linux/fs/ecryptfs/miscdev.c, branch v2.6.32

eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev()

2009-04-22T08:54:13Z

If data is NULL, msg_ctx->msg is set to NULL and then dereferenced afterwards. ecryptfs_send_raw_message() is the only place that ecryptfs_send_miscdev() is called with data being NULL, but the only caller of that function (ecryptfs_process_helo()) is never called. In short, there is currently no way to trigger the NULL pointer dereference. This patch removes the two unused functions and modifies ecryptfs_send_miscdev() to remove the NULL dereferences. Signed-off-by: Tyler Hicks

ecryptfs: use memdup_user()

2009-04-21T03:02:51Z

Remove open-coded memdup_user(). Signed-off-by: Li Zefan Signed-off-by: Al Viro

eCryptfs: Replace %Z with %z

2009-01-06T23:59:22Z

%Z is a gcc-ism. Using %z instead. Signed-off-by: Michael Halcrow Cc: Dustin Kirkland Cc: Eric Sandeen Cc: Tyler Hicks Cc: David Kleikamp Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

User namespaces: set of cleanups (v2)

2008-11-24T23:57:41Z

The user_ns is moved from nsproxy to user_struct, so that a struct cred by itself is sufficient to determine access (which it otherwise would not be). Corresponding ecryptfs fixes (by David Howells) are here as well. Fix refcounting. The following rules now apply: 1. The task pins the user struct. 2. The user struct pins its user namespace. 3. The user namespace pins the struct user which created it. User namespaces are cloned during copy_creds(). Unsharing a new user_ns is no longer possible. (We could re-add that, but it'll cause code duplication and doesn't seem useful if PAM doesn't need to clone user namespaces). When a user namespace is created, its first user (uid 0) gets empty keyrings and a clean group_info. This incorporates a previous patch by David Howells. Here is his original patch description: >I suggest adding the attached incremental patch. It makes the following >changes: > > (1) Provides a current_user_ns() macro to wrap accesses to current's user > namespace. > > (2) Fixes eCryptFS. > > (3) Renames create_new_userns() to create_user_ns() to be more consistent > with the other associated functions and because the 'new' in the name is > superfluous. > > (4) Moves the argument and permission checks made for CLONE_NEWUSER to the > beginning of do_fork() so that they're done prior to making any attempts > at allocation. > > (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds > to fill in rather than have it return the new root user. I don't imagine > the new root user being used for anything other than filling in a cred > struct. > > This also permits me to get rid of a get_uid() and a free_uid(), as the > reference the creds were holding on the old user_struct can just be > transferred to the new namespace's creator pointer. > > (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under > preparation rather than doing it in copy_creds(). > >David >Signed-off-by: David Howells Changelog: Oct 20: integrate dhowells comments 1. leave thread_keyring alone 2. use current_user_ns() in set_user() Signed-off-by: Serge Hallyn

CRED: Wrap task credential accesses in the eCryptFS filesystem

2008-11-13T23:38:49Z

Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells Reviewed-by: James Morris Acked-by: Serge Hallyn Cc: Mike Halcrow Cc: Phillip Hellewell Cc: ecryptfs-devel@lists.sourceforge.net Signed-off-by: James Morris

ecryptfs: discard ecryptfsd registration messages in miscdev

2008-07-24T17:47:31Z

The userspace eCryptfs daemon sends HELO and QUIT messages to the kernel for per-user daemon (un)registration. These messages are required when netlink is used as the transport, but (un)registration is handled by opening and closing the device file when miscdev is the transport. These messages should be discarded in the miscdev transport so that a daemon isn't registered twice. Signed-off-by: Tyler Hicks Cc: Michael Halcrow Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

ecryptfs: remove unnecessary mux from ecryptfs_init_ecryptfs_miscdev()

2008-07-04T17:40:05Z

The misc_mtx should provide all the protection required to keep the daemon hash table sane during miscdev registration. Since this mutex is causing gratuitous lockdep warnings, this patch removes it. Signed-off-by: Michael Halcrow Reported-by: Cyrill Gorcunov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

ecryptfs fixes

2008-05-21T23:55:59Z

memcpy() from userland pointer is a Bad Thing(tm) Signed-off-by: Al Viro Signed-off-by: Linus Torvalds

eCryptFS: fix imbalanced mutex locking

2008-05-13T15:02:26Z

Fix imbalanced calls for mutex lock/unlock on ecryptfs_daemon_hash_mux Revealed by Ingo Molnar: http://lkml.org/lkml/2008/5/7/260 Signed-off-by: Cyrill Gorcunov Cc: Michael Halcrow Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

eCryptfs: make key module subsystem respect namespaces

2008-04-29T15:06:07Z

Make eCryptfs key module subsystem respect namespaces. Since I will be removing the netlink interface in a future patch, I just made changes to the netlink.c code so that it will not break the build. With my recent patches, the kernel module currently defaults to the device handle interface rather than the netlink interface. [akpm@linux-foundation.org: export free_user_ns()] Signed-off-by: Michael Halcrow Acked-by: Serge Hallyn Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds