diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2012-06-11 12:47:47 -0400 |
---|---|---|
committer | Tyler Hicks <tyhicks@canonical.com> | 2012-07-08 13:51:44 -0400 |
commit | 2ecaf55db6dcf4dd25e1ef8d5eb6068e3286a20f (patch) | |
tree | daa89105f89d64579d5ee04a376e4e31543871cf | |
parent | 566968866555a19d0a78e0bfa845cd249a7eeae2 (diff) |
eCryptfs: Make all miscdev functions use daemon ptr in file private_data
Now that a pointer to a valid struct ecryptfs_daemon is stored in the
private_data of an opened /dev/ecryptfs file, the remaining miscdev
functions can utilize the pointer rather than looking up the
ecryptfs_daemon at the beginning of each operation.
The security model of /dev/ecryptfs is simplified a little bit with this
patch. Upon opening /dev/ecryptfs, a per-user ecryptfs_daemon is
registered. Another daemon cannot be registered for that user until the
last file reference is released. During the lifetime of the
ecryptfs_daemon, access checks are not performed on the /dev/ecryptfs
operations because it is assumed that the application securely handles
the opened file descriptor and does not unintentionally leak it to
processes that are not trusted.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: Sasha Levin <levinsasha928@gmail.com>
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 16 | ||||
-rw-r--r-- | fs/ecryptfs/messaging.c | 105 | ||||
-rw-r--r-- | fs/ecryptfs/miscdev.c | 98 |
3 files changed, 47 insertions, 172 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 01a1f8575950..0deb4f24957a 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -392,10 +392,7 @@ struct ecryptfs_daemon { | |||
392 | #define ECRYPTFS_DAEMON_MISCDEV_OPEN 0x00000008 | 392 | #define ECRYPTFS_DAEMON_MISCDEV_OPEN 0x00000008 |
393 | u32 flags; | 393 | u32 flags; |
394 | u32 num_queued_msg_ctx; | 394 | u32 num_queued_msg_ctx; |
395 | struct pid *pid; | 395 | struct file *file; |
396 | uid_t euid; | ||
397 | struct user_namespace *user_ns; | ||
398 | struct task_struct *task; | ||
399 | struct mutex mux; | 396 | struct mutex mux; |
400 | struct list_head msg_ctx_out_queue; | 397 | struct list_head msg_ctx_out_queue; |
401 | wait_queue_head_t wait; | 398 | wait_queue_head_t wait; |
@@ -619,9 +616,8 @@ int | |||
619 | ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, | 616 | ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, |
620 | size_t size, int flags); | 617 | size_t size, int flags); |
621 | int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); | 618 | int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); |
622 | int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | 619 | int ecryptfs_process_response(struct ecryptfs_daemon *daemon, |
623 | struct user_namespace *user_ns, struct pid *pid, | 620 | struct ecryptfs_message *msg, u32 seq); |
624 | u32 seq); | ||
625 | int ecryptfs_send_message(char *data, int data_len, | 621 | int ecryptfs_send_message(char *data, int data_len, |
626 | struct ecryptfs_msg_ctx **msg_ctx); | 622 | struct ecryptfs_msg_ctx **msg_ctx); |
627 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, | 623 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, |
@@ -666,8 +662,7 @@ int ecryptfs_read_lower_page_segment(struct page *page_for_ecryptfs, | |||
666 | struct inode *ecryptfs_inode); | 662 | struct inode *ecryptfs_inode); |
667 | struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index); | 663 | struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index); |
668 | int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); | 664 | int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon); |
669 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid, | 665 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon); |
670 | struct user_namespace *user_ns); | ||
671 | int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, | 666 | int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, |
