fscrypto: require write access to mount to set encryption policy

author Eric Biggers <ebiggers@google.com>

Thu, 8 Sep 2016 21:20:38 +0000 (14:20 -0700)

committer Theodore Ts'o <tytso@mit.edu>

Sat, 10 Sep 2016 05:18:57 +0000 (01:18 -0400)
author Eric Biggers <ebiggers@google.com>
Thu, 8 Sep 2016 21:20:38 +0000 (14:20 -0700)
committer Theodore Ts'o <tytso@mit.edu>
Sat, 10 Sep 2016 05:18:57 +0000 (01:18 -0400)
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c

index f96547f..ed115ac 100644 (file)
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -11,6 +11,7 @@
  #include <linux/random.h>
  #include <linux/string.h>
  #include <linux/fscrypto.h>
+#include <linux/mount.h>
  
  static int inode_has_encryption_context(struct inode *inode)
  {
@@ -92,31 +93,42 @@ static int create_encryption_context_from_policy(struct inode *inode,
         return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL);
  }
  
-int fscrypt_process_policy(struct inode *inode,
+int fscrypt_process_policy(struct file *filp,
                                 const struct fscrypt_policy *policy)
  {
+       struct inode *inode = file_inode(filp);
+       int ret;
+
         if (!inode_owner_or_capable(inode))
                 return -EACCES;
  
         if (policy->version != 0)
                 return -EINVAL;
  
+       ret = mnt_want_write_file(filp);
+       if (ret)
+               return ret;
+
         if (!inode_has_encryption_context(inode)) {
                 if (!S_ISDIR(inode->i_mode))
-                       return -EINVAL;
-               if (!inode->i_sb->s_cop->empty_dir)
-                       return -EOPNOTSUPP;
-               if (!inode->i_sb->s_cop->empty_dir(inode))
-                       return -ENOTEMPTY;
-               return create_encryption_context_from_policy(inode, policy);
+                       ret = -EINVAL;
+               else if (!inode->i_sb->s_cop->empty_dir)
+                       ret = -EOPNOTSUPP;
+               else if (!inode->i_sb->s_cop->empty_dir(inode))
+                       ret = -ENOTEMPTY;
+               else
+                       ret = create_encryption_context_from_policy(inode,
+                                                                   policy);
+       } else if (!is_encryption_context_consistent_with_policy(inode,
+                                                                policy)) {
+               printk(KERN_WARNING
+                      "%s: Policy inconsistent with encryption context\n",
+                      __func__);
+               ret = -EINVAL;
         }
  
-       if (is_encryption_context_consistent_with_policy(inode, policy))
-               return 0;
-
-       printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
-              __func__);
-       return -EINVAL;
+       mnt_drop_write_file(filp);
+       return ret;
  }
  EXPORT_SYMBOL(fscrypt_process_policy);
  
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c

index 10686fd..1bb7df5 100644 (file)
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -776,7 +776,7 @@ resizefs_out:
                                    (struct fscrypt_policy __user *)arg,
                                    sizeof(policy)))
                         return -EFAULT;
-               return fscrypt_process_policy(inode, &policy);
+               return fscrypt_process_policy(filp, &policy);
  #else
                 return -EOPNOTSUPP;
  #endif
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c

index 47abb96..28f4f4c 100644 (file)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1757,21 +1757,14 @@ static int f2fs_ioc_set_encryption_policy(struct file *filp, unsigned long arg)
  {
         struct fscrypt_policy policy;
         struct inode *inode = file_inode(filp);
-       int ret;
  
         if (copy_from_user(&policy, (struct fscrypt_policy __user *)arg,
                                                         sizeof(policy)))
                 return -EFAULT;
  
-       ret = mnt_want_write_file(filp);
-       if (ret)
-               return ret;
-
         f2fs_update_time(F2FS_I_SB(inode), REQ_TIME);
-       ret = fscrypt_process_policy(inode, &policy);
  
-       mnt_drop_write_file(filp);
-       return ret;
+       return fscrypt_process_policy(filp, &policy);
  }
  
  static int f2fs_ioc_get_encryption_policy(struct file *filp, unsigned long arg)
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h

index cfa6cde..76cff18 100644 (file)
--- a/include/linux/fscrypto.h
+++ b/include/linux/fscrypto.h
@@ -274,8 +274,7 @@ extern void fscrypt_restore_control_page(struct page *);
  extern int fscrypt_zeroout_range(struct inode *, pgoff_t, sector_t,
                                                 unsigned int);
  /* policy.c */
-extern int fscrypt_process_policy(struct inode *,
-                                       const struct fscrypt_policy *);
+extern int fscrypt_process_policy(struct file *, const struct fscrypt_policy *);
  extern int fscrypt_get_policy(struct inode *, struct fscrypt_policy *);
  extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
  extern int fscrypt_inherit_context(struct inode *, struct inode *,
@@ -345,7 +344,7 @@ static inline int fscrypt_notsupp_zeroout_range(struct inode *i, pgoff_t p,
  }
  
  /* policy.c */
-static inline int fscrypt_notsupp_process_policy(struct inode *i,
+static inline int fscrypt_notsupp_process_policy(struct file *f,
                                 const struct fscrypt_policy *p)
  {
         return -EOPNOTSUPP;
author	Eric Biggers <ebiggers@google.com>
	Thu, 8 Sep 2016 21:20:38 +0000 (14:20 -0700)
committer	Theodore Ts'o <tytso@mit.edu>
	Sat, 10 Sep 2016 05:18:57 +0000 (01:18 -0400)
fs/crypto/policy.c		patch \| blob \| history
fs/ext4/ioctl.c		patch \| blob \| history
fs/f2fs/file.c		patch \| blob \| history
include/linux/fscrypto.h		patch \| blob \| history