1. 07 7月, 2012 1 次提交
  2. 04 7月, 2012 2 次提交
    • T
      eCryptfs: Fix lockdep warning in miscdev operations · 60d65f1f
      Tyler Hicks 提交于
      Don't grab the daemon mutex while holding the message context mutex.
      Addresses this lockdep warning:
      
       ecryptfsd/2141 is trying to acquire lock:
        (&ecryptfs_msg_ctx_arr[i].mux){+.+.+.}, at: [<ffffffffa029c213>] ecryptfs_miscdev_read+0x143/0x470 [ecryptfs]
      
       but task is already holding lock:
        (&(*daemon)->mux){+.+...}, at: [<ffffffffa029c2ec>] ecryptfs_miscdev_read+0x21c/0x470 [ecryptfs]
      
       which lock already depends on the new lock.
      
       the existing dependency chain (in reverse order) is:
      
       -> #1 (&(*daemon)->mux){+.+...}:
              [<ffffffff810a3b8d>] lock_acquire+0x9d/0x220
              [<ffffffff8151c6da>] __mutex_lock_common+0x5a/0x4b0
              [<ffffffff8151cc64>] mutex_lock_nested+0x44/0x50
              [<ffffffffa029c5d7>] ecryptfs_send_miscdev+0x97/0x120 [ecryptfs]
              [<ffffffffa029b744>] ecryptfs_send_message+0x134/0x1e0 [ecryptfs]
              [<ffffffffa029a24e>] ecryptfs_generate_key_packet_set+0x2fe/0xa80 [ecryptfs]
              [<ffffffffa02960f8>] ecryptfs_write_metadata+0x108/0x250 [ecryptfs]
              [<ffffffffa0290f80>] ecryptfs_create+0x130/0x250 [ecryptfs]
              [<ffffffff811963a4>] vfs_create+0xb4/0x120
              [<ffffffff81197865>] do_last+0x8c5/0xa10
              [<ffffffff811998f9>] path_openat+0xd9/0x460
              [<ffffffff81199da2>] do_filp_open+0x42/0xa0
              [<ffffffff81187998>] do_sys_open+0xf8/0x1d0
              [<ffffffff81187a91>] sys_open+0x21/0x30
              [<ffffffff81527d69>] system_call_fastpath+0x16/0x1b
      
       -> #0 (&ecryptfs_msg_ctx_arr[i].mux){+.+.+.}:
              [<ffffffff810a3418>] __lock_acquire+0x1bf8/0x1c50
              [<ffffffff810a3b8d>] lock_acquire+0x9d/0x220
              [<ffffffff8151c6da>] __mutex_lock_common+0x5a/0x4b0
              [<ffffffff8151cc64>] mutex_lock_nested+0x44/0x50
              [<ffffffffa029c213>] ecryptfs_miscdev_read+0x143/0x470 [ecryptfs]
              [<ffffffff811887d3>] vfs_read+0xb3/0x180
              [<ffffffff811888ed>] sys_read+0x4d/0x90
              [<ffffffff81527d69>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      60d65f1f
    • T
      eCryptfs: Properly check for O_RDONLY flag before doing privileged open · 9fe79d76
      Tyler Hicks 提交于
      If the first attempt at opening the lower file read/write fails,
      eCryptfs will retry using a privileged kthread. However, the privileged
      retry should not happen if the lower file's inode is read-only because a
      read/write open will still be unsuccessful.
      
      The check for determining if the open should be retried was intended to
      be based on the access mode of the lower file's open flags being
      O_RDONLY, but the check was incorrectly performed. This would cause the
      open to be retried by the privileged kthread, resulting in a second
      failed open of the lower file. This patch corrects the check to
      determine if the open request should be handled by the privileged
      kthread.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: NDan Carpenter <dan.carpenter@oracle.com>
      9fe79d76
  3. 30 5月, 2012 1 次提交
  4. 06 5月, 2012 1 次提交
  5. 08 4月, 2012 1 次提交
  6. 21 3月, 2012 4 次提交
  7. 29 2月, 2012 1 次提交
    • R
      ecryptfs: fix printk format warning for size_t · 164974a8
      Randy Dunlap 提交于
      Fix printk format warning (from Linus's suggestion):
      
      on i386:
        fs/ecryptfs/miscdev.c:433:38: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int'
      
