Merge tag 'ecryptfs-4.15-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel...
authorLinus Torvalds <torvalds@linux-foundation.org>
Fri, 17 Nov 2017 22:16:21 +0000 (14:16 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 17 Nov 2017 22:16:21 +0000 (14:16 -0800)
Pull eCryptfs updates from Tyler Hicks:

 - miscellaneous code cleanups and refactoring

 - fix a possible use after free bug when unloading the module

* tag 'ecryptfs-4.15-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  eCryptfs: constify attribute_group structures.
  ecryptfs: remove unnecessary i_version bump
  ecryptfs: use ARRAY_SIZE
  ecryptfs: Adjust four checks for null pointers
  ecryptfs: Return an error code only as a constant in ecryptfs_add_global_auth_tok()
  ecryptfs: Delete 21 error messages for a failed memory allocation
  eCryptfs: use after free in ecryptfs_release_messaging()
  ecryptfs: remove private bin2hex implementation
  ecryptfs: add missing \n to end of various error messages

fs/ecryptfs/crypto.c
fs/ecryptfs/ecryptfs_kernel.h
fs/ecryptfs/inode.c
fs/ecryptfs/keystore.c
fs/ecryptfs/main.c
fs/ecryptfs/messaging.c
fs/ecryptfs/miscdev.c
fs/ecryptfs/mmap.c

index e5e29f8c920b18bc6959cdb16d2ee57fec7d45a6..846ca150d52e9259e5ded67abfe708a9f5c4084e 100644 (file)
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
 #include <asm/unaligned.h>
+#include <linux/kernel.h>
 #include "ecryptfs_kernel.h"
 
 #define DECRYPT                0
 #define ENCRYPT                1
 
-/**
- * ecryptfs_to_hex
- * @dst: Buffer to take hex character representation of contents of
- *       src; must be at least of size (src_size * 2)
- * @src: Buffer to be converted to a hex string representation
- * @src_size: number of bytes to convert
- */
-void ecryptfs_to_hex(char *dst, char *src, size_t src_size)
-{
-       int x;
-
-       for (x = 0; x < src_size; x++)
-               sprintf(&dst[x * 2], "%.2x", (unsigned char)src[x]);
-}
-
 /**
  * ecryptfs_from_hex
  * @dst: Buffer to take the bytes from src hex; must be at least of
@@ -899,8 +885,7 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
        u32 flags;
 
        flags = get_unaligned_be32(page_virt);
-       for (i = 0; i < ((sizeof(ecryptfs_flag_map)
-                         / sizeof(struct ecryptfs_flag_map_elem))); i++)
+       for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
                if (flags & ecryptfs_flag_map[i].file_flag) {
                        crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
                } else
@@ -937,8 +922,7 @@ void ecryptfs_write_crypt_stat_flags(char *page_virt,
        u32 flags = 0;
        int i;
 
-       for (i = 0; i < ((sizeof(ecryptfs_flag_map)
-                         / sizeof(struct ecryptfs_flag_map_elem))); i++)
+       for (i = 0; i < ARRAY_SIZE(ecryptfs_flag_map); i++)
                if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
                        flags |= ecryptfs_flag_map[i].file_flag;
        /* Version is in top 8 bits of the 32-bit flag vector */
@@ -1434,8 +1418,6 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
        page_virt = kmem_cache_alloc(ecryptfs_header_cache, GFP_USER);
        if (!page_virt) {
                rc = -ENOMEM;
-               printk(KERN_ERR "%s: Unable to allocate page_virt\n",
-                      __func__);
                goto out;
        }
        rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size,
@@ -1522,9 +1504,6 @@ ecryptfs_encrypt_filename(struct ecryptfs_filename *filename,
                filename->encrypted_filename =
                        kmalloc(filename->encrypted_filename_size, GFP_KERNEL);
                if (!filename->encrypted_filename) {
-                       printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kmalloc [%zd] bytes\n", __func__,
-                              filename->encrypted_filename_size);
                        rc = -ENOMEM;
                        goto out;
                }
@@ -1669,12 +1648,10 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
        BUG_ON(!mutex_is_locked(&key_tfm_list_mutex));
 
        tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL);
-       if (key_tfm != NULL)
+       if (key_tfm)
                (*key_tfm) = tmp_tfm;
        if (!tmp_tfm) {
                rc = -ENOMEM;
-               printk(KERN_ERR "Error attempting to allocate from "
-                      "ecryptfs_key_tfm_cache\n");
                goto out;
        }
        mutex_init(&tmp_tfm->key_tfm_mutex);
@@ -1690,7 +1667,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
                       "cipher with name = [%s]; rc = [%d]\n",
                       tmp_tfm->cipher_name, rc);
                kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm);
-               if (key_tfm != NULL)
+               if (key_tfm)
                        (*key_tfm) = NULL;
                goto out;
        }
@@ -1881,7 +1858,7 @@ ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size,
        size_t src_byte_offset = 0;
        size_t dst_byte_offset = 0;
 
