Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
Pull eCryptfs fixes from Tyler Hicks:
"Provide a more concise fix for CVE-2016-1583:
- Additionally fixes linux-stable regressions caused by the
cherry-picking of the original fix
Some very minor changes that have queued up:
- Fix typos in code comments
- Remove unnecessary check for NULL before destroying kmem_cache"
* tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
ecryptfs: don't allow mmap when the lower fs doesn't support it
Revert "ecryptfs: forbid opening files without mmap handler"
ecryptfs: fix spelling mistakes
eCryptfs: fix typos in comment
ecryptfs: drop null test before destroy functions
+23
-20
+4
-4
fs/ecryptfs/crypto.c
+4
-4
fs/ecryptfs/crypto.c
···
45
45
* ecryptfs_to_hex
46
46
* @dst: Buffer to take hex character representation of contents of
47
47
* src; must be at least of size (src_size * 2)
48
-
* @src: Buffer to be converted to a hex string respresentation
48
+
* @src: Buffer to be converted to a hex string representation
49
49
* @src_size: number of bytes to convert
50
50
*/
51
51
void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
···
60
60
* ecryptfs_from_hex
61
61
* @dst: Buffer to take the bytes from src hex; must be at least of
62
62
* size (src_size / 2)
63
-
* @src: Buffer to be converted from a hex string respresentation to raw value
63
+
* @src: Buffer to be converted from a hex string representation to raw value
64
64
* @dst_size: size of dst buffer, or number of hex characters pairs to convert
65
65
*/
66
66
void ecryptfs_from_hex(char *dst, char *src, int dst_size)
···
953
953
};
954
954
955
955
/* Add support for additional ciphers by adding elements here. The
956
-
* cipher_code is whatever OpenPGP applicatoins use to identify the
956
+
* cipher_code is whatever OpenPGP applications use to identify the
957
957
* ciphers. List in order of probability. */
958
958
static struct ecryptfs_cipher_code_str_map_elem
959
959
ecryptfs_cipher_code_str_map[] = {
···
1410
1410
*
1411
1411
* Common entry point for reading file metadata. From here, we could
1412
1412
* retrieve the header information from the header region of the file,
1413
-
* the xattr region of the file, or some other repostory that is
1413
+
* the xattr region of the file, or some other repository that is
1414
1414
* stored separately from the file itself. The current implementation
1415
1415
* supports retrieving the metadata information from the file contents
1416
1416
* and from the xattr region.
+16
-3
fs/ecryptfs/file.c
+16
-3
fs/ecryptfs/file.c
···
169
169
return rc;
170
170
}
171
171
172
+
static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
173
+
{
174
+
struct file *lower_file = ecryptfs_file_to_lower(file);
175
+
/*
176
+
* Don't allow mmap on top of file systems that don't support it
177
+
* natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
178
+
* allows recursive mounting, this will need to be extended.
179
+
*/
180
+
if (!lower_file->f_op->mmap)
181
+
return -ENODEV;
182
+
return generic_file_mmap(file, vma);
183
+
}
184
+
172
185
/**
173
186
* ecryptfs_open
174
-
* @inode: inode speciying file to open
187
+
* @inode: inode specifying file to open
175
188
* @file: Structure to return filled in
176
189
*
177
190
* Opens the file specified by inode.
···
253
240
254
241
/**
255
242
* ecryptfs_dir_open
256
-
* @inode: inode speciying file to open
243
+
* @inode: inode specifying file to open
257
244
* @file: Structure to return filled in
258
245
*
259
246
* Opens the file specified by inode.
···
416
403
#ifdef CONFIG_COMPAT
417
404
.compat_ioctl = ecryptfs_compat_ioctl,
418
405
#endif
419
-
.mmap = generic_file_mmap,
406
+
.mmap = ecryptfs_mmap,
420
407
.open = ecryptfs_open,
421
408
.flush = ecryptfs_flush,
422
409
.release = ecryptfs_release,
+2
-11
fs/ecryptfs/kthread.c
+2
-11
fs/ecryptfs/kthread.c
···
25
25
#include <linux/slab.h>
26
26
#include <linux/wait.h>
27
27
#include <linux/mount.h>
28
-
#include <linux/file.h>
29
28
#include "ecryptfs_kernel.h"
30
29
31
30
struct ecryptfs_open_req {
···
147
148
flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
148
149
(*lower_file) = dentry_open(&req.path, flags, cred);
149
150
if (!IS_ERR(*lower_file))
150
-
goto have_file;
151
+
goto out;
151
152
if ((flags & O_ACCMODE) == O_RDONLY) {
152
153
rc = PTR_ERR((*lower_file));
153
154
goto out;
···
165
166
mutex_unlock(&ecryptfs_kthread_ctl.mux);
166
167
wake_up(&ecryptfs_kthread_ctl.wait);
167
168
wait_for_completion(&req.done);
168
-
if (IS_ERR(*lower_file)) {
169
+
if (IS_ERR(*lower_file))
169
170
rc = PTR_ERR(*lower_file);
170
-
goto out;
171
-
}
172
-
have_file:
173
-
if ((*lower_file)->f_op->mmap == NULL) {
174
-
fput(*lower_file);
175
-
*lower_file = NULL;
176
-
rc = -EMEDIUMTYPE;
177
-
}
178
171
out:
179
172
return rc;
180
173
}