Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8c8e669b authored by Jeff Mahoney's avatar Jeff Mahoney Committed by Sasha Levin
Browse files

ecryptfs: don't allow mmap when the lower fs doesn't support it 



[ Upstream commit f0fe970df3838c202ef6c07a4c2b36838ef0a88b ]

There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs.  We shouldn't emulate mmap support on file systems
that don't offer support natively.

CVE-2016-1583

Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>

Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
parent 050216f6

fs/ecryptfs/file.c

+14 −1
Original line number Diff line number Diff line
@@ -177,6 +177,19 @@ out: 
	return rc;

}



static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)

{

	struct file *lower_file = ecryptfs_file_to_lower(file);

	/*

	 * Don't allow mmap on top of file systems that don't support it

	 * natively.  If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs

	 * allows recursive mounting, this will need to be extended.

	 */

	if (!lower_file->f_op->mmap)

		return -ENODEV;

	return generic_file_mmap(file, vma);

}



/**

 * ecryptfs_open

 * @inode: inode speciying file to open
@@ -374,7 +387,7 @@ const struct file_operations ecryptfs_main_fops = { 
#ifdef CONFIG_COMPAT

	.compat_ioctl = ecryptfs_compat_ioctl,

#endif

	.mmap = generic_file_mmap,

	.mmap = ecryptfs_mmap,

	.open = ecryptfs_open,

	.flush = ecryptfs_flush,

	.release = ecryptfs_release,