summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorTyler Hicks <tyhicks@canonical.com>2015-02-24 19:28:10 -0600
committerBen Hutchings <ben@decadent.org.uk>2015-05-09 23:16:22 +0100
commit5ab80986f16ad450b5cddd3f76806cc323f89d1b (patch)
tree67ceda524c2273abcfedc5fbab100a973e0d413f /fs
parentdf94ba6185a3dd47d8674d312c9a7d57973a8a9e (diff)
downloadlinux-stable-5ab80986f16ad450b5cddd3f76806cc323f89d1b.tar.gz
linux-stable-5ab80986f16ad450b5cddd3f76806cc323f89d1b.tar.bz2
linux-stable-5ab80986f16ad450b5cddd3f76806cc323f89d1b.zip
eCryptfs: don't pass fs-specific ioctl commands through
commit 6d65261a09adaa374c05de807f73a144d783669e upstream. eCryptfs can't be aware of what to expect when after passing an arbitrary ioctl command through to the lower filesystem. The ioctl command may trigger an action in the lower filesystem that is incompatible with eCryptfs. One specific example is when one attempts to use the Btrfs clone ioctl command when the source file is in the Btrfs filesystem that eCryptfs is mounted on top of and the destination fd is from a new file created in the eCryptfs mount. The ioctl syscall incorrectly returns success because the command is passed down to Btrfs which thinks that it was able to do the clone operation. However, the result is an empty eCryptfs file. This patch allows the trim, {g,s}etflags, and {g,s}etversion ioctl commands through and then copies up the inode metadata from the lower inode to the eCryptfs inode to catch any changes made to the lower inode's metadata. Those five ioctl commands are mostly common across all filesystems but the whitelist may need to be further pruned in the future. https://bugzilla.kernel.org/show_bug.cgi?id=93691 https://launchpad.net/bugs/1305335 Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Cc: Rocko <rockorequin@hotmail.com> Cc: Colin Ian King <colin.king@canonical.com> [bwh: Backported to 3.2: - Adjust context - We don't have file_inode() so open-code the inode lookup] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/ecryptfs/file.c36
1 files changed, 32 insertions, 4 deletions
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
index 80fc87646d89..464fe1f177bb 100644
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -307,9 +307,23 @@ ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
if (ecryptfs_file_to_private(file))
lower_file = ecryptfs_file_to_lower(file);
- if (lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl)
+ if (!(lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl))
+ return rc;
+
+ switch (cmd) {
+ case FITRIM:
+ case FS_IOC_GETFLAGS:
+ case FS_IOC_SETFLAGS:
+ case FS_IOC_GETVERSION:
+ case FS_IOC_SETVERSION:
rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
- return rc;
+ fsstack_copy_attr_all(file->f_path.dentry->d_inode,
+ lower_file->f_path.dentry->d_inode);
+
+ return rc;
+ default:
+ return rc;
+ }
}
#ifdef CONFIG_COMPAT
@@ -321,9 +335,23 @@ ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
if (ecryptfs_file_to_private(file))
lower_file = ecryptfs_file_to_lower(file);
- if (lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl)
+ if (!(lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl))
+ return rc;
+
+ switch (cmd) {
+ case FITRIM:
+ case FS_IOC32_GETFLAGS:
+ case FS_IOC32_SETFLAGS:
+ case FS_IOC32_GETVERSION:
+ case FS_IOC32_SETVERSION:
rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
- return rc;
+ fsstack_copy_attr_all(file->f_path.dentry->d_inode,
+ lower_file->f_path.dentry->d_inode);
+
+ return rc;
+ default:
+ return rc;
+ }
}
#endif