tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'ecryptfs-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs updates from Tyler Hicks:

- avoid unnecessary eCryptfs inode timestamp truncation by re-using the
lower filesystem's time granularity

- various small code cleanups

- reorganize the setattr hook inode resizing to improve style and
readability, remove an unnecessary memory allocation when shrinking,
and to support an upcoming rework of the VFS interfaces involved in
truncation

* tag 'ecryptfs-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
ecryptfs: keep the lower iattr contained in truncate_upper
ecryptfs: factor out a ecryptfs_iattr_to_lower helper
ecryptfs: merge ecryptfs_inode_newsize_ok into truncate_upper
ecryptfs: combine the two ATTR_SIZE blocks in ecryptfs_setattr
ecryptfs: use ZERO_PAGE instead of allocating zeroed memory in truncate_upper
ecryptfs: streamline truncate_upper
ecryptfs: cleanup ecryptfs_setattr
ecryptfs: Drop TODO comment in ecryptfs_derive_iv
ecryptfs: Fix typo in ecryptfs_derive_iv function comment
ecryptfs: Log function name only once in decode_and_decrypt_filename
ecryptfs: Remove redundant if checks in encrypt_and_encode_filename
ecryptfs: Fix tag number in encrypt_filename() error message
ecryptfs: Use struct_size to improve process_response + send_miscdev
ecryptfs: Replace memcpy + manual NUL termination with strscpy
ecryptfs: Set s_time_gran to get correct time granularity

Linus Torvalds a5e1c3b6 36d179fd

+150 -181
+15 -21
fs/ecryptfs/crypto.c
··· 72 72 73 73 /** 74 74 * ecryptfs_derive_iv 75 - * @iv: destination for the derived iv vale 75 + * @iv: destination for the derived iv value 76 76 * @crypt_stat: Pointer to crypt_stat struct for the current inode 77 77 * @offset: Offset of the extent whose IV we are to derive 78 78 * ··· 89 89 ecryptfs_printk(KERN_DEBUG, "root iv:\n"); 90 90 ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes); 91 91 } 92 - /* TODO: It is probably secure to just cast the least 93 - * significant bits of the root IV into an unsigned long and 94 - * add the offset to that rather than go through all this 95 - * hashing business. -Halcrow */ 96 92 memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes); 97 93 memset((src + crypt_stat->iv_bytes), 0, 16); 98 94 snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset); ··· 1372 1376 mount_crypt_stat, NULL, 1373 1377 filename->filename_size); 1374 1378 if (rc) { 1375 - printk(KERN_ERR "%s: Error attempting to get packet " 1376 - "size for tag 72; rc = [%d]\n", __func__, 1377 - rc); 1379 + ecryptfs_printk(KERN_ERR, 1380 + "Error attempting to get packet size for tag 70; rc = [%d]\n", 1381 + rc); 1378 1382 filename->encrypted_filename_size = 0; 1379 1383 goto out; 1380 1384 } ··· 1798 1802 filename->filename_size = name_size; 1799 1803 rc = ecryptfs_encrypt_filename(filename, mount_crypt_stat); 1800 1804 if (rc) { 1801 - printk(KERN_ERR "%s: Error attempting to encrypt " 1802 - "filename; rc = [%d]\n", __func__, rc); 1805 + ecryptfs_printk(KERN_ERR, 1806 + "Error attempting to encrypt filename; rc = [%d]\n", 1807 + rc); 1803 1808 kfree(filename); 1804 1809 goto out; 1805 1810 } ··· 1808 1811 NULL, &encoded_name_no_prefix_size, 1809 1812 filename->encrypted_filename, 1810 1813 filename->encrypted_filename_size); 1811 - if (mount_crypt_stat 1812 - && (mount_crypt_stat->flags 1813 - & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) 1814 + if (mount_crypt_stat->flags 1815 + & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) 1814 1816 (*encoded_name_size) = 1815 1817 (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE 1816 1818 + encoded_name_no_prefix_size); ··· 1824 1828 kfree(filename); 1825 1829 goto out; 1826 1830 } 1827 - if (mount_crypt_stat 1828 - && (mount_crypt_stat->flags 1829 - & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK)) { 1831 + if (mount_crypt_stat->flags 1832 + & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) { 1830 1833 memcpy((*encoded_name), 1831 1834 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, 1832 1835 ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE); ··· 1843 1848 rc = -EOPNOTSUPP; 1844 1849 } 1845 1850 if (rc) { 1846 - printk(KERN_ERR "%s: Error attempting to encode " 1847 - "encrypted filename; rc = [%d]\n", __func__, 1848 - rc); 1851 + ecryptfs_printk(KERN_ERR, 1852 + "Error attempting to encode encrypted filename; rc = [%d]\n", 1853 + rc); 1849 1854 kfree((*encoded_name)); 1850 1855 (*encoded_name) = NULL; 1851 1856 (*encoded_name_size) = 0; ··· 1920 1925 decoded_name_size); 1921 1926 if (rc) { 1922 1927 ecryptfs_printk(KERN_DEBUG, 1923 - "%s: Could not parse tag 70 packet from filename\n", 1924 - __func__); 1928 + "Could not parse tag 70 packet from filename\n"); 1925 1929 goto out_free; 1926 1930 } 1927 1931 } else {
+2 -3
fs/ecryptfs/debug.c
··· 7 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 8 */ 9 9 10 + #include <linux/string.h> 10 11 #include "ecryptfs_kernel.h" 11 12 12 13 /* ··· 34 33 ECRYPTFS_PERSISTENT_PASSWORD) { 35 34 ecryptfs_printk(KERN_DEBUG, " * persistent\n"); 36 35 } 37 - memcpy(sig, auth_tok->token.password.signature, 38 - ECRYPTFS_SIG_SIZE_HEX); 39 - sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 36 + strscpy(sig, auth_tok->token.password.signature); 40 37 ecryptfs_printk(KERN_DEBUG, " * signature = [%s]\n", sig); 41 38 } 42 39 ecryptfs_printk(KERN_DEBUG, " * session_key.flags = [0x%x]\n",
+123 -150
fs/ecryptfs/inode.c
··· 677 677 return buf; 678 678 } 679 679 680 + static void ecryptfs_iattr_to_lower(struct iattr *lower_ia, 681 + const struct iattr *ia) 682 + { 683 + memcpy(lower_ia, ia, sizeof(*lower_ia)); 684 + if (ia->ia_valid & ATTR_FILE) 685 + lower_ia->ia_file = ecryptfs_file_to_lower(ia->ia_file); 686 + /* 687 + * If the mode change is for clearing setuid/setgid bits, allow the lower 688 + * file system to interpret this in its own way. 689 + */ 690 + if (lower_ia->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) 691 + lower_ia->ia_valid &= ~ATTR_MODE; 692 + } 693 + 680 694 /** 681 695 * upper_size_to_lower_size 682 696 * @crypt_stat: Crypt_stat associated with file ··· 721 707 } 722 708 723 709 /** 724 - * truncate_upper 710 + * __ecryptfs_truncate 725 711 * @dentry: The ecryptfs layer dentry 726 712 * @ia: Address of the ecryptfs inode's attributes 727 - * @lower_ia: Address of the lower inode's attributes 728 713 * 729 - * Function to handle truncations modifying the size of the file. Note 730 - * that the file sizes are interpolated. When expanding, we are simply 731 - * writing strings of 0's out. When truncating, we truncate the upper 732 - * inode and update the lower_ia according to the page index 733 - * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return, 734 - * the caller must use lower_ia in a call to notify_change() to perform 735 - * the truncation of the lower inode. 