672 | size_t *length_size); | 667 | size_t *length_size); |
673 | int ecryptfs_write_packet_length(char *dest, size_t size, | 668 | int ecryptfs_write_packet_length(char *dest, size_t size, |
@@ -679,8 +674,7 @@ int ecryptfs_send_miscdev(char *data, size_t data_size, | |||
679 | u16 msg_flags, struct ecryptfs_daemon *daemon); | 674 | u16 msg_flags, struct ecryptfs_daemon *daemon); |
680 | void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); | 675 | void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx); |
681 | int | 676 | int |
682 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, | 677 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file); |
683 | struct user_namespace *user_ns, struct pid *pid); | ||
684 | int ecryptfs_init_kthread(void); | 678 | int ecryptfs_init_kthread(void); |
685 | void ecryptfs_destroy_kthread(void); | 679 | void ecryptfs_destroy_kthread(void); |
686 | int ecryptfs_privileged_open(struct file **lower_file, | 680 | int ecryptfs_privileged_open(struct file **lower_file, |
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index c11911decdc1..b29bb8bfa8d9 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -32,8 +32,8 @@ static struct mutex ecryptfs_msg_ctx_lists_mux; | |||
32 | static struct hlist_head *ecryptfs_daemon_hash; | 32 | static struct hlist_head *ecryptfs_daemon_hash; |
33 | struct mutex ecryptfs_daemon_hash_mux; | 33 | struct mutex ecryptfs_daemon_hash_mux; |
34 | static int ecryptfs_hash_bits; | 34 | static int ecryptfs_hash_bits; |
35 | #define ecryptfs_uid_hash(uid) \ | 35 | #define ecryptfs_current_euid_hash(uid) \ |
36 | hash_long((unsigned long)uid, ecryptfs_hash_bits) | 36 | hash_long((unsigned long)current_euid(), ecryptfs_hash_bits) |
37 | 37 | ||
38 | static u32 ecryptfs_msg_counter; | 38 | static u32 ecryptfs_msg_counter; |
39 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | 39 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; |
@@ -105,26 +105,24 @@ void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) | |||
105 | 105 | ||
106 | /** | 106 | /** |
107 | * ecryptfs_find_daemon_by_euid | 107 | * ecryptfs_find_daemon_by_euid |
108 | * @euid: The effective user id which maps to the desired daemon id | ||
109 | * @user_ns: The namespace in which @euid applies | ||
110 | * @daemon: If return value is zero, points to the desired daemon pointer | 108 | * @daemon: If return value is zero, points to the desired daemon pointer |
111 | * | 109 | * |
112 | * Must be called with ecryptfs_daemon_hash_mux held. | 110 | * Must be called with ecryptfs_daemon_hash_mux held. |
113 | * | 111 | * |
114 | * Search the hash list for the given user id. | 112 | * Search the hash list for the current effective user id. |
115 | * | 113 | * |
116 | * Returns zero if the user id exists in the list; non-zero otherwise. | 114 | * Returns zero if the user id exists in the list; non-zero otherwise. |
117 | */ | 115 | */ |
118 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid, | 116 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon) |
119 | struct user_namespace *user_ns) | ||
120 | { | 117 | { |
121 | struct hlist_node *elem; | 118 | struct hlist_node *elem; |
122 | int rc; | 119 | int rc; |
123 | 120 | ||
124 | hlist_for_each_entry(*daemon, elem, | 121 | hlist_for_each_entry(*daemon, elem, |
125 | &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)], | 122 | &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()], |
126 | euid_chain) { | 123 | euid_chain) { |
127 | if ((*daemon)->euid == euid && (*daemon)->user_ns == user_ns) { | 124 | if ((*daemon)->file->f_cred->euid == current_euid() && |
125 | (*daemon)->file->f_cred->user_ns == current_user_ns()) { | ||
128 | rc = 0; | 126 | rc = 0; |
129 | goto out; | 127 | goto out; |
130 | } | 128 | } |
@@ -137,9 +135,7 @@ out: | |||
137 | /** | 135 | /** |
