diff options
| author | Tyler Hicks <tyhicks@canonical.com> | 2011-11-21 18:31:02 -0500 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2011-11-23 16:39:38 -0500 |
| commit | b59db43ad4434519feb338eacb01d77eb50825c5 (patch) | |
| tree | ee978cf1ab736b3fc104b46b2491e7742e663dcf /fs/ecryptfs/crypto.c | |
| parent | 6fe4c6d466e95d31164f14b1ac4aefb51f0f4f82 (diff) | |
eCryptfs: Prevent file create race condition
The file creation path prematurely called d_instantiate() and
unlock_new_inode() before the eCryptfs inode info was fully
allocated and initialized and before the eCryptfs metadata was written
to the lower file.
This could result in race conditions in subsequent file and inode
operations leading to unexpected error conditions or a null pointer
dereference while attempting to use the unallocated memory.
https://launchpad.net/bugs/813146
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Cc: stable@kernel.org
Diffstat (limited to 'fs/ecryptfs/crypto.c')
| -rw-r--r-- | fs/ecryptfs/crypto.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 58609bde3b9f..203a1fdff666 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
| @@ -967,7 +967,7 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
| 967 | 967 | ||
| 968 | /** | 968 | /** |
| 969 | * ecryptfs_new_file_context | 969 | * ecryptfs_new_file_context |
| 970 | * @ecryptfs_dentry: The eCryptfs dentry | 970 | * @ecryptfs_inode: The eCryptfs inode |
| 971 | * | 971 | * |
| 972 | * If the crypto context for the file has not yet been established, | 972 | * If the crypto context for the file has not yet been established, |
| 973 | * this is where we do that. Establishing a new crypto context | 973 | * this is where we do that. Establishing a new crypto context |
| @@ -984,13 +984,13 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
| 984 | * | 984 | * |
| 985 | * Returns zero on success; non-zero otherwise | 985 | * Returns zero on success; non-zero otherwise |
| 986 | */ | 986 | */ |
| 987 | int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) | 987 | int ecryptfs_new_file_context(struct inode *ecryptfs_inode) |
| 988 | { | 988 | { |
| 989 | struct ecryptfs_crypt_stat *crypt_stat = | 989 | struct ecryptfs_crypt_stat *crypt_stat = |
| 990 | &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; | 990 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; |
| 991 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = | 991 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = |
| 992 | &ecryptfs_superblock_to_private( | 992 | &ecryptfs_superblock_to_private( |
| 993 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | 993 | ecryptfs_inode->i_sb)->mount_crypt_stat; |
| 994 | int cipher_name_len; | 994 | int cipher_name_len; |
| 995 | int rc = 0; | 995 | int rc = 0; |
| 996 | 996 | ||
| @@ -1299,12 +1299,12 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t max, | |||
| 1299 | } | 1299 | } |
| 1300 | 1300 | ||
| 1301 | static int | 1301 | static int |
| 1302 | ecryptfs_write_metadata_to_contents(struct dentry *ecryptfs_dentry, | 1302 | ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode, |
| 1303 | char *virt, size_t virt_len) | 1303 | char *virt, size_t virt_len) |
| 1304 | { | 1304 | { |
| 1305 | int rc; | 1305 | int rc; |
| 1306 | 1306 | ||
| 1307 | rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt, | 1307 | rc = ecryptfs_write_lower(ecryptfs_inode, virt, |
| 1308 | 0, virt_len); | 1308 | 0, virt_len); |
| 1309 | if (rc < 0) | 1309 | if (rc < 0) |
| 1310 | printk(KERN_ERR "%s: Error attempting to write header " | 1310 | printk(KERN_ERR "%s: Error attempting to write header " |
| @@ -1338,7 +1338,8 @@ static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask, | |||
| 1338 | 1338 | ||
| 1339 | /** | 1339 | /** |
| 1340 | * ecryptfs_write_metadata | 1340 | * ecryptfs_write_metadata |
| 1341 | * @ecryptfs_dentry: The eCryptfs dentry | 1341 | * @ecryptfs_dentry: The eCryptfs dentry, which should be negative |
| 1342 | * @ecryptfs_inode: The newly created eCryptfs inode | ||
| 1342 | * | 1343 | * |
| 1343 | * Write the file headers out. This will likely involve a userspace | 1344 | * Write the file headers out. This will likely involve a userspace |
| 1344 | * callout, in which the session key is encrypted with one or more | 1345 | * callout, in which the session key is encrypted with one or more |
| @@ -1348,10 +1349,11 @@ static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask, | |||
| 1348 | * | 1349 | * |
| 1349 | * Returns zero on success; non-zero on error | 1350 | * Returns zero on success; non-zero on error |
| 1350 | */ | 1351 | */ |
| 1351 | int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) | 1352 | int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, |
| 1353 | struct inode *ecryptfs_inode) | ||
| 1352 | { | 1354 | { |
| 1353 | struct ecryptfs_crypt_stat *crypt_stat = | 1355 | struct ecryptfs_crypt_stat *crypt_stat = |
| 1354 | &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; | 1356 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; |
| 1355 | unsigned int order; | 1357 | unsigned int order; |
| 1356 | char *virt; | 1358 | char *virt; |
| 1357 | size_t virt_len; | 1359 | size_t virt_len; |
| @@ -1391,7 +1393,7 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) | |||
| 1391 | rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt, | 1393 | rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt, |
| 1392 | size); | 1394 | size); |
| 1393 | else | 1395 | else |
| 1394 | rc = ecryptfs_write_metadata_to_contents(ecryptfs_dentry, virt, | 1396 | rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt, |
| 1395 | virt_len); | 1397 | virt_len); |
| 1396 | if (rc) { | 1398 | if (rc) { |
| 1397 | printk(KERN_ERR "%s: Error writing metadata out to lower file; " | 1399 | printk(KERN_ERR "%s: Error writing metadata out to lower file; " |