| From f0fe970df3838c202ef6c07a4c2b36838ef0a88b Mon Sep 17 00:00:00 2001 |
| From: Jeff Mahoney <jeffm@suse.com> |
| Date: Tue, 5 Jul 2016 17:32:30 -0400 |
| Subject: ecryptfs: don't allow mmap when the lower fs doesn't support it |
| |
| From: Jeff Mahoney <jeffm@suse.com> |
| |
| commit f0fe970df3838c202ef6c07a4c2b36838ef0a88b upstream. |
| |
| There are legitimate reasons to disallow mmap on certain files, notably |
| in sysfs or procfs. We shouldn't emulate mmap support on file systems |
| that don't offer support natively. |
| |
| CVE-2016-1583 |
| |
| Signed-off-by: Jeff Mahoney <jeffm@suse.com> |
| [tyhicks: clean up f_op check by using ecryptfs_file_to_lower()] |
| Signed-off-by: Tyler Hicks <tyhicks@canonical.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/ecryptfs/file.c | 15 ++++++++++++++- |
| 1 file changed, 14 insertions(+), 1 deletion(-) |
| |
| --- a/fs/ecryptfs/file.c |
| +++ b/fs/ecryptfs/file.c |
| @@ -170,6 +170,19 @@ out: |
| return rc; |
| } |
| |
| +static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma) |
| +{ |
| + struct file *lower_file = ecryptfs_file_to_lower(file); |
| + /* |
| + * Don't allow mmap on top of file systems that don't support it |
| + * natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs |
| + * allows recursive mounting, this will need to be extended. |
| + */ |
| + if (!lower_file->f_op->mmap) |
| + return -ENODEV; |
| + return generic_file_mmap(file, vma); |
| +} |
| + |
| /** |
| * ecryptfs_open |
| * @inode: inode speciying file to open |
| @@ -364,7 +377,7 @@ const struct file_operations ecryptfs_ma |
| #ifdef CONFIG_COMPAT |
| .compat_ioctl = ecryptfs_compat_ioctl, |
| #endif |
| - .mmap = generic_file_mmap, |
| + .mmap = ecryptfs_mmap, |
| .open = ecryptfs_open, |
| .flush = ecryptfs_flush, |
| .release = ecryptfs_release, |
