From: Richard Weinberger <richard@nod.at>
Date: Thu, 29 Sep 2016 18:44:05 +0000 (+0200)
Subject: ubifs: Enforce crypto policy in mmap
X-Git-Tag: v4.10-rc1~91^2~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=959c2de2b30bd09582392105889f68a96cb94fa4;p=thirdparty%2Flinux.git

ubifs: Enforce crypto policy in mmap

We need this extra check in mmap because a process could
gain an already opened fd.

Signed-off-by: Richard Weinberger <richard@nod.at>
---

diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index a9c5cc6c0bc58..60e789a9cac85 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = {
 static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
 {
 	int err;
+	struct inode *inode = file->f_mapping->host;
+
+	if (ubifs_crypt_is_encrypted(inode)) {
+		err = fscrypt_get_encryption_info(inode);
+		if (err)
+			return -EACCES;
+		if (!fscrypt_has_encryption_key(inode))
+			return -ENOKEY;
+	}
 
 	err = generic_file_mmap(file, vma);
 	if (err)