queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch - pub/scm/linux/kernel/git/longterm/longterm-queue-2.6.32 - Git at Google

 From tim.gardner@canonical.com  Wed Feb 15 14:05:29 2012
 From: Tim Gardner <tim.gardner@canonical.com>
 Date: Wed, 15 Feb 2012 14:10:52 -0700
 Subject: Ban ecryptfs over ecryptfs
 To: stable@vger.kernel.org, gregkh@linuxfoundation.org
 Cc: Al Viro <viro@zeniv.linux.org.uk>, Tim Gardner <tim.gardner@canonical.com>
 Message-ID: <1329340253-126075-1-git-send-email-tim.gardner@canonical.com>


 From: Al Viro <viro@zeniv.linux.org.uk>

 (cherry picked from commit 4403158ba295c8e36f6736b1bb12d0f7e1923dac)

 This is a seriously simplified patch from Eric Sandeen; copy of
 rationale follows:
 ===
   mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs
   in testing.  For crypto info in xattr, there is no mechanism for handling
   this at all, and for normal file headers, we run into other trouble:

   BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
   IP: [<ffffffffa015b0b3>] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]
   ...

   There doesn't seem to be any good usecase for this, so I'd suggest just
   disallowing the configuration.

   Based on a patch originally, I believe, from Mike Halcrow.
 ===

 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  fs/ecryptfs/main.c |    8 ++++++++
  1 file changed, 8 insertions(+)

 --- a/fs/ecryptfs/main.c
 +++ b/fs/ecryptfs/main.c
 @@ -487,6 +487,7 @@ out:
  }

  struct kmem_cache *ecryptfs_sb_info_cache;
 +static struct file_system_type ecryptfs_fs_type;

  /**
   * ecryptfs_fill_super
 @@ -561,6 +562,13 @@ static int ecryptfs_read_super(struct su
  		ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
  		goto out;
  	}
 +	if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
 +		rc = -EINVAL;
 +		printk(KERN_ERR "Mount on filesystem of type "
 +			"eCryptfs explicitly disallowed due to "
 +			"known incompatibilities\n");
 +		goto out_free;
 +	}
  	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
  	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
  	sb->s_blocksize = path.dentry->d_sb->s_blocksize;
	From tim.gardner@canonical.com Wed Feb 15 14:05:29 2012
	From: Tim Gardner <tim.gardner@canonical.com>
	Date: Wed, 15 Feb 2012 14:10:52 -0700
	Subject: Ban ecryptfs over ecryptfs
	To: stable@vger.kernel.org, gregkh@linuxfoundation.org
	Cc: Al Viro <viro@zeniv.linux.org.uk>, Tim Gardner <tim.gardner@canonical.com>
	Message-ID: <1329340253-126075-1-git-send-email-tim.gardner@canonical.com>


	From: Al Viro <viro@zeniv.linux.org.uk>

	(cherry picked from commit 4403158ba295c8e36f6736b1bb12d0f7e1923dac)

	This is a seriously simplified patch from Eric Sandeen; copy of
	rationale follows:
	===
	mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs
	in testing. For crypto info in xattr, there is no mechanism for handling
	this at all, and for normal file headers, we run into other trouble:

	BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
	IP: [<ffffffffa015b0b3>] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]
	...

	There doesn't seem to be any good usecase for this, so I'd suggest just
	disallowing the configuration.

	Based on a patch originally, I believe, from Mike Halcrow.
	===

	Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
	Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	fs/ecryptfs/main.c \| 8 ++++++++
	1 file changed, 8 insertions(+)

	--- a/fs/ecryptfs/main.c
	+++ b/fs/ecryptfs/main.c
	@@ -487,6 +487,7 @@ out:
	}

	struct kmem_cache *ecryptfs_sb_info_cache;
	+static struct file_system_type ecryptfs_fs_type;

	/**
	* ecryptfs_fill_super
	@@ -561,6 +562,13 @@ static int ecryptfs_read_super(struct su
	ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
	goto out;
	}
	+ if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
	+ rc = -EINVAL;
	+ printk(KERN_ERR "Mount on filesystem of type "
	+ "eCryptfs explicitly disallowed due to "
	+ "known incompatibilities\n");
	+ goto out_free;
	+ }
	ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
	sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
	sb->s_blocksize = path.dentry->d_sb->s_blocksize;