Natty SRU: eCryptfs: Clear ECRYPTFS_NEW_FILE flag during truncate

Leann Ogasawara leann.ogasawara at canonical.com
Mon Oct 10 13:42:01 UTC 2011 

On Sun, 2011-10-09 at 05:12 -0600, Tim Gardner wrote:
> From 27ed7cb2b00512e81016419715c1d9b6794b06ae Mon Sep 17 00:00:00 2001
> From: Tyler Hicks <tyhicks at canonical.com>
> Date: Fri, 7 Oct 2011 15:54:26 -0500
> Subject: [PATCH] eCryptfs: Clear ECRYPTFS_NEW_FILE flag during truncate
> 
> BugLink: http://bugs.launchpad.net/bugs/745836
> 
> The ECRYPTFS_NEW_FILE crypt_stat flag is set upon creation of a new
> eCryptfs file. When the flag is set, eCryptfs reads directly from the
> lower filesystem when bringing a page up to date. This means that no
> offset translation (for the eCryptfs file metadata in the lower file)
> and no decryption is performed. The flag is cleared just before the
> first write is completed (at the beginning of ecryptfs_write_begin()).
> 
> It was discovered that if a new file was created and then extended with
> truncate, the ECRYPTFS_NEW_FILE flag was not cleared. If pages
> corresponding to this file are ever reclaimed, any subsequent reads
> would result in userspace seeing eCryptfs file metadata and encrypted
> file contents instead of the expected decrypted file contents.
> 
> Data corruption is possible if the file is written to before the
> eCryptfs directory is unmounted. The data written will be copied into
> pages which have been read directly from the lower file rather than
> zeroed pages, as would be expected after extending the file with
> truncate.
> 
> This flag, and the functionality that used it, was removed in upstream
> kernels in 2.6.39 with the following commits:
> 
> bd4f0fe8bb7c73c738e1e11bc90d6e2cf9c6e20e
> fed8859b3ab94274c986cbdf7d27130e0545f02c

Is there a reason we're not just cherry-picking the upstream patches?
And so I would assume this patch should be marked as SAUCE?

Thanks,
Leann

> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  fs/ecryptfs/inode.c |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
> index b592938..e47b5a4 100644
> --- a/fs/ecryptfs/inode.c
> +++ b/fs/ecryptfs/inode.c
> @@ -785,7 +785,11 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
>  		lower_ia->ia_valid &= ~ATTR_SIZE;
>  		goto out;
>  	}
> +
>  	crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
> +	if (crypt_stat->flags & ECRYPTFS_NEW_FILE)
> +		crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE);
> +
>  	/* Switch on growing or shrinking file */
>  	if (ia->ia_size > i_size) {
>  		char zero[] = { 0x00 };
> -- 
> 1.7.5.4
> 
>

More information about the kernel-team mailing list