- Fix error handling when ecryptfs_read_lower() encounters an error
- Fix read-only file creation when the eCryptfs mount is configured to store metadata in xattrs - Minor code cleanups -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCgAGBQJdK9CKAAoJENaSAD2qAscK6c0P/R7TCVq7hj8HW78dGxcfMK6S 5ASSlTS5lbb9UKdlluFt58XNSpoH4aNACwmwsYCbRJiwfddndnMayQC9lu+8mnjs nBzNo3atZeC4x2SZxdUOCpAfeAT4eaclkVC5GnIaF4dpBePkj/+PVzBrCDkMq/fx c9oz56Z7t+V9Urv6904fr/WBl1UmCfgMqYuoyFiApdhWJirLCsG/1/GJHgio50tu CvZK7jckF8yePBlovSYpDaPP6+w1Y+XDbQ4ATo5984KEBnApR1HxwbY5AgH2ZSVw 7PEVRa1FdNS9OTh79R0VAz4jKZumgN/fCPGzd2sMbymZcQdhQThpMPbRwY17yTIO 9MGsVIG7ZZfosR5g3t5xJ2jq/uc5KCGQ+FGshwn0WrTa3VyA5sACS66co18ZEo3f G3K7oZG6BqPBytSzPp/uAl1a2CkIJjQX1Q0ywrzZXe2vS6NSZZKl0rkIcM+HiqSl xjznVpQp1hEURdrRu26/th/pIf5DoyjTULo5E7UG9Br0tk7VUXTZjq5nTDlIKL1C 2rwVUOSQS4Hr1LA+01UAK+Vda+XOvJpsMzLhp8P6q7ozRMKyZ5KfeqdLXgOIxVNH 1LUdur2wQHpImsrs71fRCPiZ961FulsYC4XPAqm7tTXfd5X3v062PAmwQQVpj4l0 qlBQz3bkkB40I0yezd+A =C+HK -----END PGP SIGNATURE----- Merge tag 'ecryptfs-5.3-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs Pull eCryptfs updates from Tyler Hicks: - Fix error handling when ecryptfs_read_lower() encounters an error - Fix read-only file creation when the eCryptfs mount is configured to store metadata in xattrs - Minor code cleanups * tag 'ecryptfs-5.3-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs: ecryptfs: Change return type of ecryptfs_process_flags ecryptfs: Make ecryptfs_xattr_handler static ecryptfs: remove unnessesary null check in ecryptfs_keyring_auth_tok_for_sig ecryptfs: use print_hex_dump_bytes for hexdump eCryptfs: fix permission denied with ecryptfs_xattr mount option when create readonly file ecryptfs: re-order a condition for static checkers eCryptfs: fix a couple type promotion bugs
This commit is contained in:
commit
fa6e951a2a
|
@ -23,6 +23,7 @@
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include <asm/unaligned.h>
|
#include <asm/unaligned.h>
|
||||||
#include <linux/kernel.h>
|
#include <linux/kernel.h>
|
||||||
|
#include <linux/xattr.h>
|
||||||
#include "ecryptfs_kernel.h"
|
#include "ecryptfs_kernel.h"
|
||||||
|
|
||||||
#define DECRYPT 0
|
#define DECRYPT 0
|
||||||
|
@ -860,13 +861,10 @@ static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
|
||||||
* @crypt_stat: The cryptographic context
|
* @crypt_stat: The cryptographic context
|
||||||
* @page_virt: Source data to be parsed
|
* @page_virt: Source data to be parsed
|
||||||
* @bytes_read: Updated with the number of bytes read
|
* @bytes_read: Updated with the number of bytes read
|
||||||
*
|
|
||||||
* Returns zero on success; non-zero if the flag set is invalid
|
|
||||||
*/
|
*/
|
||||||
static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
|
static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
|
||||||
char *page_virt, int *bytes_read)
|
char *page_virt, int *bytes_read)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
|
||||||
int i;
|
int i;
|
||||||
u32 flags;
|
u32 flags;
|
||||||
|
|
||||||
|
@ -879,7 +877,6 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
|
||||||
/* Version is in top 8 bits of the 32-bit flag vector */
|
/* Version is in top 8 bits of the 32-bit flag vector */
|
||||||
crypt_stat->file_version = ((flags >> 24) & 0xFF);
|
crypt_stat->file_version = ((flags >> 24) & 0xFF);
|
||||||
(*bytes_read) = 4;
|
(*bytes_read) = 4;
|
||||||
return rc;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1004,8 +1001,10 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode)
|
||||||
|
|
||||||
rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
|
rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
|
||||||
inode);
|
inode);
|
||||||
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
if (rc < 0)
|
||||||
return rc >= 0 ? -EINVAL : rc;
|
return rc;
|
||||||
|
else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
||||||
|
return -EINVAL;
|
||||||
rc = ecryptfs_validate_marker(marker);
|
rc = ecryptfs_validate_marker(marker);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
ecryptfs_i_size_init(file_size, inode);
|
ecryptfs_i_size_init(file_size, inode);
|
||||||
|
@ -1115,9 +1114,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
|
||||||
char *page_virt, size_t size)
|
char *page_virt, size_t size)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
|
||||||
|
struct inode *lower_inode = d_inode(lower_dentry);
|
||||||
|
|
||||||
rc = ecryptfs_setxattr(ecryptfs_dentry, ecryptfs_inode,
|
if (!(lower_inode->i_opflags & IOP_XATTR)) {
|
||||||
ECRYPTFS_XATTR_NAME, page_virt, size, 0);
|
rc = -EOPNOTSUPP;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
inode_lock(lower_inode);
|
||||||
|
rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
|
||||||
|
page_virt, size, 0);
|
||||||
|
if (!rc && ecryptfs_inode)
