Eric,

On Mon, Oct 17, 2016 at 6:54 PM, Eric Biggers <ebigg...@google.com> wrote:
> Multiple bugs were recently fixed in the "set encryption policy" ioctl.
> To make it clear that fscrypt_process_policy() and fscrypt_get_policy()
> implement ioctls and therefore their implementations must take standard
> security and correctness precautions, rename them to
> fscrypt_ioctl_set_policy() and fscrypt_ioctl_get_policy().  Make the
> latter take in a struct file * to make it consistent with the former.
>
> In addition, make the common functions do the copies to and from
> userspace rather than duplicating this code within each filesystem, and
> memset the policy to 0 to make it clear there is no stack leak.
>
> Signed-off-by: Eric Biggers <ebigg...@google.com>
> ---
>  fs/crypto/policy.c       | 36 +++++++++++++++++++++++-------------
>  fs/ext4/ext4.h           |  4 ++--
>  fs/ext4/ioctl.c          | 34 +++++-----------------------------
>  fs/f2fs/f2fs.h           |  4 ++--
>  fs/f2fs/file.c           | 19 ++-----------------
>  include/linux/fscrypto.h | 12 ++++++------
>  6 files changed, 40 insertions(+), 69 deletions(-)

Hmm, are you sure the change is worth it?
The patch basically moves a copy_from/to_user() from ext4/f2fs into fscrypto.

-- 
Thanks,
//richard

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Reply via email to