[linux] 03/04: fs: Move procfs/ecryptfs stacking check into ecryptfs, to avoid ABI change

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Dec 10 04:39:43 UTC 2016 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie
in repository linux.

commit f693d4d8878a2e32a5f99ffbe11403ed4c812466
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Fri Dec 9 21:15:34 2016 +0000

    fs: Move procfs/ecryptfs stacking check into ecryptfs, to avoid ABI change
---
 debian/changelog                                   |  1 +
 ...cfs-ecryptfs-stacking-check-into-ecryptfs.patch | 94 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 96 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index fc7ba0a..480f998 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -472,6 +472,7 @@ linux (3.16.39-1) UNRELEASED; urgency=medium
   * [x86] video: Disable X86_SYSFB, FB_SIMPLE (Closes: #822575)
   * Revert "ecryptfs: forbid opening files without mmap handler", redundant
     with upstream fixes
+  * fs: Move procfs/ecryptfs stacking check into ecryptfs, to avoid ABI change
 
   [ Julien Cristau ]
   * hwrng: Add chaoskey driver, backported from 4.8 (Closes: #839616)
diff --git a/debian/patches/debian/fs-move-procfs-ecryptfs-stacking-check-into-ecryptfs.patch b/debian/patches/debian/fs-move-procfs-ecryptfs-stacking-check-into-ecryptfs.patch
new file mode 100644
index 0000000..4ed4352
--- /dev/null
+++ b/debian/patches/debian/fs-move-procfs-ecryptfs-stacking-check-into-ecryptfs.patch
@@ -0,0 +1,94 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 17 Oct 2016 16:51:59 +0100
+Subject: fs: Move procfs/ecryptfs stacking check into ecryptfs
+Forwarded: not-needed
+
+The final upstream fix for CVE-2016-1583 relies on the
+super_block::s_stack_depth field which did not exist in 3.16, so that
+was added as part of the backport in 3.16.37.  However, that addition
+changes ABI.
+
+Revert the changes to add and use s_stack_depth.  Instead, make
+ecryptfs specifically prevent mounting on top of procfs, same as it
+already did for ecryptfs.
+
+We don't need to touch overlayfs since that doesn't exist here.  We do
+have aufs, but that already prevents mounting on top of ecryptfs,
+procfs and itself.  It's still possible to mount ecryptfs on top of
+aufs, but with only one layer of each, which is consistent with the
+upstream restriction to a total of 2 stacked layers.
+
+---
+--- a/fs/ecryptfs/main.c
++++ b/fs/ecryptfs/main.c
+@@ -538,10 +538,11 @@ static struct dentry *ecryptfs_mount(str
+ 		ecryptfs_printk(KERN_WARNING, "kern_path() failed\n");
+ 		goto out1;
+ 	}
+-	if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
++	if (path.dentry->d_sb->s_type == &ecryptfs_fs_type ||
++	    path.dentry->d_sb->s_magic == PROC_SUPER_MAGIC) {
+ 		rc = -EINVAL;
+ 		printk(KERN_ERR "Mount on filesystem of type "
+-			"eCryptfs explicitly disallowed due to "
++			"eCryptfs or procfs explicitly disallowed due to "
+ 			"known incompatibilities\n");
+ 		goto out_free;
+ 	}
+@@ -576,13 +577,6 @@ static struct dentry *ecryptfs_mount(str
+ 	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
+ 	s->s_blocksize = path.dentry->d_sb->s_blocksize;
+ 	s->s_magic = ECRYPTFS_SUPER_MAGIC;
+-	s->s_stack_depth = path.dentry->d_sb->s_stack_depth + 1;
+-
+-	rc = -EINVAL;
+-	if (s->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
+-		pr_err("eCryptfs: maximum fs stacking depth exceeded\n");
+-		goto out_free;
+-	}
+ 
+ 	inode = ecryptfs_get_inode(path.dentry->d_inode, s);
+ 	rc = PTR_ERR(inode);
+--- a/fs/proc/root.c
++++ b/fs/proc/root.c
+@@ -121,13 +121,6 @@ static struct dentry *proc_mount(struct
+ 	if (IS_ERR(sb))
+ 		return ERR_CAST(sb);
+ 
+-	/*
+-	 * procfs isn't actually a stacking filesystem; however, there is
+-	 * too much magic going on inside it to permit stacking things on
+-	 * top of it
+-	 */
+-	sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
+-
+ 	if (!proc_parse_options(options, ns)) {
+ 		deactivate_locked_super(sb);
+ 		return ERR_PTR(-EINVAL);
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -256,12 +256,6 @@ struct iattr {
+  */
+ #include <linux/quota.h>
+ 
+-/*
+- * Maximum number of layers of fs stack.  Needs to be limited to
+- * prevent kernel stack overflow
+- */
+-#define FILESYSTEM_MAX_STACK_DEPTH 2
+-
+ /** 
+  * enum positive_aop_returns - aop return codes with specific semantics
+  *
+@@ -1290,11 +1284,6 @@ struct super_block {
+ 	struct list_lru		s_dentry_lru ____cacheline_aligned_in_smp;
+ 	struct list_lru		s_inode_lru ____cacheline_aligned_in_smp;
+ 	struct rcu_head		rcu;
+-
+-	/*
+-	 * Indicates how deep in a filesystem stack this SB is
+-	 */
+-	int s_stack_depth;
+ };
+ 
+ extern struct timespec current_fs_time(struct super_block *sb);
diff --git a/debian/patches/series b/debian/patches/series
index e39011c..ed0b8db 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -695,3 +695,4 @@ debian/bpf-fix-abi-change-in-3.16.35.patch
 debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
 debian/migrate-fix-abi-change-in-3.16.36.patch
 debian/sched-fix-abi-change-in-3.16.36.patch
+debian/fs-move-procfs-ecryptfs-stacking-check-into-ecryptfs.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list