ecryptfs: use memdup_user()
[linux-2.6.git] / fs / ecryptfs / miscdev.c
index 72dfec48ea22dcd0a663cad8a202bc08fccb9b98..dda3c58eefc04c28ef058568b278c995ab388477 100644 (file)
@@ -42,11 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt)
 {
        struct ecryptfs_daemon *daemon;
        unsigned int mask = 0;
+       uid_t euid = current_euid();
        int rc;
 
        mutex_lock(&ecryptfs_daemon_hash_mux);
        /* TODO: Just use file->private_data? */
-       rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
+       rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
        BUG_ON(rc || !daemon);
        mutex_lock(&daemon->mux);
        mutex_unlock(&ecryptfs_daemon_hash_mux);
@@ -82,6 +83,7 @@ static int
 ecryptfs_miscdev_open(struct inode *inode, struct file *file)
 {
        struct ecryptfs_daemon *daemon = NULL;
+       uid_t euid = current_euid();
        int rc;
 
        mutex_lock(&ecryptfs_daemon_hash_mux);
@@ -92,10 +94,10 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
                       "count; rc = [%d]\n", __func__, rc);
                goto out_unlock_daemon_list;
        }
-       rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
+       rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
        if (rc || !daemon) {
-               rc = ecryptfs_spawn_daemon(&daemon, current->euid,
-                                          current->pid);
+               rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(),
+                                          task_pid(current));
                if (rc) {
                        printk(KERN_ERR "%s: Error attempting to spawn daemon; "
                               "rc = [%d]\n", __func__, rc);
@@ -103,18 +105,18 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
                }
        }
        mutex_lock(&daemon->mux);
-       if (daemon->pid != current->pid) {
+       if (daemon->pid != task_pid(current)) {
                rc = -EINVAL;
-               printk(KERN_ERR "%s: pid [%d] has registered with euid [%d], "
-                      "but pid [%d] has attempted to open the handle "
+               printk(KERN_ERR "%s: pid [0x%p] has registered with euid [%d], "
+                      "but pid [0x%p] has attempted to open the handle "
                       "instead\n", __func__, daemon->pid, daemon->euid,
-                      current->pid);
+                      task_pid(current));
                goto out_unlock_daemon;
        }
        if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) {
                rc = -EBUSY;
                printk(KERN_ERR "%s: Miscellaneous device handle may only be "
-                      "opened once per daemon; pid [%d] already has this "
+                      "opened once per daemon; pid [0x%p] already has this "
                       "handle open\n", __func__, daemon->pid);
                goto out_unlock_daemon;
        }
@@ -144,13 +146,14 @@ static int
 ecryptfs_miscdev_release(struct inode *inode, struct file *file)
 {
        struct ecryptfs_daemon *daemon = NULL;
+       uid_t euid = current_euid();
        int rc;
 
        mutex_lock(&ecryptfs_daemon_hash_mux);
-       rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
+       rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
        BUG_ON(rc || !daemon);
        mutex_lock(&daemon->mux);
-       BUG_ON(daemon->pid != current->pid);
+       BUG_ON(daemon->pid != task_pid(current));
        BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN));
        daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN;
        atomic_dec(&ecryptfs_num_miscdev_opens);
@@ -196,7 +199,7 @@ int ecryptfs_send_miscdev(char *data, size_t data_size,
                if (!msg_ctx->msg) {
                        rc = -ENOMEM;
                        printk(KERN_ERR "%s: Out of memory whilst attempting "
-                              "to kmalloc(%d, GFP_KERNEL)\n", __func__,
+                              "to kmalloc(%zd, GFP_KERNEL)\n", __func__,
                               (sizeof(*msg_ctx->msg) + data_size));
                        goto out_unlock;
                }
@@ -232,32 +235,34 @@ out_unlock:
  *
  * Returns the number of bytes copied into the user buffer
  */
-static int
+static ssize_t
 ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count,
                      loff_t *ppos)
 {
        struct ecryptfs_daemon *daemon;
        struct ecryptfs_msg_ctx *msg_ctx;
        size_t packet_length_size;
-       u32 counter_nbo;
        char packet_length[3];
        size_t i;
        size_t total_length;
+       uid_t euid = current_euid();
        int rc;
 
