3.0 patches

diff --git a/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
new file mode 100644 (file)
index 0000000..3739f16
--- /dev/null
+++ b/queue-3.0/ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
@@ -0,0 +1,110 @@
+From 764355487ea220fdc2faf128d577d7f679b91f97 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Fri, 22 Jul 2011 08:14:15 -0700
+Subject: Ecryptfs: Add mount option to check uid of device being
+ mounted = expect uid
+
+From: John Johansen <john.johansen@canonical.com>
+
+commit 764355487ea220fdc2faf128d577d7f679b91f97 upstream.
+
+Close a TOCTOU race for mounts done via ecryptfs-mount-private.  The mount
+source (device) can be raced when the ownership test is done in userspace.
+Provide Ecryptfs a means to force the uid check at mount time.
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/main.c |   23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -175,6 +175,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ec
+        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
+        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
+        ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
++       ecryptfs_opt_check_dev_ruid,
+        ecryptfs_opt_err };
+ 
+ static const match_table_t tokens = {
+@@ -191,6 +192,7 @@ static const match_table_t tokens = {
+       {ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
+       {ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
+       {ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
++      {ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
+       {ecryptfs_opt_err, NULL}
+ };
+ 
+@@ -236,6 +238,7 @@ static void ecryptfs_init_mount_crypt_st
+  * ecryptfs_parse_options
+  * @sb: The ecryptfs super block
+  * @options: The options passed to the kernel
++ * @check_ruid: set to 1 if device uid should be checked against the ruid
+  *
+  * Parse mount options:
+  * debug=N       - ecryptfs_verbosity level for debug output
+@@ -251,7 +254,8 @@ static void ecryptfs_init_mount_crypt_st
+  *
+  * Returns zero on success; non-zero on error
+  */
+-static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
++static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
++                                uid_t *check_ruid)
+ {
+       char *p;
+       int rc = 0;
+@@ -276,6 +280,8 @@ static int ecryptfs_parse_options(struct
+       char *cipher_key_bytes_src;
+       char *fn_cipher_key_bytes_src;
+ 
++      *check_ruid = 0;
++
+       if (!options) {
+               rc = -EINVAL;
+               goto out;
+@@ -380,6 +386,9 @@ static int ecryptfs_parse_options(struct
+                       mount_crypt_stat->flags |=
+                               ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
+                       break;
++              case ecryptfs_opt_check_dev_ruid:
++                      *check_ruid = 1;
++                      break;
+               case ecryptfs_opt_err:
+               default:
+                       printk(KERN_WARNING
+@@ -475,6 +484,7 @@ static struct dentry *ecryptfs_mount(str
+       const char *err = "Getting sb failed";
+       struct inode *inode;
+       struct path path;
++      uid_t check_ruid;
+       int rc;
+ 
+       sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
+@@ -483,7 +493,7 @@ static struct dentry *ecryptfs_mount(str
+               goto out;
+       }
+ 
+-      rc = ecryptfs_parse_options(sbi, raw_data);
++      rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
+       if (rc) {
+               err = "Error parsing options";
+               goto out;
+@@ -521,6 +531,15 @@ static struct dentry *ecryptfs_mount(str
+                       "known incompatibilities\n");
+               goto out_free;
+       }
++
++      if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
++              rc = -EPERM;
++              printk(KERN_ERR "Mount of device (uid: %d) not owned by "
++                     "requested user (uid: %d)\n",
++                     path.dentry->d_inode->i_uid, current_uid());
++              goto out_free;
++      }
++
+       ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
+       s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+       s->s_blocksize = path.dentry->d_sb->s_blocksize;

diff --git a/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch
new file mode 100644 (file)
index 0000000..f197bfa
--- /dev/null
+++ b/queue-3.0/ecryptfs-return-error-when-lower-file-pointer-is-null.patch
@@ -0,0 +1,66 @@
+From f61500e000eedc0c7a0201200a7f00ba5529c002 Mon Sep 17 00:00:00 2001
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Date: Thu, 4 Aug 2011 22:58:51 -0500
+Subject: eCryptfs: Return error when lower file pointer is NULL
+
+From: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+
+commit f61500e000eedc0c7a0201200a7f00ba5529c002 upstream.
+
+When an eCryptfs inode's lower file has been closed, and the pointer has
+been set to NULL, return an error when trying to do a lower read or
+write rather than calling BUG().
+
+https://bugzilla.kernel.org/show_bug.cgi?id=37292
+
+Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ecryptfs/read_write.c |   18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+--- a/fs/ecryptfs/read_write.c
++++ b/fs/ecryptfs/read_write.c
+@@ -39,15 +39,16 @@
+ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
+                        loff_t offset, size_t size)
+ {
+-      struct ecryptfs_inode_info *inode_info;
++      struct file *lower_file;
+       mm_segment_t fs_save;
+       ssize_t rc;
+ 
+-      inode_info = ecryptfs_inode_to_private(ecryptfs_inode);
+-      BUG_ON(!inode_info->lower_file);
++      lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
++      if (!lower_file)
++              return -EIO;
+       fs_save = get_fs();
+       set_fs(get_ds());
+-      rc = vfs_write(inode_info->lower_file, data, size, &offset);
++      rc = vfs_write(lower_file, data, size, &offset);
+       set_fs(fs_save);
+       mark_inode_dirty_sync(ecryptfs_inode);
+       return rc;
+@@ -225,15 +226,16 @@ out:
+ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
+                       struct inode *ecryptfs_inode)
+ {
+-      struct ecryptfs_inode_info *inode_info =
+-              ecryptfs_inode_to_private(ecryptfs_inode);
++      struct file *lower_file;
+       mm_segment_t fs_save;
+       ssize_t rc;
+ 
+-      BUG_ON(!inode_info->lower_file);
++      lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
++      if (!lower_file)
++              return -EIO;
+       fs_save = get_fs();
+       set_fs(get_ds());
+-      rc = vfs_read(inode_info->lower_file, data, size, &offset);
++      rc = vfs_read(lower_file, data, size, &offset);
+       set_fs(fs_save);
+       return rc;
+ }

diff --git a/queue-3.0/series b/queue-3.0/series
index f129241a16c45fcd67f2f5cc275ee426548ca8db..7374fcb7bd38d26fc2c87d1203d28b7ba94fc6a2 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -74,3 +74,5 @@ sparc-use-popc-when-possible-for-ffs-__ffs-ffz.patch
 sparc-access-kernel-tsb-using-physical-addressing-when-possible.patch
 sparc-size-mondo-queues-more-sanely.patch
 sparc-fix-build-with-debug_pagealloc-enabled.patch
+ecryptfs-add-mount-option-to-check-uid-of-device-being.patch
+ecryptfs-return-error-when-lower-file-pointer-is-null.patch