BugLink: http://bugs.launchpad.net/bugs/1588871

This prevents users from triggering an exploitable stack overflow
through a recursive invocation of pagefault handling on systems that
allow unprivileged users to mount ecryptfs. More precisely:

When a file in ecryptfs is mmap()ed, ecryptfs only uses the VFS read
and write methods of the lower filesystem (using kernel_read() and
kernel_write()) to interact with the lower file. This means that
it is possible to mmap() the decrypted view of a lower file that
normally couldn't be mmap()ed.

One such file is /proc/$pid/environ. If an encrypted ecryptfs file
is placed in the environment area of a process with PID $pid and
/proc/$pid is mounted to /tmp/foo, /tmp/foo/environ can then be
opened and mmap()ed. A pagefault in the memory area to which
/tmp/foo/environ is mapped will cause a kernel_read() on
/proc/$pid/environ, which in turn will cause a pagefault in the
context of the process with PID $pid.

By using a chain of processes in which each process has the
decrypted view of the next process' environment mapped into its
environment area, where the environment of the last process in the
chain is an "ecryptfs matroska" (the result of encrypting some data
using ecryptfs, then encrypting the result of that and so on), and
then triggering a pagefault in the environment of the first process
in the chain, it is possible to cause a recursive pagefault that
ends up overflowing the stack.

Fix it by disallowing opening anything without an mmap handler
through ecryptfs.

CVE-2016-1583
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable@vger.kernel.org
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>