<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/ecryptfs/main.c, branch linux-3.4.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>eCryptfs: Force RO mount when encrypted view is enabled</title>
<updated>2015-04-14T09:33:40+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2014-10-07T20:51:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=073b1bc26cdc00a47a6ee2eb52d757b3dd27ef28'/>
<id>073b1bc26cdc00a47a6ee2eb52d757b3dd27ef28</id>
<content type='text'>
commit 332b122d39c9cbff8b799007a825d94b2e7c12f2 upstream.

The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:

  e77a56d [PATCH] eCryptfs: Encrypted passthrough

This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Priya Bansal &lt;p.bansal@samsung.com&gt;
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 332b122d39c9cbff8b799007a825d94b2e7c12f2 upstream.

The ecryptfs_encrypted_view mount option greatly changes the
functionality of an eCryptfs mount. Instead of encrypting and decrypting
lower files, it provides a unified view of the encrypted files in the
lower filesystem. The presence of the ecryptfs_encrypted_view mount
option is intended to force a read-only mount and modifying files is not
supported when the feature is in use. See the following commit for more
information:

  e77a56d [PATCH] eCryptfs: Encrypted passthrough

This patch forces the mount to be read-only when the
ecryptfs_encrypted_view mount option is specified by setting the
MS_RDONLY flag on the superblock. Additionally, this patch removes some
broken logic in ecryptfs_open() that attempted to prevent modifications
of files when the encrypted view feature was in use. The check in
ecryptfs_open() was not sufficient to prevent file modifications using
system calls that do not operate on a file descriptor.

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Priya Bansal &lt;p.bansal@samsung.com&gt;
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li &lt;lizefan@huawei.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: check for eCryptfs cipher support at mount</title>
<updated>2012-11-26T19:37:49+00:00</updated>
<author>
<name>Tim Sally</name>
<email>tsally@atomicpeace.com</email>
</author>
<published>2012-07-12T23:10:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=122fd46fccafa6d839118815141179f1a90cfb48'/>
<id>122fd46fccafa6d839118815141179f1a90cfb48</id>
<content type='text'>
commit 5f5b331d5c21228a6519dcb793fc1629646c51a6 upstream.

The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.

Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914

Signed-off-by: Tim Sally &lt;tsally@atomicpeace.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Cc: Herton Ronaldo Krzesinski &lt;herton.krzesinski@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5f5b331d5c21228a6519dcb793fc1629646c51a6 upstream.

The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.

Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914

Signed-off-by: Tim Sally &lt;tsally@atomicpeace.com&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Cc: Herton Ronaldo Krzesinski &lt;herton.krzesinski@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Copy up POSIX ACL and read-only flags from lower mount</title>
<updated>2012-11-26T19:37:49+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2012-06-11T22:42:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c8a1ae7c0030e936470a4701a46f775a2bc7012b'/>
<id>c8a1ae7c0030e936470a4701a46f775a2bc7012b</id>
<content type='text'>
commit 069ddcda37b2cf5bb4b6031a944c0e9359213262 upstream.

When the eCryptfs mount options do not include '-o acl', but the lower
filesystem's mount options do include 'acl', the MS_POSIXACL flag is not
flipped on in the eCryptfs super block flags. This flag is what the VFS
checks in do_last() when deciding if the current umask should be applied
to a newly created inode's mode or not. When a default POSIX ACL mask is
set on a directory, the current umask is incorrectly applied to new
inodes created in the directory. This patch ignores the MS_POSIXACL flag
passed into ecryptfs_mount() and sets the flag on the eCryptfs super
block depending on the flag's presence on the lower super block.

Additionally, it is incorrect to allow a writeable eCryptfs mount on top
of a read-only lower mount. This missing check did not allow writes to
the read-only lower mount because permissions checks are still performed
on the lower filesystem's objects but it is best to simply not allow a
rw mount on top of ro mount. However, a ro eCryptfs mount on top of a rw
mount is valid and still allowed.

https://launchpad.net/bugs/1009207

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Stefan Beller &lt;stefanbeller@googlemail.com&gt;
Cc: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: Herton Ronaldo Krzesinski &lt;herton.krzesinski@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 069ddcda37b2cf5bb4b6031a944c0e9359213262 upstream.

