diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-08-10 14:34:25 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-08-10 14:34:25 -0700 |
commit | b1112ce7b98d9490b8ea049a08f0da2bc5d9cb62 (patch) | |
tree | d71e585009a0637cf07b1a8f19c7e57bb46642d9 | |
parent | f08d96e1d3f8d7f884fd31353fbaa0f129142ace (diff) | |
download | stable-queue-b1112ce7b98d9490b8ea049a08f0da2bc5d9cb62.tar.gz |
3.0 patches
-rw-r--r-- | queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch | 110 | ||||
-rw-r--r-- | queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch | 66 | ||||
-rw-r--r-- | queue-3.0/series | 2 |
3 files changed, 178 insertions, 0 deletions
diff --git a/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch new file mode 100644 index 0000000000..3739f16bc0 --- /dev/null +++ b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch @@ -0,0 +1,110 @@ +From 764355487ea220fdc2faf128d577d7f679b91f97 Mon Sep 17 00:00:00 2001 +From: John Johansen <john.johansen@canonical.com> +Date: Fri, 22 Jul 2011 08:14:15 -0700 +Subject: Ecryptfs: Add mount option to check uid of device being + mounted = expect uid + +From: John Johansen <john.johansen@canonical.com> + +commit 764355487ea220fdc2faf128d577d7f679b91f97 upstream. + +Close a TOCTOU race for mounts done via ecryptfs-mount-private. The mount +source (device) can be raced when the ownership test is done in userspace. +Provide Ecryptfs a means to force the uid check at mount time. + +Signed-off-by: John Johansen <john.johansen@canonical.com> +Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + fs/ecryptfs/main.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +--- a/fs/ecryptfs/main.c ++++ b/fs/ecryptfs/main.c +@@ -175,6 +175,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ec + ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig, + ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes, + ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only, ++ ecryptfs_opt_check_dev_ruid, + ecryptfs_opt_err }; + + static const match_table_t tokens = { +@@ -191,6 +192,7 @@ static const match_table_t tokens = { + {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"}, + {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"}, + {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"}, ++ {ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"}, + {ecryptfs_opt_err, NULL} + }; + +@@ -236,6 +238,7 @@ static void ecryptfs_init_mount_crypt_st + * ecryptfs_parse_options + * @sb: The ecryptfs super block + * @options: The options passed to the kernel ++ * @check_ruid: set to 1 if device uid should be checked against the ruid + * + * Parse mount options: + * debug=N - ecryptfs_verbosity level for debug output +@@ -251,7 +254,8 @@ static void ecryptfs_init_mount_crypt_st + * + * Returns zero on success; non-zero on error + */ +-static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options) ++static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, ++ uid_t *check_ruid) + { + char *p; + int rc = 0; +@@ -276,6 +280,8 @@ static int ecryptfs_parse_options(struct + char *cipher_key_bytes_src; + char *fn_cipher_key_bytes_src; + ++ *check_ruid = 0; ++ + if (!options) { + rc = -EINVAL; + goto out; +@@ -380,6 +386,9 @@ static int ecryptfs_parse_options(struct + mount_crypt_stat->flags |= + ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY; + break; ++ case ecryptfs_opt_check_dev_ruid: ++ *check_ruid = 1; ++ break; + case ecryptfs_opt_err: + default: + printk(KERN_WARNING +@@ -475,6 +484,7 @@ static struct dentry *ecryptfs_mount(str + const char *err = "Getting sb failed"; + struct inode *inode; + struct path path; ++ uid_t check_ruid; + int rc; + + sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL); +@@ -483,7 +493,7 @@ static struct dentry *ecryptfs_mount(str + goto out; + } + +- rc = ecryptfs_parse_options(sbi, raw_data); ++ rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid); + if (rc) { + err = "Error parsing options"; + goto out; +@@ -521,6 +531,15 @@ static struct dentry *ecryptfs_mount(str + "known incompatibilities\n"); + goto out_free; + } ++ ++ if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) { ++ rc = -EPERM; ++ printk(KERN_ERR "Mount of device (uid: %d) not owned by " ++ "requested user (uid: %d)\n", ++ path.dentry->d_inode->i_uid, current_uid()); ++ goto out_free; ++ } ++ + ecryptfs_set_superblock_lower(s, path.dentry->d_sb); + s->s_maxbytes = path.dentry->d_sb->s_maxbytes; + s->s_blocksize = path.dentry->d_sb->s_blocksize; diff --git a/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch new file mode 100644 index 0000000000..f197bfa64d --- /dev/null +++ b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch @@ -0,0 +1,66 @@ +From f61500e000eedc0c7a0201200a7f00ba5529c002 Mon Sep 17 00:00:00 2001 +From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> +Date: Thu, 4 Aug 2011 22:58:51 -0500 +Subject: eCryptfs: Return error when lower file pointer is NULL + +From: Tyler Hicks <tyhicks@linux.vnet.ibm.com> + +commit f61500e000eedc0c7a0201200a7f00ba5529c002 upstream. + +When an eCryptfs inode's lower file has been closed, and the pointer has +been set to NULL, return an error when trying to do a lower read or +write rather than calling BUG(). + +https://bugzilla.kernel.org/show_bug.cgi?id=37292 + +Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + fs/ecryptfs/read_write.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +--- a/fs/ecryptfs/read_write.c ++++ b/fs/ecryptfs/read_write.c +@@ -39,15 +39,16 @@ + int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, + loff_t offset, size_t size) + { +- struct ecryptfs_inode_info *inode_info; ++ struct file *lower_file; + mm_segment_t fs_save; + ssize_t rc; + +- inode_info = ecryptfs_inode_to_private(ecryptfs_inode); +- BUG_ON(!inode_info->lower_file); ++ lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file; ++ if (!lower_file) ++ return -EIO; + fs_save = get_fs(); + set_fs(get_ds()); +- rc = vfs_write(inode_info->lower_file, data, size, &offset); ++ rc = vfs_write(lower_file, data, size, &offset); + set_fs(fs_save); + mark_inode_dirty_sync(ecryptfs_inode); + return rc; +@@ -225,15 +226,16 @@ out: + int ecryptfs_read_lower(char *data, loff_t offset, size_t size, + struct inode *ecryptfs_inode) + { +- struct ecryptfs_inode_info *inode_info = +- ecryptfs_inode_to_private(ecryptfs_inode); ++ struct file *lower_file; + mm_segment_t fs_save; + ssize_t rc; + +- BUG_ON(!inode_info->lower_file); ++ lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file; ++ if (!lower_file) ++ return -EIO; + fs_save = get_fs(); + set_fs(get_ds()); +- rc = vfs_read(inode_info->lower_file, data, size, &offset); ++ rc = vfs_read(lower_file, data, size, &offset); + set_fs(fs_save); + return rc; + } diff --git a/queue-3.0/series b/queue-3.0/series index f129241a16..7374fcb7bd 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -74,3 +74,5 @@ sparc-use-popc-when-possible-for-ffs-__ffs-ffz.patch sparc-access-kernel-tsb-using-physical-addressing-when-possible.patch sparc-size-mondo-queues-more-sanely.patch sparc-fix-build-with-debug_pagealloc-enabled.patch +ecryptfs-add-mount-option-to-check-uid-of-device-being.patch +ecryptfs-return-error-when-lower-file-pointer-is-null.patch |