Patch "Ban ecryptfs over ecryptfs" has been added to the 2.6.32-longterm tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    Ban ecryptfs over ecryptfs

to the 2.6.32-longterm tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/longterm/longterm-queue-2.6.32.git;a=summary

The filename of the patch is:
     ban-ecryptfs-over-ecryptfs.patch
and it can be found in the queue-2.6.32 subdirectory.

If you, or anyone else, feels it should not be added to the 2.6.32 longterm 
tree,
please let <stable@vger.kernel.org> know about it.


>From tim.gard...@canonical.com  Wed Feb 15 14:05:29 2012
From: Tim Gardner <tim.gard...@canonical.com>
Date: Wed, 15 Feb 2012 14:10:52 -0700
Subject: Ban ecryptfs over ecryptfs
To: stable@vger.kernel.org, gre...@linuxfoundation.org
Cc: Al Viro <v...@zeniv.linux.org.uk>, Tim Gardner <tim.gard...@canonical.com>
Message-ID: <1329340253-126075-1-git-send-email-tim.gard...@canonical.com>


From: Al Viro <v...@zeniv.linux.org.uk>

(cherry picked from commit 4403158ba295c8e36f6736b1bb12d0f7e1923dac)

This is a seriously simplified patch from Eric Sandeen; copy of
rationale follows:
===
  mounting stacked ecryptfs on ecryptfs has been shown to lead to bugs
  in testing.  For crypto info in xattr, there is no mechanism for handling
  this at all, and for normal file headers, we run into other trouble:

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
  IP: [<ffffffffa015b0b3>] ecryptfs_d_revalidate+0x43/0xa0 [ecryptfs]
  ...

  There doesn't seem to be any good usecase for this, so I'd suggest just
  disallowing the configuration.

  Based on a patch originally, I believe, from Mike Halcrow.
===

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Tim Gardner <tim.gard...@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 fs/ecryptfs/main.c |    8 ++++++++
 1 file changed, 8 insertions(+)

--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -487,6 +487,7 @@ out:
 }
 
 struct kmem_cache *ecryptfs_sb_info_cache;
+static struct file_system_type ecryptfs_fs_type;
 
 /**
  * ecryptfs_fill_super
@@ -561,6 +562,13 @@ static int ecryptfs_read_super(struct su
                ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n");
                goto out;
        }
+       if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
+               rc = -EINVAL;
+               printk(KERN_ERR "Mount on filesystem of type "
+                       "eCryptfs explicitly disallowed due to "
+                       "known incompatibilities\n");
+               goto out_free;
+       }
        ecryptfs_set_superblock_lower(sb, path.dentry->d_sb);
        sb->s_maxbytes = path.dentry->d_sb->s_maxbytes;
        sb->s_blocksize = path.dentry->d_sb->s_blocksize;


Patches currently in longterm-queue-2.6.32 which might be from 
tim.gard...@canonical.com are

/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/ban-ecryptfs-over-ecryptfs.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/ecryptfs-remove-mmap-from-directory-operations.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.32/queue-2.6.32/add-mount-option-to-check-uid-of-device-being-mounted-expect-uid-cve-2011-1833.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html