138 | * ecryptfs_spawn_daemon - Create and initialize a new daemon struct | 136 | * ecryptfs_spawn_daemon - Create and initialize a new daemon struct |
139 | * @daemon: Pointer to set to newly allocated daemon struct | 137 | * @daemon: Pointer to set to newly allocated daemon struct |
140 | * @euid: Effective user id for the daemon | 138 | * @file: File used when opening /dev/ecryptfs |
141 | * @user_ns: The namespace in which @euid applies | ||
142 | * @pid: Process id for the daemon | ||
143 | * | 139 | * |
144 | * Must be called ceremoniously while in possession of | 140 | * Must be called ceremoniously while in possession of |
145 | * ecryptfs_sacred_daemon_hash_mux | 141 | * ecryptfs_sacred_daemon_hash_mux |
@@ -147,8 +143,7 @@ out: | |||
147 | * Returns zero on success; non-zero otherwise | 143 | * Returns zero on success; non-zero otherwise |
148 | */ | 144 | */ |
149 | int | 145 | int |
150 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, | 146 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file) |
151 | struct user_namespace *user_ns, struct pid *pid) | ||
152 | { | 147 | { |
153 | int rc = 0; | 148 | int rc = 0; |
154 | 149 | ||
@@ -159,16 +154,13 @@ ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, | |||
159 | "GFP_KERNEL memory\n", __func__, sizeof(**daemon)); | 154 | "GFP_KERNEL memory\n", __func__, sizeof(**daemon)); |
160 | goto out; | 155 | goto out; |
161 | } | 156 | } |
162 | (*daemon)->euid = euid; | 157 | (*daemon)->file = file; |
163 | (*daemon)->user_ns = get_user_ns(user_ns); | ||
164 | (*daemon)->pid = get_pid(pid); | ||
165 | (*daemon)->task = current; | ||
166 | mutex_init(&(*daemon)->mux); | 158 | mutex_init(&(*daemon)->mux); |
167 | INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); | 159 | INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); |
168 | init_waitqueue_head(&(*daemon)->wait); | 160 | init_waitqueue_head(&(*daemon)->wait); |
169 | (*daemon)->num_queued_msg_ctx = 0; | 161 | (*daemon)->num_queued_msg_ctx = 0; |
170 | hlist_add_head(&(*daemon)->euid_chain, | 162 | hlist_add_head(&(*daemon)->euid_chain, |
171 | &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]); | 163 | &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()]); |
172 | out: | 164 | out: |
173 | return rc; | 165 | return rc; |
174 | } | 166 | } |
@@ -188,9 +180,6 @@ int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) | |||
188 | if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) | 180 | if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) |
189 | || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { | 181 | || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { |
190 | rc = -EBUSY; | 182 | rc = -EBUSY; |
191 | printk(KERN_WARNING "%s: Attempt to destroy daemon with pid " | ||
192 | "[0x%p], but it is in the midst of a read or a poll\n", | ||
193 | __func__, daemon->pid); | ||
194 | mutex_unlock(&daemon->mux); | 183 | mutex_unlock(&daemon->mux); |
195 | goto out; | 184 | goto out; |
196 | } | 185 | } |
@@ -203,12 +192,6 @@ int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) | |||
203 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); | 192 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); |
204 | } | 193 | } |
205 | hlist_del(&daemon->euid_chain); | 194 | hlist_del(&daemon->euid_chain); |
206 | if (daemon->task) | ||
207 | wake_up_process(daemon->task); | ||
208 | if (daemon->pid) | ||
209 | put_pid(daemon->pid); | ||
210 | if (daemon->user_ns) | ||
211 | put_user_ns(daemon->user_ns); | ||
212 | mutex_unlock(&daemon->mux); | 195 | mutex_unlock(&daemon->mux); |
213 | kzfree(daemon); | 196 | kzfree(daemon); |
214 | out: | 197 | out: |
@@ -219,8 +202,6 @@ out: | |||
219 | * ecryptfs_process_reponse | 202 | * ecryptfs_process_reponse |
220 | * @msg: The ecryptfs message received; the caller should sanity check | 203 | * @msg: The ecryptfs message received; the caller should sanity check |
221 | * msg->data_len and free the memory | 204 | * msg->data_len and free the memory |
