9324cc3f5322e0977264ad87c71098cba5679542bbec55bd2995618e.patch - chromiumos/third_party/kernel-rebase-patches - Git at Google

 From 5d14096425298d69adb66c7dc975cf5ee064ebdf Mon Sep 17 00:00:00 2001
 From: Sarthak Kukreti <sarthakkukreti@google.com>
 Date: Wed, 19 Jun 2019 18:36:11 -0700
 Subject: [PATCH] CHROMIUM: Revert "eCryptfs: don't pass up plaintext names
  when using filename encryption"

 This reverts commit e86281e700cca8a773f9a572fa406adf2784ba5c.

 Commit e86281e700cc ("eCryptfs: don't pass up plaintext names
 when using filename encryption") introduces a regression
 preventing lookups on plaintext files in the lower directory.

 BUG=chromium:974368
 TEST=MyFiles/Downloads shows in Files app after revert.

 Change-Id: I234b3fa8036c6b90a40d738d3a1031f35013bdea
 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1668671
 Reviewed-by: Guenter Roeck <groeck@chromium.org>
 Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
 Commit-Queue: Sarthak Kukreti <sarthakkukreti@chromium.org>
 Tested-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
 (cherry picked from commit aad4b948cf78cc4e1b2abf7d4c6101b3c41fec1c)
 Signed-off-by: Guenter Roeck <groeck@chromium.org>
 ---
  fs/ecryptfs/crypto.c | 41 +++++++++++++----------------------------
  fs/ecryptfs/file.c   | 22 ++++++----------------
  2 files changed, 19 insertions(+), 44 deletions(-)

 diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
 index 9df18a08c5275733836c0af65abe5b5eac8550ab..437ddfb9cd07da031a998dee4de3f55e42142c22 100644
 --- a/fs/ecryptfs/crypto.c
 +++ b/fs/ecryptfs/crypto.c
 @@ -1977,16 +1977,6 @@ int ecryptfs_encrypt_and_encode_filename(
  	return rc;
  }

 -static bool is_dot_dotdot(const char *name, size_t name_size)
 -{
 -	if (name_size == 1 && name[0] == '.')
 -		return true;
 -	else if (name_size == 2 && name[0] == '.' && name[1] == '.')
 -		return true;
 -
 -	return false;
 -}
 -
  /**
   * ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
   * @plaintext_name: The plaintext name
 @@ -2011,21 +2001,13 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
  	size_t packet_size;
  	int rc = 0;

 -	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) &&
 -	    !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) {
 -		if (is_dot_dotdot(name, name_size)) {
 -			rc = ecryptfs_copy_filename(plaintext_name,
 -						    plaintext_name_size,
 -						    name, name_size);
 -			goto out;
 -		}
 -
 -		if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE ||
 -		    strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
 -			    ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) {
 -			rc = -EINVAL;
 -			goto out;
 -		}
 +	if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
 +	    && !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
 +	    && (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
 +	    && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
 +			ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
 +		const char *orig_name = name;
 +		size_t orig_name_size = name_size;

  		name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
  		name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
 @@ -2045,9 +2027,12 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
  						  decoded_name,
  						  decoded_name_size);
  		if (rc) {
 -			ecryptfs_printk(KERN_DEBUG,
 -					"%s: Could not parse tag 70 packet from filename\n",
 -					__func__);
 +			printk(KERN_INFO "%s: Could not parse tag 70 packet "
 +			       "from filename; copying through filename "
 +			       "as-is\n", __func__);
 +			rc = ecryptfs_copy_filename(plaintext_name,
 +						    plaintext_name_size,
 +						    orig_name, orig_name_size);
  			goto out_free;
  		}
  	} else {
 diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
 index 268b74499c28c7c76f8e3230b66d86fec2394ee6..89e2c4648b906877c885af8d316302b6387b71ee 100644
 --- a/fs/ecryptfs/file.c
 +++ b/fs/ecryptfs/file.c
 @@ -66,23 +66,13 @@ ecryptfs_filldir(struct dir_context *ctx, const char *lower_name,

  	buf->filldir_called++;
  	err = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
 -						   buf->sb, lower_name,
 -						   lower_namelen);
 +						  buf->sb, lower_name,
 +						  lower_namelen);
  	if (err) {
 -		if (err != -EINVAL) {
 -			ecryptfs_printk(KERN_DEBUG,
 -					"%s: Error attempting to decode and decrypt filename [%s]; rc = [%d]\n",
 -					__func__, lower_name, err);
 -			return false;
 -		}
 -
 -		/* Mask -EINVAL errors as these are most likely due a plaintext
 -		 * filename present in the lower filesystem despite filename
 -		 * encryption being enabled. One unavoidable example would be
 -		 * the "lost+found" dentry in the root directory of an Ext4
 -		 * filesystem.
 -		 */
 -		return true;
 +		printk(KERN_ERR "%s: Error attempting to decode and decrypt "
 +		       "filename [%s]; err = [%d]\n", __func__, lower_name,
 +		       err);
 +		return false;
  	}

  	buf->caller->pos = buf->ctx.pos;
 --
 2.38.1.584.g0f3c55d4c2-goog
	From 5d14096425298d69adb66c7dc975cf5ee064ebdf Mon Sep 17 00:00:00 2001
	From: Sarthak Kukreti <sarthakkukreti@google.com>
	Date: Wed, 19 Jun 2019 18:36:11 -0700
	Subject: [PATCH] CHROMIUM: Revert "eCryptfs: don't pass up plaintext names
	when using filename encryption"

	This reverts commit e86281e700cca8a773f9a572fa406adf2784ba5c.