When the eCryptfs mount options do not include '-o acl', but the lower
filesystem's mount options do include 'acl', the MS_POSIXACL flag is not
flipped on in the eCryptfs super block flags. This flag is what the VFS
checks in do_last() when deciding if the current umask should be applied
to a newly created inode's mode or not. When a default POSIX ACL mask is
set on a directory, the current umask is incorrectly applied to new
inodes created in the directory. This patch ignores the MS_POSIXACL flag
passed into ecryptfs_mount() and sets the flag on the eCryptfs super
block depending on the flag's presence on the lower super block.

Additionally, it is incorrect to allow a writeable eCryptfs mount on top
of a read-only lower mount. This missing check did not allow writes to
the read-only lower mount because permissions checks are still performed
on the lower filesystem's objects but it is best to simply not allow a
rw mount on top of ro mount. However, a ro eCryptfs mount on top of a rw
mount is valid and still allowed.

https://launchpad.net/bugs/1009207

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Stefan Beller &lt;stefanbeller@googlemail.com&gt;
Cc: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: Herton Ronaldo Krzesinski &lt;herton.krzesinski@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Write out all dirty pages just before releasing the lower file</title>
<updated>2012-10-21T16:28:01+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@canonical.com</email>
</author>
<published>2012-09-13T01:02:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e7ba1a13e4c4d315d94afb45e6dfaa7c543d9ba2'/>
<id>e7ba1a13e4c4d315d94afb45e6dfaa7c543d9ba2</id>
<content type='text'>
commit 7149f2558d5b5b988726662fe58b1c388337805b upstream.

Fixes a regression caused by:

821f749 eCryptfs: Revert to a writethrough cache model

That patch reverted some code (specifically, 32001d6f) that was
necessary to properly handle open() -&gt; mmap() -&gt; close() -&gt; dirty pages
-&gt; munmap(), because the lower file could be closed before the dirty
pages are written out.

Rather than reapplying 32001d6f, this approach is a better way of
ensuring that the lower file is still open in order to handle writing
out the dirty pages. It is called from ecryptfs_release(), while we have
a lock on the lower file pointer, just before the lower file gets the
final fput() and we overwrite the pointer.

https://launchpad.net/bugs/1047261

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Artemy Tregubenko &lt;me@arty.name&gt;
Tested-by: Artemy Tregubenko &lt;me@arty.name&gt;
Tested-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 7149f2558d5b5b988726662fe58b1c388337805b upstream.

Fixes a regression caused by:

821f749 eCryptfs: Revert to a writethrough cache model

That patch reverted some code (specifically, 32001d6f) that was
necessary to properly handle open() -&gt; mmap() -&gt; close() -&gt; dirty pages
-&gt; munmap(), because the lower file could be closed before the dirty
pages are written out.

Rather than reapplying 32001d6f, this approach is a better way of
ensuring that the lower file is still open in order to handle writing
out the dirty pages. It is called from ecryptfs_release(), while we have
a lock on the lower file pointer, just before the lower file gets the
final fput() and we overwrite the pointer.

