aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/miscdev.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/miscdev.c')
-rw-r--r--fs/ecryptfs/miscdev.c68
1 files changed, 43 insertions, 25 deletions
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index 0c559731ae34..788995efd1d3 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -46,7 +46,8 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt)
46 46
47 mutex_lock(&ecryptfs_daemon_hash_mux); 47 mutex_lock(&ecryptfs_daemon_hash_mux);
48 /* TODO: Just use file->private_data? */ 48 /* TODO: Just use file->private_data? */
49 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid); 49 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid,
50 current->nsproxy->user_ns);
50 BUG_ON(rc || !daemon); 51 BUG_ON(rc || !daemon);
51 mutex_lock(&daemon->mux); 52 mutex_lock(&daemon->mux);
52 mutex_unlock(&ecryptfs_daemon_hash_mux); 53 mutex_unlock(&ecryptfs_daemon_hash_mux);
@@ -92,10 +93,12 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
92 "count; rc = [%d]\n", __func__, rc); 93 "count; rc = [%d]\n", __func__, rc);
93 goto out_unlock_daemon_list; 94 goto out_unlock_daemon_list;
94 } 95 }
95 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid); 96 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid,
97 current->nsproxy->user_ns);
96 if (rc || !daemon) { 98 if (rc || !daemon) {
97 rc = ecryptfs_spawn_daemon(&daemon, current->euid, 99 rc = ecryptfs_spawn_daemon(&daemon, current->euid,
98 current->pid); 100 current->nsproxy->user_ns,
101 task_pid(current));
99 if (rc) { 102 if (rc) {
100 printk(KERN_ERR "%s: Error attempting to spawn daemon; " 103 printk(KERN_ERR "%s: Error attempting to spawn daemon; "
101 "rc = [%d]\n", __func__, rc); 104 "rc = [%d]\n", __func__, rc);
@@ -103,18 +106,18 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
103 } 106 }
104 } 107 }
105 mutex_lock(&daemon->mux); 108 mutex_lock(&daemon->mux);
106 if (daemon->pid != current->pid) { 109 if (daemon->pid != task_pid(current)) {
107 rc = -EINVAL; 110 rc = -EINVAL;
108 printk(KERN_ERR "%s: pid [%d] has registered with euid [%d], " 111 printk(KERN_ERR "%s: pid [0x%p] has registered with euid [%d], "
109 "but pid [%d] has attempted to open the handle " 112 "but pid [0x%p] has attempted to open the handle "
110 "instead\n", __func__, daemon->pid, daemon->euid, 113 "instead\n", __func__, daemon->pid, daemon->euid,
111 current->pid); 114 task_pid(current));
112 goto out_unlock_daemon; 115 goto out_unlock_daemon;
113 } 116 }
114 if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { 117 if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) {
115 rc = -EBUSY; 118 rc = -EBUSY;
116 printk(KERN_ERR "%s: Miscellaneous device handle may only be " 119 printk(KERN_ERR "%s: Miscellaneous device handle may only be "
117 "opened once per daemon; pid [%d] already has this " 120 "opened once per daemon; pid [0x%p] already has this "
118 "handle open\n", __func__, daemon->pid); 121 "handle open\n", __func__, daemon->pid);
119 goto out_unlock_daemon; 122 goto out_unlock_daemon;
120 } 123 }
@@ -147,10 +150,11 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file)
147 int rc; 150 int rc;
148 151
149 mutex_lock(&ecryptfs_daemon_hash_mux); 152 mutex_lock(&ecryptfs_daemon_hash_mux);
150 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid); 153 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid,
154 current->nsproxy->user_ns);
151 BUG_ON(rc || !daemon); 155 BUG_ON(rc || !daemon);
152 mutex_lock(&daemon->mux); 156 mutex_lock(&daemon->mux);
153 BUG_ON(daemon->pid != current->pid); 157 BUG_ON(daemon->pid != task_pid(current));