714 + * Handle truncations modifying the size of the file. Note that the file sizes 715 + * are interpolated. When expanding, we are simply writing strings of 0's out. 716 + * When truncating, we truncate the upper inode and update the lower_ia 717 + * according to the page index interpolations. 736 718 * 737 719 * Returns zero on success; non-zero otherwise 738 720 */ 739 - static int truncate_upper(struct dentry *dentry, struct iattr *ia, 740 - struct iattr *lower_ia) 721 + static int __ecryptfs_truncate(struct dentry *dentry, const struct iattr *ia) 741 722 { 742 - int rc = 0; 723 + struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 743 724 struct inode *inode = d_inode(dentry); 744 725 struct ecryptfs_crypt_stat *crypt_stat; 745 726 loff_t i_size = i_size_read(inode); 746 727 loff_t lower_size_before_truncate; 747 728 loff_t lower_size_after_truncate; 729 + struct iattr lower_ia; 730 + size_t num_zeros; 731 + int rc; 748 732 749 - if (unlikely((ia->ia_size == i_size))) { 750 - lower_ia->ia_valid &= ~ATTR_SIZE; 733 + ecryptfs_iattr_to_lower(&lower_ia, ia); 734 + 735 + if (unlikely((ia->ia_size == i_size))) 751 736 return 0; 752 - } 753 - rc = ecryptfs_get_lower_file(dentry, inode); 754 - if (rc) 755 - return rc; 756 - crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat; 757 - /* Switch on growing or shrinking file */ 758 - if (ia->ia_size > i_size) { 759 - char zero[] = { 0x00 }; 760 - 761 - lower_ia->ia_valid &= ~ATTR_SIZE; 762 - /* Write a single 0 at the last position of the file; 763 - * this triggers code that will fill in 0's throughout 764 - * the intermediate portion of the previous end of the 765 - * file and the new and of the file */ 766 - rc = ecryptfs_write(inode, zero, 767 - (ia->ia_size - 1), 1); 768 - } else { /* ia->ia_size < i_size_read(inode) */ 769 - /* We're chopping off all the pages down to the page 770 - * in which ia->ia_size is located. Fill in the end of 771 - * that page from (ia->ia_size & ~PAGE_MASK) to 772 - * PAGE_SIZE with zeros. */ 773 - size_t num_zeros = (PAGE_SIZE 774 - - (ia->ia_size & ~PAGE_MASK)); 775 - 776 - if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 777 - truncate_setsize(inode, ia->ia_size); 778 - lower_ia->ia_size = ia->ia_size; 779 - lower_ia->ia_valid |= ATTR_SIZE; 780 - goto out; 781 - } 782 - if (num_zeros) { 783 - char *zeros_virt; 784 - 785 - zeros_virt = kzalloc(num_zeros, GFP_KERNEL); 786 - if (!zeros_virt) { 787 - rc = -ENOMEM; 788 - goto out; 789 - } 790 - rc = ecryptfs_write(inode, zeros_virt, 791 - ia->ia_size, num_zeros); 792 - kfree(zeros_virt); 793 - if (rc) { 794 - printk(KERN_ERR "Error attempting to zero out " 795 - "the remainder of the end page on " 796 - "reducing truncate; rc = [%d]\n", rc); 797 - goto out; 798 - } 799 - } 800 - truncate_setsize(inode, ia->ia_size); 801 - rc = ecryptfs_write_inode_size_to_metadata(inode); 802 - if (rc) { 803 - printk(KERN_ERR "Problem with " 804 - "ecryptfs_write_inode_size_to_metadata; " 805 - "rc = [%d]\n", rc); 806 - goto out; 807 - } 808 - /* We are reducing the size of the ecryptfs file, and need to 809 - * know if we need to reduce the size of the lower file. */ 810 - lower_size_before_truncate = 811 - upper_size_to_lower_size(crypt_stat, i_size); 812 - lower_size_after_truncate = 813 - upper_size_to_lower_size(crypt_stat, ia->ia_size); 814 - if (lower_size_after_truncate < lower_size_before_truncate) { 815 - lower_ia->ia_size = lower_size_after_truncate; 816 - lower_ia->ia_valid |= ATTR_SIZE; 817 - } else 818 - lower_ia->ia_valid &= ~ATTR_SIZE; 819 - } 820 - out: 821 - ecryptfs_put_lower_file(inode); 822 - return rc; 823 - } 824 - 825 - static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset) 826 - { 827 - struct ecryptfs_crypt_stat *crypt_stat; 828 - loff_t lower_oldsize, lower_newsize; 829 737 830 738 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 831 - lower_oldsize = upper_size_to_lower_size(crypt_stat, 832 - i_size_read(inode)); 833 - lower_newsize = upper_size_to_lower_size(crypt_stat, offset); 834 - if (lower_newsize > lower_oldsize) { 739 + lower_size_before_truncate = 740 + upper_size_to_lower_size(crypt_stat, i_size); 741 + lower_size_after_truncate = 742 + upper_size_to_lower_size(crypt_stat, ia->ia_size); 743 + if (lower_size_after_truncate > lower_size_before_truncate) { 835 744 /* 836 745 * The eCryptfs inode and the new *lower* size are mixed here 837 746 * because we may not have the lower i_mutex held and/or it may 838 747 * not be appropriate to call inode_newsize_ok() with inodes 839 748 * from other filesystems. 840 749 */ 841 - return inode_newsize_ok(inode, lower_newsize); 750 + rc = inode_newsize_ok(inode, lower_size_after_truncate); 751 + if (rc) 752 + return rc; 842 753 } 843 754 844 - return 0; 755 + rc = ecryptfs_get_lower_file(dentry, inode); 756 + if (rc) 757 + return rc; 758 + 759 + if (ia->ia_size > i_size) { 760 + char zero[] = { 0x00 }; 761 + 762 + /* 763 + * Write a single 0 at the last position of the file; this 764 + * triggers code that will fill in 0's throughout the 765 + * intermediate portion of the previous end of the file and the 766 + * new end of the file. 767 + */ 768 + rc = ecryptfs_write(inode, zero, ia->ia_size - 1, 1); 769 + goto out; 770 + } 771 + 772 + if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 773 + truncate_setsize(inode, ia->ia_size); 774 + lower_ia.ia_size = ia->ia_size; 775 + goto set_size; 776 + } 777 + 778 + /* 779 + * We're chopping off all the pages down to the page in which 780 + * ia->ia_size is located. Fill in the end of that page from 781 + * (ia->ia_size & ~PAGE_MASK) to PAGE_SIZE with zeros. 782 + */ 783 + num_zeros = PAGE_SIZE - (ia->ia_size & ~PAGE_MASK); 784 + if (num_zeros) { 785 + rc = ecryptfs_write(inode, page_address(ZERO_PAGE(0)), 786 + ia->ia_size, num_zeros); 787 + if (rc) { 788 + pr_err("Error attempting to zero out the remainder of the end page on reducing truncate; rc = [%d]\n", 789 + rc); 790 + goto out; 791 + } 792 + } 793 + truncate_setsize(inode, ia->ia_size); 794 + rc = ecryptfs_write_inode_size_to_metadata(inode); 795 + if (rc) { 796 + pr_err("Problem with ecryptfs_write_inode_size_to_metadata; rc = [%d]\n", 797 + rc); 798 + goto out; 799 + } 800 + 801 + /* 802 + * We are reducing the size of the ecryptfs file, and need to know if we 803 + * need to reduce the size of the lower file. 804 + */ 805 + if (lower_size_after_truncate >= lower_size_before_truncate) 806 + goto out; 807 + 808 + lower_ia.ia_size = lower_size_after_truncate; 809 + set_size: 810 + lower_ia.ia_valid |= ATTR_SIZE; 811 + inode_lock(d_inode(lower_dentry)); 812 + rc = notify_change(&nop_mnt_idmap, lower_dentry, &lower_ia, NULL); 813 + inode_unlock(d_inode(lower_dentry)); 814 + out: 815 + ecryptfs_put_lower_file(inode); 816 + return rc; 845 817 } 846 818 847 819 /** ··· 842 842 */ 843 843 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) 844 844 { 845 - struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length }; 846 - struct iattr lower_ia = { .ia_valid = 0 }; 847 - int rc; 845 + const struct iattr ia = { 846 + .ia_valid = ATTR_SIZE, 847 + .ia_size = new_length, 848 + }; 848 849 849 - rc = ecryptfs_inode_newsize_ok(d_inode(dentry), new_length); 850 - if (rc) 851 - return rc; 852 - 853 - rc = truncate_upper(dentry, &ia, &lower_ia); 854 - if (!rc && lower_ia.ia_valid & ATTR_SIZE) { 855 - struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 856 - 857 - inode_lock(d_inode(lower_dentry)); 858 - rc = notify_change(&nop_mnt_idmap, lower_dentry, 859 - &lower_ia, NULL); 860 - inode_unlock(d_inode(lower_dentry)); 861 - } 862 - return rc; 850 + return __ecryptfs_truncate(dentry, &ia); 863 851 } 864 852 865 853 static int ··· 874 886 static int ecryptfs_setattr(struct mnt_idmap *idmap, 875 887 struct dentry *dentry, struct iattr *ia) 876 888 { 877 - int rc = 0; 878 - struct dentry *lower_dentry; 879 - struct iattr lower_ia; 880 - struct inode *inode; 881 - struct inode *lower_inode; 889 + struct inode *inode = d_inode(dentry); 890 + struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 891 + struct inode *lower_inode = ecryptfs_inode_to_lower(inode); 882 892 struct ecryptfs_crypt_stat *crypt_stat; 893 + int rc; 883 894 884 895 crypt_stat = &ecryptfs_inode_to_private(d_inode(dentry))->crypt_stat; 885 896 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) 886 897 ecryptfs_init_crypt_stat(crypt_stat); 887 - inode = d_inode(dentry); 888 - lower_inode = ecryptfs_inode_to_lower(inode); 889 - lower_dentry = ecryptfs_dentry_to_lower(dentry); 898 + 890 899 mutex_lock(&crypt_stat->cs_mutex); 891 900 if (d_is_dir(dentry)) 892 901 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 893 - else if (d_is_reg(dentry) 894 - && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED) 895 - || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) { 902 + else if (d_is_reg(dentry) && 903 + (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED) || 904 + !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) { 896 905 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 897 906 898 907 mount_crypt_stat = &ecryptfs_superblock_to_private( ··· 902 917 rc = ecryptfs_read_metadata(dentry); 903 918 ecryptfs_put_lower_file(inode); 904 919 if (rc) { 905 - if (!(mount_crypt_stat->flags 906 - & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 920 + if (!(mount_crypt_stat->flags & 921 + ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 907 922 rc = -EIO; 908 923 printk(KERN_WARNING "Either the lower file " 909 924 "is not in a valid eCryptfs format, " ··· 923 938 rc = setattr_prepare(&nop_mnt_idmap, dentry, ia); 924 939 if (rc) 925 940 goto out; 941 + 926 942 if (ia->ia_valid & ATTR_SIZE) { 927 - rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size); 928 - if (rc) 929 - goto out; 943 + rc = __ecryptfs_truncate(dentry, ia); 944 + } else { 945 + struct iattr lower_ia; 946 + 947 + ecryptfs_iattr_to_lower(&lower_ia, ia); 948 + 949 + inode_lock(d_inode(lower_dentry)); 950 + rc = notify_change(&nop_mnt_idmap, lower_dentry, &lower_ia, 951 + NULL); 952 + inode_unlock(d_inode(lower_dentry)); 930 953 } 931 - 932 - memcpy(&lower_ia, ia, sizeof(lower_ia)); 933 - if (ia->ia_valid & ATTR_FILE) 934 - lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file); 935 - if (ia->ia_valid & ATTR_SIZE) { 936 - rc = truncate_upper(dentry, ia, &lower_ia); 937 - if (rc < 0) 938 - goto out; 939 - } 940 - 941 - /* 942 - * mode change is for clearing setuid/setgid bits. Allow lower fs 943 - * to interpret this in its own way. 944 - */ 945 - if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) 946 - lower_ia.ia_valid &= ~ATTR_MODE; 947 - 948 - inode_lock(d_inode(lower_dentry)); 949 - rc = notify_change(&nop_mnt_idmap, lower_dentry, &lower_ia, NULL); 950 - inode_unlock(d_inode(lower_dentry)); 951 954 out: 952 955 fsstack_copy_attr_all(inode, lower_inode); 953 956 return rc;
+2 -4
fs/ecryptfs/keystore.c
··· 2458 2458 if (!new_key_sig) 2459 2459 return -ENOMEM; 2460 2460 2461 - memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); 2462 - new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 2461 + strscpy(new_key_sig->keysig, sig); 2463 2462 /* Caller must hold keysig_list_mutex */ 2464 2463 list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); 2465 2464 ··· 2478 2479 if (!new_auth_tok) 2479 2480 return -ENOMEM; 2480 2481 2481 - memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX); 2482 + strscpy(new_auth_tok->sig, sig); 2482 2483 new_auth_tok->flags = global_auth_tok_flags; 2483 - new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; 2484 2484 mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); 2485 2485 list_add(&new_auth_tok->mount_crypt_stat_list, 2486 2486 &mount_crypt_stat->global_auth_tok_list);
+1
fs/ecryptfs/main.c
··· 531 531 s->s_blocksize = path.dentry->d_sb->s_blocksize; 532 532 s->s_magic = ECRYPTFS_SUPER_MAGIC; 533 533 s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1; 534 + s->s_time_gran = path.dentry->d_sb->s_time_gran; 534 535 535 536 rc = -EINVAL; 536 537 if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+2 -1
fs/ecryptfs/messaging.c
··· 6 6 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 7 7 * Tyler Hicks <code@tyhicks.com> 8 8 */ 9 + #include <linux/overflow.h> 9 10 #include <linux/sched.h> 10 11 #include <linux/slab.h> 11 12 #include <linux/user_namespace.h> ··· 233 232 msg_ctx->counter, seq); 234 233 goto unlock; 235 234 } 236 - msg_size = (sizeof(*msg) + msg->data_len); 235 + msg_size = struct_size(msg, data, msg->data_len); 237 236 msg_ctx->msg = kmemdup(msg, msg_size, GFP_KERNEL); 238 237 if (!msg_ctx->msg) { 239 238 rc = -ENOMEM;
+5 -2
fs/ecryptfs/miscdev.c
··· 10 10 #include <linux/hash.h> 11 11 #include <linux/random.h> 12 12 #include <linux/miscdevice.h> 13 + #include <linux/overflow.h> 13 14 #include <linux/poll.h> 14 15 #include <linux/slab.h> 15 16 #include <linux/wait.h> ··· 149 148 u16 msg_flags, struct ecryptfs_daemon *daemon) 150 149 { 151 150 struct ecryptfs_message *msg; 151 + size_t msg_size; 152 152 153 - msg = kmalloc((sizeof(*msg) + data_size), GFP_KERNEL); 153 + msg_size = struct_size(msg, data, data_size); 154 + msg = kmalloc(msg_size, GFP_KERNEL); 154 155 if (!msg) 155 156 return -ENOMEM; 156 157 ··· 162 159 msg_ctx->msg->data_len = data_size; 163 160 msg_ctx->type = msg_type; 164 161 memcpy(msg_ctx->msg->data, data, data_size); 165 - msg_ctx->msg_size = (sizeof(*msg_ctx->msg) + data_size); 162 + msg_ctx->msg_size = msg_size; 166 163 list_add_tail(&msg_ctx->daemon_out_list, &daemon->msg_ctx_out_queue); 167 164 mutex_unlock(&msg_ctx->mux); 168 165