	Commit e86281e700cc ("eCryptfs: don't pass up plaintext names
	when using filename encryption") introduces a regression
	preventing lookups on plaintext files in the lower directory.

	BUG=chromium:974368
	TEST=MyFiles/Downloads shows in Files app after revert.

	Change-Id: I234b3fa8036c6b90a40d738d3a1031f35013bdea
	Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1668671
	Reviewed-by: Guenter Roeck <groeck@chromium.org>
	Reviewed-by: Gwendal Grignou <gwendal@chromium.org>
	Commit-Queue: Sarthak Kukreti <sarthakkukreti@chromium.org>
	Tested-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
	(cherry picked from commit aad4b948cf78cc4e1b2abf7d4c6101b3c41fec1c)
	Signed-off-by: Guenter Roeck <groeck@chromium.org>
	---
	fs/ecryptfs/crypto.c \| 41 +++++++++++++----------------------------
	fs/ecryptfs/file.c \| 22 ++++++----------------
	2 files changed, 19 insertions(+), 44 deletions(-)

	diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
	index 9df18a08c5275733836c0af65abe5b5eac8550ab..437ddfb9cd07da031a998dee4de3f55e42142c22 100644
	--- a/fs/ecryptfs/crypto.c
	+++ b/fs/ecryptfs/crypto.c
	@@ -1977,16 +1977,6 @@ int ecryptfs_encrypt_and_encode_filename(
	return rc;
	}

	-static bool is_dot_dotdot(const char *name, size_t name_size)
	-{
	- if (name_size == 1 && name[0] == '.')
	- return true;
	- else if (name_size == 2 && name[0] == '.' && name[1] == '.')
	- return true;
	-
	- return false;
	-}
	-
	/**
	* ecryptfs_decode_and_decrypt_filename - converts the encoded cipher text name to decoded plaintext
	* @plaintext_name: The plaintext name
	@@ -2011,21 +2001,13 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
	size_t packet_size;
	int rc = 0;

	- if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) &&
	- !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)) {
	- if (is_dot_dotdot(name, name_size)) {
	- rc = ecryptfs_copy_filename(plaintext_name,
	- plaintext_name_size,
	- name, name_size);
	- goto out;
	- }
	-
	- if (name_size <= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE \|\|
	- strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
	- ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)) {
	- rc = -EINVAL;
	- goto out;
	- }
	+ if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
	+ && !(mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
	+ && (name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE)
	+ && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX,
	+ ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) {
	+ const char *orig_name = name;
	+ size_t orig_name_size = name_size;

	name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
	name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE;
	@@ -2045,9 +2027,12 @@ int ecryptfs_decode_and_decrypt_filename(char **plaintext_name,
	decoded_name,
	decoded_name_size);
	if (rc) {
	- ecryptfs_printk(KERN_DEBUG,
	- "%s: Could not parse tag 70 packet from filename\n",
	- __func__);
	+ printk(KERN_INFO "%s: Could not parse tag 70 packet "
	+ "from filename; copying through filename "
	+ "as-is\n", __func__);
	+ rc = ecryptfs_copy_filename(plaintext_name,
	+ plaintext_name_size,
	+ orig_name, orig_name_size);
	goto out_free;
	}
	} else {
	diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
	index 268b74499c28c7c76f8e3230b66d86fec2394ee6..89e2c4648b906877c885af8d316302b6387b71ee 100644
	--- a/fs/ecryptfs/file.c
	+++ b/fs/ecryptfs/file.c
	@@ -66,23 +66,13 @@ ecryptfs_filldir(struct dir_context ctx, const char lower_name,

	buf->filldir_called++;
	err = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
	- buf->sb, lower_name,
	- lower_namelen);
	+ buf->sb, lower_name,
	+ lower_namelen);
	if (err) {
	- if (err != -EINVAL) {
	- ecryptfs_printk(KERN_DEBUG,
	- "%s: Error attempting to decode and decrypt filename [%s]; rc = [%d]\n",
	- __func__, lower_name, err);
	- return false;
	- }
	-
	- /* Mask -EINVAL errors as these are most likely due a plaintext
	- * filename present in the lower filesystem despite filename
	- * encryption being enabled. One unavoidable example would be
	- * the "lost+found" dentry in the root directory of an Ext4
	- * filesystem.
	- */
	- return true;
	+ printk(KERN_ERR "%s: Error attempting to decode and decrypt "
	+ "filename [%s]; err = [%d]\n", __func__, lower_name,
	+ err);
	+ return false;
	}

	buf->caller->pos = buf->ctx.pos;
	--
	2.38.1.584.g0f3c55d4c2-goog