Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e0bcb42e authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'ecryptfs-4.15-rc1-fixes' of... 

Merge tag 'ecryptfs-4.15-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs updates from Tyler Hicks:

 - miscellaneous code cleanups and refactoring

 - fix a possible use after free bug when unloading the module

* tag 'ecryptfs-4.15-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  eCryptfs: constify attribute_group structures.
  ecryptfs: remove unnecessary i_version bump
  ecryptfs: use ARRAY_SIZE
  ecryptfs: Adjust four checks for null pointers
  ecryptfs: Return an error code only as a constant in ecryptfs_add_global_auth_tok()
  ecryptfs: Delete 21 error messages for a failed memory allocation
  eCryptfs: use after free in ecryptfs_release_messaging()
  ecryptfs: remove private bin2hex implementation
  ecryptfs: add missing \n to end of various error messages
parents b6b220b0 4670269f

fs/ecryptfs/crypto.c

+6 −38
Original line number Diff line number Diff line
@@ -36,26 +36,12 @@ 
#include <linux/scatterlist.h>

#include <linux/slab.h>

#include <asm/unaligned.h>

#include <linux/kernel.h>

#include "ecryptfs_kernel.h"



#define DECRYPT		0

#define ENCRYPT		1



/**

 * ecryptfs_to_hex

 * @dst: Buffer to take hex character representation of contents of

 *       src; must be at least of size (src_size * 2)

 * @src: Buffer to be converted to a hex string representation

 * @src_size: number of bytes to convert

 */

void ecryptfs_to_hex(char *dst, char *src, size_t src_size)

{

	int x;



	for (x = 0; x < src_size; x++)

		sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);

}



/**

 * ecryptfs_from_hex

 * @dst: Buffer to take the bytes from src hex; must be at least of
@@ -899,8 +885,7 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, 
	u32 flags;



	flags = get_unaligned_be32(page_virt);

	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

	for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)

		if (flags & ecryptfs_flag_map[i].file_flag) {

			crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;

		} else
@@ -937,8 +922,7 @@ void ecryptfs_write_crypt_stat_flags(char *page_virt, 
	u32 flags = 0;

	int i;



	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

	for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)

		if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)

			flags |= ecryptfs_flag_map[i].file_flag;

	/* Version is in top 8 bits of the 32-bit flag vector */
@@ -1434,8 +1418,6 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) 
	page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);

	if (!page_virt) {

		rc = -ENOMEM;

		printk(KERN_ERR "%s: Unable to allocate page_virt\n",

		       __func__);

		goto out;

	}

	rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
@@ -1522,9 +1504,6 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename, 
		filename->encrypted_filename =

			kmalloc(filename->encrypted_filename_size, GFP_KERNEL);

		if (!filename->encrypted_filename) {

			printk(KERN_ERR "%s: Out of memory whilst attempting "

			       "to kmalloc [%zd] bytes\n", __func__,

			       filename->encrypted_filename_size);

			rc = -ENOMEM;

			goto out;

		}
@@ -1669,12 +1648,10 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, 
	BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));



	tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);

	if (key_tfm != NULL)

	if (key_tfm)

		(*key_tfm) = tmp_tfm;

	if (!tmp_tfm) {

		rc = -ENOMEM;

		printk(KERN_ERR "Error attempting to allocate from "

		       "ecryptfs_key_tfm_cache\n");

		goto out;

	}

	mutex_init(&tmp_tfm->key_tfm_mutex);
@@ -1690,7 +1667,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, 
		       "cipher with name = [%s]; rc = [%d]\n",

		       tmp_tfm->cipher_name, rc);

		kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);

		if (key_tfm != NULL)

		if (key_tfm)

			(*key_tfm) = NULL;

		goto out;

	}
@@ -1881,7 +1858,7 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, 
	size_t src_byte_offset = 0;

	size_t dst_byte_offset = 0;



	if (dst == NULL) {

	if (!dst) {

		(*dst_size) = ecryptfs_max_decoded_size(src_size);

		goto out;

	}
@@ -1949,9 +1926,6 @@ int ecryptfs_encrypt_and_encode_filename( 


		filename = kzalloc(sizeof(*filename), GFP_KERNEL);

		if (!filename) {

			printk(KERN_ERR "%s: Out of memory whilst attempting "

			       "to kzalloc [%zd] bytes\n", __func__,

			       sizeof(*filename));

			rc = -ENOMEM;

			goto out;

		}
@@ -1980,9 +1954,6 @@ int ecryptfs_encrypt_and_encode_filename( 
				 + encoded_name_no_prefix_size);

		(*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);

		if (!(*encoded_name)) {

			printk(KERN_ERR "%s: Out of memory whilst attempting "

			       "to kzalloc [%zd] bytes\n", __func__,

			       (*encoded_name_size));

			rc = -ENOMEM;

			kfree(filename->encrypted_filename);

			kfree(filename);
@@ -2064,9 +2035,6 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name, 
					      name, name_size);

		decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);

		if (!decoded_name) {

			printk(KERN_ERR "%s: Out of memory whilst attempting "

			       "to kmalloc [%zd] bytes\n", __func__,

			       decoded_name_size);

			rc = -ENOMEM;

			goto out;

		}

fs/ecryptfs/ecryptfs_kernel.h

+8 −1
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ 
#include <crypto/skcipher.h>

#include <keys/user-type.h>

#include <keys/encrypted-type.h>

#include <linux/kernel.h>

#include <linux/fs.h>

#include <linux/fs_stack.h>

#include <linux/namei.h>
@@ -51,7 +52,13 @@ 
#define ECRYPTFS_XATTR_NAME "user.ecryptfs"



void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);

extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);

static inline void

ecryptfs_to_hex(char *dst, char *src, size_t src_size)

