From 975d8e876040c84dec85977985ec379a4a9b3caf Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 15 Feb 2012 14:10:51 -0800
Subject: 2.6.32-stable patches

added patches:
	add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
	ban-ecryptfs-over-ecryptfs.patch
	ecryptfs-remove-mmap-from-directory-operations.patch
---
 ...ce-being-mounted-expect-uid-cve-2011-1833.patch | 131 +++++++++++++++++++++
 queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch      |  61 ++++++++++
 ...tfs-remove-mmap-from-directory-operations.patch |  54 +++++++++
 queue-2.6.32/series                                |   3 +
 4 files changed, 249 insertions(+)
 create mode 100644 queue-2.6.32/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
 create mode 100644 queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch
 create mode 100644 queue-2.6.32/ecryptfs-remove-mmap-from-directory-operations.patch

diff --git a/queue-2.6.32/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch b/queue-2.6.32/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
new file mode 100644
index 0000000..c38df49
--- /dev/null
+++ b/queue-2.6.32/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
@@ -0,0 +1,131 @@
+From tim.gardner@canonical.com  Wed Feb 15 14:06:11 2012
+From: Tim Gardner <tim.gardner@canonical.com>
+Date: Wed, 15 Feb 2012 14:14:06 -0700
+Subject: Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Tim Gardner <tim.gardner@canonical.com>, John Johansen <john.johansen@canonical.com>, <stable@kernel.org>, Tyler Hicks <tyler.hicks@canonical.com>
+Message-ID: <1329340446-126150-1-git-send-email-tim.gardner@canonical.com>
+
+From: John Johansen <john.johansen@canonical.com>
+
+(backported from commit 764355487ea220fdc2faf128d577d7f679b91f97)
+
+Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
+source (device) can be raced when the ownership test is done in userspace.
+Provide Ecryptfs a means to force the uid check at mount time.
+
+BugLink: http://bugs.launchpad.net/bugs/732628
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Tyler Hicks <tyler.hicks@canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ecryptfs/main.c |   30 +++++++++++++++++++++++++-----
+ 1 file changed, 25 insertions(+), 5 deletions(-)
+
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -212,7 +212,8 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ec
+        ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
+        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
+        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
+-       ecryptfs_opt_unlink_sigs, ecryptfs_opt_err };
++       ecryptfs_opt_unlink_sigs, ecryptfs_opt_check_dev_ruid,
++       ecryptfs_opt_err };
+ 
+ static const match_table_t tokens = {
+ 	{ecryptfs_opt_sig, "sig=%s"},
+@@ -227,6 +228,7 @@ static const match_table_t tokens = {
+ 	{ecryptfs_opt_fn_cipher, "ecryptfs_fn_cipher=%s"},
+ 	{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
+ 	{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
++	{ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
+ 	{ecryptfs_opt_err, NULL}
+ };
+ 
+@@ -270,6 +272,7 @@ static void ecryptfs_init_mount_crypt_st
+  * ecryptfs_parse_options
+  * @sb: The ecryptfs super block
+  * @options: The options pased to the kernel
++ * @check_ruid: set to 1 if device uid should be checked against the ruid
+  *
+  * Parse mount options:
+  * debug=N 	   - ecryptfs_verbosity level for debug output
+@@ -285,7 +288,8 @@ static void ecryptfs_init_mount_crypt_st
+  *
+  * Returns zero on success; non-zero on error
+  */
+-static int ecryptfs_parse_options(struct super_block *sb, char *options)
++static int ecryptfs_parse_options(struct super_block *sb, char *options,
++					uid_t *check_ruid)
+ {
+ 	char *p;
+ 	int rc = 0;
+@@ -310,6 +314,8 @@ static int ecryptfs_parse_options(struct
+ 	char *cipher_key_bytes_src;
+ 	char *fn_cipher_key_bytes_src;
+ 
++	*check_ruid = 0;
++
+ 	if (!options) {
+ 		rc = -EINVAL;
+ 		goto out;
+@@ -410,6 +416,9 @@ static int ecryptfs_parse_options(struct
+ 		case ecryptfs_opt_unlink_sigs:
+ 			mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS;
+ 			break;
++		case ecryptfs_opt_check_dev_ruid:
++			*check_ruid = 1;
++			break;
+ 		case ecryptfs_opt_err:
+ 		default:
+ 			printk(KERN_WARNING
+@@ -552,7 +561,8 @@ out:
+  * ecryptfs_interpose to create our initial inode and super block
+  * struct.
