Patched in Tegra support.

1 files changed, 120 insertions, 15 deletions

diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index 5fa2471796c..ab224809051 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -32,8 +32,8 @@ static struct mutex ecryptfs_msg_ctx_lists_mux;
 static struct hlist_head *ecryptfs_daemon_hash;
 struct mutex ecryptfs_daemon_hash_mux;
 static int ecryptfs_hash_bits;
-#define ecryptfs_current_euid_hash(uid) \
-        hash_long((unsigned long)from_kuid(&init_user_ns, current_euid()), ecryptfs_hash_bits)
+#define ecryptfs_uid_hash(uid) \
+        hash_long((unsigned long)uid, ecryptfs_hash_bits)
 
 static u32 ecryptfs_msg_counter;
 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
@@ -105,23 +105,26 @@ void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx)
 
 /**
  * ecryptfs_find_daemon_by_euid
+ * @euid: The effective user id which maps to the desired daemon id
+ * @user_ns: The namespace in which @euid applies
  * @daemon: If return value is zero, points to the desired daemon pointer
  *
  * Must be called with ecryptfs_daemon_hash_mux held.
  *
- * Search the hash list for the current effective user id.
+ * Search the hash list for the given user id.
  *
  * Returns zero if the user id exists in the list; non-zero otherwise.
  */
-int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon)
+int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid,
+                                 struct user_namespace *user_ns)
 {
         struct hlist_node *elem;
         int rc;
 
         hlist_for_each_entry(*daemon, elem,
-                            &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()],
-                            euid_chain) {
-                if (uid_eq((*daemon)->file->f_cred->euid, current_euid())) {
+                             &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)],
+                             euid_chain) {
+                if ((*daemon)->euid == euid && (*daemon)->user_ns == user_ns) {
                         rc = 0;
                         goto out;
                 }
@@ -134,7 +137,9 @@ out:
 /**
  * ecryptfs_spawn_daemon - Create and initialize a new daemon struct
  * @daemon: Pointer to set to newly allocated daemon struct
- * @file: File used when opening /dev/ecryptfs
+ * @euid: Effective user id for the daemon
+ * @user_ns: The namespace in which @euid applies
+ * @pid: Process id for the daemon
  *
  * Must be called ceremoniously while in possession of
  * ecryptfs_sacred_daemon_hash_mux
@@ -142,7 +147,8 @@ out:
  * Returns zero on success; non-zero otherwise
  */
 int
-ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file)
+ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid,
+                      struct user_namespace *user_ns, struct pid *pid)
 {
         int rc = 0;
 
@@ -153,13 +159,16 @@ ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file)
                        "GFP_KERNEL memory\n", __func__, sizeof(**daemon));
                 goto out;
         }
-        (*daemon)->file = file;
+        (*daemon)->euid = euid;
+        (*daemon)->user_ns = get_user_ns(user_ns);
+        (*daemon)->pid = get_pid(pid);
+        (*daemon)->task = current;
         mutex_init(&(*daemon)->mux);
         INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue);
         init_waitqueue_head(&(*daemon)->wait);
         (*daemon)->num_queued_msg_ctx = 0;
         hlist_add_head(&(*daemon)->euid_chain,
-                       &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()]);
+                       &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]);
 out:
         return rc;
 }
@@ -179,6 +188,9 @@ int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon)
         if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ)
             || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) {
                 rc = -EBUSY;
+                printk(KERN_WARNING "%s: Attempt to destroy daemon with pid "
+                       "[0x%p], but it is in the midst of a read or a poll\n",
+                       __func__, daemon->pid);
                 mutex_unlock(&daemon->mux);
                 goto out;
         }
@@ -191,6 +203,12 @@ int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon)
                 ecryptfs_msg_ctx_alloc_to_free(msg_ctx);
         }
         hlist_del(&daemon->euid_chain);
+        if (daemon->task)
+                wake_up_process(daemon->task);
+        if (daemon->pid)
+                put_pid(daemon->pid);
+        if (daemon->user_ns)
+                put_user_ns(daemon->user_ns);
         mutex_unlock(&daemon->mux);
         kzfree(daemon);
 out:
@@ -198,9 +216,42 @@ out:
 }
 
