ecryptfs: use vfs_get_link()
authorMiklos Szeredi <mszeredi@redhat.com>
Fri, 9 Dec 2016 15:45:03 +0000 (16:45 +0100)
committerMiklos Szeredi <mszeredi@redhat.com>
Fri, 9 Dec 2016 15:45:03 +0000 (16:45 +0100)
Here again we are copying form one buffer to another, while jumping through
hoops to make kernel memory look like userspace memory.

For no good reason, since vfs_get_link() provides exactly what is needed.

As a bonus, now the security hook for readlink is also called on the
underlying inode.

Note: this can be called from link-following context.  But this is okay:

 - not in RCU mode

 - commit e54ad7f1ee26 ("proc: prevent stacking filesystems on top")

 - ecryptfs is *reading* the underlying symlink not following it, so the
   right security hook is being called

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
fs/ecryptfs/inode.c

index cf390dceddd29a27708f92f41c727c1c3c99c812..4ea9d69152dc2cd750822540e9de44ccd908c75d 100644 (file)
@@ -631,28 +631,23 @@ out_lock:
 
 static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
 {
+       DEFINE_DELAYED_CALL(done);
        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
-       char *lower_buf;
+       const char *link;
        char *buf;
-       mm_segment_t old_fs;
        int rc;
 
-       lower_buf = kmalloc(PATH_MAX, GFP_KERNEL);
-       if (!lower_buf)
-               return ERR_PTR(-ENOMEM);
-       old_fs = get_fs();
-       set_fs(get_ds());
-       rc = d_inode(lower_dentry)->i_op->readlink(lower_dentry,
-                                                  (char __user *)lower_buf,
-                                                  PATH_MAX);
-       set_fs(old_fs);
-       if (rc < 0)
-               goto out;
+       link = vfs_get_link(lower_dentry, &done);
+       if (IS_ERR(link))
+               return ERR_CAST(link);
+
        rc = ecryptfs_decode_and_decrypt_filename(&buf, bufsiz, dentry->d_sb,
-                                                 lower_buf, rc);
-out:
-       kfree(lower_buf);
-       return rc ? ERR_PTR(rc) : buf;
+                                                 link, strlen(link));
+       do_delayed_call(&done);
+       if (rc)
+               return ERR_PTR(rc);
+
+       return buf;
 }
 
 static const char *ecryptfs_get_link(struct dentry *dentry,