diff options
Diffstat (limited to 'recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0096-eCryptfs-Gracefully-refuse-miscdev-file-ops-on-inher.patch')
-rw-r--r-- | recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0096-eCryptfs-Gracefully-refuse-miscdev-file-ops-on-inher.patch | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0096-eCryptfs-Gracefully-refuse-miscdev-file-ops-on-inher.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0096-eCryptfs-Gracefully-refuse-miscdev-file-ops-on-inher.patch new file mode 100644 index 00000000..ba3b5582 --- /dev/null +++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0096-eCryptfs-Gracefully-refuse-miscdev-file-ops-on-inher.patch | |||
@@ -0,0 +1,98 @@ | |||
1 | From 5daf178c74f17e523291b0c4eabbf3b3f3740b75 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tyler Hicks <tyhicks@canonical.com> | ||
3 | Date: Mon, 11 Jun 2012 09:24:11 -0700 | ||
4 | Subject: [PATCH 096/109] eCryptfs: Gracefully refuse miscdev file ops on | ||
5 | inherited/passed files | ||
6 | |||
7 | commit 8dc6780587c99286c0d3de747a2946a76989414a upstream. | ||
8 | |||
9 | File operations on /dev/ecryptfs would BUG() when the operations were | ||
10 | performed by processes other than the process that originally opened the | ||
11 | file. This could happen with open files inherited after fork() or file | ||
12 | descriptors passed through IPC mechanisms. Rather than calling BUG(), an | ||
13 | error code can be safely returned in most situations. | ||
14 | |||
15 | In ecryptfs_miscdev_release(), eCryptfs still needs to handle the | ||
16 | release even if the last file reference is being held by a process that | ||
17 | didn't originally open the file. ecryptfs_find_daemon_by_euid() will not | ||
18 | be successful, so a pointer to the daemon is stored in the file's | ||
19 | private_data. The private_data pointer is initialized when the miscdev | ||
20 | file is opened and only used when the file is released. | ||
21 | |||
22 | https://launchpad.net/bugs/994247 | ||
23 | |||
24 | Signed-off-by: Tyler Hicks <tyhicks@canonical.com> | ||
25 | Reported-by: Sasha Levin <levinsasha928@gmail.com> | ||
26 | Tested-by: Sasha Levin <levinsasha928@gmail.com> | ||
27 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | ||
28 | --- | ||
29 | fs/ecryptfs/miscdev.c | 23 ++++++++++++++++------- | ||
30 | 1 files changed, 16 insertions(+), 7 deletions(-) | ||
31 | |||
32 | diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c | ||
33 | index 0dc5a3d..a050e4b 100644 | ||
34 | --- a/fs/ecryptfs/miscdev.c | ||
35 | +++ b/fs/ecryptfs/miscdev.c | ||
36 | @@ -49,7 +49,10 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) | ||
37 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
38 | /* TODO: Just use file->private_data? */ | ||
39 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
40 | - BUG_ON(rc || !daemon); | ||
41 | + if (rc || !daemon) { | ||
42 | + mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
43 | + return -EINVAL; | ||
44 | + } | ||
45 | mutex_lock(&daemon->mux); | ||
46 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
47 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { | ||
48 | @@ -122,6 +125,7 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) | ||
49 | goto out_unlock_daemon; | ||
50 | } | ||
51 | daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; | ||
52 | + file->private_data = daemon; | ||
53 | atomic_inc(&ecryptfs_num_miscdev_opens); | ||
54 | out_unlock_daemon: | ||
55 | mutex_unlock(&daemon->mux); | ||
56 | @@ -152,9 +156,9 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file) | ||
57 | |||
58 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
59 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
60 | - BUG_ON(rc || !daemon); | ||
61 | + if (rc || !daemon) | ||
62 | + daemon = file->private_data; | ||
63 | mutex_lock(&daemon->mux); | ||
64 | - BUG_ON(daemon->pid != task_pid(current)); | ||
65 | BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); | ||
66 | daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; | ||
67 | atomic_dec(&ecryptfs_num_miscdev_opens); | ||
68 | @@ -246,8 +250,16 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | ||
69 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
70 | /* TODO: Just use file->private_data? */ | ||
71 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
72 | - BUG_ON(rc || !daemon); | ||
73 | + if (rc || !daemon) { | ||
74 | + mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
75 | + return -EINVAL; | ||
76 | + } | ||
77 | mutex_lock(&daemon->mux); | ||
78 | + if (task_pid(current) != daemon->pid) { | ||
79 | + mutex_unlock(&daemon->mux); | ||
80 | + mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
81 | + return -EPERM; | ||
82 | + } | ||
83 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { | ||
84 | rc = 0; | ||
85 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
86 | @@ -284,9 +296,6 @@ check_list: | ||
87 | * message from the queue; try again */ | ||
88 | goto check_list; | ||
89 | } | ||
90 | - BUG_ON(euid != daemon->euid); | ||
91 | - BUG_ON(current_user_ns() != daemon->user_ns); | ||
92 | - BUG_ON(task_pid(current) != daemon->pid); | ||
93 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, | ||
94 | struct ecryptfs_msg_ctx, daemon_out_list); | ||
95 | BUG_ON(!msg_ctx); | ||
96 | -- | ||
97 | 1.7.7.6 | ||
98 | |||