{

	char *end = bin2hex(dst, src, src_size);

	*end = '\0';

}



extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);



struct ecryptfs_key_record {

fs/ecryptfs/inode.c

+0 −4
Original line number Diff line number Diff line
@@ -64,7 +64,6 @@ static int ecryptfs_inode_set(struct inode *inode, void *opaque) 
	/* i_size will be overwritten for encrypted regular files */

	fsstack_copy_inode_size(inode, lower_inode);

	inode->i_ino = lower_inode->i_ino;

	inode->i_version++;

	inode->i_mapping->a_ops = &ecryptfs_aops;



	if (S_ISLNK(inode->i_mode))
@@ -334,9 +333,6 @@ static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry, 


	dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);

	if (!dentry_info) {

		printk(KERN_ERR "%s: Out of memory whilst attempting "

		       "to allocate ecryptfs_dentry_info struct\n",

			__func__);

		dput(lower_dentry);

		return ERR_PTR(-ENOMEM);

	}

fs/ecryptfs/keystore.c

+12 −36
Original line number Diff line number Diff line
@@ -639,11 +639,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 
	int rc = 0;



	s = kzalloc(sizeof(*s), GFP_KERNEL);

	if (!s) {

		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "

		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));

	if (!s)

		return -ENOMEM;

	}



	(*packet_size) = 0;

	rc = ecryptfs_find_auth_tok_for_sig(

		&auth_tok_key,
@@ -687,7 +685,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 
	 *    separator, and then the filename */

	s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE

			      + s->block_aligned_filename_size);

	if (dest == NULL) {

	if (!dest) {

		(*packet_size) = s->max_packet_size;

		goto out_unlock;

	}
@@ -714,9 +712,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 
	s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,

					    GFP_KERNEL);

	if (!s->block_aligned_filename) {

		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "

		       "kzalloc [%zd] bytes\n", __func__,

		       s->block_aligned_filename_size);

		rc = -ENOMEM;

		goto out_unlock;

	}
@@ -769,10 +764,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, 
	s->hash_desc = kmalloc(sizeof(*s->hash_desc) +

			       crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);

	if (!s->hash_desc) {

		printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "

		       "kmalloc [%zd] bytes\n", __func__,

		       sizeof(*s->hash_desc) +

		       crypto_shash_descsize(s->hash_tfm));

		rc = -ENOMEM;

		goto out_release_free_unlock;

	}
@@ -925,11 +916,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, 
	(*filename_size) = 0;

	(*filename) = NULL;

	s = kzalloc(sizeof(*s), GFP_KERNEL);

	if (!s) {

		printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "

		       "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));

	if (!s)

		return -ENOMEM;

	}



	if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {

		printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "

		       "at least [%d]\n", __func__, max_packet_size,
@@ -1015,9 +1004,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, 
	s->decrypted_filename = kmalloc(s->block_aligned_filename_size,

					GFP_KERNEL);

	if (!s->decrypted_filename) {

		printk(KERN_ERR "%s: Out of memory whilst attempting to "

		       "kmalloc [%zd] bytes\n", __func__,

		       s->block_aligned_filename_size);

		rc = -ENOMEM;

		goto out_unlock;

	}
@@ -1097,9 +1083,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, 
	}

	(*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);

	if (!(*filename)) {

		printk(KERN_ERR "%s: Out of memory whilst attempting to "

		       "kmalloc [%zd] bytes\n", __func__,

		       ((*filename_size) + 1));

		rc = -ENOMEM;

		goto out_free_unlock;

	}
@@ -1333,7 +1316,7 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, 
	if ((*new_auth_tok)->session_key.encrypted_key_size

	    > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {

		printk(KERN_WARNING "Tag 1 packet contains key larger "

		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");

		       "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");

		rc = -EINVAL;

		goto out;

	}
@@ -2525,11 +2508,9 @@ int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) 
	struct ecryptfs_key_sig *new_key_sig;



	new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);

	if (!new_key_sig) {

		printk(KERN_ERR

		       "Error allocating from ecryptfs_key_sig_cache\n");

	if (!new_key_sig)

		return -ENOMEM;

	}



	memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);

	new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';

	/* Caller must hold keysig_list_mutex */
@@ -2545,16 +2526,12 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 
			     char *sig, u32 global_auth_tok_flags)

{

	struct ecryptfs_global_auth_tok *new_auth_tok;

	int rc = 0;



	new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,

					GFP_KERNEL);

	if (!new_auth_tok) {

		rc = -ENOMEM;

		printk(KERN_ERR "Error allocating from "

		       "ecryptfs_global_auth_tok_cache\n");

		goto out;

	}

	if (!new_auth_tok)

		return -ENOMEM;



	memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);

	new_auth_tok->flags = global_auth_tok_flags;

	new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
@@ -2562,7 +2539,6 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, 
	list_add(&new_auth_tok->mount_crypt_stat_list,

		 &mount_crypt_stat->global_auth_tok_list);

	mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);

out:

	return rc;

	return 0;

}

fs/ecryptfs/main.c

+2 −2
Original line number Diff line number Diff line
@@ -426,7 +426,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, 
		mount_crypt_stat->global_default_cipher_key_size);

	if (!cipher_code) {

		ecryptfs_printk(KERN_ERR,

				"eCryptfs doesn't support cipher: %s",

				"eCryptfs doesn't support cipher: %s\n",

				mount_crypt_stat->global_default_cipher_name);

		rc = -EINVAL;

		goto out;
@@ -781,7 +781,7 @@ static struct attribute *attributes[] = { 
	NULL,

};



static struct attribute_group attr_group = {

static const struct attribute_group attr_group = {

	.attrs = attributes,

};