From patchwork Mon Sep 12 19:29:19 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miklos Szeredi <mszeredi@redhat.com>
X-Patchwork-Id: 9327831
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4061560231 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 12 Sep 2016 19:30:15 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3272828E22
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 12 Sep 2016 19:30:15 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2708B28E97; Mon, 12 Sep 2016 19:30:15 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2385728E59
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 12 Sep 2016 19:30:13 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932777AbcILT36 (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Mon, 12 Sep 2016 15:29:58 -0400
Received: from mail-wm0-f43.google.com ([74.125.82.43]:37272 "EHLO
	mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932765AbcILT3x (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 12 Sep 2016 15:29:53 -0400
Received: by mail-wm0-f43.google.com with SMTP id c131so75128986wmh.0
	for <linux-fsdevel@vger.kernel.org>;
	Mon, 12 Sep 2016 12:29:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Qh329kwuI7X+iodT3w+FOnlbYMAl4JtHBK4bK5C2bzc=;
	b=a2vwoI8oyF7fDMeSWWKu6eaS3ObKLsjxEWaVC91OTK6zdUlb4oifQ9Z30pRoOtmqNi
	0NUlzS2mhlZehSBthMSqpE0d6dEG/coZDkbvZmANIeY1ygrvAooqZTJGCqQTwvqPbCiR
	rLRWz5Zth54V7KDCT5QKk9e1XRVlpLPKvuUMshKKI9atTAOm92Bw2L7aaOG2b1l2nZ3V
	R7/UExhWQvWWoCLftd8HecQdlgpVe3uvLFml5esswfFhQB9z8SZaVMiwwrzW+dMtR/Q0
	3hVb0S9xDM5vcZ2KeBhpPF4kw+RhgqAPiuNfy8a5Qyd9Jr53bWyUueRN0Oa8jYU5RPgU
	7xhg==
X-Gm-Message-State: 
 AE9vXwNFVwdZ5Qu+VlURRzv9D7YVCjWzAmmdjrA8a8f82GAaYDcQxNeHKYcKAyHejQz8T3Iu
X-Received: by 10.194.8.226 with SMTP id u2mr19226214wja.153.1473708587514;
	Mon, 12 Sep 2016 12:29:47 -0700 (PDT)
Received: from veci.piliscsaba.szeredi.hu (pool-dsl-2c-0018.externet.hu.
	[217.173.44.24]) by smtp.gmail.com with ESMTPSA id
	f8sm19250418wjh.45.2016.09.12.12.29.46
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 12 Sep 2016 12:29:46 -0700 (PDT)
From: Miklos Szeredi <mszeredi@redhat.com>
To: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
	Tyler Hicks <tyhicks@canonical.com>
Subject: [PATCH 17/17] ecryptfs: use vfs_get_link()
Date: Mon, 12 Sep 2016 21:29:19 +0200
Message-Id: <1473708559-12714-18-git-send-email-mszeredi@redhat.com>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1473708559-12714-1-git-send-email-mszeredi@redhat.com>
References: <1473708559-12714-1-git-send-email-mszeredi@redhat.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Here again we are copying form one buffer to another, while jumping through
hoops to make kernel memory look like userspace memory.

For no good reason, since vfs_get_link() provides exactly what is needed.

As a bonus, now the security hook for readlink is also called on the
underlying inode.

Note: this can be called from link-following context.  But this is okay:

 - not in RCU mode

 - e54ad7f1ee26 ("proc: prevent stacking filesystems on top")

 - ecryptfs is *reading* the underlying symlink not following it, so the
   right security hook is being called

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
---
 fs/ecryptfs/inode.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index fb2d831b7030..95e51b2af2de 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -627,26 +627,23 @@ out_lock:
 
 static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
 {
+	DEFINE_DELAYED_CALL(done);
 	struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
-	char *lower_buf;
+	const char *link;
 	char *buf;
-	mm_segment_t old_fs;
 	int rc;
 
-	lower_buf = kmalloc(PATH_MAX, GFP_KERNEL);
-	if (!lower_buf)
-		return ERR_PTR(-ENOMEM);
-	old_fs = get_fs();
-	set_fs(get_ds());
-	rc = vfs_readlink(lower_dentry, (char __user *)lower_buf, PATH_MAX);
-	set_fs(old_fs);
-	if (rc < 0)
-		goto out;
+	link = vfs_get_link(lower_dentry, d_inode(lower_dentry), &done);
+	if (IS_ERR(link))
+		return ERR_CAST(link);
+
 	rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
-						  lower_buf, rc);
-out:
-	kfree(lower_buf);
-	return rc ? ERR_PTR(rc) : buf;
+						  link, strlen(link));
+	do_delayed_call(&done);
+	if (rc)
+		return ERR_PTR(rc);
+
+	return buf;
 }
 
 static const char *ecryptfs_get_link(struct dentry *dentry,