From: Tyler Hicks <tyhicks@canonical.com>
To: Tim Sally <tsally@atomicpeace.com>
Cc: dustin.kirkland@gazzang.com, ecryptfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount
Date: Wed, 11 Jul 2012 10:11:53 -0700 [thread overview]
Message-ID: <20120711171152.GA16475@boyd> (raw)
In-Reply-To: <1341968751-28331-2-git-send-email-tsally@atomicpeace.com>
[-- Attachment #1: Type: text/plain, Size: 2754 bytes --]
On 2012-07-10 21:05:51, Tim Sally wrote:
> The issue occurs when eCryptfs is mounted with a cipher supported by
> the crypto subsystem but not by eCryptfs. The mount succeeds and an
> error does not occur until a write. This change checks for eCryptfs
> cipher support at mount time.
>
> Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
> https://bugs.launchpad.net/ecryptfs/+bug/338914
Hey Tim - Thanks for digging this one out of the bug tracker. :)
>
> Signed-off-by: Tim Sally <tsally@atomicpeace.com>
> ---
> fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index df217dc..4eb1fc6 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
> char *fnek_src;
> char *cipher_key_bytes_src;
> char *fn_cipher_key_bytes_src;
> + struct ecryptfs_key_tfm *key_tfm = NULL;
> + u8 cipher_code;
>
> *check_ruid = 0;
>
> @@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
> goto out;
> }
> }
> +
> + if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
> + &key_tfm)) {
> + ecryptfs_printk(KERN_ERR,
> + "Cipher %s was not initalized correctly.\n",
> + mount_crypt_stat->global_default_cipher_name);
> + rc = -EINVAL;
> + mutex_unlock(&key_tfm_list_mutex);
> + goto out;
> + }
We already know that the tfm exists because we already checked for its
existence and added it if it didn't exist. We shouldn't need to do it
again here.
> +
> + cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name,
> + key_tfm->key_size);
> + if (!cipher_code) {
> + ecryptfs_printk(KERN_ERR,
> + "eCryptfs doesn't support: %s blocksize %zu.\n",
> + key_tfm->cipher_name, key_tfm->key_size);
> + rc = -EINVAL;
> + mutex_unlock(&key_tfm_list_mutex);
> + goto out;
> + }
How about just calling
ecryptfs_code_for_cipher_string(mount_crypt_stat->global_default_cipher_name,
mount_crypt_stat->global_default_cipher_key_size);
even before we lock the key_tfm_list_mutex a little above here? If that
fails, we don't even need to check for the tfm's existence or do
anything else besides error out.
Tyler
> +
> mutex_unlock(&key_tfm_list_mutex);
> rc = ecryptfs_init_global_auth_toks(mount_crypt_stat);
> if (rc)
> --
> 1.7.10.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-07-11 17:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-11 1:05 [PATCH 0/1] Check for eCryptfs cipher support at mount time Tim Sally
2012-07-11 1:05 ` [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount Tim Sally
2012-07-11 17:11 ` Tyler Hicks [this message]
2012-07-12 23:10 ` Tim Sally
2012-07-14 0:24 ` Tyler Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120711171152.GA16475@boyd \
--to=tyhicks@canonical.com \
--cc=dustin.kirkland@gazzang.com \
--cc=ecryptfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tsally@atomicpeace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.