kernel/fs/ecryptfs/keystore.c, branch linux-5.1.yHosts the 0x221E linux distro kernel.https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.1.y2018-03-29T01:33:30Zecryptfs: fix spelling mistake: "cadidate" -> "candidate"2018-03-29T01:33:30ZColin Ian Kingcolin.king@canonical.com2018-03-02T09:07:08Zurn:sha1:f62fd7a77717350e850f3c4a5373fe8e64871025
Trivial fix to spelling mistake in debug message text.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: Adjust four checks for null pointers2017-11-06T18:23:48ZMarkus Elfringelfring@users.sourceforge.net2017-08-19T16:00:22Zurn:sha1:5032f360dd31e6cf59aadad0478df1244bfd30f8
The script “checkpatch.pl” pointed information out like the following.
Comparison to NULL could be written …
Thus fix the affected source code places.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: Return an error code only as a constant in ecryptfs_add_global_auth_tok()2017-11-06T18:23:40ZMarkus Elfringelfring@users.sourceforge.net2017-08-19T15:51:53Zurn:sha1:a463ce5bbd99fef6e1012cebe7b6764794ec07d8
* Return an error code without storing it in an intermediate variable.
* Delete the jump target "out" and the local variable "rc"
which became unnecessary with this refactoring.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: Delete 21 error messages for a failed memory allocation2017-11-06T18:23:29ZMarkus Elfringelfring@users.sourceforge.net2017-08-19T15:37:30Zurn:sha1:1a0bba4ff086d73a88f9dbadaf4831aefce55f27
Omit extra messages for a memory allocation failure in these functions.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: add missing \n to end of various error messages2017-11-04T22:16:39ZColin Ian Kingcolin.king@canonical.com2016-09-27T12:18:02Zurn:sha1:0996b67df6c1354f2df09c33ac652c37e2e2471f
Trival fix, some error messages are missing a \n, so add it.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
ecryptfs: fix dereference of NULL user_key_payload2017-10-12T16:16:40ZEric Biggersebiggers@google.com2017-10-09T19:51:27Zurn:sha1:f66665c09ab489a11ca490d6a82df57cfc1bea3e
In eCryptfs, we failed to verify that the authentication token keys are
not revoked before dereferencing their payloads, which is problematic
because the payload of a revoked key is NULL. request_key() *does* skip
revoked keys, but there is still a window where the key can be revoked
before we acquire the key semaphore.
Fix it by updating ecryptfs_get_key_payload_data() to return
-EKEYREVOKED if the key payload is NULL. For completeness we check this
for "encrypted" keys as well as "user" keys, although encrypted keys
cannot be revoked currently.
Alternatively we could use key_validate(), but since we'll also need to
fix ecryptfs_get_key_payload_data() to validate the payload length, it
seems appropriate to just check the payload pointer.
Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: <stable@vger.kernel.org> [v2.6.19+]
Cc: Michael Halcrow <mhalcrow@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros2016-04-04T17:41:08ZKirill A. Shutemovkirill.shutemov@linux.intel.com2016-04-01T12:29:47Zurn:sha1:09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a
PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
ago with promise that one day it will be possible to implement page
cache with bigger chunks than PAGE_SIZE.
This promise never materialized. And unlikely will.
We have many places where PAGE_CACHE_SIZE assumed to be equal to
PAGE_SIZE. And it's constant source of confusion on whether
PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
especially on the border between fs and mm.
Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
breakage to be doable.
Let's stop pretending that pages in page cache are special. They are
not.
The changes are pretty straight-forward:
- <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
- page_cache_get() -> get_page();
- page_cache_release() -> put_page();
This patch contains automated changes generated with coccinelle using
script below. For some reason, coccinelle doesn't patch header files.
I've called spatch for them manually.
The only adjustment after coccinelle is revert of changes to
PAGE_CAHCE_ALIGN definition: we are going to drop it later.
There are few places in the code where coccinelle didn't reach. I'll
fix them manually in a separate patch. Comments and documentation also
will be addressed with the separate patch.
virtual patch
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT
@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE
@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK
@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)
@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)
@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
eCryptfs: Use skcipher and shash2016-03-17T11:09:00ZHerbert Xuherbert@gondor.apana.org.au2016-03-16T09:06:01Zurn:sha1:d1558f4e95cb14b0fff5c0b839c15a21f7e8aed0
eCryptfs: Fix null pointer dereference on kzalloc error path
The conversion to skcipher and shash added a couple of null pointer
dereference bugs on the kzalloc failure path. This patch fixes them.
Fixes: 3095e8e366b4 ("eCryptfs: Use skcipher and shash")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
eCryptfs: Use skcipher and shash2016-01-27T12:36:18ZHerbert Xuherbert@gondor.apana.org.au2016-01-25T02:29:33Zurn:sha1:3095e8e366b471f3bcdbf21c9c72a45718ff8756
This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
eCryptfs: ensure copy to crypt_stat->cipher does not overrun2015-02-25T01:23:28ZColin Ian Kingcolin.king@canonical.com2015-02-23T11:34:10Zurn:sha1:2a559a8bdeae853b6a8abb477c88875e1d4de591
The patch 237fead61998: "[PATCH] ecryptfs: fs/Makefile and
fs/Kconfig" from Oct 4, 2006, leads to the following static checker
warning:
fs/ecryptfs/crypto.c:846 ecryptfs_new_file_context()
error: off-by-one overflow 'crypt_stat->cipher' size 32. rl = '0-32'
There is a mismatch between the size of ecryptfs_crypt_stat.cipher
and ecryptfs_mount_crypt_stat.global_default_cipher_name causing the
copy of the cipher name to cause a off-by-one string copy error. This
fix ensures the space reserved for this string is the same size including
the trailing zero at the end throughout ecryptfs.
This fix avoids increasing the size of ecryptfs_crypt_stat.cipher
and also ecryptfs_parse_tag_70_packet_silly_stack.cipher_string and instead
reduces the of ECRYPTFS_MAX_CIPHER_NAME_SIZE to 31 and includes the + 1 for
the end of string terminator.
NOTE: An overflow is not possible in practice since the value copied
into global_default_cipher_name is validated by
ecryptfs_code_for_cipher_string() at mount time. None of the allowed
cipher strings are long enough to cause the potential buffer overflow
fixed by this patch.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
[tyhicks: Added the NOTE about the overflow not being triggerable]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>