linux-stable.git/fs/ecryptfs/inode.c, branch v3.4 Linux kernel stable tree eCryptfs: Copy up lower inode attrs after setting lower xattr 2012-02-16T22:06:27+00:00 Tyler Hicks tyhicks@canonical.com 2012-02-07T23:55:40+00:00 545d680938be1e86a6c5250701ce9abaf360c495 After passing through a ->setxattr() call, eCryptfs needs to copy the inode attributes from the lower inode to the eCryptfs inode, as they may have changed in the lower filesystem's ->setxattr() path. One example is if an extended attribute containing a POSIX Access Control List is being set. The new ACL may cause the lower filesystem to modify the mode of the lower inode and the eCryptfs inode would need to be updated to reflect the new mode. https://launchpad.net/bugs/926292 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Sebastien Bacher <seb128@ubuntu.com> Cc: John Johansen <john.johansen@canonical.com> Cc: <stable@vger.kernel.org> 
After passing through a ->setxattr() call, eCryptfs needs to copy the
inode attributes from the lower inode to the eCryptfs inode, as they
may have changed in the lower filesystem's ->setxattr() path.

One example is if an extended attribute containing a POSIX Access
Control List is being set. The new ACL may cause the lower filesystem to
modify the mode of the lower inode and the eCryptfs inode would need to
be updated to reflect the new mode.

https://launchpad.net/bugs/926292

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Sebastien Bacher <seb128@ubuntu.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: <stable@vger.kernel.org>
eCryptfs: Check inode changes in setattr 2012-01-25T20:43:41+00:00 Tyler Hicks tyhicks@canonical.com 2012-01-20T02:33:44+00:00 a261a03904849c3df50bd0300efb7fb3f865137d Most filesystems call inode_change_ok() very early in ->setattr(), but eCryptfs didn't call it at all. It allowed the lower filesystem to make the call in its ->setattr() function. Then, eCryptfs would copy the appropriate inode attributes from the lower inode to the eCryptfs inode. This patch changes that and actually calls inode_change_ok() on the eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call would happen earlier in ecryptfs_setattr(), but there are some possible inode initialization steps that must happen first. Since the call was already being made on the lower inode, the change in functionality should be minimal, except for the case of a file extending truncate call. In that case, inode_newsize_ok() was never being called on the eCryptfs inode. Rather than inode_newsize_ok() catching maximum file size errors early on, eCryptfs would encrypt zeroed pages and write them to the lower filesystem until the lower filesystem's write path caught the error in generic_write_checks(). This patch introduces a new function, called ecryptfs_inode_newsize_ok(), which checks if the new lower file size is within the appropriate limits when the truncate operation will be growing the lower file. In summary this change prevents eCryptfs truncate operations (and the resulting page encryptions), which would exceed the lower filesystem limits or FSIZE rlimits, from ever starting. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Li Wang <liwang@nudt.edu.cn> Cc: <stable@vger.kernel.org> 
Most filesystems call inode_change_ok() very early in ->setattr(), but
eCryptfs didn't call it at all. It allowed the lower filesystem to make
the call in its ->setattr() function. Then, eCryptfs would copy the
appropriate inode attributes from the lower inode to the eCryptfs inode.

This patch changes that and actually calls inode_change_ok() on the
eCryptfs inode, fairly early in ecryptfs_setattr(). Ideally, the call
would happen earlier in ecryptfs_setattr(), but there are some possible
inode initialization steps that must happen first.

Since the call was already being made on the lower inode, the change in
functionality should be minimal, except for the case of a file extending
truncate call. In that case, inode_newsize_ok() was never being
called on the eCryptfs inode. Rather than inode_newsize_ok() catching
maximum file size errors early on, eCryptfs would encrypt zeroed pages
and write them to the lower filesystem until the lower filesystem's
write path caught the error in generic_write_checks(). This patch
introduces a new function, called ecryptfs_inode_newsize_ok(), which
checks if the new lower file size is within the appropriate limits when
the truncate operation will be growing the lower file.

