1. 17 12月, 2009 1 次提交
  2. 23 9月, 2009 1 次提交
    • T
      eCryptfs: Prevent lower dentry from going negative during unlink · 9c2d2056
      Tyler Hicks 提交于
      When calling vfs_unlink() on the lower dentry, d_delete() turns the
      dentry into a negative dentry when the d_count is 1.  This eventually
      caused a NULL pointer deref when a read() or write() was done and the
      negative dentry's d_inode was dereferenced in
      ecryptfs_read_update_atime() or ecryptfs_getxattr().
      
      Placing mutt's tmpdir in an eCryptfs mount is what initially triggered
      the oops and I was able to reproduce it with the following sequence:
      
      open("/tmp/upper/foo", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 3
      link("/tmp/upper/foo", "/tmp/upper/bar") = 0
      unlink("/tmp/upper/foo")                = 0
      open("/tmp/upper/bar", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 4
      unlink("/tmp/upper/bar")                = 0
      write(4, "eCryptfs test\n"..., 14 <unfinished ...>
      +++ killed by SIGKILL +++
      
      https://bugs.launchpad.net/ecryptfs/+bug/387073Reported-by: NLoïc Minier <loic.minier@canonical.com>
      Cc: Serge Hallyn <serue@us.ibm.com>
      Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
      Cc: ecryptfs-devel@lists.launchpad.net
      Cc: stable <stable@kernel.org>
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      9c2d2056
  3. 28 4月, 2009 2 次提交
  4. 23 4月, 2009 2 次提交
    • T
      eCryptfs: Larger buffer for encrypted symlink targets · 3a6b42ca
      Tyler Hicks 提交于
      When using filename encryption with eCryptfs, the value of the symlink
      in the lower filesystem is encrypted and stored as a Tag 70 packet.
      This results in a longer symlink target than if the target value wasn't
      encrypted.
      
      Users were reporting these messages in their syslog:
      
      [ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real
      packet size is [51]
      [ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag
      70 packet from filename; copying through filename as-is
      
      This was due to bufsiz, one the arguments in readlink(), being used to
      when allocating the buffer passed to the lower inode's readlink().
      That symlink target may be very large, but when decoded and decrypted,
      could end up being smaller than bufsize.
      
      To fix this, the buffer passed to the lower inode's readlink() will
      always be PATH_MAX in size when filename encryption is enabled.  Any
      necessary truncation occurs after the decoding and decrypting.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      3a6b42ca
    • T
      eCryptfs: Lock lower directory inode mutex during lookup · ca8e34f2
      Tyler Hicks 提交于
      This patch locks the lower directory inode's i_mutex before calling
      lookup_one_len() to find the appropriate dentry in the lower filesystem.
      This bug was found thanks to the warning set in commit 2f9092e1.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      ca8e34f2
  5. 22 4月, 2009 1 次提交
    • T
      eCryptfs: Fix data corruption when using ecryptfs_passthrough · 13a791b4
      Tyler Hicks 提交于
      ecryptfs_passthrough is a mount option that allows eCryptfs to allow
      data to be written to non-eCryptfs files in the lower filesystem.  The
      passthrough option was causing data corruption due to it not always
      being treated as a non-eCryptfs file.
      
      The first 8 bytes of an eCryptfs file contains the decrypted file size.
      This value was being written to the non-eCryptfs files, too.  Also,
      extra 0x00 characters were being written to make the file size a
      multiple of PAGE_CACHE_SIZE.
      Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com>
      13a791b4
  6. 23 3月, 2009 1 次提交
  7. 07 1月, 2009 3 次提交
  8. 06 1月, 2009 1 次提交
    • A
      inode->i_op is never NULL · acfa4380
      Al Viro 提交于
      We used to have rather schizophrenic set of checks for NULL ->i_op even
      though it had been eliminated years ago.  You'd need to go out of your
      way to set it to NULL explicitly _and_ a bunch of code would die on
      such inodes anyway.  After killing two remaining places that still
      did that bogosity, all that crap can go away.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      acfa4380
  9. 01 1月, 2009 1 次提交
  10. 27 7月, 2008 3 次提交
  11. 25 7月, 2008 3 次提交
  12. 13 5月, 2008 1 次提交
  13. 29 4月, 2008 3 次提交
  14. 15 2月, 2008 1 次提交
    • J
      Embed a struct path into struct nameidata instead of nd->{dentry,mnt} · 4ac91378
      Jan Blunck 提交于
      This is the central patch of a cleanup series. In most cases there is no good
      reason why someone would want to use a dentry for itself. This series reflects
      that fact and embeds a struct path into nameidata.
      
      Together with the other patches of this series
      - it enforced the correct order of getting/releasing the reference count on
        <dentry,vfsmount> pairs
      - it prepares the VFS for stacking support since it is essential to have a
        struct path in every place where the stack can be traversed
      - it reduces the overall code size:
      
      without patch series:
         text    data     bss     dec     hex filename
      5321639  858418  715768 6895825  6938d1 vmlinux
      
      with patch series:
         text    data     bss     dec     hex filename
      5320026  858418  715768 6894212  693284 vmlinux
      
      This patch:
      
      Switch from nd->{dentry,mnt} to nd->path.{dentry,mnt} everywhere.
      