https://launchpad.net/bugs/1047261

Signed-off-by: Tyler Hicks &lt;tyhicks@canonical.com&gt;
Reported-by: Artemy Tregubenko &lt;me@arty.name&gt;
Tested-by: Artemy Tregubenko &lt;me@arty.name&gt;
Tested-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ecryptfs: make register_filesystem() the last potential failure exit</title>
<updated>2012-03-21T01:29:49+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2012-03-18T01:29:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0794f569ec307dc25bbb12456ef75aa71f72f744'/>
<id>0794f569ec307dc25bbb12456ef75aa71f72f744</id>
<content type='text'>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>switch open-coded instances of d_make_root() to new helper</title>
<updated>2012-03-21T01:29:35+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2012-01-09T03:15:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=48fde701aff662559b38d9a609574068f22d00fe'/>
<id>48fde701aff662559b38d9a609574068f22d00fe</id>
<content type='text'>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Ecryptfs: Add mount option to check uid of device being mounted = expect uid</title>
<updated>2011-08-10T04:29:01+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2011-07-22T15:14:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=764355487ea220fdc2faf128d577d7f679b91f97'/>
<id>764355487ea220fdc2faf128d577d7f679b91f97</id>
<content type='text'>
Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: &lt;stable@kernel.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
source (device) can be raced when the ownership test is done in userspace.
Provide Ecryptfs a means to force the uid check at mount time.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Cc: &lt;stable@kernel.org&gt;
Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Remove ecryptfs_header_cache_2</title>
<updated>2011-05-29T19:24:25+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@linux.vnet.ibm.com</email>
</author>
<published>2011-05-24T10:11:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3063287053bca5207e121c567b95b2b6f0bdc2c8'/>
<id>3063287053bca5207e121c567b95b2b6f0bdc2c8</id>
<content type='text'>
Now that ecryptfs_lookup_interpose() is no longer using
ecryptfs_header_cache_2 to read in metadata, the kmem_cache can be
removed and the ecryptfs_header_cache_1 kmem_cache can be renamed to
ecryptfs_header_cache.

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Now that ecryptfs_lookup_interpose() is no longer using
ecryptfs_header_cache_2 to read in metadata, the kmem_cache can be
removed and the ecryptfs_header_cache_1 kmem_cache can be renamed to
ecryptfs_header_cache.

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Fix new inode race condition</title>
<updated>2011-05-29T19:23:39+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@linux.vnet.ibm.com</email>
</author>
<published>2011-05-24T08:49:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3b06b3ebf44170c90c893c6c80916db6e922b9f2'/>
<id>3b06b3ebf44170c90c893c6c80916db6e922b9f2</id>
<content type='text'>
Only unlock and d_add() new inodes after the plaintext inode size has
been read from the lower filesystem. This fixes a race condition that
was sometimes seen during a multi-job kernel build in an eCryptfs mount.

https://bugzilla.kernel.org/show_bug.cgi?id=36002

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
Reported-by: David &lt;david@unsolicited.net&gt;
Tested-by: David &lt;david@unsolicited.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Only unlock and d_add() new inodes after the plaintext inode size has
been read from the lower filesystem. This fixes a race condition that
was sometimes seen during a multi-job kernel build in an eCryptfs mount.

https://bugzilla.kernel.org/show_bug.cgi?id=36002

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
Reported-by: David &lt;david@unsolicited.net&gt;
Tested-by: David &lt;david@unsolicited.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>eCryptfs: Consolidate inode functions into inode.c</title>
<updated>2011-05-29T17:49:53+00:00</updated>
<author>
<name>Tyler Hicks</name>
<email>tyhicks@linux.vnet.ibm.com</email>
</author>
<published>2011-05-24T02:18:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c4f790736ca8d7d86883c5aee2ba1caa15cd8da3'/>
<id>c4f790736ca8d7d86883c5aee2ba1caa15cd8da3</id>
<content type='text'>
These functions should live in inode.c since their focus is on inodes
and they're primarily used by functions in inode.c.

Also does a simple cleanup of ecryptfs_inode_test() and rolls
ecryptfs_init_inode() into ecryptfs_inode_set().

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
Tested-by: David &lt;david@unsolicited.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
These functions should live in inode.c since their focus is on inodes
and they're primarily used by functions in inode.c.

Also does a simple cleanup of ecryptfs_inode_test() and rolls
ecryptfs_init_inode() into ecryptfs_inode_set().

Signed-off-by: Tyler Hicks &lt;tyhicks@linux.vnet.ibm.com&gt;
Tested-by: David &lt;david@unsolicited.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
