[ 3.5.yuz extended stable] Patch "eCryptfs: check for eCryptfs cipher support at mount" has been added to staging queue

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Mon Nov 12 21:29:09 UTC 2012

This is a note to let you know that I have just added a patch titled

    eCryptfs: check for eCryptfs cipher support at mount

to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to the 3.5
Linux kernel, or for any feedback related to it, please reply to
this email. For more information on extended stable, see



>From 13ec618bc5059edd78da95b3ce90610bab3e9519 Mon Sep 17 00:00:00 2001
From: Tim Sally <tsally at atomicpeace.com>
Date: Thu, 12 Jul 2012 19:10:24 -0400
Subject: [PATCH] eCryptfs: check for eCryptfs cipher support at mount

commit 5f5b331d5c21228a6519dcb793fc1629646c51a6 upstream.

The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.

Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.

Signed-off-by: Tim Sally <tsally at atomicpeace.com>
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
 fs/ecryptfs/main.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index c2a9c39..240832e 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -280,6 +280,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 	char *fnek_src;
 	char *cipher_key_bytes_src;
 	char *fn_cipher_key_bytes_src;
+	u8 cipher_code;

 	*check_ruid = 0;

@@ -421,6 +422,18 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
 	    && !fn_cipher_key_bytes_set)
 		mount_crypt_stat->global_default_fn_cipher_key_bytes =
+	cipher_code = ecryptfs_code_for_cipher_string(
+		mount_crypt_stat->global_default_cipher_name,
+		mount_crypt_stat->global_default_cipher_key_size);
+	if (!cipher_code) {
+		ecryptfs_printk(KERN_ERR,
+				"eCryptfs doesn't support cipher: %s",
+				mount_crypt_stat->global_default_cipher_name);
+		rc = -EINVAL;
+		goto out;
+	}
 	if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
 				 NULL)) {

More information about the kernel-team mailing list