Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'ecryptfs-3.19-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
Pull eCryptfs fixes from Tyler Hicks:
"Fixes for filename decryption and encrypted view plus a cleanup
- The filename decryption routines were, at times, writing a zero
byte one character past the end of the filename buffer
- The encrypted view feature attempted, and failed, to roll its own
form of enforcing a read-only mount instead of letting the VFS
enforce it"
* tag 'ecryptfs-3.19-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
eCryptfs: Remove buggy and unnecessary write in file name decode routine
eCryptfs: Remove unnecessary casts when parsing packet lengths
eCryptfs: Force RO mount when encrypted view is enabled
+16
-19
-1
fs/ecryptfs/crypto.c
-1
fs/ecryptfs/crypto.c
-12
fs/ecryptfs/file.c
-12
fs/ecryptfs/file.c
···
190
190
{
191
191
int rc = 0;
192
192
struct ecryptfs_crypt_stat *crypt_stat = NULL;
193
-
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
194
193
struct dentry *ecryptfs_dentry = file->f_path.dentry;
195
194
/* Private value of ecryptfs_dentry allocated in
196
195
* ecryptfs_lookup() */
197
196
struct ecryptfs_file_info *file_info;
198
197
199
-
mount_crypt_stat = &ecryptfs_superblock_to_private(
200
-
ecryptfs_dentry->d_sb)->mount_crypt_stat;
201
-
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
202
-
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
203
-
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
204
-
|| (file->f_flags & O_APPEND))) {
205
-
printk(KERN_WARNING "Mount has encrypted view enabled; "
206
-
"files may only be read\n");
207
-
rc = -EPERM;
208
-
goto out;
209
-
}
210
198
/* Released in ecryptfs_release or end of function if failure */
211
199
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
212
200
ecryptfs_set_file_private(file, file_info);
+3
-3
fs/ecryptfs/keystore.c
+3
-3
fs/ecryptfs/keystore.c
···
100
100
(*size) = 0;
101
101
if (data[0] < 192) {
102
102
/* One-byte length */
103
-
(*size) = (unsigned char)data[0];
103
+
(*size) = data[0];
104
104
(*length_size) = 1;
105
105
} else if (data[0] < 224) {
106
106
/* Two-byte length */
107
-
(*size) = (((unsigned char)(data[0]) - 192) * 256);
108
-
(*size) += ((unsigned char)(data[1]) + 192);
107
+
(*size) = (data[0] - 192) * 256;
108
+
(*size) += data[1] + 192;
109
109
(*length_size) = 2;
110
110
} else if (data[0] == 255) {
111
111
/* If support is added, adjust ECRYPTFS_MAX_PKT_LEN_SIZE */
+13
-3
fs/ecryptfs/main.c
+13
-3
fs/ecryptfs/main.c
···
493
493
{
494
494
struct super_block *s;
495
495
struct ecryptfs_sb_info *sbi;
496
+
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
496
497
struct ecryptfs_dentry_info *root_info;
497
498
const char *err = "Getting sb failed";
498
499
struct inode *inode;
···
512
511
err = "Error parsing options";
513
512
goto out;
514
513
}
514
+
mount_crypt_stat = &sbi->mount_crypt_stat;
515
515
516
516
s = sget(fs_type, NULL, set_anon_super, flags, NULL);
517
517
if (IS_ERR(s)) {
···
559
557
560
558
/**
561
559
* Set the POSIX ACL flag based on whether they're enabled in the lower
562
-
* mount. Force a read-only eCryptfs mount if the lower mount is ro.
563
-
* Allow a ro eCryptfs mount even when the lower mount is rw.
560
+
* mount.
564
561
*/
565
562
s->s_flags = flags & ~MS_POSIXACL;
566
-
s->s_flags |= path.dentry->d_sb->s_flags & (MS_RDONLY | MS_POSIXACL);
563
+
s->s_flags |= path.dentry->d_sb->s_flags & MS_POSIXACL;
564
+
565
+
/**
566
+
* Force a read-only eCryptfs mount when:
567
+
* 1) The lower mount is ro
568
+
* 2) The ecryptfs_encrypted_view mount option is specified
569
+
*/
570
+
if (path.dentry->d_sb->s_flags & MS_RDONLY ||
571
+
mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
572
+
s->s_flags |= MS_RDONLY;
567
573
568
574
s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
569
575
s->s_blocksize = path.dentry->d_sb->s_blocksize;