BUG() when opened miscdev fd's are used after being inherited/passed

My original attempt at fixing this simply converted all of the BUG_ON() calls in ecryptfs_miscdev_*() to if statements that gracefully handled the various conditions. This mostly worked (and will probably be a part of the final solution) except for handling the case where a passed fd was the last one closed. In that situation, ecryptfs_miscdev_release() cannot do its job because we may not be able to look up the daemon with ecryptfs_find_daemon_by_euid() since the current euid may not match the original euid.

Patches sent out for review:

http://thread.gmane.org/gmane.comp.file-systems.ecryptfs.general/189/focus=226

Test case committed to ecryptfs-utils:

http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/696

Released in 3.5-rc6

http://git.kernel.org/linus/8dc6780587c99286c0d3de747a2946a76989414a

SRU justification (Lucid, Oneiric)

Impact:

File operations on /dev/ecryptfs would BUG() when the operations were
performed by processes other than the process that originally opened the
file. This could happen with open files inherited after fork() or file
descriptors passed through IPC mechanisms.

Fix:

upstream cherry pick of commit 8dc6780587c99286c0d3de747a2946a76989414a

Testcase:

http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/696
(test lp-994247.sh)

Without the fix, this test fails. With the fix, it passes.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 994247

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Released in -proposed Ubuntu-3.0.0-24.40

Passes verification with ext2,ext3,ext4,xfs and btrfs lower file systems on Linux ubuntu 2.6.32-42-server #96-Ubuntu SMP Wed Aug 15 19:52:20 UTC 2012 x86_64 GNU/Linux

sudo ./tests/run_tests.sh -K -c safe -b 1000000 -D /tmp/image -l /lower -u /upper -t lp-994247.sh -f ext2,ext3,ext4,xfs,btrfs
Running eCryptfs filesystem tests on ext2
lp-994247 pass
Running eCryptfs filesystem tests on ext3
lp-994247 pass
Running eCryptfs filesystem tests on ext4
lp-994247 pass
Running eCryptfs filesystem tests on xfs
lp-994247 pass
Running eCryptfs filesystem tests on btrfs
lp-994247 pass

Test Summary:
5 passed
0 failed

re: comment #4, this was actually a SRU for Lucid + Natty. Natty commit http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-natty.git;a=commit;h=3ffce8c8a05223696e567f1c0efe34d496dc22ac tested:

Passes verification with ext2,ext3,ext4,xfs and btrfs lower file systems on Linux ubuntu 2.6.38-15-server #66-Ubuntu SMP Tue Aug 14 17:42:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

..so I'm going to add a verification-done-natty tag too

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package linux - 2.6.32-42.96

---------------
linux (2.6.32-42.96) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1036553

  [ Andy Whitcroft ]

  * SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
    - LP: #1016299
    - CVE-2012-2372

  [ Upstream Kernel Changes ]

  * udf: Fortify loading of sparing table
    - LP: #1024497
    - CVE-2012-3400
  * udf: Avoid run away loop when partition table length is corrupted
    - LP: #1024497
    - CVE-2012-3400
  * eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
    - LP: #994247
  * eCryptfs: Copy up POSIX ACL and read-only flags from lower mount
    - LP: #1009207
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
 -- Luis Henriques <email address hidden> Tue, 14 Aug 2012 09:51:58 +0100