        mutex_lock(&ecryptfs_daemon_hash_mux);
        /* TODO: Just use file->private_data? */
-       rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid);
+       rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
        BUG_ON(rc || !daemon);
        mutex_lock(&daemon->mux);
        if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
                rc = 0;
+               mutex_unlock(&ecryptfs_daemon_hash_mux);
                printk(KERN_WARNING "%s: Attempt to read from zombified "
                       "daemon\n", __func__);
                goto out_unlock_daemon;
        }
        if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) {
                rc = 0;
+               mutex_unlock(&ecryptfs_daemon_hash_mux);
                goto out_unlock_daemon;
        }
        /* This daemon will not go away so long as this flag is set */
@@ -284,8 +289,9 @@ check_list:
                 * message from the queue; try again */
                goto check_list;
        }
-       BUG_ON(current->euid != daemon->euid);
-       BUG_ON(current->pid != daemon->pid);
+       BUG_ON(euid != daemon->euid);
+       BUG_ON(current_user_ns() != daemon->user_ns);
+       BUG_ON(task_pid(current) != daemon->pid);
        msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
                                   struct ecryptfs_msg_ctx, daemon_out_list);
        BUG_ON(!msg_ctx);
@@ -316,24 +322,22 @@ check_list:
        if (count < total_length) {
                rc = 0;
                printk(KERN_WARNING "%s: Only given user buffer of "
-                      "size [%Zd], but we need [%Zd] to read the "
+                      "size [%zd], but we need [%zd] to read the "
                       "pending message\n", __func__, count, total_length);
                goto out_unlock_msg_ctx;
        }
-       i = 0;
-       buf[i++] = msg_ctx->type;
-       counter_nbo = cpu_to_be32(msg_ctx->counter);
-       memcpy(&buf[i], (char *)&counter_nbo, 4);
-       i += 4;
+       rc = -EFAULT;
+       if (put_user(msg_ctx->type, buf))
+               goto out_unlock_msg_ctx;
+       if (put_user(cpu_to_be32(msg_ctx->counter), (__be32 __user *)(buf + 1)))
+               goto out_unlock_msg_ctx;
+       i = 5;
        if (msg_ctx->msg) {
-               memcpy(&buf[i], packet_length, packet_length_size);
+               if (copy_to_user(&buf[i], packet_length, packet_length_size))
+                       goto out_unlock_msg_ctx;
                i += packet_length_size;
-               rc = copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size);
-               if (rc) {
-                       printk(KERN_ERR "%s: copy_to_user returned error "
-                              "[%d]\n", __func__, rc);
+               if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
                        goto out_unlock_msg_ctx;
-               }
                i += msg_ctx->msg_size;
        }
        rc = i;
@@ -352,65 +356,32 @@ out_unlock_daemon:
        return rc;
 }
 
-/**
- * ecryptfs_miscdev_helo
- * @euid: effective user id of miscdevess sending helo packet
- * @pid: miscdevess id of miscdevess sending helo packet
- *
- * Returns zero on success; non-zero otherwise
- */
-static int ecryptfs_miscdev_helo(uid_t uid, pid_t pid)
-{
-       int rc;
-
-       rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_MISCDEV, uid, pid);
-       if (rc)
-               printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
-       return rc;
-}
-
-/**
- * ecryptfs_miscdev_quit
- * @euid: effective user id of miscdevess sending quit packet
- * @pid: miscdevess id of miscdevess sending quit packet
- *
- * Returns zero on success; non-zero otherwise
- */
-static int ecryptfs_miscdev_quit(uid_t euid, pid_t pid)
-{
-       int rc;
-
-       rc = ecryptfs_process_quit(euid, pid);
-       if (rc)
-               printk(KERN_WARNING
-                      "Error processing QUIT message; rc = [%d]\n", rc);
-       return rc;
-}
-
 /**
  * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon
  * @data: Bytes comprising struct ecryptfs_message
  * @data_size: sizeof(struct ecryptfs_message) + data len
  * @euid: Effective user id of miscdevess sending the miscdev response
+ * @user_ns: The namespace in which @euid applies
  * @pid: Miscdevess id of miscdevess sending the miscdev response
  * @seq: Sequence number for miscdev response packet
  *
  * Returns zero on success; non-zero otherwise
  */
 static int ecryptfs_miscdev_response(char *data, size_t data_size,
-                                         uid_t euid, pid_t pid, u32 seq)
+                                    uid_t euid, struct user_namespace *user_ns,
+                                    struct pid *pid, u32 seq)
 {
        struct ecryptfs_message *msg = (struct ecryptfs_message *)data;
        int rc;
 
