlock(&ecryptfs_kthread_ctl.mux); mutex_unlock(&ecryptfs_kthread_ctl.mux);
wake_up(&ecryptfs_kthread_ctl.wait); wake_up(&ecryptfs_kthread_ctl.wait);
wait_for_completion(&req.done); wait_for_completion(&req.done);
if (IS_ERR(*lower_file)) { if (IS_ERR(*lower_file))
rc = PTR_ERR(*lower_file); rc = PTR_ERR(*lower_file);
goto out;
}
have_file:
if ((*lower_file)->f_op->mmap == NULL) {
fput(*lower_file);
*lower_file = NULL;
rc = -EMEDIUMTYPE;
}
out: out:
return rc; return rc;
} }
...@@ -738,8 +738,7 @@ static void ecryptfs_free_kmem_caches(void) ...@@ -738,8 +738,7 @@ static void ecryptfs_free_kmem_caches(void)
struct ecryptfs_cache_info *info; struct ecryptfs_cache_info *info;
info = &ecryptfs_cache_infos[i]; info = &ecryptfs_cache_infos[i];
if (*(info->cache)) kmem_cache_destroy(*(info->cache));
kmem_cache_destroy(*(info->cache));
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment