Commit fa6e951a authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'ecryptfs-5.3-rc1-fixes' of...

Merge tag 'ecryptfs-5.3-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs updates from Tyler Hicks:

 - Fix error handling when ecryptfs_read_lower() encounters an error

 - Fix read-only file creation when the eCryptfs mount is configured to
   store metadata in xattrs

 - Minor code cleanups

* tag 'ecryptfs-5.3-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  ecryptfs: Change return type of ecryptfs_process_flags
  ecryptfs: Make ecryptfs_xattr_handler static
  ecryptfs: remove unnessesary null check in ecryptfs_keyring_auth_tok_for_sig
  ecryptfs: use print_hex_dump_bytes for hexdump
  eCryptfs: fix permission denied with ecryptfs_xattr mount option when create readonly file
  ecryptfs: re-order a condition for static checkers
  eCryptfs: fix a couple type promotion bugs
parents a318423b 7451c54a
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
#include <linux/slab.h> #include <linux/slab.h>
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/xattr.h>
#include "ecryptfs_kernel.h" #include "ecryptfs_kernel.h"
#define DECRYPT 0 #define DECRYPT 0
...@@ -860,13 +861,10 @@ static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { ...@@ -860,13 +861,10 @@ static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = {
* @crypt_stat: The cryptographic context * @crypt_stat: The cryptographic context
* @page_virt: Source data to be parsed * @page_virt: Source data to be parsed
* @bytes_read: Updated with the number of bytes read * @bytes_read: Updated with the number of bytes read
*
* Returns zero on success; non-zero if the flag set is invalid
*/ */
static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, static void ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
char *page_virt, int *bytes_read) char *page_virt, int *bytes_read)
{ {
int rc = 0;
int i; int i;
u32 flags; u32 flags;
...@@ -879,7 +877,6 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, ...@@ -879,7 +877,6 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
/* Version is in top 8 bits of the 32-bit flag vector */ /* Version is in top 8 bits of the 32-bit flag vector */
crypt_stat->file_version = ((flags >> 24) & 0xFF); crypt_stat->file_version = ((flags >> 24) & 0xFF);
(*bytes_read) = 4; (*bytes_read) = 4;
return rc;
} }
/** /**
...@@ -1004,8 +1001,10 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode) ...@@ -1004,8 +1001,10 @@ int ecryptfs_read_and_validate_header_region(struct inode *inode)
rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES, rc = ecryptfs_read_lower(file_size, 0, ECRYPTFS_SIZE_AND_MARKER_BYTES,
inode); inode);
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) if (rc < 0)
return rc >= 0 ? -EINVAL : rc; return rc;
else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
return -EINVAL;
rc = ecryptfs_validate_marker(marker); rc = ecryptfs_validate_marker(marker);
if (!rc) if (!rc)
ecryptfs_i_size_init(file_size, inode); ecryptfs_i_size_init(file_size, inode);
...@@ -1115,9 +1114,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, ...@@ -1115,9 +1114,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry,
char *page_virt, size_t size) char *page_virt, size_t size)
{ {
int rc; int rc;
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
struct inode *lower_inode = d_inode(lower_dentry);
rc = ecryptfs_setxattr(ecryptfs_dentry, ecryptfs_inode, if (!(lower_inode->i_opflags & IOP_XATTR)) {
ECRYPTFS_XATTR_NAME, page_virt, size, 0); rc = -EOPNOTSUPP;
goto out;
}
inode_lock(lower_inode);
rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
page_virt, size, 0);
if (!rc && ecryptfs_inode)
fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
inode_unlock(lower_inode);
out:
return rc; return rc;
} }
...@@ -1291,12 +1302,7 @@ static int ecryptfs_read_headers_virt(char *page_virt, ...@@ -1291,12 +1302,7 @@ static int ecryptfs_read_headers_virt(char *page_virt,
if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED)) if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry)); ecryptfs_i_size_init(page_virt, d_inode(ecryptfs_dentry));
offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset), ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read);
&bytes_read);
if (rc) {
ecryptfs_printk(KERN_WARNING, "Error processing flags\n");
goto out;
}
if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) { if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) {
ecryptfs_printk(KERN_WARNING, "File version is [%d]; only " ecryptfs_printk(KERN_WARNING, "File version is [%d]; only "
"file version [%d] is supported by this " "file version [%d] is supported by this "
...@@ -1367,8 +1373,10 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, ...@@ -1367,8 +1373,10 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry,
ecryptfs_inode_to_lower(inode), ecryptfs_inode_to_lower(inode),
ECRYPTFS_XATTR_NAME, file_size, ECRYPTFS_XATTR_NAME, file_size,
ECRYPTFS_SIZE_AND_MARKER_BYTES); ECRYPTFS_SIZE_AND_MARKER_BYTES);
if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) if (rc < 0)
return rc >= 0 ? -EINVAL : rc; return rc;
else if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES)
return -EINVAL;
rc = ecryptfs_validate_marker(marker); rc = ecryptfs_validate_marker(marker);
if (!rc) if (!rc)
ecryptfs_i_size_init(file_size, inode); ecryptfs_i_size_init(file_size, inode);
......
...@@ -83,25 +83,9 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok) ...@@ -83,25 +83,9 @@ void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok)
*/ */
void ecryptfs_dump_hex(char *data, int bytes) void ecryptfs_dump_hex(char *data, int bytes)
{ {
int i = 0;
int add_newline = 1;
if (ecryptfs_verbosity < 1) if (ecryptfs_verbosity < 1)
return; return;
if (bytes != 0) {
printk(KERN_DEBUG "0x%.2x.", (unsigned char)data[i]);
i++;
}
while (i < bytes) {
printk("0x%.2x.", (unsigned char)data[i]);
i++;
if (i % 16 == 0) {
printk("\n");
add_newline = 0;
} else
add_newline = 1;
}
if (add_newline)
printk("\n");
}
print_hex_dump(KERN_DEBUG, "ecryptfs: ", DUMP_PREFIX_OFFSET, 16, 1,
data, bytes, false);
}
...@@ -1121,7 +1121,7 @@ static int ecryptfs_xattr_set(const struct xattr_handler *handler, ...@@ -1121,7 +1121,7 @@ static int ecryptfs_xattr_set(const struct xattr_handler *handler,
} }
} }
const struct xattr_handler ecryptfs_xattr_handler = { static const struct xattr_handler ecryptfs_xattr_handler = {
.prefix = "", /* match anything */ .prefix = "", /* match anything */
.get = ecryptfs_xattr_get, .get = ecryptfs_xattr_get,
.set = ecryptfs_xattr_set, .set = ecryptfs_xattr_set,
......
...@@ -1048,8 +1048,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, ...@@ -1048,8 +1048,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
"rc = [%d]\n", __func__, rc); "rc = [%d]\n", __func__, rc);
goto out_free_unlock; goto out_free_unlock;
} }
while (s->decrypted_filename[s->i] != '\0'
&& s->i < s->block_aligned_filename_size) while (s->i < s->block_aligned_filename_size &&
s->decrypted_filename[s->i] != '\0')
s->i++; s->i++;
if (s->i == s->block_aligned_filename_size) { if (s->i == s->block_aligned_filename_size) {
printk(KERN_WARNING "%s: Invalid tag 70 packet; could not " printk(KERN_WARNING "%s: Invalid tag 70 packet; could not "
...@@ -1611,9 +1612,9 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, ...@@ -1611,9 +1612,9 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
int rc = 0; int rc = 0;
(*auth_tok_key) = request_key(&key_type_user, sig, NULL); (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { if (IS_ERR(*auth_tok_key)) {
(*auth_tok_key) = ecryptfs_get_encrypted_key(sig); (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { if (IS_ERR(*auth_tok_key)) {
printk(KERN_ERR "Could not find key with description: [%s]\n", printk(KERN_ERR "Could not find key with description: [%s]\n",
sig); sig);
rc = process_request_key_err(PTR_ERR(*auth_tok_key)); rc = process_request_key_err(PTR_ERR(*auth_tok_key));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment