linux.git/fs/ecryptfs, branch v3.3-rc1 Linux kernel source tree vfs: switch ->show_options() to struct dentry * 2012-01-07T04:19:54+00:00 Al Viro viro@zeniv.linux.org.uk 2011-12-09T02:32:45+00:00 34c80b1d93e6e20ca9dea0baf583a5b5510d92d4 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs: propagate umode_t, misc bits 2012-01-04T03:55:10+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T07:30:54+00:00 175a4eb7ea531cdbf6d574f5d5ba9aa0f5e8ed13 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
kill ecryptfs_create_underlying_file() 2012-01-04T03:54:57+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-24T17:47:19+00:00 18cb1b08d2e1ff6907130fc0ce78a5912efa0ba5 it's a just a wrapper for vfs_create() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
it's a just a wrapper for vfs_create()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch ->mknod() to umode_t 2012-01-04T03:54:54+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:52:52+00:00 1a67aafb5f72a436ca044293309fa7e6351d6a35 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch ->create() to umode_t 2012-01-04T03:54:53+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:42:34+00:00 4acdaf27ebe2034c342f3be57ef49aed1ad885ef vfs_create() ignores everything outside of 16bit subset of its mode argument; switching it to umode_t is obviously equivalent and it's the only caller of the method Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
vfs_create() ignores everything outside of 16bit subset of its
mode argument; switching it to umode_t is obviously equivalent
and it's the only caller of the method

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
switch vfs_mkdir() and ->mkdir() to umode_t 2012-01-04T03:54:53+00:00 Al Viro viro@zeniv.linux.org.uk 2011-07-26T05:41:39+00:00 18bb1db3e7607e4a997d50991a6f9fa5b0f8722c vfs_mkdir() gets int, but immediately drops everything that might not fit into umode_t and that's the only caller of ->mkdir()... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
vfs_mkdir() gets int, but immediately drops everything that might not
fit into umode_t and that's the only caller of ->mkdir()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
vfs: fix the stupidity with i_dentry in inode destructors 2012-01-04T03:52:40+00:00 Al Viro viro@zeniv.linux.org.uk 2011-12-12T20:51:45+00:00 6b520e0565422966cdf1c3759bd73df77b0f248c Seeing that just about every destructor got that INIT_LIST_HEAD() copied into it, there is no point whatsoever keeping this INIT_LIST_HEAD in inode_init_once(); the cost of taking it into inode_init_always() will be negligible for pipes and sockets and negative for everything else. Not to mention the removal of boilerplate code from ->destroy_inode() instances... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Seeing that just about every destructor got that INIT_LIST_HEAD() copied into
it, there is no point whatsoever keeping this INIT_LIST_HEAD in inode_init_once();
the cost of taking it into inode_init_always() will be negligible for pipes
and sockets and negative for everything else.  Not to mention the removal of
boilerplate code from ->destroy_inode() instances...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
eCryptfs: Extend array bounds for all filename chars 2011-11-23T21:43:53+00:00 Tyler Hicks tyhicks@canonical.com 2011-11-23T17:31:24+00:00 0f751e641a71157aa584c2a2e22fda52b52b8a56 From mhalcrow's original commit message: Characters with ASCII values greater than the size of filename_rev_map[] are valid filename characters. ecryptfs_decode_from_filename() will access kernel memory beyond that array, and ecryptfs_parse_tag_70_packet() will then decrypt those characters. The attacker, using the FNEK of the crafted file, can then re-encrypt the characters to reveal the kernel memory past the end of the filename_rev_map[] array. I expect low security impact since this array is statically allocated in the text area, and the amount of memory past the array that is accessible is limited by the largest possible ASCII filename character. This patch solves the issue reported by mhalcrow but with an implementation suggested by Linus to simply extend the length of filename_rev_map[] to 256. Characters greater than 0x7A are mapped to 0x00, which is how invalid characters less than 0x7A were previously being handled. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reported-by: Michael Halcrow <mhalcrow@google.com> Cc: stable@kernel.org 
From mhalcrow's original commit message:

    Characters with ASCII values greater than the size of
    filename_rev_map[] are valid filename characters.
    ecryptfs_decode_from_filename() will access kernel memory beyond
    that array, and ecryptfs_parse_tag_70_packet() will then decrypt
    those characters. The attacker, using the FNEK of the crafted file,
    can then re-encrypt the characters to reveal the kernel memory past
    the end of the filename_rev_map[] array. I expect low security
    impact since this array is statically allocated in the text area,
    and the amount of memory past the array that is accessible is
    limited by the largest possible ASCII filename character.

This patch solves the issue reported by mhalcrow but with an
implementation suggested by Linus to simply extend the length of
filename_rev_map[] to 256. Characters greater than 0x7A are mapped to
0x00, which is how invalid characters less than 0x7A were previously
being handled.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Michael Halcrow <mhalcrow@google.com>
Cc: stable@kernel.org
eCryptfs: Flush file in vma close 2011-11-23T21:40:09+00:00 Tyler Hicks tyhicks@canonical.com 2011-11-21T23:31:29+00:00 32001d6fe9ac6b0423e674a3093aa56740849f3b Dirty pages weren't being written back when an mmap'ed eCryptfs file was closed before the mapping was unmapped. Since f_ops->flush() is not called by the munmap() path, the lower file was simply being released. This patch flushes the eCryptfs file in the vm_ops->close() path. https://launchpad.net/bugs/870326 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Cc: stable@kernel.org [2.6.39+] 
Dirty pages weren't being written back when an mmap'ed eCryptfs file was
closed before the mapping was unmapped. Since f_ops->flush() is not
called by the munmap() path, the lower file was simply being released.
This patch flushes the eCryptfs file in the vm_ops->close() path.

https://launchpad.net/bugs/870326

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@kernel.org [2.6.39+]
eCryptfs: Prevent file create race condition 2011-11-23T21:39:38+00:00 Tyler Hicks tyhicks@canonical.com 2011-11-21T23:31:02+00:00 b59db43ad4434519feb338eacb01d77eb50825c5 The file creation path prematurely called d_instantiate() and unlock_new_inode() before the eCryptfs inode info was fully allocated and initialized and before the eCryptfs metadata was written to the lower file. This could result in race conditions in subsequent file and inode operations leading to unexpected error conditions or a null pointer dereference while attempting to use the unallocated memory. https://launchpad.net/bugs/813146 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Cc: stable@kernel.org 
The file creation path prematurely called d_instantiate() and
unlock_new_inode() before the eCryptfs inode info was fully
allocated and initialized and before the eCryptfs metadata was written
to the lower file.

This could result in race conditions in subsequent file and inode
operations leading to unexpected error conditions or a null pointer
dereference while attempting to use the unallocated memory.

https://launchpad.net/bugs/813146

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@kernel.org