154 BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); 158 BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN));
155 daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; 159 daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN;
156 atomic_dec(&ecryptfs_num_miscdev_opens); 160 atomic_dec(&ecryptfs_num_miscdev_opens);
@@ -247,7 +251,8 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
247 251
248 mutex_lock(&ecryptfs_daemon_hash_mux); 252 mutex_lock(&ecryptfs_daemon_hash_mux);
249 /* TODO: Just use file->private_data? */ 253 /* TODO: Just use file->private_data? */
250 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid); 254 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid,
255 current->nsproxy->user_ns);
251 BUG_ON(rc || !daemon); 256 BUG_ON(rc || !daemon);
252 mutex_lock(&daemon->mux); 257 mutex_lock(&daemon->mux);
253 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 258 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
@@ -285,7 +290,8 @@ check_list:
285 goto check_list; 290 goto check_list;
286 } 291 }
287 BUG_ON(current->euid != daemon->euid); 292 BUG_ON(current->euid != daemon->euid);
288 BUG_ON(current->pid != daemon->pid); 293 BUG_ON(current->nsproxy->user_ns != daemon->user_ns);
294 BUG_ON(task_pid(current) != daemon->pid);
289 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, 295 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
290 struct ecryptfs_msg_ctx, daemon_out_list); 296 struct ecryptfs_msg_ctx, daemon_out_list);
291 BUG_ON(!msg_ctx); 297 BUG_ON(!msg_ctx);
@@ -355,15 +361,18 @@ out_unlock_daemon:
355/** 361/**
356 * ecryptfs_miscdev_helo 362 * ecryptfs_miscdev_helo
357 * @euid: effective user id of miscdevess sending helo packet 363 * @euid: effective user id of miscdevess sending helo packet
364 * @user_ns: The namespace in which @euid applies
358 * @pid: miscdevess id of miscdevess sending helo packet 365 * @pid: miscdevess id of miscdevess sending helo packet
359 * 366 *
360 * Returns zero on success; non-zero otherwise 367 * Returns zero on success; non-zero otherwise
361 */ 368 */
362static int ecryptfs_miscdev_helo(uid_t uid, pid_t pid) 369static int ecryptfs_miscdev_helo(uid_t euid, struct user_namespace *user_ns,
370 struct pid *pid)
363{ 371{
364 int rc; 372 int rc;
365 373
366 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_MISCDEV, uid, pid); 374 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_MISCDEV, euid, user_ns,
375 pid);
367 if (rc) 376 if (rc)
368 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); 377 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
369 return rc; 378 return rc;
@@ -372,15 +381,17 @@ static int ecryptfs_miscdev_helo(uid_t uid, pid_t pid)
372/** 381/**
373 * ecryptfs_miscdev_quit 382 * ecryptfs_miscdev_quit
374 * @euid: effective user id of miscdevess sending quit packet 383 * @euid: effective user id of miscdevess sending quit packet
384 * @user_ns: The namespace in which @euid applies
375 * @pid: miscdevess id of miscdevess sending quit packet 385 * @pid: miscdevess id of miscdevess sending quit packet
376 * 386 *
377 * Returns zero on success; non-zero otherwise 387 * Returns zero on success; non-zero otherwise
378 */ 388 */
379static int ecryptfs_miscdev_quit(uid_t euid, pid_t pid) 389static int ecryptfs_miscdev_quit(uid_t euid, struct user_namespace *user_ns,
390 struct pid *pid)
380{ 391{
381 int rc; 392 int rc;
382 393
383 rc = ecryptfs_process_quit(euid, pid); 394 rc = ecryptfs_process_quit(euid, user_ns, pid);
384 if (rc) 395 if (rc)
385 printk(KERN_WARNING 396 printk(KERN_WARNING
386 "Error processing QUIT message; rc = [%d]\n", rc); 397 "Error processing QUIT message; rc = [%d]\n", rc);
