linux/fs/ecryptfs
Tyler Hicks 9c2d205664 eCryptfs: Prevent lower dentry from going negative during unlink
When calling vfs_unlink() on the lower dentry, d_delete() turns the
dentry into a negative dentry when the d_count is 1.  This eventually
caused a NULL pointer deref when a read() or write() was done and the
negative dentry's d_inode was dereferenced in
ecryptfs_read_update_atime() or ecryptfs_getxattr().

Placing mutt's tmpdir in an eCryptfs mount is what initially triggered
the oops and I was able to reproduce it with the following sequence:

open("/tmp/upper/foo", O_RDWR|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 3
link("/tmp/upper/foo", "/tmp/upper/bar") = 0
unlink("/tmp/upper/foo")                = 0
open("/tmp/upper/bar", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 4
unlink("/tmp/upper/bar")                = 0
write(4, "eCryptfs test\n"..., 14 <unfinished ...>
+++ killed by SIGKILL +++

https://bugs.launchpad.net/ecryptfs/+bug/387073

Reported-by: Loïc Minier <loic.minier@canonical.com>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: ecryptfs-devel@lists.launchpad.net
Cc: stable <stable@kernel.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
2009-09-23 09:10:34 -05:00
..
crypto.c eCryptfs: Propagate vfs_read and vfs_write return codes 2009-09-23 09:10:34 -05:00
debug.c
dentry.c constify dentry_operations: ecryptfs 2009-03-27 14:44:01 -04:00
ecryptfs_kernel.h const: mark remaining address_space_operations const 2009-09-22 07:17:24 -07:00
file.c eCryptfs: Fix data types (int/size_t) 2009-01-06 15:59:22 -08:00
inode.c eCryptfs: Prevent lower dentry from going negative during unlink 2009-09-23 09:10:34 -05:00
Kconfig ecryptfs: improved dependency checking and reporting 2009-09-23 09:10:31 -05:00
keystore.c eCryptfs: Validate global auth tok keys 2009-09-23 09:10:32 -05:00
kthread.c eCryptfs: Check for O_RDONLY lower inodes when opening lower files 2009-09-23 09:10:32 -05:00
main.c eCryptfs: Check for O_RDONLY lower inodes when opening lower files 2009-09-23 09:10:32 -05:00
Makefile eCryptfs: remove netlink transport 2008-10-16 11:21:39 -07:00
messaging.c eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev() 2009-04-22 03:54:13 -05:00
miscdev.c eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev() 2009-04-22 03:54:13 -05:00
mmap.c eCryptfs: Propagate vfs_read and vfs_write return codes 2009-09-23 09:10:34 -05:00
read_write.c eCryptfs: Propagate vfs_read and vfs_write return codes 2009-09-23 09:10:34 -05:00
super.c ecryptfs: Remove unneeded locking that triggers lockdep false positives 2009-09-23 09:10:30 -05:00