From patchwork Mon Dec 19 22:20:16 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9480803 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 698DB601C2 for ; Mon, 19 Dec 2016 22:21:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5AA352837F for ; Mon, 19 Dec 2016 22:21:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4F78E284FC; Mon, 19 Dec 2016 22:21:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F36A32837F for ; Mon, 19 Dec 2016 22:21:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755299AbcLSWVO (ORCPT ); Mon, 19 Dec 2016 17:21:14 -0500 Received: from mail-it0-f67.google.com ([209.85.214.67]:36760 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754626AbcLSWVM (ORCPT ); Mon, 19 Dec 2016 17:21:12 -0500 Received: by mail-it0-f67.google.com with SMTP id n68so11930017itn.3 for ; Mon, 19 Dec 2016 14:21:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=R+BJpBnNKUL79ZN4twqMb1g1gCwM9CiMf+8it50OfuY=; b=NvekLMokT0pHRFxHma7KtaX32w5VTk5mX24dBOhqQUbBzTidYXBuz5SUnqxnrk9xeK /tk9O2kNmE6ko+gXrgfInogw+30Wh5Unk1G+2iH38IXR66iUuoHyN1dsF/omwPLVTSq2 jPPM91oUs4kdha2J+LC8uFkuyb27W2/CdJEv0sYd3kIP+Gu45hcyNkHoYpHLZ7grH3ba foU4eRlEfKAHSReYAWmWM2y7Oly+36IK0WJ0AoS/cRvii+JZOJEAFAawE/r0UKU/YAR9 ynh1DVJgzmsKonyAI8BXpAa8n8JCKRIXeWZxjCAy3doI766u1kpOccYWtP3DtTGQM9Ta lzhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=R+BJpBnNKUL79ZN4twqMb1g1gCwM9CiMf+8it50OfuY=; b=T1JIh8IpE6qA9ZXc8byF//wjIgE8re7rMrYrhN+sCsUs6YgaWwlx7KAuio7ospFHAF P29aJAsvEruX9ilh9iXqkTsRNI09OkpfN28SLYD7gRGON+ZPYtmSlFakAea7lgRYUfvk SplrCfqd1zYNMKTR+5nkoKZHixRJYhXykNUlxx2xfpkjWepoEYskyz6myMtH17FS75AU 7no8DjzrE1YF5zFyvjsYBjFsAnxymYEWUN3PZyUCk3HnS7aVSRw0z7vPRu/GZj3kvpYF V3D+MFrje5BHK8/2439TU9gA9Q981yT+VqMxkGiFtD4qkhX54lsjWMXGP+2+tDMp85r0 9q0Q== X-Gm-Message-State: AKaTC02T8iheXAYnqF6quOEBj/6TClvcSNxsvyJ+K5qESnYgJatCrZxZ3Uy1/jG02GaQsg== X-Received: by 10.36.108.144 with SMTP id w138mr19870388itb.68.1482186066550; Mon, 19 Dec 2016 14:21:06 -0800 (PST) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.119.30.131]) by smtp.gmail.com with ESMTPSA id g186sm7687106itb.21.2016.12.19.14.21.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Dec 2016 14:21:05 -0800 (PST) From: Eric Biggers To: linux-fsdevel@vger.kernel.org Cc: "Theodore Y . Ts'o" , Jaegeuk Kim , Richard Weinberger , Eric Biggers Subject: [PATCH v2 5/5] ubifs: consolidate fscrypt_has_permitted_context() checks Date: Mon, 19 Dec 2016 14:20:16 -0800 Message-Id: <1482186016-107643-5-git-send-email-ebiggers3@gmail.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1482186016-107643-1-git-send-email-ebiggers3@gmail.com> References: <1482186016-107643-1-git-send-email-ebiggers3@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers This ports the changes from the corresponding ext4 patch to ubifs. ubifs was also missing the fscrypt_has_permitted_context() check in ubifs_lookup(), so add it. This patch should not be applied before my other two patches: fscrypt: fix loophole in one-encryption-policy-per-tree enforcement fscrypt: fix renaming and linking special files Signed-off-by: Eric Biggers --- fs/ubifs/dir.c | 10 ++++++++++ fs/ubifs/file.c | 20 +------------------- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 528369f..d346f1e 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -285,6 +285,14 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, goto out_dent; } + if (ubifs_crypt_is_encrypted(dir) && + !fscrypt_has_permitted_context(dir, inode)) { + ubifs_err(c, "Inconsistent encryption contexts: %lu/%lu", + dir->i_ino, inode->i_ino); + err = -EPERM; + goto out_inode; + } + done: kfree(dent); fscrypt_free_filename(&nm); @@ -295,6 +303,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, d_add(dentry, inode); return NULL; +out_inode: + iput(inode); out_dent: kfree(dent); out_fname: diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index b0d7837..465a47f 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1630,30 +1630,12 @@ static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma) static int ubifs_file_open(struct inode *inode, struct file *filp) { - int ret; - struct dentry *dir; - struct ubifs_info *c = inode->i_sb->s_fs_info; - if (ubifs_crypt_is_encrypted(inode)) { - ret = fscrypt_get_encryption_info(inode); - if (ret) + if (fscrypt_get_encryption_info(inode)) return -EACCES; if (!fscrypt_has_encryption_key(inode)) return -ENOKEY; } - - dir = dget_parent(file_dentry(filp)); - if (ubifs_crypt_is_encrypted(d_inode(dir)) && - !fscrypt_has_permitted_context(d_inode(dir), inode)) { - ubifs_err(c, "Inconsistent encryption contexts: %lu/%lu", - (unsigned long) d_inode(dir)->i_ino, - (unsigned long) inode->i_ino); - dput(dir); - ubifs_ro_mode(c, -EPERM); - return -EPERM; - } - dput(dir); - return 0; }