aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs')
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h3
-rw-r--r--fs/ecryptfs/kthread.c9
-rw-r--r--fs/ecryptfs/main.c3
-rw-r--r--fs/ecryptfs/messaging.c27
-rw-r--r--fs/ecryptfs/miscdev.c27
5 files changed, 36 insertions, 33 deletions
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 3504cf9df358..a75026d35d16 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -691,7 +691,8 @@ int ecryptfs_init_kthread(void);
691void ecryptfs_destroy_kthread(void); 691void ecryptfs_destroy_kthread(void);
692int ecryptfs_privileged_open(struct file **lower_file, 692int ecryptfs_privileged_open(struct file **lower_file,
693 struct dentry *lower_dentry, 693 struct dentry *lower_dentry,
694 struct vfsmount *lower_mnt); 694 struct vfsmount *lower_mnt,
695 const struct cred *cred);
695int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry); 696int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry);
696 697
697#endif /* #ifndef ECRYPTFS_KERNEL_H */ 698#endif /* #ifndef ECRYPTFS_KERNEL_H */
diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index c440c6b58b2d..c6d7a4d748a0 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -73,7 +73,7 @@ static int ecryptfs_threadfn(void *ignored)
73 mntget(req->lower_mnt); 73 mntget(req->lower_mnt);
74 (*req->lower_file) = dentry_open( 74 (*req->lower_file) = dentry_open(
75 req->lower_dentry, req->lower_mnt, 75 req->lower_dentry, req->lower_mnt,
76 (O_RDWR | O_LARGEFILE)); 76 (O_RDWR | O_LARGEFILE), current_cred());
77 req->flags |= ECRYPTFS_REQ_PROCESSED; 77 req->flags |= ECRYPTFS_REQ_PROCESSED;
78 } 78 }
79 wake_up(&req->wait); 79 wake_up(&req->wait);
@@ -132,7 +132,8 @@ void ecryptfs_destroy_kthread(void)
132 */ 132 */
133int ecryptfs_privileged_open(struct file **lower_file, 133int ecryptfs_privileged_open(struct file **lower_file,
134 struct dentry *lower_dentry, 134 struct dentry *lower_dentry,
135 struct vfsmount *lower_mnt) 135 struct vfsmount *lower_mnt,
136 const struct cred *cred)
136{ 137{
137 struct ecryptfs_open_req *req; 138 struct ecryptfs_open_req *req;
138 int rc = 0; 139 int rc = 0;
@@ -143,7 +144,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
143 dget(lower_dentry); 144 dget(lower_dentry);
144 mntget(lower_mnt); 145 mntget(lower_mnt);
145 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 146 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
146 (O_RDWR | O_LARGEFILE)); 147 (O_RDWR | O_LARGEFILE), cred);
147 if (!IS_ERR(*lower_file)) 148 if (!IS_ERR(*lower_file))
148 goto out; 149 goto out;
149 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL); 150 req = kmem_cache_alloc(ecryptfs_open_req_cache, GFP_KERNEL);
@@ -184,7 +185,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
184 dget(lower_dentry); 185 dget(lower_dentry);
185 mntget(lower_mnt); 186 mntget(lower_mnt);
186 (*lower_file) = dentry_open(lower_dentry, lower_mnt, 187 (*lower_file) = dentry_open(lower_dentry, lower_mnt,
187 (O_RDONLY | O_LARGEFILE)); 188 (O_RDONLY | O_LARGEFILE), cred);
188 if (IS_ERR(*lower_file)) { 189 if (IS_ERR(*lower_file)) {
189 rc = PTR_ERR(*req->lower_file); 190 rc = PTR_ERR(*req->lower_file);
190 (*lower_file) = NULL; 191 (*lower_file) = NULL;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 64d2ba980df4..fd630713c5c7 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -115,6 +115,7 @@ void __ecryptfs_printk(const char *fmt, ...)
