tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ecryptfs: don't allow mmap when the lower fs doesn't support it
There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.
CVE-2016-1583
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
authored by
Jeff Mahoney
and committed by
Tyler Hicks
f0fe970d
78c4e172
+14
-1
+14
-1
fs/ecryptfs/file.c
+14
-1
fs/ecryptfs/file.c
···
169
169
return rc;
170
170
}
171
171
172
+
static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma)
173
+
{
174
+
struct file *lower_file = ecryptfs_file_to_lower(file);
175
+
/*
176
+
* Don't allow mmap on top of file systems that don't support it
177
+
* natively. If FILESYSTEM_MAX_STACK_DEPTH > 2 or ecryptfs
178
+
* allows recursive mounting, this will need to be extended.
179
+
*/
180
+
if (!lower_file->f_op->mmap)
181
+
return -ENODEV;
182
+
return generic_file_mmap(file, vma);
183
+
}
184
+
172
185
/**
173
186
* ecryptfs_open
174
187
* @inode: inode specifying file to open
···
416
403
#ifdef CONFIG_COMPAT
417
404
.compat_ioctl = ecryptfs_compat_ioctl,
418
405
#endif
419
-
.mmap = generic_file_mmap,
406
+
.mmap = ecryptfs_mmap,
420
407
.open = ecryptfs_open,
421
408
.flush = ecryptfs_flush,
422
409
.release = ecryptfs_release,