+  */
+-static int ecryptfs_read_super(struct super_block *sb, const char *dev_name)
++static int ecryptfs_read_super(struct super_block *sb, const char *dev_name,
++				uid_t check_ruid)
+ {
+ 	struct path path;
+ 	int rc;
+@@ -569,6 +579,15 @@ static int ecryptfs_read_super(struct su
+ 			"known incompatibilities\n");
+ 		goto out_free;
+ 	}
++
++	if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
++		rc = -EPERM;
++		printk(KERN_ERR "Mount of device (uid: %d) not owned by "
++		       "requested user (uid: %d)\n",
++		       path.dentry->d_inode->i_uid, current_uid());
++		goto out_free;
++	}
++
+ 	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
+ 	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+ 	sb->s_blocksize = path.dentry->d_sb->s_blocksize;
+@@ -607,6 +626,7 @@ static int ecryptfs_get_sb(struct file_s
+ {
+ 	int rc;
+ 	struct super_block *sb;
++	uid_t check_ruid;
+ 
+ 	rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt);
+ 	if (rc < 0) {
+@@ -614,12 +634,12 @@ static int ecryptfs_get_sb(struct file_s
+ 		goto out;
+ 	}
+ 	sb = mnt->mnt_sb;
+-	rc = ecryptfs_parse_options(sb, raw_data);
++	rc = ecryptfs_parse_options(sb, raw_data, &check_ruid);
+ 	if (rc) {
+ 		printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc);
+ 		goto out_abort;
+ 	}
+-	rc = ecryptfs_read_super(sb, dev_name);
++	rc = ecryptfs_read_super(sb, dev_name, check_ruid);
+ 	if (rc) {
+ 		printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc);
+ 		goto out_abort;
diff --git a/queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch b/queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch
new file mode 100644
index 0000000..d590bfc
--- /dev/null
+++ b/queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch
@@ -0,0 +1,61 @@
+From tim.gardner@canonical.com  Wed Feb 15 14:05:29 2012
+From: Tim Gardner <tim.gardner@canonical.com>
+Date: Wed, 15 Feb 2012 14:10:52 -0700
+Subject: Ban ecryptfs over ecryptfs
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Al Viro <viro@zeniv.linux.org.uk>, Tim Gardner <tim.gardner@canonical.com>
+Message-ID: <1329340253-126075-1-git-send-email-tim.gardner@canonical.com>
+
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+(cherry picked from commit 4403158ba295c8e36f6736b1bb12d0f7e1923dac)
+
+This is a seriously simplified patch from Eric Sandeen; copy of
+rationale follows:
+===
+  mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs
+  in testing.  For crypto info in xattr, there is no mechanism for handling
+  this at all, and for normal file headers, we run into other trouble:
+
+  BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
+  IP: [<ffffffffa015b0b3>] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]
+  ...
+
+  There doesn't seem to be any good usecase for this, so I'd suggest just
+  disallowing the configuration.
+
+  Based on a patch originally, I believe, from Mike Halcrow.
+===
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ecryptfs/main.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -487,6 +487,7 @@ out:
+ }
+ 
+ struct kmem_cache *ecryptfs_sb_info_cache;
++static struct file_system_type ecryptfs_fs_type;
+ 
+ /**
+  * ecryptfs_fill_super
+@@ -561,6 +562,13 @@ static int ecryptfs_read_super(struct su
+ 		ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
+ 		goto out;
+ 	}
++	if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
++		rc = -EINVAL;
++		printk(KERN_ERR "Mount on filesystem of type "
++			"eCryptfs explicitly disallowed due to "
++			"known incompatibilities\n");
++		goto out_free;
++	}
+ 	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
+ 	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+ 	sb->s_blocksize = path.dentry->d_sb->s_blocksize;
diff --git a/queue-2.6.32/ecryptfs-remove-mmap-from-directory-operations.patch b/queue-2.6.32/ecryptfs-remove-mmap-from-directory-operations.patch
new file mode 100644
index 0000000..3a38700
--- /dev/null
+++ b/queue-2.6.32/ecryptfs-remove-mmap-from-directory-operations.patch
@@ -0,0 +1,54 @@
+From tim.gardner@canonical.com  Wed Feb 15 14:04:31 2012
+From: Tim Gardner <tim.gardner@canonical.com>
+Date: Wed, 15 Feb 2012 11:32:31 -0700
+Subject: eCryptfs: Remove mmap from directory operations
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Tyler Hicks <tyhicks@linux.vnet.ibm.com>, Colin Ian King <colin.king@canonical.com>, Tim Gardner <tim.gardner@canonical.com>
+Message-ID: <1329330751-118898-1-git-send-email-tim.gardner@canonical.com>
+
+
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+
+backported from 38e3eaeedcac75360af8a92e7b66956ec4f334e5
+
+Adrian reported that mkfontscale didn't work inside of eCryptfs mounts.
+Strace revealed the following:
+
+open("./", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|O_CLOEXEC) = 3
+fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
+open("./fonts.scale", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4
+getdents(3, /* 80 entries */, 32768) = 2304
+open("./.", O_RDONLY) = 5
+fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
+fstat64(5, {st_mode=S_IFDIR|0755, st_size=16384, ...}) = 0
+mmap2(NULL, 16384, PROT_READ, MAP_PRIVATE, 5, 0) = 0xb7fcf000
+close(5) = 0
+ --- SIGBUS (Bus error) @ 0 (0) ---
+ +++ killed by SIGBUS +++
+
+The mmap2() on a directory was successful, resulting in a SIGBUS
+signal later.  This patch removes mmap() from the list of possible
+ecryptfs_dir_fops so that mmap() isn't possible on eCryptfs directory
+files.
+
+http://bugs.launchpad.net/bugs/400443
+
+Reported-by: Adrian C. <anrxc@sysphere.org>
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ecryptfs/file.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/ecryptfs/file.c
++++ b/fs/ecryptfs/file.c
+@@ -327,7 +327,6 @@ const struct file_operations ecryptfs_di
+ #ifdef CONFIG_COMPAT
+ 	.compat_ioctl = ecryptfs_compat_ioctl,
+ #endif
+-	.mmap = generic_file_mmap,
+ 	.open = ecryptfs_open,
+ 	.flush = ecryptfs_flush,
+ 	.release = ecryptfs_release,
diff --git a/queue-2.6.32/series b/queue-2.6.32/series
index 45c3bf9..b22c78f 100644
--- a/queue-2.6.32/series
+++ b/queue-2.6.32/series
@@ -8,3 +8,6 @@ printk_ratelimited-fix-uninitialized-spinlock.patch
 hwmon-f75375s-fix-automatic-pwm-mode-setting-for-f75373-f75375.patch
 crypto-sha512-use-binary-and-instead-of-modulus.patch
 crypto-sha512-avoid-stack-bloat-on-i386.patch
+ecryptfs-remove-mmap-from-directory-operations.patch
+ban-ecryptfs-over-ecryptfs.patch
+add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
-- 
cgit 1.2.3-korg