222 | * @pid: The process ID of the userspace application that sent the | ||
223 | * message | ||
224 | * @seq: The sequence number of the message; must match the sequence | 205 | * @seq: The sequence number of the message; must match the sequence |
225 | * number for the existing message context waiting for this | 206 | * number for the existing message context waiting for this |
226 | * response | 207 | * response |
@@ -239,16 +220,11 @@ out: | |||
239 | * | 220 | * |
240 | * Returns zero on success; non-zero otherwise | 221 | * Returns zero on success; non-zero otherwise |
241 | */ | 222 | */ |
242 | int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | 223 | int ecryptfs_process_response(struct ecryptfs_daemon *daemon, |
243 | struct user_namespace *user_ns, struct pid *pid, | 224 | struct ecryptfs_message *msg, u32 seq) |
244 | u32 seq) | ||
245 | { | 225 | { |
246 | struct ecryptfs_daemon *uninitialized_var(daemon); | ||
247 | struct ecryptfs_msg_ctx *msg_ctx; | 226 | struct ecryptfs_msg_ctx *msg_ctx; |
248 | size_t msg_size; | 227 | size_t msg_size; |
249 | struct nsproxy *nsproxy; | ||
250 | struct user_namespace *tsk_user_ns; | ||
251 | uid_t ctx_euid; | ||
252 | int rc; | 228 | int rc; |
253 | 229 | ||
254 | if (msg->index >= ecryptfs_message_buf_len) { | 230 | if (msg->index >= ecryptfs_message_buf_len) { |
@@ -261,51 +237,6 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
261 | } | 237 | } |
262 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; | 238 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; |
263 | mutex_lock(&msg_ctx->mux); | 239 | mutex_lock(&msg_ctx->mux); |
264 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
265 | rcu_read_lock(); | ||
266 | nsproxy = task_nsproxy(msg_ctx->task); | ||
267 | if (nsproxy == NULL) { | ||
268 | rc = -EBADMSG; | ||
269 | printk(KERN_ERR "%s: Receiving process is a zombie. Dropping " | ||
270 | "message.\n", __func__); | ||
271 | rcu_read_unlock(); | ||
272 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
273 | goto wake_up; | ||
274 | } | ||
275 | tsk_user_ns = __task_cred(msg_ctx->task)->user_ns; | ||
276 | ctx_euid = task_euid(msg_ctx->task); | ||
277 | rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns); | ||
278 | rcu_read_unlock(); | ||
279 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
280 | if (rc) { | ||
281 | rc = -EBADMSG; | ||
282 | printk(KERN_WARNING "%s: User [%d] received a " | ||
283 | "message response from process [0x%p] but does " | ||
284 | "not have a registered daemon\n", __func__, | ||
285 | ctx_euid, pid); | ||
286 | goto wake_up; | ||
287 | } | ||
288 | if (ctx_euid != euid) { | ||
289 | rc = -EBADMSG; | ||
290 | printk(KERN_WARNING "%s: Received message from user " | ||
291 | "[%d]; expected message from user [%d]\n", __func__, | ||
292 | euid, ctx_euid); | ||
293 | goto unlock; | ||
294 | } | ||
295 | if (tsk_user_ns != user_ns) { | ||
296 | rc = -EBADMSG; | ||
297 | printk(KERN_WARNING "%s: Received message from user_ns " | ||
298 | "[0x%p]; expected message from user_ns [0x%p]\n", | ||
299 | __func__, user_ns, tsk_user_ns); | ||
300 | goto unlock; | ||
301 | } | ||
302 | if (daemon->pid != pid) { | ||
303 | rc = -EBADMSG; | ||
304 | printk(KERN_ERR "%s: User [%d] sent a message response " | ||
305 | "from an unrecognized process [0x%p]\n", | ||
306 | __func__, ctx_euid, pid); | ||
307 | goto unlock; | ||
308 | } | ||
309 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | 240 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
310 | rc = -EINVAL; | 241 | rc = -EINVAL; |
311 | printk(KERN_WARNING "%s: Desired context element is not " | 242 | printk(KERN_WARNING "%s: Desired context element is not " |
@@ -328,9 +259,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
328 | } | 259 | } |
329 | memcpy(msg_ctx->msg, msg, msg_size); | 260 | memcpy(msg_ctx->msg, msg, msg_size); |
