On 2012-07-10 21:05:51, Tim Sally wrote: > The issue occurs when eCryptfs is mounted with a cipher supported by > the crypto subsystem but not by eCryptfs. The mount succeeds and an > error does not occur until a write. This change checks for eCryptfs > cipher support at mount time. > > Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009. > https://bugs.launchpad.net/ecryptfs/+bug/338914 Hey Tim - Thanks for digging this one out of the bug tracker. :) > > Signed-off-by: Tim Sally > --- > fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c > index df217dc..4eb1fc6 100644 > --- a/fs/ecryptfs/main.c > +++ b/fs/ecryptfs/main.c > @@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > char *fnek_src; > char *cipher_key_bytes_src; > char *fn_cipher_key_bytes_src; > + struct ecryptfs_key_tfm *key_tfm = NULL; > + u8 cipher_code; > > *check_ruid = 0; > > @@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > goto out; > } > } > + > + if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, > + &key_tfm)) { > + ecryptfs_printk(KERN_ERR, > + "Cipher %s was not initalized correctly.\n", > + mount_crypt_stat->global_default_cipher_name); > + rc = -EINVAL; > + mutex_unlock(&key_tfm_list_mutex); > + goto out; > + } We already know that the tfm exists because we already checked for its existence and added it if it didn't exist. We shouldn't need to do it again here. > + > + cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name, > + key_tfm->key_size); > + if (!cipher_code) { > + ecryptfs_printk(KERN_ERR, > + "eCryptfs doesn't support: %s blocksize %zu.\n", > + key_tfm->cipher_name, key_tfm->key_size); > + rc = -EINVAL; > + mutex_unlock(&key_tfm_list_mutex); > + goto out; > + } How about just calling ecryptfs_code_for_cipher_string(mount_crypt_stat->global_default_cipher_name, mount_crypt_stat->global_default_cipher_key_size); even before we lock the key_tfm_list_mutex a little above here? If that fails, we don't even need to check for the tfm's existence or do anything else besides error out. Tyler > + > mutex_unlock(&key_tfm_list_mutex); > rc = ecryptfs_init_global_auth_toks(mount_crypt_stat); > if (rc) > -- > 1.7.10.4 > > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html