@@ -392,13 +403,15 @@ static int ecryptfs_miscdev_quit(uid_t euid, pid_t pid)
392 * @data: Bytes comprising struct ecryptfs_message 403 * @data: Bytes comprising struct ecryptfs_message
393 * @data_size: sizeof(struct ecryptfs_message) + data len 404 * @data_size: sizeof(struct ecryptfs_message) + data len
394 * @euid: Effective user id of miscdevess sending the miscdev response 405 * @euid: Effective user id of miscdevess sending the miscdev response
406 * @user_ns: The namespace in which @euid applies
395 * @pid: Miscdevess id of miscdevess sending the miscdev response 407 * @pid: Miscdevess id of miscdevess sending the miscdev response
396 * @seq: Sequence number for miscdev response packet 408 * @seq: Sequence number for miscdev response packet
397 * 409 *
398 * Returns zero on success; non-zero otherwise 410 * Returns zero on success; non-zero otherwise
399 */ 411 */
400static int ecryptfs_miscdev_response(char *data, size_t data_size, 412static int ecryptfs_miscdev_response(char *data, size_t data_size,
401 uid_t euid, pid_t pid, u32 seq) 413 uid_t euid, struct user_namespace *user_ns,
414 struct pid *pid, u32 seq)
402{ 415{
403 struct ecryptfs_message *msg = (struct ecryptfs_message *)data; 416 struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
404 int rc; 417 int rc;
@@ -410,7 +423,7 @@ static int ecryptfs_miscdev_response(char *data, size_t data_size,
410 rc = -EINVAL; 423 rc = -EINVAL;
411 goto out; 424 goto out;
412 } 425 }
413 rc = ecryptfs_process_response(msg, euid, pid, seq); 426 rc = ecryptfs_process_response(msg, euid, user_ns, pid, seq);
414 if (rc) 427 if (rc)
415 printk(KERN_ERR 428 printk(KERN_ERR
416 "Error processing response message; rc = [%d]\n", rc); 429 "Error processing response message; rc = [%d]\n", rc);
@@ -491,27 +504,32 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
491 } 504 }
492 rc = ecryptfs_miscdev_response(&data[i], packet_size, 505 rc = ecryptfs_miscdev_response(&data[i], packet_size,
493 current->euid, 506 current->euid,
494 current->pid, seq); 507 current->nsproxy->user_ns,
508 task_pid(current), seq);
495 if (rc) 509 if (rc)
496 printk(KERN_WARNING "%s: Failed to deliver miscdev " 510 printk(KERN_WARNING "%s: Failed to deliver miscdev "
497 "response to requesting operation; rc = [%d]\n", 511 "response to requesting operation; rc = [%d]\n",
498 __func__, rc); 512 __func__, rc);
499 break; 513 break;
500 case ECRYPTFS_MSG_HELO: 514 case ECRYPTFS_MSG_HELO:
501 rc = ecryptfs_miscdev_helo(current->euid, current->pid); 515 rc = ecryptfs_miscdev_helo(current->euid,
516 current->nsproxy->user_ns,
517 task_pid(current));
502 if (rc) { 518 if (rc) {
503 printk(KERN_ERR "%s: Error attempting to process " 519 printk(KERN_ERR "%s: Error attempting to process "
504 "helo from pid [%d]; rc = [%d]\n", __func__, 520 "helo from pid [0x%p]; rc = [%d]\n", __func__,
505 current->pid, rc); 521 task_pid(current), rc);
506 goto out_free; 522 goto out_free;
507 } 523 }
508 break; 524 break;
509 case ECRYPTFS_MSG_QUIT: 525 case ECRYPTFS_MSG_QUIT:
510 rc = ecryptfs_miscdev_quit(current->euid, current->pid); 526 rc = ecryptfs_miscdev_quit(current->euid,
527 current->nsproxy->user_ns,
528 task_pid(current));
511 if (rc) { 529 if (rc) {
512 printk(KERN_ERR "%s: Error attempting to process " 530 printk(KERN_ERR "%s: Error attempting to process "
513 "quit from pid [%d]; rc = [%d]\n", __func__, 531 "quit from pid [0x%p]; rc = [%d]\n", __func__,
514 current->pid, rc); 532 task_pid(current), rc);
515 goto out_free; 533 goto out_free;
516 } 534 }
517 break; 535 break;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-16 02:11:13 -0500