1 Reply Latest reply on Jun 16, 2016 6:25 AM by exbrit

    linux system hangs while accessing encrypted files




      I am trying to access folder which is encrypted by our product.

      system is getting hang whenever we try to create new file under encrypted directory.


      P.S - folder is encrypted by our own stackable file system which act as interceptor between vfs  and actual file system(ext4)


      System Details -

      Linux rhel67 2.6.32-573.8.1.el6.x86_64


      Mcafee version -1.9.0


      following is the call trace of our scenario:


      Call Trace :


      [<ffffffff8113e5d0>] ? __lru_cache_add+0x40/0x90

      [<ffffffff8114a089>] ? zone_statistics+0x99/0xc0

      [<ffffffff8100bc0e>] ? apic_timer_interrupt+0xe/0x20

      [<ffffffff81539ed6>] __mutex_lock_slowpath+0x96/0x210

      [<ffffffff815399fb>] mutex_lock+0x2b/0x50

      [<ffffffffa02ff77f>] openHook+0x16f/0x220 [linuxshield]

      [<ffffffffa02d96b5>] invokeCallbacks+0x1c5/0x870 [lshook]

      [<ffffffffa00aea40>] ? ext4_release_file+0x0/0xd0 [ext4]

      [<ffffffffa02da9d1>] fileOpenHook+0x101/0x1c0 [lshook]

      [<ffffffffa02da8d0>] ? fileOpenHook+0x0/0x1c0 [lshook]

      [<ffffffff8118eaa2>] __dentry_open+0x122/0x380

      [<ffffffff81239b86>] ? selinux_file_alloc_security+0x46/0x70

      [<ffffffff8118ed52>] dentry_open+0x52/0xc0

      [<ffffffffa029dc76>] ifs_init_internal_file+0xb6/0x150 [safenetfs]

      [<ffffffffa029ecaa>] ifs_open+0x1ca/0x830 [safenetfs]

      [<ffffffffa029eae0>] ? ifs_open+0x0/0x830 [safenetfs]

      [<ffffffff8118eaa2>] __dentry_open+0x122/0x380

      [<ffffffff8123ada2>] ? selinux_inode_permission+0x72/0xb0

      [<ffffffff8123284f>] ? security_inode_permission+0x1f/0x30

      [<ffffffff8118ee14>] nameidata_to_filp+0x54/0x70

      [<ffffffff811a4c80>] do_filp_open+0x6d0/0xd20

      [<ffffffff8129dc3a>] ? strncpy_from_user+0x4a/0x90

      [<ffffffff811b1d52>] ? alloc_fd+0x92/0x160

      [<ffffffff8118e847>] do_sys_open+0x67/0x130

      [<ffffffff8118e950>] sys_open+0x20/0x30

      [<ffffffff8100b0d2>] system_call_fastpath+0x16/0x1b



      We suspect that mcafee (lshook kernel module) is blocking file open command to our module.

      Is there any way(config file settings  or whitelist etc ) through which we can directly bypass file operations calls.


      Any suggestion/comments on this will be appreciated.


      thanks -