[020/136] eCryptfs: Check for O_RDONLY lower inodes when opening lower files

From: Greg KH
Date: Thu Oct 01 2009 - 21:32:57 EST

Next message: Greg KH: "[028/136] xen: check EFER for NX before setting up GDT mapping"
Previous message: Greg KH: "[017/136] alpha: AGP update (fixes compile failure)"
In reply to: Greg KH: "[017/136] alpha: AGP update (fixes compile failure)"
Next in thread: Greg KH: "[028/136] xen: check EFER for NX before setting up GDT mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.31-stable review patch. If anyone has any objections, please let us know.

------------------
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>

commit ac22ba23b659e34a5961aec8c945608e471b0d5b upstream.

If the lower inode is read-only, don't attempt to open the lower file
read/write and don't hand off the open request to the privileged
eCryptfs kthread for opening it read/write. Instead, only try an
unprivileged, read-only open of the file and give up if that fails.
This patch fixes an oops when eCryptfs is mounted on top of a read-only
mount.

Acked-by: Serge Hallyn <serue@xxxxxxxxxx>
Cc: Eric Sandeen <esandeen@xxxxxxxxxx>
Cc: Dave Kleikamp <shaggy@xxxxxxxxxxxxxxxxxx>
Cc: ecryptfs-devel@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
fs/ecryptfs/kthread.c | 24 ++++++++----------------
fs/ecryptfs/main.c | 3 +--
2 files changed, 9 insertions(+), 18 deletions(-)

--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -136,6 +136,7 @@ int ecryptfs_privileged_open(struct file
const struct cred *cred)
{
struct ecryptfs_open_req *req;
+ int flags = O_LARGEFILE;
int rc = 0;

/* Corresponding dput() and mntput() are done when the
@@ -143,10 +144,14 @@ int ecryptfs_privileged_open(struct file
* destroyed. */
dget(lower_dentry);
mntget(lower_mnt);
- (*lower_file) = dentry_open(lower_dentry, lower_mnt,
- (O_RDWR | O_LARGEFILE), cred);
+ flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;
+ (*lower_file) = dentry_open(lower_dentry, lower_mnt, flags, cred);
if (!IS_ERR(*lower_file))
goto out;
+ if (flags & O_RDONLY) {
+ rc = PTR_ERR((*lower_file));
+ goto out;
+ }
req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
if (!req) {
rc = -ENOMEM;
@@ -180,21 +185,8 @@ int ecryptfs_privileged_open(struct file
__func__);
goto out_unlock;
}
- if (IS_ERR(*req->lower_file)) {
+ if (IS_ERR(*req->lower_file))
rc = PTR_ERR(*req->lower_file);
- dget(lower_dentry);
- mntget(lower_mnt);
- (*lower_file) = dentry_open(lower_dentry, lower_mnt,
- (O_RDONLY | O_LARGEFILE), cred);
- if (IS_ERR(*lower_file)) {
- rc = PTR_ERR(*req->lower_file);
- (*lower_file) = NULL;
- printk(KERN_WARNING "%s: Error attempting privileged "
- "open of lower file with either RW or RO "
- "perms; rc = [%d]. Giving up.\n",
- __func__, rc);
- }
- }
out_unlock:
mutex_unlock(&req->mux);
out_free:
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -129,11 +129,10 @@ int ecryptfs_init_persistent_file(struct
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
rc = ecryptfs_privileged_open(&inode_info->lower_file,
lower_dentry, lower_mnt, cred);
- if (rc || IS_ERR(inode_info->lower_file)) {
+ if (rc) {
printk(KERN_ERR "Error opening lower persistent file "
"for lower_dentry [0x%p] and lower_mnt [0x%p]; "
"rc = [%d]\n", lower_dentry, lower_mnt, rc);
- rc = PTR_ERR(inode_info->lower_file);
inode_info->lower_file = NULL;
}
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[028/136] xen: check EFER for NX before setting up GDT mapping"
Previous message: Greg KH: "[017/136] alpha: AGP update (fixes compile failure)"
In reply to: Greg KH: "[017/136] alpha: AGP update (fixes compile failure)"
Next in thread: Greg KH: "[028/136] xen: check EFER for NX before setting up GDT mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]