-       if (dst == NULL) {
+       if (!dst) {
                (*dst_size) = ecryptfs_max_decoded_size(src_size);
                goto out;
        }
@@ -1949,9 +1926,6 @@ int ecryptfs_encrypt_and_encode_filename(
 
                filename = kzalloc(sizeof(*filename), GFP_KERNEL);
                if (!filename) {
-                       printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kzalloc [%zd] bytes\n", __func__,
-                              sizeof(*filename));
                        rc = -ENOMEM;
                        goto out;
                }
@@ -1980,9 +1954,6 @@ int ecryptfs_encrypt_and_encode_filename(
                                 + encoded_name_no_prefix_size);
                (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL);
                if (!(*encoded_name)) {
-                       printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kzalloc [%zd] bytes\n", __func__,
-                              (*encoded_name_size));
                        rc = -ENOMEM;
                        kfree(filename->encrypted_filename);
                        kfree(filename);
@@ -2064,9 +2035,6 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
                                              name, name_size);
                decoded_name = kmalloc(decoded_name_size, GFP_KERNEL);
                if (!decoded_name) {
-                       printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kmalloc [%zd] bytes\n", __func__,
-                              decoded_name_size);
                        rc = -ENOMEM;
                        goto out;
                }
index 3fbc0ff79699dde5cca295262591b2cb5aafcced..e74cb2a0b299bde2cc6d3719f227b71f88f57bbb 100644 (file)
@@ -31,6 +31,7 @@
 #include <crypto/skcipher.h>
 #include <keys/user-type.h>
 #include <keys/encrypted-type.h>
+#include <linux/kernel.h>
 #include <linux/fs.h>
 #include <linux/fs_stack.h>
 #include <linux/namei.h>
 #define ECRYPTFS_XATTR_NAME "user.ecryptfs"
 
 void ecryptfs_dump_auth_tok(struct ecryptfs_auth_tok *auth_tok);
-extern void ecryptfs_to_hex(char *dst, char *src, size_t src_size);
+static inline void
+ecryptfs_to_hex(char *dst, char *src, size_t src_size)
+{
+       char *end = bin2hex(dst, src, src_size);
+       *end = '\0';
+}
+
 extern void ecryptfs_from_hex(char *dst, char *src, int dst_size);
 
 struct ecryptfs_key_record {
index efc2db42d17513d089f16cfaaab38c81a4ed216c..847904aa63a9a6554d592dbf0710c7eff7954f49 100644 (file)
@@ -64,7 +64,6 @@ static int ecryptfs_inode_set(struct inode *inode, void *opaque)
        /* i_size will be overwritten for encrypted regular files */
        fsstack_copy_inode_size(inode, lower_inode);
        inode->i_ino = lower_inode->i_ino;
-       inode->i_version++;
        inode->i_mapping->a_ops = &ecryptfs_aops;
 
        if (S_ISLNK(inode->i_mode))
@@ -334,9 +333,6 @@ static struct dentry *ecryptfs_lookup_interpose(struct dentry *dentry,
 
        dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
        if (!dentry_info) {
-               printk(KERN_ERR "%s: Out of memory whilst attempting "
-                      "to allocate ecryptfs_dentry_info struct\n",
-                       __func__);
                dput(lower_dentry);
                return ERR_PTR(-ENOMEM);
        }
index fa218cd64f746d2c924a786edc1c6052911c1732..c89a58cfc991c235f1420a4901df877dc7557939 100644 (file)
@@ -639,11 +639,9 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
        int rc = 0;
 