330 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; | 261 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; |
331 | rc = 0; | ||
332 | wake_up: | ||
333 | wake_up_process(msg_ctx->task); | 262 | wake_up_process(msg_ctx->task); |
263 | rc = 0; | ||
334 | unlock: | 264 | unlock: |
335 | mutex_unlock(&msg_ctx->mux); | 265 | mutex_unlock(&msg_ctx->mux); |
336 | out: | 266 | out: |
@@ -352,14 +282,11 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, | |||
352 | struct ecryptfs_msg_ctx **msg_ctx) | 282 | struct ecryptfs_msg_ctx **msg_ctx) |
353 | { | 283 | { |
354 | struct ecryptfs_daemon *daemon; | 284 | struct ecryptfs_daemon *daemon; |
355 | uid_t euid = current_euid(); | ||
356 | int rc; | 285 | int rc; |
357 | 286 | ||
358 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | 287 | rc = ecryptfs_find_daemon_by_euid(&daemon); |
359 | if (rc || !daemon) { | 288 | if (rc || !daemon) { |
360 | rc = -ENOTCONN; | 289 | rc = -ENOTCONN; |
361 | printk(KERN_ERR "%s: User [%d] does not have a daemon " | ||
362 | "registered\n", __func__, euid); | ||
363 | goto out; | 290 | goto out; |
364 | } | 291 | } |
365 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | 292 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index c0038f6566d4..412e6eda25f8 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c | |||
@@ -33,7 +33,7 @@ static atomic_t ecryptfs_num_miscdev_opens; | |||
33 | 33 | ||
34 | /** | 34 | /** |
35 | * ecryptfs_miscdev_poll | 35 | * ecryptfs_miscdev_poll |
36 | * @file: dev file (ignored) | 36 | * @file: dev file |
37 | * @pt: dev poll table (ignored) | 37 | * @pt: dev poll table (ignored) |
38 | * | 38 | * |
39 | * Returns the poll mask | 39 | * Returns the poll mask |
@@ -41,20 +41,10 @@ static atomic_t ecryptfs_num_miscdev_opens; | |||
41 | static unsigned int | 41 | static unsigned int |
42 | ecryptfs_miscdev_poll(struct file *file, poll_table *pt) | 42 | ecryptfs_miscdev_poll(struct file *file, poll_table *pt) |
43 | { | 43 | { |
44 | struct ecryptfs_daemon *daemon; | 44 | struct ecryptfs_daemon *daemon = file->private_data; |
45 | unsigned int mask = 0; | 45 | unsigned int mask = 0; |
46 | uid_t euid = current_euid(); | ||
47 | int rc; | ||
48 | 46 | ||
49 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
50 | /* TODO: Just use file->private_data? */ | ||
51 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
52 | if (rc || !daemon) { | ||
53 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
54 | return -EINVAL; | ||
55 | } | ||
56 | mutex_lock(&daemon->mux); | 47 | mutex_lock(&daemon->mux); |
57 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
58 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { | 48 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
59 | printk(KERN_WARNING "%s: Attempt to poll on zombified " | 49 | printk(KERN_WARNING "%s: Attempt to poll on zombified " |
60 | "daemon\n", __func__); | 50 | "daemon\n", __func__); |
@@ -79,7 +69,7 @@ out_unlock_daemon: | |||
79 | /** | 69 | /** |
80 | * ecryptfs_miscdev_open | 70 | * ecryptfs_miscdev_open |
81 | * @inode: inode of miscdev handle (ignored) | 71 | * @inode: inode of miscdev handle (ignored) |
82 | * @file: file for miscdev handle (ignored) | 72 | * @file: file for miscdev handle |
83 | * | 73 | * |
84 | * Returns zero on success; non-zero otherwise | 74 | * Returns zero on success; non-zero otherwise |
85 | */ | 75 | */ |
@@ -87,7 +77,6 @@ static int | |||
87 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) | 77 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) |
88 | { | 78 | { |
89 | struct ecryptfs_daemon *daemon = NULL; | 79 | struct ecryptfs_daemon *daemon = NULL; |
90 | uid_t euid = current_euid(); | ||
91 | int rc; | 80 | int rc; |
92 | 81 | ||
93 | mutex_lock(&ecryptfs_daemon_hash_mux); | 82 | mutex_lock(&ecryptfs_daemon_hash_mux); |
@@ -98,30 +87,20 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) | |||
