Eric, On Mon, Oct 17, 2016 at 6:54 PM, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > Multiple bugs were recently fixed in the "set encryption policy" ioctl. > To make it clear that fscrypt_process_policy() and fscrypt_get_policy() > implement ioctls and therefore their implementations must take standard > security and correctness precautions, rename them to > fscrypt_ioctl_set_policy() and fscrypt_ioctl_get_policy(). Make the > latter take in a struct file * to make it consistent with the former. > > In addition, make the common functions do the copies to and from > userspace rather than duplicating this code within each filesystem, and > memset the policy to 0 to make it clear there is no stack leak. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > fs/crypto/policy.c | 36 +++++++++++++++++++++++------------- > fs/ext4/ext4.h | 4 ++-- > fs/ext4/ioctl.c | 34 +++++----------------------------- > fs/f2fs/f2fs.h | 4 ++-- > fs/f2fs/file.c | 19 ++----------------- > include/linux/fscrypto.h | 12 ++++++------ > 6 files changed, 40 insertions(+), 69 deletions(-) Hmm, are you sure the change is worth it? The patch basically moves a copy_from/to_user() from ext4/f2fs into fscrypto. -- Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