        s = kzalloc(sizeof(*s), GFP_KERNEL);
-       if (!s) {
-               printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
-                      "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
+       if (!s)
                return -ENOMEM;
-       }
+
        (*packet_size) = 0;
        rc = ecryptfs_find_auth_tok_for_sig(
                &auth_tok_key,
@@ -687,7 +685,7 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
         *    separator, and then the filename */
        s->max_packet_size = (ECRYPTFS_TAG_70_MAX_METADATA_SIZE
                              + s->block_aligned_filename_size);
-       if (dest == NULL) {
+       if (!dest) {
                (*packet_size) = s->max_packet_size;
                goto out_unlock;
        }
@@ -714,9 +712,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
        s->block_aligned_filename = kzalloc(s->block_aligned_filename_size,
                                            GFP_KERNEL);
        if (!s->block_aligned_filename) {
-               printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
-                      "kzalloc [%zd] bytes\n", __func__,
-                      s->block_aligned_filename_size);
                rc = -ENOMEM;
                goto out_unlock;
        }
@@ -769,10 +764,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
        s->hash_desc = kmalloc(sizeof(*s->hash_desc) +
                               crypto_shash_descsize(s->hash_tfm), GFP_KERNEL);
        if (!s->hash_desc) {
-               printk(KERN_ERR "%s: Out of kernel memory whilst attempting to "
-                      "kmalloc [%zd] bytes\n", __func__,
-                      sizeof(*s->hash_desc) +
-                      crypto_shash_descsize(s->hash_tfm));
                rc = -ENOMEM;
                goto out_release_free_unlock;
        }
@@ -925,11 +916,9 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        (*filename_size) = 0;
        (*filename) = NULL;
        s = kzalloc(sizeof(*s), GFP_KERNEL);
-       if (!s) {
-               printk(KERN_ERR "%s: Out of memory whilst trying to kmalloc "
-                      "[%zd] bytes of kernel memory\n", __func__, sizeof(*s));
+       if (!s)
                return -ENOMEM;
-       }
+
        if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
                printk(KERN_WARNING "%s: max_packet_size is [%zd]; it must be "
                       "at least [%d]\n", __func__, max_packet_size,
@@ -1015,9 +1004,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        s->decrypted_filename = kmalloc(s->block_aligned_filename_size,
                                        GFP_KERNEL);
        if (!s->decrypted_filename) {
-               printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                      "kmalloc [%zd] bytes\n", __func__,
-                      s->block_aligned_filename_size);
                rc = -ENOMEM;
                goto out_unlock;
        }
@@ -1097,9 +1083,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size,
        }
        (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL);
        if (!(*filename)) {
-               printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                      "kmalloc [%zd] bytes\n", __func__,
-                      ((*filename_size) + 1));
                rc = -ENOMEM;
                goto out_free_unlock;
        }
@@ -1333,7 +1316,7 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
        if ((*new_auth_tok)->session_key.encrypted_key_size
            > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
                printk(KERN_WARNING "Tag 1 packet contains key larger "
-                      "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES");
+                      "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
                rc = -EINVAL;
                goto out;
        }
@@ -2525,11 +2508,9 @@ int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig)
        struct ecryptfs_key_sig *new_key_sig;
 
        new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL);
-       if (!new_key_sig) {
-               printk(KERN_ERR
-                      "Error allocating from ecryptfs_key_sig_cache\n");
+       if (!new_key_sig)
                return -ENOMEM;
-       }
+
        memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX);
        new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
        /* Caller must hold keysig_list_mutex */
@@ -2545,16 +2526,12 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
                             char *sig, u32 global_auth_tok_flags)
 {
        struct ecryptfs_global_auth_tok *new_auth_tok;
-       int rc = 0;
 
        new_auth_tok = kmem_cache_zalloc(ecryptfs_global_auth_tok_cache,
                                        GFP_KERNEL);
-       if (!new_auth_tok) {
-               rc = -ENOMEM;
-               printk(KERN_ERR "Error allocating from "
-                      "ecryptfs_global_auth_tok_cache\n");
-               goto out;
-       }
+       if (!new_auth_tok)
+               return -ENOMEM;
+
        memcpy(new_auth_tok->sig, sig, ECRYPTFS_SIG_SIZE_HEX);
        new_auth_tok->flags = global_auth_tok_flags;
        new_auth_tok->sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
@@ -2562,7 +2539,6 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat,
        list_add(&new_auth_tok->mount_crypt_stat_list,
                 &mount_crypt_stat->global_auth_tok_list);
        mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
-out:
-       return rc;
+       return 0;
 }
 
index 25aeaa7328badd90fafe2519f2ea4f65bd69e865..f2677c90d96e1ea140bb908c14dcab3aac49bd7e 100644 (file)
@@ -426,7 +426,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
                mount_crypt_stat->global_default_cipher_key_size);
        if (!cipher_code) {
                ecryptfs_printk(KERN_ERR,
-                               "eCryptfs doesn't support cipher: %s",
+                               "eCryptfs doesn't support cipher: %s\n",
                                mount_crypt_stat->global_default_cipher_name);
                rc = -EINVAL;
                goto out;
@@ -781,7 +781,7 @@ static struct attribute *attributes[] = {
        NULL,
 };
 