In summary this change prevents eCryptfs truncate operations (and the
resulting page encryptions), which would exceed the lower filesystem
limits or FSIZE rlimits, from ever starting.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Li Wang <liwang@nudt.edu.cn>
Cc: <stable@vger.kernel.org>
fs: propagate umode_t, misc bits 2012-01-04T03:55:10+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T07:30:54+00:00 175a4eb7ea531cdbf6d574f5d5ba9aa0f5e8ed13 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
kill ecryptfs_create_underlying_file() 2012-01-04T03:54:57+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-24T17:47:19+00:00 18cb1b08d2e1ff6907130fc0ce78a5912efa0ba5 it's a just a wrapper for vfs_create() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
it's a just a wrapper for vfs_create()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch ->mknod() to umode_t 2012-01-04T03:54:54+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:52:52+00:00 1a67aafb5f72a436ca044293309fa7e6351d6a35 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch ->create() to umode_t 2012-01-04T03:54:53+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:42:34+00:00 4acdaf27ebe2034c342f3be57ef49aed1ad885ef vfs_create() ignores everything outside of 16bit subset of its mode argument; switching it to umode_t is obviously equivalent and it's the only caller of the method Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
vfs_create() ignores everything outside of 16bit subset of its
mode argument; switching it to umode_t is obviously equivalent
and it's the only caller of the method

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch vfs_mkdir() and ->mkdir() to umode_t 2012-01-04T03:54:53+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:41:39+00:00 18bb1db3e7607e4a997d50991a6f9fa5b0f8722c vfs_mkdir() gets int, but immediately drops everything that might not fit into umode_t and that's the only caller of ->mkdir()... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
vfs_mkdir() gets int, but immediately drops everything that might not
fit into umode_t and that's the only caller of ->mkdir()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
eCryptfs: Prevent file create race condition 2011-11-23T21:39:38+00:00 Tyler Hicks tyhicks@canonical.com 2011-11-21T23:31:02+00:00 b59db43ad4434519feb338eacb01d77eb50825c5 The file creation path prematurely called d_instantiate() and unlock_new_inode() before the eCryptfs inode info was fully allocated and initialized and before the eCryptfs metadata was written to the lower file. This could result in race conditions in subsequent file and inode operations leading to unexpected error conditions or a null pointer dereference while attempting to use the unallocated memory. https://launchpad.net/bugs/813146 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Cc: stable@kernel.org 
The file creation path prematurely called d_instantiate() and
unlock_new_inode() before the eCryptfs inode info was fully
allocated and initialized and before the eCryptfs metadata was written
to the lower file.

This could result in race conditions in subsequent file and inode
operations leading to unexpected error conditions or a null pointer
dereference while attempting to use the unallocated memory.

https://launchpad.net/bugs/813146

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@kernel.org
filesystems: add set_nlink() 2011-11-02T11:53:43+00:00 Miklos Szeredi mszeredi@suse.cz 2011-10-28T12:13:29+00:00 bfe8684869601dacfcb2cd69ef8cfd9045f62170 Replace remaining direct i_nlink updates with a new set_nlink() updater function. Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com> Signed-off-by: Christoph Hellwig <hch@lst.de> 
Replace remaining direct i_nlink updates with a new set_nlink()
updater function.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Tested-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
ecryptfs: Make inode bdi consistent with superblock bdi 2011-07-29T04:48:26+00:00 Thieu Le thieule@chromium.org 2011-07-26T23:15:10+00:00 985ca0e626e195ea08a1a82b8dbeb6719747429a Make the inode mapping bdi consistent with the superblock bdi so that dirty pages are flushed properly. Signed-off-by: Thieu Le <thieule@chromium.org> Cc: <stable@kernel.org> [2.6.39+] Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> 
Make the inode mapping bdi consistent with the superblock bdi so that
dirty pages are flushed properly.

Signed-off-by: Thieu Le <thieule@chromium.org>
Cc: <stable@kernel.org> [2.6.39+]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>