      and on x86_64:
        fs/ecryptfs/miscdev.c:433:38: warning: format '%u' expects type 'unsigned int', but argument 4 has type 'long unsigned int'
      Signed-off-by: NRandy Dunlap <rdunlap@xenotime.net>
      Cc:	Geert Uytterhoeven <geert@linux-m68k.org>
      Cc:	Tyler Hicks <tyhicks@canonical.com>
      Cc:	Dustin Kirkland <dustin.kirkland@gazzang.com>
      Cc:	ecryptfs@vger.kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      164974a8
  8. 17 2月, 2012 3 次提交
  9. 26 1月, 2012 11 次提交
    • L
      eCryptfs: move misleading function comments · 1589cb1a
      Li Wang 提交于
       The data encryption was moved from ecryptfs_write_end into
      ecryptfs_writepage, this patch moves the corresponding function
      comments to be consistent with the modification.
      Signed-off-by: NLi Wang <liwang@nudt.edu.cn>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1589cb1a
    • T
      eCryptfs: Fix oops when printing debug info in extent crypto functions · 58ded24f
      Tyler Hicks 提交于
      If pages passed to the eCryptfs extent-based crypto functions are not
      mapped and the module parameter ecryptfs_verbosity=1 was specified at
      loading time, a NULL pointer dereference will occur.
      
      Note that this wouldn't happen on a production system, as you wouldn't
      pass ecryptfs_verbosity=1 on a production system. It leaks private
      information to the system logs and is for debugging only.
      
      The debugging info printed in these messages is no longer very useful
      and rather than doing a kmap() in these debugging paths, it will be
      better to simply remove the debugging paths completely.
      
      https://launchpad.net/bugs/913651Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Reported-by: Daniel DeFreez
      Cc: <stable@vger.kernel.org>
      58ded24f
    • T
      eCryptfs: Remove unused ecryptfs_read() · f2cb9335
      Tyler Hicks 提交于
      ecryptfs_read() has been ifdef'ed out for years now and it was
      apparently unused before then. It is time to get rid of it for good.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      f2cb9335
    • T
      eCryptfs: Check inode changes in setattr · a261a039
      Tyler Hicks 提交于
      Most filesystems call inode_change_ok() very early in ->setattr(), but
      eCryptfs didn't call it at all. It allowed the lower filesystem to make
      the call in its ->setattr() function. Then, eCryptfs would copy the
      appropriate inode attributes from the lower inode to the eCryptfs inode.
      
      This patch changes that and actually calls inode_change_ok() on the
      eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
      would happen earlier in ecryptfs_setattr(), but there are some possible
      inode initialization steps that must happen first.
      
      Since the call was already being made on the lower inode, the change in
      functionality should be minimal, except for the case of a file extending
      truncate call. In that case, inode_newsize_ok() was never being
      called on the eCryptfs inode. Rather than inode_newsize_ok() catching
      maximum file size errors early on, eCryptfs would encrypt zeroed pages
      and write them to the lower filesystem until the lower filesystem's
      write path caught the error in generic_write_checks(). This patch
      introduces a new function, called ecryptfs_inode_newsize_ok(), which
      checks if the new lower file size is within the appropriate limits when
      the truncate operation will be growing the lower file.
      
      In summary this change prevents eCryptfs truncate operations (and the
      resulting page encryptions), which would exceed the lower filesystem
      limits or FSIZE rlimits, from ever starting.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Reviewed-by: NLi Wang <liwang@nudt.edu.cn>
      Cc: <stable@vger.kernel.org>
      a261a039
    • T
      eCryptfs: Make truncate path killable · 5e6f0d76
      Tyler Hicks 提交于
      ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a
      page, zeroes out the appropriate portions, and then encrypts the page
      before writing it to the lower filesystem. It was unkillable and due to
      the lack of sparse file support could result in tying up a large portion
      of system resources, while encrypting pages of zeros, with no way for
      the truncate operation to be stopped from userspace.
      
      This patch adds the ability for ecryptfs_write() to detect a pending
      fatal signal and return as gracefully as possible. The intent is to
      leave the lower file in a useable state, while still allowing a user to
      break out of the encryption loop. If a pending fatal signal is detected,
      the eCryptfs inode size is updated to reflect the modified inode size
      and then -EINTR is returned.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: <stable@vger.kernel.org>
      5e6f0d76
    • L
      eCryptfs: Infinite loop due to overflow in ecryptfs_write() · 684a3ff7
      Li Wang 提交于
      ecryptfs_write() can enter an infinite loop when truncating a file to a
      size larger than 4G. This only happens on architectures where size_t is
      represented by 32 bits.
      
      This was caused by a size_t overflow due to it incorrectly being used to
      store the result of a calculation which uses potentially large values of
      type loff_t.
      