      [akpm@linux-foundation.org: coding-style fixes]
      [akpm@linux-foundation.org: fix cifs]
      [akpm@linux-foundation.org: fix smack]
      Signed-off-by: NJan Blunck <jblunck@suse.de>
      Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
      Acked-by: NChristoph Hellwig <hch@lst.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4ac91378
  15. 07 2月, 2008 3 次提交
  16. 09 1月, 2008 1 次提交
    • M
      eCryptfs: fix dentry handling on create error, unlink, and inode destroy · caeeeecf
      Michael Halcrow 提交于
      This patch corrects some erroneous dentry handling in eCryptfs.
      
      If there is a problem creating the lower file, then there is nothing that
      the persistent lower file can do to really help us.  This patch makes a
      vfs_create() failure in the lower filesystem always lead to an
      unconditional do_create failure in eCryptfs.
      
      Under certain sequences of operations, the eCryptfs dentry can remain in
      the dcache after an unlink.  This patch calls d_drop() on the eCryptfs
      dentry to correct this.
      
      eCryptfs has no business calling d_delete() directly on a lower
      filesystem's dentry.  This patch removes the call to d_delete() on the
      lower persistent file's dentry in ecryptfs_destroy_inode().
      
      (Thanks to David Kleikamp, Eric Sandeen, and Jeff Moyer for helping
      identify and resolve this issue)
      Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Cc: Dave Kleikamp <shaggy@austin.ibm.com>
      Cc: Eric Sandeen <sandeen@redhat.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      caeeeecf
  17. 19 10月, 2007 1 次提交
  18. 17 10月, 2007 6 次提交
  19. 31 8月, 2007 1 次提交
  20. 23 8月, 2007 1 次提交
    • R
      eCryptfs: fix lookup error for special files · df068464
      Ryusuke Konishi 提交于
      When ecryptfs_lookup() is called against special files, eCryptfs generates
      the following errors because it tries to treat them like regular eCryptfs
      files.
      
      Error opening lower file for lower_dentry [0xffff810233a6f150], lower_mnt [0xffff810235bb4c80], and flags [0x8000]
      Error opening lower_file to read header region
      Error attempting to read the [user.ecryptfs] xattr from the lower file; return value = [-95]
      Valid metadata not found in header region or xattr region; treating file as unencrypted
      
      For instance, the problem can be reproduced by the steps below.
      
        # mkdir /root/crypt /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # mknod /mnt/crypt/c0 c 0 0
        # umount /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # ls -l /mnt/crypt
      
      This patch fixes it by adding a check similar to directories and
      symlinks.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Acked-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      df068464
  21. 12 8月, 2007 1 次提交
    • R
      eCryptfs: fix lookup error for special files · 202a21d6
      Ryusuke Konishi 提交于
      When ecryptfs_lookup() is called against special files, eCryptfs generates
      the following errors because it tries to treat them like regular eCryptfs
      files.
      
      Error opening lower file for lower_dentry [0xffff810233a6f150], lower_mnt [0xffff810235bb4c80], and flags
      [0x8000]
      Error opening lower_file to read header region
      Error attempting to read the [user.ecryptfs] xattr from the lower file; return value = [-95]
      Valid metadata not found in header region or xattr region; treating file as unencrypted
      
      For instance, the problem can be reproduced by the steps below.
      
        # mkdir /root/crypt /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # mknod /mnt/crypt/c0 c 0 0
        # umount /mnt/crypt
        # mount -t ecryptfs /root/crypt /mnt/crypt
        # ls -l /mnt/crypt
      
      This patch fixes it by adding a check similar to directories and
      symlinks.
      Signed-off-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
      Acked-by: NMichael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      202a21d6
  22. 20 7月, 2007 1 次提交
  23. 18 7月, 2007 1 次提交
    • M
      Couple fixes to fs/ecryptfs/inode.c · c381bfcf
      Mika Kukkonen 提交于
      Following was uncovered by compiling the kernel with '-W' flag:
      
        CC [M]  fs/ecryptfs/inode.o
      fs/ecryptfs/inode.c: In function ‘ecryptfs_lookup’:
      fs/ecryptfs/inode.c:304: warning: comparison of unsigned expression < 0 is always false
      fs/ecryptfs/inode.c: In function ‘ecryptfs_symlink’:
      fs/ecryptfs/inode.c:486: warning: comparison of unsigned expression < 0 is always false
      
      Function ecryptfs_encode_filename() can return -ENOMEM, so change the
      variables to plain int, as in the first case the only real use actually
      expects int, and in latter case there is no use beoynd the error check.
      Signed-off-by: NMika Kukkonen <mikukkon@iki.fi>
      Cc: Michael Halcrow <mhalcrow@us.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c381bfcf