        if ((sizeof(*msg) + msg->data_len) != data_size) {
                printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = "
-                      "[%Zd]; data_size = [%Zd]. Invalid packet.\n", __func__,
+                      "[%zd]; data_size = [%zd]. Invalid packet.\n", __func__,
                       (sizeof(*msg) + msg->data_len), data_size);
                rc = -EINVAL;
                goto out;
        }
-       rc = ecryptfs_process_response(msg, euid, pid, seq);
+       rc = ecryptfs_process_response(msg, euid, user_ns, pid, seq);
        if (rc)
                printk(KERN_ERR
                       "Error processing response message; rc = [%d]\n", rc);
@@ -437,40 +408,37 @@ static ssize_t
 ecryptfs_miscdev_write(struct file *file, const char __user *buf,
                       size_t count, loff_t *ppos)
 {
-       u32 counter_nbo, seq;
+       __be32 counter_nbo;
+       u32 seq;
        size_t packet_size, packet_size_length, i;
        ssize_t sz = 0;
        char *data;
+       uid_t euid = current_euid();
        int rc;
 
        if (count == 0)
                goto out;
-       data = kmalloc(count, GFP_KERNEL);
-       if (!data) {
-               printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                      "kmalloc([%Zd], GFP_KERNEL)\n", __func__, count);
+
+       data = memdup_user(buf, count);
+       if (IS_ERR(data)) {
+               printk(KERN_ERR "%s: memdup_user returned error [%ld]\n",
+                      __func__, PTR_ERR(data));
                goto out;
        }
-       rc = copy_from_user(data, buf, count);
-       if (rc) {
-               printk(KERN_ERR "%s: copy_from_user returned error [%d]\n",
-                      __func__, rc);
-               goto out_free;
-       }
        sz = count;
        i = 0;
        switch (data[i++]) {
        case ECRYPTFS_MSG_RESPONSE:
                if (count < (1 + 4 + 1 + sizeof(struct ecryptfs_message))) {
                        printk(KERN_WARNING "%s: Minimum acceptable packet "
-                              "size is [%Zd], but amount of data written is "
-                              "only [%Zd]. Discarding response packet.\n",
+                              "size is [%zd], but amount of data written is "
+                              "only [%zd]. Discarding response packet.\n",
                               __func__,
                               (1 + 4 + 1 + sizeof(struct ecryptfs_message)),
                               count);
                        goto out_free;
                }
-               memcpy((char *)&counter_nbo, &data[i], 4);
+               memcpy(&counter_nbo, &data[i], 4);
                seq = be32_to_cpu(counter_nbo);
                i += 4;
                rc = ecryptfs_parse_packet_length(&data[i], &packet_size,
@@ -482,38 +450,23 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
                }
                i += packet_size_length;
                if ((1 + 4 + packet_size_length + packet_size) != count) {
-                       printk(KERN_WARNING "%s: (1 + packet_size_length([%Zd])"
-                              " + packet_size([%Zd]))([%Zd]) != "
-                              "count([%Zd]). Invalid packet format.\n",
+                       printk(KERN_WARNING "%s: (1 + packet_size_length([%zd])"
+                              " + packet_size([%zd]))([%zd]) != "
+                              "count([%zd]). Invalid packet format.\n",
                               __func__, packet_size_length, packet_size,
                               (1 + packet_size_length + packet_size), count);
                        goto out_free;
                }
                rc = ecryptfs_miscdev_response(&data[i], packet_size,
-                                              current->euid,
-                                              current->pid, seq);
+                                              euid, current_user_ns(),
+                                              task_pid(current), seq);
                if (rc)
                        printk(KERN_WARNING "%s: Failed to deliver miscdev "
                               "response to requesting operation; rc = [%d]\n",
                               __func__, rc);
                break;
        case ECRYPTFS_MSG_HELO:
-               rc = ecryptfs_miscdev_helo(current->euid, current->pid);
-               if (rc) {
-                       printk(KERN_ERR "%s: Error attempting to process "
-                              "helo from pid [%d]; rc = [%d]\n", __func__,
-                              current->pid, rc);
-                       goto out_free;
-               }
-               break;
        case ECRYPTFS_MSG_QUIT:
-               rc = ecryptfs_miscdev_quit(current->euid, current->pid);
-               if (rc) {
-                       printk(KERN_ERR "%s: Error attempting to process "
-                              "quit from pid [%d]; rc = [%d]\n", __func__,
-                              current->pid, rc);
-                       goto out_free;
-               }
                break;
        default:
                ecryptfs_printk(KERN_WARNING, "Dropping miscdev "
@@ -557,13 +510,11 @@ int ecryptfs_init_ecryptfs_miscdev(void)
        int rc;
 
        atomic_set(&ecryptfs_num_miscdev_opens, 0);
-       mutex_lock(&ecryptfs_daemon_hash_mux);
        rc = misc_register(&ecryptfs_miscdev);
        if (rc)
                printk(KERN_ERR "%s: Failed to register miscellaneous device "
                       "for communications with userspace daemons; rc = [%d]\n",
                       __func__, rc);
-       mutex_unlock(&ecryptfs_daemon_hash_mux);
        return rc;
 }