      [tyhicks@canonical.com: rewrite subject and commit message]
      Signed-off-by: NLi Wang <liwang@nudt.edu.cn>
      Signed-off-by: NYunchuan Wen <wenyunchuan@kylinos.com.cn>
      Reviewed-by: NCong Wang <xiyou.wangcong@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      684a3ff7
    • T
      eCryptfs: Replace miscdev read/write magic numbers · 48399c0b
      Tyler Hicks 提交于
      ecryptfs_miscdev_read() and ecryptfs_miscdev_write() contained many
      magic numbers for specifying packet header field sizes and offsets. This
      patch defines those values and replaces the magic values.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      48399c0b
    • T
      eCryptfs: Report errors in writes to /dev/ecryptfs · 7f133504
      Tyler Hicks 提交于
      Errors in writes to /dev/ecryptfs were being incorrectly reported by
      returning 0 or the value of the original write count.
      
      This patch clears up the return code assignment in error paths.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      7f133504
    • T
      eCryptfs: Sanitize write counts of /dev/ecryptfs · db10e556
      Tyler Hicks 提交于
      A malicious count value specified when writing to /dev/ecryptfs may
      result in a a very large kernel memory allocation.
      
      This patch peeks at the specified packet payload size, adds that to the
      size of the packet headers and compares the result with the write count
      value. The resulting maximum memory allocation size is approximately 532
      bytes.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Reported-by: NSasha Levin <levinsasha928@gmail.com>
      Cc: <stable@vger.kernel.org>
      db10e556
    • T
      ecryptfs: Remove unnecessary variable initialization · bb450361
      Tim Gardner 提交于
      Removes unneeded variable initialization in ecryptfs_read_metadata(). Also adds
      a small comment to help explain metadata reading logic.
      
      [tyhicks@canonical.com: Pulled out of for-stable patch and wrote commit msg]
      Signed-off-by: NTim Gardner <tim.gardner@canonical.com>
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      bb450361
    • T
      ecryptfs: Improve metadata read failure logging · 30373dc0
      Tim Gardner 提交于
      Print inode on metadata read failure. The only real
      way of dealing with metadata read failures is to delete
      the underlying file system file. Having the inode
      allows one to 'find . -inum INODE`.
      
      [tyhicks@canonical.com: Removed some minor not-for-stable parts]
      Signed-off-by: NTim Gardner <tim.gardner@canonical.com>
      Reviewed-by: NKees Cook <keescook@chromium.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      30373dc0
  10. 07 1月, 2012 1 次提交
  11. 04 1月, 2012 6 次提交
  12. 24 11月, 2011 3 次提交
    • T
      eCryptfs: Extend array bounds for all filename chars · 0f751e64
      Tyler Hicks 提交于
      From mhalcrow's original commit message:
      
          Characters with ASCII values greater than the size of
          filename_rev_map[] are valid filename characters.
          ecryptfs_decode_from_filename() will access kernel memory beyond
          that array, and ecryptfs_parse_tag_70_packet() will then decrypt
          those characters. The attacker, using the FNEK of the crafted file,
          can then re-encrypt the characters to reveal the kernel memory past
          the end of the filename_rev_map[] array. I expect low security
          impact since this array is statically allocated in the text area,
          and the amount of memory past the array that is accessible is
          limited by the largest possible ASCII filename character.
      
      This patch solves the issue reported by mhalcrow but with an
      implementation suggested by Linus to simply extend the length of
      filename_rev_map[] to 256. Characters greater than 0x7A are mapped to
      0x00, which is how invalid characters less than 0x7A were previously
      being handled.
      Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Reported-by: NMichael Halcrow <mhalcrow@google.com>
      Cc: stable@kernel.org
      0f751e64
    • T
      eCryptfs: Flush file in vma close · 32001d6f
      Tyler Hicks 提交于
      Dirty pages weren't being written back when an mmap'ed eCryptfs file was
      closed before the mapping was unmapped. Since f_ops->flush() is not
      called by the munmap() path, the lower file was simply being released.
      This patch flushes the eCryptfs file in the vm_ops->close() path.
      
      https://launchpad.net/bugs/870326Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: stable@kernel.org [2.6.39+]
      32001d6f
    • T
      eCryptfs: Prevent file create race condition · b59db43a
      Tyler Hicks 提交于
      The file creation path prematurely called d_instantiate() and
      unlock_new_inode() before the eCryptfs inode info was fully
      allocated and initialized and before the eCryptfs metadata was written
      to the lower file.
      
      This could result in race conditions in subsequent file and inode
      operations leading to unexpected error conditions or a null pointer
      dereference while attempting to use the unallocated memory.
      
      https://launchpad.net/bugs/813146Signed-off-by: NTyler Hicks <tyhicks@canonical.com>
      Cc: stable@kernel.org
      b59db43a
  13. 02 11月, 2011 1 次提交
  14. 01 11月, 2011 1 次提交
  15. 10 8月, 2011 3 次提交