4.4-stable patches

added patches:
	fscrypt-fix-renaming-and-linking-special-files.patch
	fscrypto-lock-inode-while-setting-encryption-policy.patch

diff --git a/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch b/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch
new file mode 100644 (file)
index 0000000..0d268ac
--- /dev/null
+++ b/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch
@@ -0,0 +1,62 @@
+From 42d97eb0ade31e1bc537d086842f5d6e766d9d51 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Mon, 19 Dec 2016 14:20:13 -0800
+Subject: fscrypt: fix renaming and linking special files
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 42d97eb0ade31e1bc537d086842f5d6e766d9d51 upstream.
+
+Attempting to link a device node, named pipe, or socket file into an
+encrypted directory through rename(2) or link(2) always failed with
+EPERM.  This happened because fscrypt_has_permitted_context() saw that
+the file was unencrypted and forbid creating the link.  This behavior
+was unexpected because such files are never encrypted; only regular
+files, directories, and symlinks can be encrypted.
+
+To fix this, make fscrypt_has_permitted_context() always return true on
+special files.
+
+This will be covered by a test in my encryption xfstests patchset.
+
+Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Reviewed-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/ext4/crypto_policy.c |    6 ++++++
+ fs/f2fs/crypto_policy.c |    5 +++++
+ 2 files changed, 11 insertions(+)
+
+--- a/fs/ext4/crypto_policy.c
++++ b/fs/ext4/crypto_policy.c
+@@ -156,6 +156,12 @@ int ext4_is_child_context_consistent_wit
+               WARN_ON(1);     /* Should never happen */
+               return 0;
+       }
++
++      /* No restrictions on file types which are never encrypted */
++      if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
++          !S_ISLNK(child->i_mode))
++              return 1;
++
+       /* no restrictions if the parent directory is not encrypted */
+       if (!ext4_encrypted_inode(parent))
+               return 1;
+--- a/fs/f2fs/crypto_policy.c
++++ b/fs/f2fs/crypto_policy.c
+@@ -149,6 +149,11 @@ int f2fs_is_child_context_consistent_wit
+               BUG_ON(1);
+       }
+ 
++      /* No restrictions on file types which are never encrypted */
++      if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) &&
++          !S_ISLNK(child->i_mode))
++              return 1;
++
+       /* no restrictions if the parent directory is not encrypted */
+       if (!f2fs_encrypted_inode(parent))
+               return 1;

diff --git a/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch b/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch
new file mode 100644 (file)
index 0000000..ce227e6
--- /dev/null
+++ b/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch
@@ -0,0 +1,65 @@
+From 8906a8223ad4909b391c5628f7991ebceda30e52 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sat, 15 Oct 2016 09:48:50 -0400
+Subject: fscrypto: lock inode while setting encryption policy
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 8906a8223ad4909b391c5628f7991ebceda30e52 upstream.
+
+i_rwsem needs to be acquired while setting an encryption policy so that
+concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly
+serialized (especially the ->get_context() + ->set_context() pair), and
+so that new files cannot be created in the directory during or after the
+->empty_dir() check.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Richard Weinberger <richard@nod.at>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ fs/ext4/ioctl.c |    4 ++++
+ fs/f2fs/file.c  |    9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -633,8 +633,12 @@ resizefs_out:
+               if (err)
+                       goto encryption_policy_out;
+ 
++              mutex_lock(&inode->i_mutex);
++
+               err = ext4_process_policy(&policy, inode);
+ 
++              mutex_unlock(&inode->i_mutex);
++
+               mnt_drop_write_file(filp);
+ encryption_policy_out:
+               return err;
+--- a/fs/f2fs/file.c
++++ b/fs/f2fs/file.c
+@@ -1535,12 +1535,19 @@ static int f2fs_ioc_set_encryption_polic
+ #ifdef CONFIG_F2FS_FS_ENCRYPTION
+       struct f2fs_encryption_policy policy;
+       struct inode *inode = file_inode(filp);
++      int err;
+ 
+       if (copy_from_user(&policy, (struct f2fs_encryption_policy __user *)arg,
+                               sizeof(policy)))
+               return -EFAULT;
+ 
+-      return f2fs_process_policy(&policy, inode);
++      mutex_lock(&inode->i_mutex);
++
++      err = f2fs_process_policy(&policy, inode);
++
++      mutex_unlock(&inode->i_mutex);
++
++      return err;
+ #else
+       return -EOPNOTSUPP;
+ #endif

diff --git a/queue-4.4/series b/queue-4.4/series
index 13315f88449a49fc1d0fc5acff55c5e29314c549..1e86fbb11c83d41a394ada712b33932dba4e4430 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -20,3 +20,5 @@ bridge-drop-netfilter-fake-rtable-unconditionally.patch
 dccp-tcp-fix-routing-redirect-race.patch
 dccp-fix-memory-leak-during-tear-down-of-unsuccessful-connection-request.patch
 net-sched-actions-decrement-module-reference-count-after-table-flush.patch
+fscrypt-fix-renaming-and-linking-special-files.patch
+fscrypto-lock-inode-while-setting-encryption-policy.patch