From patchwork Mon Dec 19 22:20:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9480799 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CB2CB601C2 for ; Mon, 19 Dec 2016 22:21:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC7F02837F for ; Mon, 19 Dec 2016 22:21:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B1775284FC; Mon, 19 Dec 2016 22:21:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C6CC2837F for ; Mon, 19 Dec 2016 22:21:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754424AbcLSWVH (ORCPT ); Mon, 19 Dec 2016 17:21:07 -0500 Received: from mail-it0-f65.google.com ([209.85.214.65]:36754 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754321AbcLSWVG (ORCPT ); Mon, 19 Dec 2016 17:21:06 -0500 Received: by mail-it0-f65.google.com with SMTP id n68so11929977itn.3 for ; Mon, 19 Dec 2016 14:21:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=P5ytGbR5o554pZC0tJJj40vRWUWDVL9c3Y0pvSeomuQ=; b=ljXcwhHVeyUN9yx9rZWVvUHNPqD/USt+o5cQgeEWjUu0BV4GfXzCfsPzvz1adl34PW y/C5KqRJsJzbriYMpc8tc0WjL+3mdUT2oBTcZ5fJr2MwRHJvt/51gMmlv80HCHslGet6 onBgKmswL5qtBXfC/o3yTo4FG3Bv35QL3oPvfEjNu5g+hBasklLqlbJtinXi/vKUSBgQ ADK0zWK+fBLlTbD1nPXIxBwH6gpzje6gKosP4HS59i+hHm2oKUGnwJkusWnYq0xIMmeZ i53BbIqbdemAb/9tWpSFD2Bvkx8dyKMSBn65+yOR/3zb430gw2FZI6B31cqXzxqxNFIR 0cJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=P5ytGbR5o554pZC0tJJj40vRWUWDVL9c3Y0pvSeomuQ=; b=Z/xV9ydw0ucKCyChXARQ3M1UW9i/W0GajfhxtV9rn3DwAFTetfdHD59S5lF0qJwBbG vhBpdlGYwV3qem1sREPm695x3U1laICFhe4mmtyf2R7grt+ZrjrEzuSMUffElRShWZIJ CGaidZx44zvYRZoBc761P6gMwSoUIURexPgXPuUcfNcRgqgMVJH/30YaLd+jh1Xa9jx8 z1GMP1wYn7nK0ZPdA77+8PTEDeWoKZiELmr1Kxph1UVGMhGp+9lT7H2NJM1EkDUBgrZq QB9rj3OmbsgnQLjXnh3SEohuN9jIg/po9Ve0+OG9m72HQPSOfgsgJwkt6ff/qyl3Migp 7/Ag== X-Gm-Message-State: AKaTC03IzPDhuBBN4vAnN5LawFZjwERanbhR8r/oyPwdTjtNx/h5nCLMpDwQDUH4wdmZwA== X-Received: by 10.36.98.4 with SMTP id d4mr18118789itc.20.1482186065592; Mon, 19 Dec 2016 14:21:05 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.131]) by smtp.gmail.com with ESMTPSA id g186sm7687106itb.21.2016.12.19.14.21.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Dec 2016 14:21:05 -0800 (PST) From: Eric Biggers To: linux-fsdevel@vger.kernel.org Cc: "Theodore Y . Ts'o" , Jaegeuk Kim , Richard Weinberger , Eric Biggers Subject: [PATCH v2 4/5] f2fs: consolidate fscrypt_has_permitted_context() checks Date: Mon, 19 Dec 2016 14:20:15 -0800 Message-Id: <1482186016-107643-4-git-send-email-ebiggers3@gmail.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1482186016-107643-1-git-send-email-ebiggers3@gmail.com> References: <1482186016-107643-1-git-send-email-ebiggers3@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers This ports the changes from the corresponding ext4 patch to f2fs. This patch should not be applied before my other two patches: fscrypt: fix loophole in one-encryption-policy-per-tree enforcement fscrypt: fix renaming and linking special files Signed-off-by: Eric Biggers --- fs/f2fs/file.c | 15 +++++---------- fs/f2fs/namei.c | 7 ++----- 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 49f10dc..381d39b 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -443,23 +443,18 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma) static int f2fs_file_open(struct inode *inode, struct file *filp) { int ret = generic_file_open(inode, filp); - struct dentry *dir; - if (!ret && f2fs_encrypted_inode(inode)) { + if (ret) + return ret; + + if (f2fs_encrypted_inode(inode)) { ret = fscrypt_get_encryption_info(inode); if (ret) return -EACCES; if (!fscrypt_has_encryption_key(inode)) return -ENOKEY; } - dir = dget_parent(file_dentry(filp)); - if (f2fs_encrypted_inode(d_inode(dir)) && - !fscrypt_has_permitted_context(d_inode(dir), inode)) { - dput(dir); - return -EPERM; - } - dput(dir); - return ret; + return 0; } int truncate_data_blocks_range(struct dnode_of_data *dn, int count) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index 56c19b0..53ff18f 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -322,11 +322,8 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, goto err_out; } if (!IS_ERR(inode) && f2fs_encrypted_inode(dir) && - (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && - !fscrypt_has_permitted_context(dir, inode)) { - bool nokey = f2fs_encrypted_inode(inode) && - !fscrypt_has_encryption_key(inode); - err = nokey ? -ENOKEY : -EPERM; + !fscrypt_has_permitted_context(dir, inode)) { + err = -EPERM; goto err_out; } return d_splice_alias(inode, dentry);