 /**
+ * ecryptfs_process_quit
+ * @euid: The user ID owner of the message
+ * @user_ns: The namespace in which @euid applies
+ * @pid: The process ID for the userspace program that sent the
+ *       message
+ *
+ * Deletes the corresponding daemon for the given euid and pid, if
+ * it is the registered that is requesting the deletion. Returns zero
+ * after deleting the desired daemon; non-zero otherwise.
+ */
+int ecryptfs_process_quit(uid_t euid, struct user_namespace *user_ns,
+                          struct pid *pid)
+{
+        struct ecryptfs_daemon *daemon;
+        int rc;
+
+        mutex_lock(&ecryptfs_daemon_hash_mux);
+        rc = ecryptfs_find_daemon_by_euid(&daemon, euid, user_ns);
+        if (rc || !daemon) {
+                rc = -EINVAL;
+                printk(KERN_ERR "Received request from user [%d] to "
+                       "unregister unrecognized daemon [0x%p]\n", euid, pid);
+                goto out_unlock;
+        }
+        rc = ecryptfs_exorcise_daemon(daemon);
+out_unlock:
+        mutex_unlock(&ecryptfs_daemon_hash_mux);
+        return rc;
+}
+
+/**
  * ecryptfs_process_reponse
  * @msg: The ecryptfs message received; the caller should sanity check
  *       msg->data_len and free the memory
+ * @pid: The process ID of the userspace application that sent the
+ *       message
  * @seq: The sequence number of the message; must match the sequence
  *       number for the existing message context waiting for this
  *       response
@@ -219,11 +270,16 @@ out:
  *
  * Returns zero on success; non-zero otherwise
  */
-int ecryptfs_process_response(struct ecryptfs_daemon *daemon,
-                              struct ecryptfs_message *msg, u32 seq)
+int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
+                              struct user_namespace *user_ns, struct pid *pid,
+                              u32 seq)
 {
+        struct ecryptfs_daemon *uninitialized_var(daemon);
         struct ecryptfs_msg_ctx *msg_ctx;
         size_t msg_size;
+        struct nsproxy *nsproxy;
+        struct user_namespace *tsk_user_ns;
+        uid_t ctx_euid;
         int rc;
 
         if (msg->index >= ecryptfs_message_buf_len) {
@@ -236,6 +292,51 @@ int ecryptfs_process_response(struct ecryptfs_daemon *daemon,
         }
         msg_ctx = &ecryptfs_msg_ctx_arr[msg->index];
         mutex_lock(&msg_ctx->mux);
+        mutex_lock(&ecryptfs_daemon_hash_mux);
+        rcu_read_lock();
+        nsproxy = task_nsproxy(msg_ctx->task);
+        if (nsproxy == NULL) {
+                rc = -EBADMSG;
+                printk(KERN_ERR "%s: Receiving process is a zombie. Dropping "
+                       "message.\n", __func__);
+                rcu_read_unlock();
+                mutex_unlock(&ecryptfs_daemon_hash_mux);
+                goto wake_up;
+        }
+        tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;
+        ctx_euid = task_euid(msg_ctx->task);
+        rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
+        rcu_read_unlock();
+        mutex_unlock(&ecryptfs_daemon_hash_mux);
+        if (rc) {
+                rc = -EBADMSG;
+                printk(KERN_WARNING "%s: User [%d] received a "
+                       "message response from process [0x%p] but does "
+                       "not have a registered daemon\n", __func__,
+                       ctx_euid, pid);
+                goto wake_up;
+        }
+        if (ctx_euid != euid) {
+                rc = -EBADMSG;
+                printk(KERN_WARNING "%s: Received message from user "
+                       "[%d]; expected message from user [%d]\n", __func__,
+                       euid, ctx_euid);
+                goto unlock;
+        }
+        if (tsk_user_ns != user_ns) {
+                rc = -EBADMSG;
+                printk(KERN_WARNING "%s: Received message from user_ns "
+                       "[0x%p]; expected message from user_ns [0x%p]\n",
+                       __func__, user_ns, tsk_user_ns);
+                goto unlock;
+        }
+        if (daemon->pid != pid) {
+                rc = -EBADMSG;
+                printk(KERN_ERR "%s: User [%d] sent a message response "
+                       "from an unrecognized process [0x%p]\n",
+                       __func__, ctx_euid, pid);
+                goto unlock;
+        }
         if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
                 rc = -EINVAL;
                 printk(KERN_WARNING "%s: Desired context element is not "
@@ -258,8 +359,9 @@ int ecryptfs_process_response(struct ecryptfs_daemon *daemon,
         }
         memcpy(msg_ctx->msg, msg, msg_size);
         msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
-        wake_up_process(msg_ctx->task);
         rc = 0;
+wake_up:
+        wake_up_process(msg_ctx->task);
 unlock:
         mutex_unlock(&msg_ctx->mux);
 out:
@@ -281,11 +383,14 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type,
                              struct ecryptfs_msg_ctx **msg_ctx)
 {
         struct ecryptfs_daemon *daemon;
+        uid_t euid = current_euid();
         int rc;
 
-        rc = ecryptfs_find_daemon_by_euid(&daemon);
+        rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
         if (rc || !daemon) {
                 rc = -ENOTCONN;
+                printk(KERN_ERR "%s: User [%d] does not have a daemon "
+                       "registered\n", __func__, euid);
                 goto out;
         }
         mutex_lock(&ecryptfs_msg_ctx_lists_mux);