From d851b82082bdb196505651111606cef7ad6e1b3a Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 20 Mar 2017 11:09:15 +0100 Subject: [PATCH] 4.4-stable patches added patches: fscrypt-fix-renaming-and-linking-special-files.patch fscrypto-lock-inode-while-setting-encryption-policy.patch --- ...x-renaming-and-linking-special-files.patch | 62 ++++++++++++++++++ ...node-while-setting-encryption-policy.patch | 65 +++++++++++++++++++ queue-4.4/series | 2 + 3 files changed, 129 insertions(+) create mode 100644 queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch create mode 100644 queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch diff --git a/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch b/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch new file mode 100644 index 00000000000..0d268ac4300 --- /dev/null +++ b/queue-4.4/fscrypt-fix-renaming-and-linking-special-files.patch @@ -0,0 +1,62 @@ +From 42d97eb0ade31e1bc537d086842f5d6e766d9d51 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 19 Dec 2016 14:20:13 -0800 +Subject: fscrypt: fix renaming and linking special files + +From: Eric Biggers + +commit 42d97eb0ade31e1bc537d086842f5d6e766d9d51 upstream. + +Attempting to link a device node, named pipe, or socket file into an +encrypted directory through rename(2) or link(2) always failed with +EPERM. This happened because fscrypt_has_permitted_context() saw that +the file was unencrypted and forbid creating the link. This behavior +was unexpected because such files are never encrypted; only regular +files, directories, and symlinks can be encrypted. + +To fix this, make fscrypt_has_permitted_context() always return true on +special files. + +This will be covered by a test in my encryption xfstests patchset. + +Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support") +Signed-off-by: Eric Biggers +Reviewed-by: Richard Weinberger +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/ext4/crypto_policy.c | 6 ++++++ + fs/f2fs/crypto_policy.c | 5 +++++ + 2 files changed, 11 insertions(+) + +--- a/fs/ext4/crypto_policy.c ++++ b/fs/ext4/crypto_policy.c +@@ -156,6 +156,12 @@ int ext4_is_child_context_consistent_wit + WARN_ON(1); /* Should never happen */ + return 0; + } ++ ++ /* No restrictions on file types which are never encrypted */ ++ if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && ++ !S_ISLNK(child->i_mode)) ++ return 1; ++ + /* no restrictions if the parent directory is not encrypted */ + if (!ext4_encrypted_inode(parent)) + return 1; +--- a/fs/f2fs/crypto_policy.c ++++ b/fs/f2fs/crypto_policy.c +@@ -149,6 +149,11 @@ int f2fs_is_child_context_consistent_wit + BUG_ON(1); + } + ++ /* No restrictions on file types which are never encrypted */ ++ if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && ++ !S_ISLNK(child->i_mode)) ++ return 1; ++ + /* no restrictions if the parent directory is not encrypted */ + if (!f2fs_encrypted_inode(parent)) + return 1; diff --git a/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch b/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch new file mode 100644 index 00000000000..ce227e6f443 --- /dev/null +++ b/queue-4.4/fscrypto-lock-inode-while-setting-encryption-policy.patch @@ -0,0 +1,65 @@ +From 8906a8223ad4909b391c5628f7991ebceda30e52 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sat, 15 Oct 2016 09:48:50 -0400 +Subject: fscrypto: lock inode while setting encryption policy + +From: Eric Biggers + +commit 8906a8223ad4909b391c5628f7991ebceda30e52 upstream. + +i_rwsem needs to be acquired while setting an encryption policy so that +concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly +serialized (especially the ->get_context() + ->set_context() pair), and +so that new files cannot be created in the directory during or after the +->empty_dir() check. + +Signed-off-by: Eric Biggers +Signed-off-by: Theodore Ts'o +Reviewed-by: Richard Weinberger +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/ext4/ioctl.c | 4 ++++ + fs/f2fs/file.c | 9 ++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -633,8 +633,12 @@ resizefs_out: + if (err) + goto encryption_policy_out; + ++ mutex_lock(&inode->i_mutex); ++ + err = ext4_process_policy(&policy, inode); + ++ mutex_unlock(&inode->i_mutex); ++ + mnt_drop_write_file(filp); + encryption_policy_out: + return err; +--- a/fs/f2fs/file.c ++++ b/fs/f2fs/file.c +@@ -1535,12 +1535,19 @@ static int f2fs_ioc_set_encryption_polic + #ifdef CONFIG_F2FS_FS_ENCRYPTION + struct f2fs_encryption_policy policy; + struct inode *inode = file_inode(filp); ++ int err; + + if (copy_from_user(&policy, (struct f2fs_encryption_policy __user *)arg, + sizeof(policy))) + return -EFAULT; + +- return f2fs_process_policy(&policy, inode); ++ mutex_lock(&inode->i_mutex); ++ ++ err = f2fs_process_policy(&policy, inode); ++ ++ mutex_unlock(&inode->i_mutex); ++ ++ return err; + #else + return -EOPNOTSUPP; + #endif diff --git a/queue-4.4/series b/queue-4.4/series index 13315f88449..1e86fbb11c8 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -20,3 +20,5 @@ bridge-drop-netfilter-fake-rtable-unconditionally.patch dccp-tcp-fix-routing-redirect-race.patch dccp-fix-memory-leak-during-tear-down-of-unsuccessful-connection-request.patch net-sched-actions-decrement-module-reference-count-after-table-flush.patch +fscrypt-fix-renaming-and-linking-special-files.patch +fscrypto-lock-inode-while-setting-encryption-policy.patch -- 2.47.3