115 */ 115 */
116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 116int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
117{ 117{
118 const struct cred *cred = current_cred();
118 struct ecryptfs_inode_info *inode_info = 119 struct ecryptfs_inode_info *inode_info =
119 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 120 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
120 int rc = 0; 121 int rc = 0;
@@ -127,7 +128,7 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
127 128
128 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 129 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
129 rc = ecryptfs_privileged_open(&inode_info->lower_file, 130 rc = ecryptfs_privileged_open(&inode_info->lower_file,
130 lower_dentry, lower_mnt); 131 lower_dentry, lower_mnt, cred);
131 if (rc || IS_ERR(inode_info->lower_file)) { 132 if (rc || IS_ERR(inode_info->lower_file)) {
132 printk(KERN_ERR "Error opening lower persistent file " 133 printk(KERN_ERR "Error opening lower persistent file "
133 "for lower_dentry [0x%p] and lower_mnt [0x%p]; " 134 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index c6983978a31e..6913f727624d 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -360,7 +360,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
360 struct ecryptfs_msg_ctx *msg_ctx; 360 struct ecryptfs_msg_ctx *msg_ctx;
361 size_t msg_size; 361 size_t msg_size;
362 struct nsproxy *nsproxy; 362 struct nsproxy *nsproxy;
363 struct user_namespace *current_user_ns; 363 struct user_namespace *tsk_user_ns;
364 uid_t ctx_euid;
364 int rc; 365 int rc;
365 366
366 if (msg->index >= ecryptfs_message_buf_len) { 367 if (msg->index >= ecryptfs_message_buf_len) {
@@ -384,9 +385,9 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
384 mutex_unlock(&ecryptfs_daemon_hash_mux); 385 mutex_unlock(&ecryptfs_daemon_hash_mux);
385 goto wake_up; 386 goto wake_up;
386 } 387 }
387 current_user_ns = nsproxy->user_ns; 388 tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;
388 rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, 389 ctx_euid = task_euid(msg_ctx->task);
389 current_user_ns); 390 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
390 rcu_read_unlock(); 391 rcu_read_unlock();
391 mutex_unlock(&ecryptfs_daemon_hash_mux); 392 mutex_unlock(&ecryptfs_daemon_hash_mux);
392 if (rc) { 393 if (rc) {
@@ -394,28 +395,28 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
394 printk(KERN_WARNING "%s: User [%d] received a " 395 printk(KERN_WARNING "%s: User [%d] received a "
395 "message response from process [0x%p] but does " 396 "message response from process [0x%p] but does "
396 "not have a registered daemon\n", __func__, 397 "not have a registered daemon\n", __func__,
397 msg_ctx->task->euid, pid); 398 ctx_euid, pid);
398 goto wake_up; 399 goto wake_up;
399 } 400 }
400 if (msg_ctx->task->euid != euid) { 401 if (ctx_euid != euid) {
401 rc = -EBADMSG; 402 rc = -EBADMSG;
402 printk(KERN_WARNING "%s: Received message from user " 403 printk(KERN_WARNING "%s: Received message from user "
403 "[%d]; expected message from user [%d]\n", __func__, 404 "[%d]; expected message from user [%d]\n", __func__,
404 euid, msg_ctx->task->euid); 405 euid, ctx_euid);
405 goto unlock; 406 goto unlock;
406 } 407 }
407 if (current_user_ns != user_ns) { 408 if (tsk_user_ns != user_ns) {
408 rc = -EBADMSG; 409 rc = -EBADMSG;
409 printk(KERN_WARNING "%s: Received message from user_ns " 410 printk(KERN_WARNING "%s: Received message from user_ns "
410 "[0x%p]; expected message from user_ns [0x%p]\n", 411 "[0x%p]; expected message from user_ns [0x%p]\n",
411 __func__, user_ns, nsproxy->user_ns); 412 __func__, user_ns, tsk_user_ns);
412 goto unlock; 413 goto unlock;
413 } 414 }
414 if (daemon->pid != pid) { 415 if (daemon->pid != pid) {
415 rc = -EBADMSG; 416 rc = -EBADMSG;
416 printk(KERN_ERR "%s: User [%d] sent a message response " 417 printk(KERN_ERR "%s: User [%d] sent a message response "
417 "from an unrecognized process [0x%p]\n", 418 "from an unrecognized process [0x%p]\n",
418 __func__, msg_ctx->task->euid, pid); 419 __func__, ctx_euid, pid);
419 goto unlock; 420 goto unlock;
420 } 421 }
421 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 422 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
@@ -464,14 +465,14 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type,
464 struct ecryptfs_msg_ctx **msg_ctx) 465 struct ecryptfs_msg_ctx **msg_ctx)
465{ 466{
466 struct ecryptfs_daemon *daemon; 467 struct ecryptfs_daemon *daemon;
468 uid_t euid = current_euid();
467 int rc; 469 int rc;
468 470
469 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 471 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
470 current->nsproxy->user_ns);
471 if (rc || !daemon) { 472 if (rc || !daemon) {
472 rc = -ENOTCONN; 473 rc = -ENOTCONN;
473 printk(KERN_ERR "%s: User [%d] does not have a daemon " 474 printk(KERN_ERR "%s: User [%d] does not have a daemon "
474 "registered\n", __func__, current->euid); 475 "registered\n", __func__, euid);
475 goto out; 476 goto out;
476 } 477 }
