Google Git
Sign in
android / kernel / x86 / refs/tags/android-wear-6.0.1_r0.81^! / .
commit6677839007639e2d2111e86f94c93d7c80d8fa0f[log] [tgz]
authorJeff Mahoney <jeffm@suse.com>Tue Jul 05 17:32:29 2016 -0400
committerjenkins_ndg <jenkins_ndg@intel.com>Mon Nov 28 10:34:55 2016 +0000
treeda3eb8939c24be56c859ac569c549d9059d7f95f
parent3ae203969373825aa95981b1e555f2a2b39d73d7 [diff]
Revert "ecryptfs: forbid opening files without mmap handler"

This reverts commit 2f36db71009304b3f0b95afacd8eba1f9f046b87.

It fixed a local root exploit but also introduced a dependency on
the lower file system implementing an mmap operation just to open a file,
which is a bit of a heavy hammer.  The right fix is to have mmap depend
on the existence of the mmap handler instead.

Change-Id: I29aea438b02dda1170384cbc3629b705bd7b0273
Tracked-On: https://jira01.devtools.intel.com/browse/AW-2810
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-on: https://android.intel.com/553592
Reviewed-by: Louis, FabienX <fabienx.louis@intel.com>
Tested-by: Louis, FabienX <fabienx.louis@intel.com>
Reviewed-by: Dubray, SimonX <simonx.dubray@intel.com>
Reviewed-by: Mahe, Erwan <erwan.mahe@intel.com>
Reviewed-by: Ledentec, AlexandreX <alexandrex.ledentec@intel.com>
Reviewed-by: Tasayco Loarte, VictorX <victorx.tasayco.loarte@intel.com>
Tested-by: Tasayco Loarte, VictorX <victorx.tasayco.loarte@intel.com>
Reviewed-by: Maalem, Saadi <saadi.maalem@intel.com>

diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
index 930ab06..f1ea610 100644
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c

@@ -147,7 +147,7 @@
 	flags |= IS_RDONLY(lower_dentry->d_inode) ? O_RDONLY : O_RDWR;
 	(*lower_file) = dentry_open(&req.path, flags, cred);
 	if (!IS_ERR(*lower_file))
-		goto have_file;
+		goto out;
 	if ((flags & O_ACCMODE) == O_RDONLY) {
 		rc = PTR_ERR((*lower_file));
 		goto out;
@@ -165,16 +165,8 @@
 	mutex_unlock(&ecryptfs_kthread_ctl.mux);
 	wake_up(&ecryptfs_kthread_ctl.wait);
 	wait_for_completion(&req.done);
-	if (IS_ERR(*lower_file)) {
+	if (IS_ERR(*lower_file))
 		rc = PTR_ERR(*lower_file);
-		goto out;
-	}
-have_file:
-	if ((*lower_file)->f_op->mmap == NULL) {
-		fput(*lower_file);
-		*lower_file = NULL;
-		rc = -EMEDIUMTYPE;
-	}
 out:
 	return rc;
 }