-static struct attribute_group attr_group = {
+static const struct attribute_group attr_group = {
        .attrs = attributes,
 };
 
index 286f10b0363b15f05a561565f27caa45a46ee9fd..9fdd5bcf4564a6ffbea991a56b2ae2ec01998a49 100644 (file)
@@ -147,8 +147,6 @@ ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file)
        (*daemon) = kzalloc(sizeof(**daemon), GFP_KERNEL);
        if (!(*daemon)) {
                rc = -ENOMEM;
-               printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of "
-                      "GFP_KERNEL memory\n", __func__, sizeof(**daemon));
                goto out;
        }
        (*daemon)->file = file;
@@ -250,8 +248,6 @@ int ecryptfs_process_response(struct ecryptfs_daemon *daemon,
        msg_ctx->msg = kmemdup(msg, msg_size, GFP_KERNEL);
        if (!msg_ctx->msg) {
                rc = -ENOMEM;
-               printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of "
-                      "GFP_KERNEL memory\n", __func__, msg_size);
                goto unlock;
        }
        msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE;
@@ -386,7 +382,6 @@ int __init ecryptfs_init_messaging(void)
                                       GFP_KERNEL);
        if (!ecryptfs_daemon_hash) {
                rc = -ENOMEM;
-               printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
                mutex_unlock(&ecryptfs_daemon_hash_mux);
                goto out;
        }
@@ -398,7 +393,6 @@ int __init ecryptfs_init_messaging(void)
                                       GFP_KERNEL);
        if (!ecryptfs_msg_ctx_arr) {
                rc = -ENOMEM;
-               printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
                goto out;
        }
        mutex_init(&ecryptfs_msg_ctx_lists_mux);
@@ -442,15 +436,16 @@ void ecryptfs_release_messaging(void)
        }
        if (ecryptfs_daemon_hash) {
                struct ecryptfs_daemon *daemon;
+               struct hlist_node *n;
                int i;
 
                mutex_lock(&ecryptfs_daemon_hash_mux);
                for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
                        int rc;
 
-                       hlist_for_each_entry(daemon,
-                                            &ecryptfs_daemon_hash[i],
-                                            euid_chain) {
+                       hlist_for_each_entry_safe(daemon, n,
+                                                 &ecryptfs_daemon_hash[i],
+                                                 euid_chain) {
                                rc = ecryptfs_exorcise_daemon(daemon);
                                if (rc)
                                        printk(KERN_ERR "%s: Error whilst "
index e4141f2574953893377939f2362a673a62a609b9..f09cacaf8c80cff375d26d299bb5caa17ec5a0c8 100644 (file)
@@ -163,12 +163,8 @@ int ecryptfs_send_miscdev(char *data, size_t data_size,
        struct ecryptfs_message *msg;
 
        msg = kmalloc((sizeof(*msg) + data_size), GFP_KERNEL);
-       if (!msg) {
-               printk(KERN_ERR "%s: Out of memory whilst attempting "
-                      "to kmalloc(%zd, GFP_KERNEL)\n", __func__,
-                      (sizeof(*msg) + data_size));
+       if (!msg)
                return -ENOMEM;
-       }
 
        mutex_lock(&msg_ctx->mux);
        msg_ctx->msg = msg;
@@ -383,7 +379,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
                goto memdup;
        } else if (count < MIN_MSG_PKT_SIZE || count > MAX_MSG_PKT_SIZE) {
                printk(KERN_WARNING "%s: Acceptable packet size range is "
-                      "[%d-%zu], but amount of data written is [%zu].",
+                      "[%d-%zu], but amount of data written is [%zu].\n",
                       __func__, MIN_MSG_PKT_SIZE, MAX_MSG_PKT_SIZE, count);
                return -EINVAL;
        }
index 1f0c471b4ba311568648f77c8c8bc41500f2a13a..cdf358b209d92b45aa6f5e81415ff1c8ec60d9b5 100644 (file)
@@ -431,8 +431,6 @@ static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode)
        }
        xattr_virt = kmem_cache_alloc(ecryptfs_xattr_cache, GFP_KERNEL);
        if (!xattr_virt) {
-               printk(KERN_ERR "Out of memory whilst attempting to write "
-                      "inode size to xattr\n");
                rc = -ENOMEM;
                goto out;
        }