477 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 478 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index b484792a0996..efd95a0ed1ea 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -42,12 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt)
42{ 42{
43 struct ecryptfs_daemon *daemon; 43 struct ecryptfs_daemon *daemon;
44 unsigned int mask = 0; 44 unsigned int mask = 0;
45 uid_t euid = current_euid();
45 int rc; 46 int rc;
46 47
47 mutex_lock(&ecryptfs_daemon_hash_mux); 48 mutex_lock(&ecryptfs_daemon_hash_mux);
48 /* TODO: Just use file->private_data? */ 49 /* TODO: Just use file->private_data? */
49 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 50 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
50 current->nsproxy->user_ns);
51 BUG_ON(rc || !daemon); 51 BUG_ON(rc || !daemon);
52 mutex_lock(&daemon->mux); 52 mutex_lock(&daemon->mux);
53 mutex_unlock(&ecryptfs_daemon_hash_mux); 53 mutex_unlock(&ecryptfs_daemon_hash_mux);
@@ -83,6 +83,7 @@ static int
83ecryptfs_miscdev_open(struct inode *inode, struct file *file) 83ecryptfs_miscdev_open(struct inode *inode, struct file *file)
84{ 84{
85 struct ecryptfs_daemon *daemon = NULL; 85 struct ecryptfs_daemon *daemon = NULL;
86 uid_t euid = current_euid();
86 int rc; 87 int rc;
87 88
88 mutex_lock(&ecryptfs_daemon_hash_mux); 89 mutex_lock(&ecryptfs_daemon_hash_mux);
@@ -93,11 +94,9 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
93 "count; rc = [%d]\n", __func__, rc); 94 "count; rc = [%d]\n", __func__, rc);
94 goto out_unlock_daemon_list; 95 goto out_unlock_daemon_list;
95 } 96 }
96 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 97 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
97 current->nsproxy->user_ns);
98 if (rc || !daemon) { 98 if (rc || !daemon) {
99 rc = ecryptfs_spawn_daemon(&daemon, current->euid, 99 rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(),
100 current->nsproxy->user_ns,
101 task_pid(current)); 100 task_pid(current));
102 if (rc) { 101 if (rc) {
103 printk(KERN_ERR "%s: Error attempting to spawn daemon; " 102 printk(KERN_ERR "%s: Error attempting to spawn daemon; "
@@ -147,11 +146,11 @@ static int
147ecryptfs_miscdev_release(struct inode *inode, struct file *file) 146ecryptfs_miscdev_release(struct inode *inode, struct file *file)
148{ 147{
149 struct ecryptfs_daemon *daemon = NULL; 148 struct ecryptfs_daemon *daemon = NULL;
149 uid_t euid = current_euid();
150 int rc; 150 int rc;
151 151
152 mutex_lock(&ecryptfs_daemon_hash_mux); 152 mutex_lock(&ecryptfs_daemon_hash_mux);
153 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 153 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
154 current->nsproxy->user_ns);
155 BUG_ON(rc || !daemon); 154 BUG_ON(rc || !daemon);
156 mutex_lock(&daemon->mux); 155 mutex_lock(&daemon->mux);
157 BUG_ON(daemon->pid != task_pid(current)); 156 BUG_ON(daemon->pid != task_pid(current));
@@ -246,12 +245,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
246 char packet_length[3]; 245 char packet_length[3];
247 size_t i; 246 size_t i;
248 size_t total_length; 247 size_t total_length;
248 uid_t euid = current_euid();
249 int rc; 249 int rc;
250 250
251 mutex_lock(&ecryptfs_daemon_hash_mux); 251 mutex_lock(&ecryptfs_daemon_hash_mux);
252 /* TODO: Just use file->private_data? */ 252 /* TODO: Just use file->private_data? */
253 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 253 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
254 current->nsproxy->user_ns);
255 BUG_ON(rc || !daemon); 254 BUG_ON(rc || !daemon);
256 mutex_lock(&daemon->mux); 255 mutex_lock(&daemon->mux);
257 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { 256 if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
@@ -290,8 +289,8 @@ check_list:
290 * message from the queue; try again */ 289 * message from the queue; try again */
291 goto check_list; 290 goto check_list;
292 } 291 }
293 BUG_ON(current->euid != daemon->euid); 292 BUG_ON(euid != daemon->euid);
294 BUG_ON(current->nsproxy->user_ns != daemon->user_ns); 293 BUG_ON(current_user_ns() != daemon->user_ns);
295 BUG_ON(task_pid(current) != daemon->pid); 294 BUG_ON(task_pid(current) != daemon->pid);
296 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, 295 msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
297 struct ecryptfs_msg_ctx, daemon_out_list); 296 struct ecryptfs_msg_ctx, daemon_out_list);
@@ -414,6 +413,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
414 size_t packet_size, packet_size_length, i; 413 size_t packet_size, packet_size_length, i;
415 ssize_t sz = 0; 414 ssize_t sz = 0;
416 char *data; 415 char *data;
416 uid_t euid = current_euid();
417 int rc; 417 int rc;
418 418
419 if (count == 0) 419 if (count == 0)
@@ -463,8 +463,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
463 goto out_free; 463 goto out_free;
464 } 464 }
465 rc = ecryptfs_miscdev_response(&data[i], packet_size, 465 rc = ecryptfs_miscdev_response(&data[i], packet_size,
466 current->euid, 466 euid, current_user_ns(),
467 current->nsproxy->user_ns,
468 task_pid(current), seq); 467 task_pid(current), seq);
469 if (rc) 468 if (rc)
470 printk(KERN_WARNING "%s: Failed to deliver miscdev " 469 printk(KERN_WARNING "%s: Failed to deliver miscdev "
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-25 02:31:40 -0500