eCryptfs fixes for 4.7-rc7:
- Provide a more concise fix for CVE-2016-1583 + Additionally fixes linux-stable regressions caused by the cherry-picking of the original fix - Some very minor changes that have queued up + Fix typos in code comments + Remove unnecessary check for NULL before destroying kmem_cache -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCgAGBQJXf8nnAAoJENaSAD2qAscKwXgP/0awhY1z40dL/igP6fPv2ack HbqrOjUVO2DzxinvKB3vRLNy93zwESxe8UpwPsl84IJ85zOQjkUkJ8PYk1oyBf0N dVWqO11g6AKNZ+VQFspconvMhZATwSrsv8z3BzvwNGLsPhPuUQ+JmbBe8xMdrsZ5 qVaWswsMtMlhM3p/zFh57vWO64fT1xiabpxSkKpG2LHJN6h6QAQxkfBfa2FuXCsN hZIw+ULcUJfdawXGq8lAfcYzbDmFpNt70fFquJgfJHrXFrOuensYfLcWUvhrSNbc HZ6imRK9LCG4IKjJTBNmCmBR8ho71yGzdKuup81Eap+2zx2kC7twokS1d5fha8iL Kzkx0NMDriY2N+tIfufHYk2IIenFzWG6Yuj0STswtJX4YhQGBc0H6VxcgrxE0PgW k1iKUV7jnJGxxN+d6lmV4+fX0vKGgBMsQq1Q76CkYLN1BAvdwz6GnWSfqP8hWz3o sNVyNtYh+/TXY8JMWKDBlps7Ib8W88qDW3K7YcAf2VPYAqIWm5Va1MR5m5s+UIeR QiCD32X/0PfDp13QRiKAHJ6C9CInyu0r+fF/g8ZMqLuWgLxoahxpr6ML/CnHoGl5 IcDydJO3/bLBq9If8WxYsOQvVKCa4e7N7o7ZHPKd8U7O39mCGNfbQx7/FlMjtvf6 +4HAxamUC1ogpLTkpWxI =Bt4P -----END PGP SIGNATURE----- Merge tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs Pull eCryptfs fixes from Tyler Hicks: "Provide a more concise fix for CVE-2016-1583: - Additionally fixes linux-stable regressions caused by the cherry-picking of the original fix Some very minor changes that have queued up: - Fix typos in code comments - Remove unnecessary check for NULL before destroying kmem_cache" * tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs: ecryptfs: don't allow mmap when the lower fs doesn't support it Revert "ecryptfs: forbid opening files without mmap handler" ecryptfs: fix spelling mistakes eCryptfs: fix typos in comment ecryptfs: drop null test before destroy functions
This commit is contained in:
commit
b987c759d2
|
@ -45,7 +45,7 @@
|
|||
* ecryptfs_to_hex
|
||||
* @dst: Buffer to take hex character representation of contents of
|
||||
* src; must be at least of size (src_size * 2)
|
||||
* @src: Buffer to be converted to a hex string respresentation
|
||||
* @src: Buffer to be converted to a hex string representation
|
||||
* @src_size: number of bytes to convert
|
||||
*/
|
||||
void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
|
||||
|
@ -60,7 +60,7 @@ void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
|
|||
* ecryptfs_from_hex
|
||||
* @dst: Buffer to take the bytes from src hex; must be at least of
|
||||
* size (src_size / 2)
|
||||
* @src: Buffer to be converted from a hex string respresentation to raw value
|
||||
* @src: Buffer to be converted from a hex string representation to raw value
|
||||
* @dst_size: size of dst buffer, or number of hex characters pairs to convert
|
||||
*/
|
||||
void ecryptfs_from_hex(char *dst, char *src, int dst_size)
|
||||
|
@ -953,7 +953,7 @@ struct ecryptfs_cipher_code_str_map_elem {
|
|||
};
|
||||
|
||||
/* Add support for additional ciphers by adding elements here. The
|
||||
* cipher_code is whatever OpenPGP applicatoins use to identify the
|
||||
* cipher_code is whatever OpenPGP applications use to identify the
|
||||
* ciphers. List in order of probability. */
|
||||
static struct ecryptfs_cipher_code_str_map_elem
|
||||
ecryptfs_cipher_code_str_map[] = {
|
||||
|
@ -1410,7 +1410,7 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
|
|||
*
|
||||
* Common entry point for reading file metadata. From here, we could
|
||||
* retrieve the header information from the header region of the file,
|
||||
* the xattr region of the file, or some other repostory that is
|
||||
* the xattr region of the file, or some other repository that is
|
||||
* stored separately from the file itself. The current implementation
|
||||
* supports retrieving the metadata information from the file contents
|
||||
* and from the xattr region.
