3.0 patches

3 files changed, 178 insertions, 0 deletions

diff --git a/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
new file mode 100644
index 0000000000..3739f16bc0
--- /dev/null
+++ b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
@@ -0,0 +1,110 @@
+From 764355487ea220fdc2faf128d577d7f679b91f97 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Fri, 22 Jul 2011 08:14:15 -0700
+Subject: Ecryptfs: Add mount option to check uid of device being
+ mounted = expect uid
+
+From: John Johansen <john.johansen@canonical.com>
+
+commit 764355487ea220fdc2faf128d577d7f679b91f97 upstream.
+
+Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
+source (device) can be raced when the ownership test is done in userspace.
+Provide Ecryptfs a means to force the uid check at mount time.
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/main.c |   23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -175,6 +175,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ec
+        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
+        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
+        ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
++       ecryptfs_opt_check_dev_ruid,
+        ecryptfs_opt_err };
+ 
+ static const match_table_t tokens = {
+@@ -191,6 +192,7 @@ static const match_table_t tokens = {
+ 	{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
+ 	{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
+ 	{ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
++	{ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
+ 	{ecryptfs_opt_err, NULL}
+ };
+ 
+@@ -236,6 +238,7 @@ static void ecryptfs_init_mount_crypt_st
+  * ecryptfs_parse_options
+  * @sb: The ecryptfs super block
+  * @options: The options passed to the kernel
++ * @check_ruid: set to 1 if device uid should be checked against the ruid
+  *
+  * Parse mount options:
+  * debug=N 	   - ecryptfs_verbosity level for debug output
+@@ -251,7 +254,8 @@ static void ecryptfs_init_mount_crypt_st
+  *
+  * Returns zero on success; non-zero on error
+  */
+-static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
++static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
++				  uid_t *check_ruid)
+ {
+ 	char *p;
+ 	int rc = 0;
+@@ -276,6 +280,8 @@ static int ecryptfs_parse_options(struct
+ 	char *cipher_key_bytes_src;
+ 	char *fn_cipher_key_bytes_src;
+ 
++	*check_ruid = 0;
++
+ 	if (!options) {
+ 		rc = -EINVAL;
+ 		goto out;
+@@ -380,6 +386,9 @@ static int ecryptfs_parse_options(struct
+ 			mount_crypt_stat->flags |=
+ 				ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
+ 			break;
++		case ecryptfs_opt_check_dev_ruid:
++			*check_ruid = 1;
++			break;
+ 		case ecryptfs_opt_err:
+ 		default:
+ 			printk(KERN_WARNING
+@@ -475,6 +484,7 @@ static struct dentry *ecryptfs_mount(str
+ 	const char *err = "Getting sb failed";
+ 	struct inode *inode;
+ 	struct path path;
++	uid_t check_ruid;
+ 	int rc;
+ 
+ 	sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
+@@ -483,7 +493,7 @@ static struct dentry *ecryptfs_mount(str
+ 		goto out;
+ 	}
+ 
+-	rc = ecryptfs_parse_options(sbi, raw_data);
++	rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
+ 	if (rc) {
+ 		err = "Error parsing options";
+ 		goto out;
+@@ -521,6 +531,15 @@ static struct dentry *ecryptfs_mount(str
+ 			"known incompatibilities\n");
+ 		goto out_free;
+ 	}
++
++	if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
++		rc = -EPERM;
++		printk(KERN_ERR "Mount of device (uid: %d) not owned by "
++		       "requested user (uid: %d)\n",
++		       path.dentry->d_inode->i_uid, current_uid());
++		goto out_free;
++	}
++
+ 	ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
+ 	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+ 	s->s_blocksize = path.dentry->d_sb->s_blocksize;
diff --git a/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch
new file mode 100644
index 0000000000..f197bfa64d
--- /dev/null
+++ b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch
@@ -0,0 +1,66 @@
+From f61500e000eedc0c7a0201200a7f00ba5529c002 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Date: Thu, 4 Aug 2011 22:58:51 -0500
+Subject: eCryptfs: Return error when lower file pointer is NULL
+
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+
+commit f61500e000eedc0c7a0201200a7f00ba5529c002 upstream.
+
+When an eCryptfs inode's lower file has been closed, and the pointer has
+been set to NULL, return an error when trying to do a lower read or
+write rather than calling BUG().
+
+https://bugzilla.kernel.org/show_bug.cgi?id=37292
+
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/read_write.c |   18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+--- a/fs/ecryptfs/read_write.c
++++ b/fs/ecryptfs/read_write.c
+@@ -39,15 +39,16 @@
+ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
+ 			 loff_t offset, size_t size)
+ {
+-	struct ecryptfs_inode_info *inode_info;
++	struct file *lower_file;
+ 	mm_segment_t fs_save;
+ 	ssize_t rc;
+ 
+-	inode_info = ecryptfs_inode_to_private(ecryptfs_inode);
+-	BUG_ON(!inode_info->lower_file);
++	lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
++	if (!lower_file)
++		return -EIO;
+ 	fs_save = get_fs();
+ 	set_fs(get_ds());
+-	rc = vfs_write(inode_info->lower_file, data, size, &offset);
++	rc = vfs_write(lower_file, data, size, &offset);
+ 	set_fs(fs_save);
+ 	mark_inode_dirty_sync(ecryptfs_inode);
+ 	return rc;
+@@ -225,15 +226,16 @@ out:
+ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
+ 			struct inode *ecryptfs_inode)
+ {
+-	struct ecryptfs_inode_info *inode_info =
+-		ecryptfs_inode_to_private(ecryptfs_inode);
++	struct file *lower_file;
+ 	mm_segment_t fs_save;
+ 	ssize_t rc;
+ 
+-	BUG_ON(!inode_info->lower_file);
++	lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
++	if (!lower_file)
++		return -EIO;
+ 	fs_save = get_fs();
+ 	set_fs(get_ds());
+-	rc = vfs_read(inode_info->lower_file, data, size, &offset);
++	rc = vfs_read(lower_file, data, size, &offset);
+ 	set_fs(fs_save);
+ 	return rc;
+ }
diff --git a/queue-3.0/series b/queue-3.0/series
index f129241a16..7374fcb7bd 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -74,3 +74,5 @@ sparc-use-popc-when-possible-for-ffs-__ffs-ffz.patch
 sparc-access-kernel-tsb-using-physical-addressing-when-possible.patch
 sparc-size-mondo-queues-more-sanely.patch
 sparc-fix-build-with-debug_pagealloc-enabled.patch
+ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
+ecryptfs-return-error-when-lower-file-pointer-is-null.patch