|
||||||
|
fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
|
||||||
|
inode_unlock(lower_inode);
|
||||||
|
out:
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1291,12 +1302,7 @@ static int ecryptfs_read_headers_virt(char *page_virt,
|
||||||
if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
|
if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
|
||||||
ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
|
ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
|
||||||
offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
|
offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
|
||||||
rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
|
ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read);
|
||||||
&bytes_read);
|
|
||||||
if (rc) {
|
|
||||||
ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
|
if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
|
||||||
ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
|
ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
|
||||||
"file version [%d] is supported by this "
|
"file version [%d] is supported by this "
|
||||||
|
@ -1367,8 +1373,10 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
|
||||||
ecryptfs_inode_to_lower(inode),
|
ecryptfs_inode_to_lower(inode),
|
||||||
ECRYPTFS_XATTR_NAME, file_size,
|
ECRYPTFS_XATTR_NAME, file_size,
|
||||||
ECRYPTFS_SIZE_AND_MARKER_BYTES);
|
ECRYPTFS_SIZE_AND_MARKER_BYTES);
|
||||||
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
if (rc < 0)
|
||||||
return rc >= 0 ? -EINVAL : rc;
|
return rc;
|
||||||
|
else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
|
||||||
|
return -EINVAL;
|
||||||
rc = ecryptfs_validate_marker(marker);
|
rc = ecryptfs_validate_marker(marker);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
ecryptfs_i_size_init(file_size, inode);
|
ecryptfs_i_size_init(file_size, inode);
|
||||||
|
|
|
@ -83,25 +83,9 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
|
||||||
*/
|
*/
|
||||||
void ecryptfs_dump_hex(char *data, int bytes)
|
void ecryptfs_dump_hex(char *data, int bytes)
|
||||||
{
|
{
|
||||||
int i = 0;
|
|
||||||
int add_newline = 1;
|
|
||||||
|
|
||||||
if (ecryptfs_verbosity < 1)
|
if (ecryptfs_verbosity < 1)
|
||||||
return;
|
return;
|
||||||
if (bytes != 0) {
|
|
||||||
printk(KERN_DEBUG "0x%.2x.", (unsigned char)data[i]);
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
while (i < bytes) {
|
|
||||||
printk("0x%.2x.", (unsigned char)data[i]);
|
|
||||||
i++;
|
|
||||||
if (i % 16 == 0) {
|
|
||||||
printk("\n");
|
|
||||||
add_newline = 0;
|
|
||||||
} else
|
|
||||||
add_newline = 1;
|
|
||||||
}
|
|
||||||
if (add_newline)
|
|
||||||
printk("\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
print_hex_dump(KERN_DEBUG, "ecryptfs: ", DUMP_PREFIX_OFFSET, 16, 1,
|
||||||
|
data, bytes, false);
|
||||||
|
}
|
||||||
|
|
|
@ -1121,7 +1121,7 @@ static int ecryptfs_xattr_set(const struct xattr_handler *handler,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const struct xattr_handler ecryptfs_xattr_handler = {
|
static const struct xattr_handler ecryptfs_xattr_handler = {
|
||||||
.prefix = "", /* match anything */
|
.prefix = "", /* match anything */
|
||||||
.get = ecryptfs_xattr_get,
|
.get = ecryptfs_xattr_get,
|
||||||
.set = ecryptfs_xattr_set,
|
.set = ecryptfs_xattr_set,
|
||||||
|
|
|
@ -1048,8 +1048,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
|
||||||
"rc = [%d]\n", __func__, rc);
|
"rc = [%d]\n", __func__, rc);
|
||||||
goto out_free_unlock;
|
goto out_free_unlock;
|
||||||
}
|
}
|
||||||
while (s->decrypted_filename[s->i] != '\0'
|
|
||||||
&& s->i < s->block_aligned_filename_size)
|
while (s->i < s->block_aligned_filename_size &&
|
||||||
|
s->decrypted_filename[s->i] != '\0')
|
||||||
s->i++;
|
s->i++;
|
||||||
if (s->i == s->block_aligned_filename_size) {
|
if (s->i == s->block_aligned_filename_size) {
|
||||||
printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
|
printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
|
||||||
|
@ -1611,9 +1612,9 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
|
(*auth_tok_key) = request_key(&key_type_user, sig, NULL);
|
||||||
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
|
if (IS_ERR(*auth_tok_key)) {
|
||||||
(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
|
(*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
|
||||||
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
|
if (IS_ERR(*auth_tok_key)) {
|
||||||
printk(KERN_ERR "Could not find key with description: [%s]\n",
|
printk(KERN_ERR "Could not find key with description: [%s]\n",
|
||||||
sig);
|
sig);
|
||||||
rc = process_request_key_err(PTR_ERR(*auth_tok_key));
|
rc = process_request_key_err(PTR_ERR(*auth_tok_key));
|
||||||
|
|
Loading…
Reference in New Issue