|
||||
|
|
|
@ -169,9 +169,22 @@ out:
|
|||
return rc;
|
||||
}
|
||||
|
||||
static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
|
||||
{
|
||||
struct file *lower_file = ecryptfs_file_to_lower(file);
|
||||
/*
|
||||
* Don't allow mmap on top of file systems that don't support it
|
||||
* natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
|
||||
* allows recursive mounting, this will need to be extended.
|
||||
*/
|
||||
if (!lower_file->f_op->mmap)
|
||||
return -ENODEV;
|
||||
return generic_file_mmap(file, vma);
|
||||
}
|
||||
|
||||
/**
|
||||
* ecryptfs_open
|
||||
* @inode: inode speciying file to open
|
||||
* @inode: inode specifying file to open
|
||||
* @file: Structure to return filled in
|
||||
*
|
||||
* Opens the file specified by inode.
|
||||
|
@ -240,7 +253,7 @@ out:
|
|||
|
||||
/**
|
||||
* ecryptfs_dir_open
|
||||
* @inode: inode speciying file to open
|
||||
* @inode: inode specifying file to open
|
||||
* @file: Structure to return filled in
|
||||
*
|
||||
* Opens the file specified by inode.
|
||||
|
@ -403,7 +416,7 @@ const struct file_operations ecryptfs_main_fops = {
|
|||
#ifdef CONFIG_COMPAT
|
||||
.compat_ioctl = ecryptfs_compat_ioctl,
|
||||
#endif
|
||||
.mmap = generic_file_mmap,
|
||||
.mmap = ecryptfs_mmap,
|
||||
.open = ecryptfs_open,
|
||||
.flush = ecryptfs_flush,
|
||||
.release = ecryptfs_release,
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
#include <linux/slab.h>
|
||||
#include <linux/wait.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/file.h>
|
||||
#include "ecryptfs_kernel.h"
|
||||
|
||||
struct ecryptfs_open_req {
|
||||
|
@ -148,7 +147,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
|
|||
flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
|
||||
(*lower_file) = dentry_open(&req.path, flags, cred);
|
||||
if (!IS_ERR(*lower_file))
|
||||
goto have_file;
|
||||
goto out;
|
||||
if ((flags & O_ACCMODE) == O_RDONLY) {
|
||||
rc = PTR_ERR((*lower_file));
|
||||
goto out;
|
||||
|
@ -166,16 +165,8 @@ int ecryptfs_privileged_open(struct file **lower_file,
|
|||
mutex_unlock(&ecryptfs_kthread_ctl.mux);
|
||||
wake_up(&ecryptfs_kthread_ctl.wait);
|
||||
wait_for_completion(&req.done);
|
||||
if (IS_ERR(*lower_file)) {
|
||||
if (IS_ERR(*lower_file))
|
||||
rc = PTR_ERR(*lower_file);
|
||||
goto out;
|
||||
}
|
||||
have_file:
|
||||
if ((*lower_file)->f_op->mmap == NULL) {
|
||||
fput(*lower_file);
|
||||
*lower_file = NULL;
|
||||
rc = -EMEDIUMTYPE;
|
||||
}
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -738,8 +738,7 @@ static void ecryptfs_free_kmem_caches(void)
|
|||
struct ecryptfs_cache_info *info;
|
||||
|
||||
info = &ecryptfs_cache_infos[i];
|
||||
if (*(info->cache))
|
||||
kmem_cache_destroy(*(info->cache));
|
||||
kmem_cache_destroy(*(info->cache));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue