diff options
Diffstat (limited to 'releases/2.6.32.58/ban-ecryptfs-over-ecryptfs.patch')
| -rw-r--r-- | releases/2.6.32.58/ban-ecryptfs-over-ecryptfs.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/releases/2.6.32.58/ban-ecryptfs-over-ecryptfs.patch b/releases/2.6.32.58/ban-ecryptfs-over-ecryptfs.patch new file mode 100644 index 0000000..d590bfc --- /dev/null +++ b/releases/2.6.32.58/ban-ecryptfs-over-ecryptfs.patch @@ -0,0 +1,61 @@ +From tim.gardner@canonical.com Wed Feb 15 14:05:29 2012 +From: Tim Gardner <tim.gardner@canonical.com> +Date: Wed, 15 Feb 2012 14:10:52 -0700 +Subject: Ban ecryptfs over ecryptfs +To: stable@vger.kernel.org, gregkh@linuxfoundation.org +Cc: Al Viro <viro@zeniv.linux.org.uk>, Tim Gardner <tim.gardner@canonical.com> +Message-ID: <1329340253-126075-1-git-send-email-tim.gardner@canonical.com> + + +From: Al Viro <viro@zeniv.linux.org.uk> + +(cherry picked from commit 4403158ba295c8e36f6736b1bb12d0f7e1923dac) + +This is a seriously simplified patch from Eric Sandeen; copy of +rationale follows: +=== + mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs + in testing. For crypto info in xattr, there is no mechanism for handling + this at all, and for normal file headers, we run into other trouble: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 + IP: [<ffffffffa015b0b3>] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs] + ... + + There doesn't seem to be any good usecase for this, so I'd suggest just + disallowing the configuration. + + Based on a patch originally, I believe, from Mike Halcrow. +=== + +Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> +Signed-off-by: Tim Gardner <tim.gardner@canonical.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + fs/ecryptfs/main.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/ecryptfs/main.c ++++ b/fs/ecryptfs/main.c +@@ -487,6 +487,7 @@ out: + } + + struct kmem_cache *ecryptfs_sb_info_cache; ++static struct file_system_type ecryptfs_fs_type; + + /** + * ecryptfs_fill_super +@@ -561,6 +562,13 @@ static int ecryptfs_read_super(struct su + ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); + goto out; + } ++ if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) { ++ rc = -EINVAL; ++ printk(KERN_ERR "Mount on filesystem of type " ++ "eCryptfs explicitly disallowed due to " ++ "known incompatibilities\n"); ++ goto out_free; ++ } + ecryptfs_set_superblock_lower(sb, path.dentry->d_sb); + sb->s_maxbytes = path.dentry->d_sb->s_maxbytes; + sb->s_blocksize = path.dentry->d_sb->s_blocksize; |