From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jeff Mahoney <jeffm@suse.com>,
Tyler Hicks <tyhicks@canonical.com>
Subject: [PATCH 3.14 11/21] ecryptfs: dont allow mmap when the lower fs doesnt support it
Date: Mon, 8 Aug 2016 21:09:42 +0200 [thread overview]
Message-ID: <20160808180144.408595923@linuxfoundation.org> (raw)
In-Reply-To: <20160808180143.919366850@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Mahoney <jeffm@suse.com>
commit f0fe970df3838c202ef6c07a4c2b36838ef0a88b upstream.
There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.
CVE-2016-1583
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ecryptfs/file.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
--- a/fs/ecryptfs/file.c
+++ b/fs/ecryptfs/file.c
@@ -178,6 +178,19 @@ out:
return rc;
}
+static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
+{
+ struct file *lower_file = ecryptfs_file_to_lower(file);
+ /*
+ * Don't allow mmap on top of file systems that don't support it
+ * natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
+ * allows recursive mounting, this will need to be extended.
+ */
+ if (!lower_file->f_op->mmap)
+ return -ENODEV;
+ return generic_file_mmap(file, vma);
+}
+
/**
* ecryptfs_open
* @inode: inode speciying file to open
@@ -349,7 +362,7 @@ const struct file_operations ecryptfs_ma
#ifdef CONFIG_COMPAT
.compat_ioctl = ecryptfs_compat_ioctl,
#endif
- .mmap = generic_file_mmap,
+ .mmap = ecryptfs_mmap,
.open = ecryptfs_open,
.flush = ecryptfs_flush,
.release = ecryptfs_release,
next prev parent reply other threads:[~2016-08-08 19:10 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160808191004uscas1p26944bddcdda269e11e609e5ab288a7dc@uscas1p2.samsung.com>
2016-08-08 19:09 ` [PATCH 3.14 00/21] 3.14.75-stable review Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 01/21] fs/nilfs2: fix potential underflow in call to crc32_le Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 02/21] arc: unwind: warn only once if DW2_UNWIND is disabled Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 03/21] xen/pciback: Fix conf_space read/write overlap check Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 07/21] Input: wacom_w8001 - w8001_MAX_LENGTH should be 13 Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 08/21] Input: xpad - validate USB endpoint count during probe Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 09/21] pinctrl: single: Fix missing flush of posted write for a wakeirq Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 10/21] Revert "ecryptfs: forbid opening files without mmap handler" Greg Kroah-Hartman
2016-08-08 19:09 ` Greg Kroah-Hartman [this message]
2016-08-08 19:09 ` [PATCH 3.14 12/21] ARC: use ASL assembler mnemonic Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 13/21] ext4: verify extent header depth Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 14/21] qeth: delete napi struct when removing a qeth device Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 15/21] mmc: block: fix packed command header endianness Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 16/21] can: at91_can: RX queue could get stuck at high bus load Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 17/21] can: fix handling of unmodifiable configuration options fix Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 18/21] can: fix oops caused by wrong rtnl dellink usage Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 19/21] ipr: Clear interrupt on croc/crocodile when running with LSI Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 20/21] libceph: apply new_state before new_up_client on incrementals Greg Kroah-Hartman
2016-08-08 19:09 ` [PATCH 3.14 21/21] net: mvneta: set real interrupt per packet for tx_done Greg Kroah-Hartman
2016-08-09 4:16 ` [PATCH 3.14 00/21] 3.14.75-stable review Guenter Roeck
2016-08-09 8:19 ` Greg Kroah-Hartman
2016-08-09 15:09 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160808180144.408595923@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jeffm@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tyhicks@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.