98 | "count; rc = [%d]\n", __func__, rc); | 87 | "count; rc = [%d]\n", __func__, rc); |
99 | goto out_unlock_daemon_list; | 88 | goto out_unlock_daemon_list; |
100 | } | 89 | } |
101 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | 90 | rc = ecryptfs_find_daemon_by_euid(&daemon); |
102 | if (rc || !daemon) { | 91 | if (!rc) { |
103 | rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(), | ||
104 | task_pid(current)); | ||
105 | if (rc) { | ||
106 | printk(KERN_ERR "%s: Error attempting to spawn daemon; " | ||
107 | "rc = [%d]\n", __func__, rc); | ||
108 | goto out_module_put_unlock_daemon_list; | ||
109 | } | ||
110 | } | ||
111 | mutex_lock(&daemon->mux); | ||
112 | if (daemon->pid != task_pid(current)) { | ||
113 | rc = -EINVAL; | 92 | rc = -EINVAL; |
114 | printk(KERN_ERR "%s: pid [0x%p] has registered with euid [%d], " | 93 | goto out_unlock_daemon_list; |
115 | "but pid [0x%p] has attempted to open the handle " | 94 | } |
116 | "instead\n", __func__, daemon->pid, daemon->euid, | 95 | rc = ecryptfs_spawn_daemon(&daemon, file); |
117 | task_pid(current)); | 96 | if (rc) { |
118 | goto out_unlock_daemon; | 97 | printk(KERN_ERR "%s: Error attempting to spawn daemon; " |
98 | "rc = [%d]\n", __func__, rc); | ||
99 | goto out_module_put_unlock_daemon_list; | ||
119 | } | 100 | } |
101 | mutex_lock(&daemon->mux); | ||
120 | if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { | 102 | if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { |
121 | rc = -EBUSY; | 103 | rc = -EBUSY; |
122 | printk(KERN_ERR "%s: Miscellaneous device handle may only be " | ||
123 | "opened once per daemon; pid [0x%p] already has this " | ||
124 | "handle open\n", __func__, daemon->pid); | ||
125 | goto out_unlock_daemon; | 104 | goto out_unlock_daemon; |
126 | } | 105 | } |
127 | daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; | 106 | daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; |
@@ -140,7 +119,7 @@ out_unlock_daemon_list: | |||
140 | /** | 119 | /** |
141 | * ecryptfs_miscdev_release | 120 | * ecryptfs_miscdev_release |
142 | * @inode: inode of fs/ecryptfs/euid handle (ignored) | 121 | * @inode: inode of fs/ecryptfs/euid handle (ignored) |
143 | * @file: file for fs/ecryptfs/euid handle (ignored) | 122 | * @file: file for fs/ecryptfs/euid handle |
144 | * | 123 | * |
145 | * This keeps the daemon registered until the daemon sends another | 124 | * This keeps the daemon registered until the daemon sends another |
146 | * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters. | 125 | * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters. |
@@ -150,20 +129,18 @@ out_unlock_daemon_list: | |||
150 | static int | 129 | static int |
151 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) | 130 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) |
152 | { | 131 | { |
153 | struct ecryptfs_daemon *daemon = NULL; | 132 | struct ecryptfs_daemon *daemon = file->private_data; |
154 | uid_t euid = current_euid(); | ||
155 | int rc; | 133 | int rc; |
156 | 134 | ||
157 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
158 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
159 | if (rc || !daemon) | ||
160 | daemon = file->private_data; | ||
161 | mutex_lock(&daemon->mux); | 135 | mutex_lock(&daemon->mux); |
162 | BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); | 136 | BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); |
163 | daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; | 137 | daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; |
164 | atomic_dec(&ecryptfs_num_miscdev_opens); | 138 | atomic_dec(&ecryptfs_num_miscdev_opens); |
165 | mutex_unlock(&daemon->mux); | 139 | mutex_unlock(&daemon->mux); |
140 | |||
141 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
166 | rc = ecryptfs_exorcise_daemon(daemon); | 142 | rc = ecryptfs_exorcise_daemon(daemon); |
143 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
