)]}' { "log": [ { "commit": "57ea34d19963781d05eb12f9b31bd4f70d61ec16", "tree": "5a912a7515234eb73147c32197ecbc7ca429bde8", "parents": [ "ae6e84596e7b321d9a08e81679c6a3f799634636" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Sun Mar 15 14:17:01 2009 -0500" }, "committer": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Apr 22 03:54:13 2009 -0500" }, "message": "eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev()\n\nIf data is NULL, msg_ctx-\u003emsg is set to NULL and then dereferenced\nafterwards. ecryptfs_send_raw_message() is the only place that\necryptfs_send_miscdev() is called with data being NULL, but the only\ncaller of that function (ecryptfs_process_helo()) is never called. In\nshort, there is currently no way to trigger the NULL pointer\ndereference.\n\nThis patch removes the two unused functions and modifies\necryptfs_send_miscdev() to remove the NULL dereferences.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\n" }, { "commit": "fd56d242b3b80b6f2ca174272b20029aae61df75", "tree": "57f51b3471dc6fdb8bcb92bff5bfdc8f4c441cd1", "parents": [ "a9482ebcdedbc5872ed34a266e6a45c35116f264" ], "author": { "name": "Li Zefan", "email": "lizf@cn.fujitsu.com", "time": "Wed Apr 08 15:09:29 2009 +0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 20 23:02:51 2009 -0400" }, "message": "ecryptfs: use memdup_user()\n\nRemove open-coded memdup_user().\n\nSigned-off-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "df261c52abdef147084c76ecf14473184e907547", "tree": "f1f423ba612dbacace82193f2b088252f169a9c6", "parents": [ "87c94c4df0149786ad91d8a03c738a03369ee9c8" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Jan 06 14:42:02 2009 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Jan 06 15:59:22 2009 -0800" }, "message": "eCryptfs: Replace %Z with %z\n\n%Z is a gcc-ism. Using %z instead.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Dustin Kirkland \u003cdustin.kirkland@gmail.com\u003e\nCc: Eric Sandeen \u003csandeen@redhat.com\u003e\nCc: Tyler Hicks \u003ctchicks@us.ibm.com\u003e\nCc: David Kleikamp \u003cshaggy@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "18b6e0414e42d95183f07d8177e3ff0241abd825", "tree": "91ca2f2d442055e31eb7bb551bf7060f3f4c4cc7", "parents": [ "9789cfe22e5d7bc10cad841a4ea96ecedb34b267" ], "author": { "name": "Serge Hallyn", "email": "serue@us.ibm.com", "time": "Wed Oct 15 16:38:45 2008 -0500" }, "committer": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Nov 24 18:57:41 2008 -0500" }, "message": "User namespaces: set of cleanups (v2)\n\nThe user_ns is moved from nsproxy to user_struct, so that a struct\ncred by itself is sufficient to determine access (which it otherwise\nwould not be). Corresponding ecryptfs fixes (by David Howells) are\nhere as well.\n\nFix refcounting. The following rules now apply:\n 1. The task pins the user struct.\n 2. The user struct pins its user namespace.\n 3. The user namespace pins the struct user which created it.\n\nUser namespaces are cloned during copy_creds(). Unsharing a new user_ns\nis no longer possible. (We could re-add that, but it\u0027ll cause code\nduplication and doesn\u0027t seem useful if PAM doesn\u0027t need to clone user\nnamespaces).\n\nWhen a user namespace is created, its first user (uid 0) gets empty\nkeyrings and a clean group_info.\n\nThis incorporates a previous patch by David Howells. Here\nis his original patch description:\n\n\u003eI suggest adding the attached incremental patch. It makes the following\n\u003echanges:\n\u003e\n\u003e (1) Provides a current_user_ns() macro to wrap accesses to current\u0027s user\n\u003e namespace.\n\u003e\n\u003e (2) Fixes eCryptFS.\n\u003e\n\u003e (3) Renames create_new_userns() to create_user_ns() to be more consistent\n\u003e with the other associated functions and because the \u0027new\u0027 in the name is\n\u003e superfluous.\n\u003e\n\u003e (4) Moves the argument and permission checks made for CLONE_NEWUSER to the\n\u003e beginning of do_fork() so that they\u0027re done prior to making any attempts\n\u003e at allocation.\n\u003e\n\u003e (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds\n\u003e to fill in rather than have it return the new root user. I don\u0027t imagine\n\u003e the new root user being used for anything other than filling in a cred\n\u003e struct.\n\u003e\n\u003e This also permits me to get rid of a get_uid() and a free_uid(), as the\n\u003e reference the creds were holding on the old user_struct can just be\n\u003e transferred to the new namespace\u0027s creator pointer.\n\u003e\n\u003e (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under\n\u003e preparation rather than doing it in copy_creds().\n\u003e\n\u003eDavid\n\n\u003eSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n\nChangelog:\n\tOct 20: integrate dhowells comments\n\t\t1. leave thread_keyring alone\n\t\t2. use current_user_ns() in set_user()\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n" }, { "commit": "4eea03539d9a8e3f5056aed690efde1f75535e7b", "tree": "1dd58dee9a286459c7a70b8f82edcb63d20b2c07", "parents": [ "ec4c2aacd16672febca053109eb9ddf672108ca1" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:38:49 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:38:49 2008 +1100" }, "message": "CRED: Wrap task credential accesses in the eCryptFS filesystem\n\nWrap access to task credentials so that they can be separated more easily from\nthe task_struct during the introduction of COW creds.\n\nChange most current-\u003e(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().\n\nChange some task-\u003ee?[ug]id to task_e?[ug]id(). In some places it makes more\nsense to use RCU directly rather than a convenient wrapper; these will be\naddressed by later patches.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Mike Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Phillip Hellewell \u003cphillip@hellewell.homeip.net\u003e\nCc: ecryptfs-devel@lists.sourceforge.net\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "6c4c17b073cd4a5a61bc04329561632870bb21fc", "tree": "22fea1e80df5665061f1cf2953c69a00dc097e9b", "parents": [ "746f1e558bc52b9693c1a1ecdab60f8392e5ff18" ], "author": { "name": "Tyler Hicks", "email": "tyhicks@linux.vnet.ibm.com", "time": "Wed Jul 23 21:30:04 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jul 24 10:47:31 2008 -0700" }, "message": "ecryptfs: discard ecryptfsd registration messages in miscdev\n\nThe userspace eCryptfs daemon sends HELO and QUIT messages to the kernel\nfor per-user daemon (un)registration. These messages are required when\nnetlink is used as the transport, but (un)registration is handled by\nopening and closing the device file when miscdev is the transport. These\nmessages should be discarded in the miscdev transport so that a daemon\nisn\u0027t registered twice.\n\nSigned-off-by: Tyler Hicks \u003ctyhicks@linux.vnet.ibm.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "c4a2d7fbec3029c8891a3ad5fceec2992096a3b7", "tree": "73d1580628737c54c9d4fed86278e9edc4dab4d2", "parents": [ "10dd08dc04c881dcc9f7f19e2a3ad8e0778e4db5" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Fri Jul 04 09:59:35 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 04 10:40:05 2008 -0700" }, "message": "ecryptfs: remove unnecessary mux from ecryptfs_init_ecryptfs_miscdev()\n\nThe misc_mtx should provide all the protection required to keep the daemon\nhash table sane during miscdev registration. Since this mutex is causing\ngratuitous lockdep warnings, this patch removes it.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nReported-by: Cyrill Gorcunov \u003cgorcunov@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "79bc12a0a09c2eb1ccbb01c192045f994567bda2", "tree": "184c0e98c967f12b3805ebfbf9c69e6043ca6eb7", "parents": [ "4ec7ffa2df247054d422b48148ad82369a45e986" ], "author": { "name": "Al Viro", "email": "viro@ftp.linux.org.uk", "time": "Wed May 21 06:32:11 2008 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed May 21 16:55:59 2008 -0700" }, "message": "ecryptfs fixes\n\nmemcpy() from userland pointer is a Bad Thing(tm)\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "43f14d856f013a4cc63da2c765617c665274338c", "tree": "f43026859c7fb6c6d9268fb0d6ff05fecb002652", "parents": [ "d850a2fac11e4dd45d1d3d493a5a071b06c58c99" ], "author": { "name": "Cyrill Gorcunov", "email": "gorcunov@gmail.com", "time": "Mon May 12 14:02:40 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue May 13 08:02:26 2008 -0700" }, "message": "eCryptFS: fix imbalanced mutex locking\n\nFix imbalanced calls for mutex lock/unlock on ecryptfs_daemon_hash_mux\nRevealed by Ingo Molnar: http://lkml.org/lkml/2008/5/7/260\n\nSigned-off-by: Cyrill Gorcunov \u003cgorcunov@gmail.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "6a3fd92e73fffd9e583650c56ad9558afe51dc5c", "tree": "d65917432ffd0e6223dab3500819205433de22bd", "parents": [ "f66e883eb6186bc43a79581b67aff7d1a69d0ff1" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Apr 29 00:59:52 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:07 2008 -0700" }, "message": "eCryptfs: make key module subsystem respect namespaces\n\nMake eCryptfs key module subsystem respect namespaces.\n\nSince I will be removing the netlink interface in a future patch, I just made\nchanges to the netlink.c code so that it will not break the build. With my\nrecent patches, the kernel module currently defaults to the device handle\ninterface rather than the netlink interface.\n\n[akpm@linux-foundation.org: export free_user_ns()]\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "f66e883eb6186bc43a79581b67aff7d1a69d0ff1", "tree": "9fc1fb65586ff334a1f8c1afb9a43edf077d338f", "parents": [ "8bf2debd5f7bf12d122124e34fec14af5b1e8ecf" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Apr 29 00:59:51 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:07 2008 -0700" }, "message": "eCryptfs: integrate eCryptfs device handle into the module.\n\nUpdate the versioning information. Make the message types generic. Add an\noutgoing message queue to the daemon struct. Make the functions to parse\nand write the packet lengths available to the rest of the module. Add\nfunctions to create and destroy the daemon structs. Clean up some of the\ncomments and make the code a little more consistent with itself.\n\n[akpm@linux-foundation.org: printk fixes]\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "8bf2debd5f7bf12d122124e34fec14af5b1e8ecf", "tree": "faa6ff4ad5a9ec3725279a6408ee783a9e65f35d", "parents": [ "9c3580aa52195699065bc2d7242b1c7e3e6903fa" ], "author": { "name": "Michael Halcrow", "email": "mhalcrow@us.ibm.com", "time": "Tue Apr 29 00:59:50 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:07 2008 -0700" }, "message": "eCryptfs: introduce device handle for userspace daemon communications\n\nA regular device file was my real preference from the get-go, but I went with\nnetlink at the time because I thought it would be less complex for managing\nsend queues (i.e., just do a unicast and move on). It turns out that we do\nnot really get that much complexity reduction with netlink, and netlink is\nmore heavyweight than a device handle.\n\nIn addition, the netlink interface to eCryptfs has been broken since 2.6.24.\nI am assuming this is a bug in how eCryptfs uses netlink, since the other\nin-kernel users of netlink do not seem to be having any problems. I have had\none report of a user successfully using eCryptfs with netlink on 2.6.24, but\nfor my own systems, when starting the userspace daemon, the initial helo\nmessage sent to the eCryptfs kernel module results in an oops right off the\nbat. I spent some time looking at it, but I have not yet found the cause.\nThe netlink interface breaking gave me the motivation to just finish my patch\nto migrate to a regular device handle. If I cannot find out soon why the\nnetlink interface in eCryptfs broke, I am likely to just send a patch to\ndisable it in 2.6.24 and 2.6.25. I would like the device handle to be the\npreferred means of communicating with the userspace daemon from 2.6.26 on\nforward.\n\nThis patch:\n\nFunctions to facilitate reading and writing to the eCryptfs miscellaneous\ndevice handle. This will replace the netlink interface as the preferred\nmechanism for communicating with the userspace eCryptfs daemon.\n\nEach user has his own daemon, which registers itself by opening the eCryptfs\ndevice handle. Only one daemon per euid may be registered at any given time.\nThe eCryptfs module sends a message to a daemon by adding its message to the\ndaemon\u0027s outgoing message queue. The daemon reads the device handle to get\nthe oldest message off the queue.\n\nIncoming messages from the userspace daemon are immediately handled. If the\nmessage is a response, then the corresponding process that is blocked waiting\nfor the response is awakened.\n\nSigned-off-by: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" } ] }