167 | if (rc) { | 144 | if (rc) { |
168 | printk(KERN_CRIT "%s: Fatal error whilst attempting to " | 145 | printk(KERN_CRIT "%s: Fatal error whilst attempting to " |
169 | "shut down daemon; rc = [%d]. Please report this " | 146 | "shut down daemon; rc = [%d]. Please report this " |
@@ -171,7 +148,6 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file) | |||
171 | BUG(); | 148 | BUG(); |
172 | } | 149 | } |
173 | module_put(THIS_MODULE); | 150 | module_put(THIS_MODULE); |
174 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
175 | return rc; | 151 | return rc; |
176 | } | 152 | } |
177 | 153 | ||
@@ -248,7 +224,7 @@ int ecryptfs_send_miscdev(char *data, size_t data_size, | |||
248 | 224 | ||
249 | /** | 225 | /** |
250 | * ecryptfs_miscdev_read - format and send message from queue | 226 | * ecryptfs_miscdev_read - format and send message from queue |
251 | * @file: fs/ecryptfs/euid miscdevfs handle (ignored) | 227 | * @file: miscdevfs handle |
252 | * @buf: User buffer into which to copy the next message on the daemon queue | 228 | * @buf: User buffer into which to copy the next message on the daemon queue |
253 | * @count: Amount of space available in @buf | 229 | * @count: Amount of space available in @buf |
254 | * @ppos: Offset in file (ignored) | 230 | * @ppos: Offset in file (ignored) |
@@ -262,43 +238,27 @@ static ssize_t | |||
262 | ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | 238 | ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, |
263 | loff_t *ppos) | 239 | loff_t *ppos) |
264 | { | 240 | { |
265 | struct ecryptfs_daemon *daemon; | 241 | struct ecryptfs_daemon *daemon = file->private_data; |
266 | struct ecryptfs_msg_ctx *msg_ctx; | 242 | struct ecryptfs_msg_ctx *msg_ctx; |
267 | size_t packet_length_size; | 243 | size_t packet_length_size; |
268 | char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE]; | 244 | char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE]; |
269 | size_t i; | 245 | size_t i; |
270 | size_t total_length; | 246 | size_t total_length; |
271 | uid_t euid = current_euid(); | ||
272 | int rc; | 247 | int rc; |
273 | 248 | ||
274 | mutex_lock(&ecryptfs_daemon_hash_mux); | ||
275 | /* TODO: Just use file->private_data? */ | ||
276 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); | ||
277 | if (rc || !daemon) { | ||
278 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
279 | return -EINVAL; | ||
280 | } | ||
281 | mutex_lock(&daemon->mux); | 249 | mutex_lock(&daemon->mux); |
282 | if (task_pid(current) != daemon->pid) { | ||
283 | mutex_unlock(&daemon->mux); | ||
284 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
285 | return -EPERM; | ||
286 | } | ||
287 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { | 250 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
288 | rc = 0; | 251 | rc = 0; |
289 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
290 | printk(KERN_WARNING "%s: Attempt to read from zombified " | 252 | printk(KERN_WARNING "%s: Attempt to read from zombified " |
291 | "daemon\n", __func__); | 253 | "daemon\n", __func__); |
292 | goto out_unlock_daemon; | 254 | goto out_unlock_daemon; |
293 | } | 255 | } |
294 | if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) { | 256 | if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) { |
295 | rc = 0; | 257 | rc = 0; |
296 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
297 | goto out_unlock_daemon; | 258 | goto out_unlock_daemon; |
298 | } | 259 | } |
299 | /* This daemon will not go away so long as this flag is set */ | 260 | /* This daemon will not go away so long as this flag is set */ |
300 | daemon->flags |= ECRYPTFS_DAEMON_IN_READ; | 261 | daemon->flags |= ECRYPTFS_DAEMON_IN_READ; |
301 | mutex_unlock(&ecryptfs_daemon_hash_mux); | ||
302 | check_list: | 262 | check_list: |
303 | if (list_empty(&daemon->msg_ctx_out_queue)) { | 263 | if (list_empty(&daemon->msg_ctx_out_queue)) { |
304 | mutex_unlock(&daemon->mux); | 264 | mutex_unlock(&daemon->mux); |
@@ -382,16 +342,12 @@ out_unlock_daemon: | |||
382 | * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon | 342 | * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon |
383 | * @data: Bytes comprising struct ecryptfs_message | 343 | * @data: Bytes comprising struct ecryptfs_message |
384 | * @data_size: sizeof(struct ecryptfs_message) + data len | 344 | * @data_size: sizeof(struct ecryptfs_message) + data len |
385 | * @euid: Effective user id of miscdevess sending the miscdev response | ||
386 | * @user_ns: The namespace in which @euid applies | ||
387 | * @pid: Miscdevess id of miscdevess sending the miscdev response | ||
388 | * @seq: Sequence number for miscdev response packet | 345 | * @seq: Sequence number for miscdev response packet |
389 | * | 346 | * |
390 | * Returns zero on success; non-zero otherwise | 347 | * Returns zero on success; non-zero otherwise |
391 | */ | 348 | */ |
392 | static int ecryptfs_miscdev_response(char *data, size_t data_size, | 349 | static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data, |
393 | uid_t euid, struct user_namespace *user_ns, | 350 | size_t data_size, u32 seq) |
394 | struct pid *pid, u32 seq) | ||
395 | { | 351 | { |
396 | struct ecryptfs_message *msg = (struct ecryptfs_message *)data; | 352 | struct ecryptfs_message *msg = (struct ecryptfs_message *)data; |
397 | int rc; | 353 | int rc; |
@@ -403,7 +359,7 @@ static int ecryptfs_miscdev_response(char *data, size_t data_size, | |||
403 | rc = -EINVAL; | 359 | rc = -EINVAL; |
404 | goto out; | 360 | goto out; |
405 | } | 361 | } |
406 | rc = ecryptfs_process_response(msg, euid, user_ns, pid, seq); | 362 | rc = ecryptfs_process_response(daemon, msg, seq); |
407 | if (rc) | 363 | if (rc) |
408 | printk(KERN_ERR | 364 | printk(KERN_ERR |
409 | "Error processing response message; rc = [%d]\n", rc); | 365 | "Error processing response message; rc = [%d]\n", rc); |
@@ -413,7 +369,7 @@ out: | |||
413 | 369 | ||
414 | /** | 370 | /** |
415 | * ecryptfs_miscdev_write - handle write to daemon miscdev handle | 371 | * ecryptfs_miscdev_write - handle write to daemon miscdev handle |
416 | * @file: File for misc dev handle (ignored) | 372 | * @file: File for misc dev handle |
417 | * @buf: Buffer containing user data | 373 | * @buf: Buffer containing user data |
418 | * @count: Amount of data in @buf | 374 | * @count: Amount of data in @buf |
419 | * @ppos: Pointer to offset in file (ignored) | 375 | * @ppos: Pointer to offset in file (ignored) |
@@ -428,7 +384,6 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
428 | u32 seq; | 384 | u32 seq; |
429 | size_t packet_size, packet_size_length; | 385 | size_t packet_size, packet_size_length; |
430 | char *data; | 386 | char *data; |
431 | uid_t euid = current_euid(); | ||
432 | unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE]; | 387 | unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE]; |
433 | ssize_t rc; | 388 | ssize_t rc; |
434 | 389 | ||
@@ -488,10 +443,9 @@ memdup: | |||
488 | } | 443 | } |
489 | memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE); | 444 | memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE); |
490 | seq = be32_to_cpu(counter_nbo); | 445 | seq = be32_to_cpu(counter_nbo); |
491 | rc = ecryptfs_miscdev_response( | 446 | rc = ecryptfs_miscdev_response(file->private_data, |
492 | &data[PKT_LEN_OFFSET + packet_size_length], | 447 | &data[PKT_LEN_OFFSET + packet_size_length], |
493 | packet_size, euid, current_user_ns(), | 448 | packet_size, seq); |
494 | task_pid(current), seq); | ||
495 | if (rc) { | 449 | if (rc) { |
496 | printk(KERN_WARNING "%s: Failed to deliver miscdev " | 450 | printk(KERN_WARNING "%s: Failed to deliver miscdev " |
497 | "response to requesting operation; rc = [%zd]\n", | 451 | "response to requesting operation; rc = [%zd]\n", |