aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJaegeuk Kim <jaegeuk@kernel.org>2016-02-23 09:21:37 -0800
committerMister Oyster <oysterized@gmail.com>2017-04-13 12:33:12 +0200
commit1cc29dbd803898cec3bd2011aa1db4ddb2cf8932 (patch)
tree16c1ea21af68c45af22c9cf5450601fe354d3daf
parent5fae04a05333a3e0d93273a0d3848117b77cd6ec (diff)
f2fs crypto: sync ext4_lookup and ext4_file_open
This patch tries to catch up with lookup and open policies in ext4. Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat
-rw-r--r--fs/f2fs/dir.c2
-rw-r--r--fs/f2fs/file.c4
-rw-r--r--fs/f2fs/namei.c23
3 files changed, 28 insertions, 1 deletions
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 9ceda67ab..9b01d6c49 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -862,7 +862,7 @@ static int f2fs_readdir(struct file *file, void *dirent, filldir_t filldir)
if (f2fs_encrypted_inode(inode)) {
err = fscrypt_get_encryption_info(inode);
- if (err)
+ if (err && err != -ENOKEY)
return err;
err = fscrypt_fname_alloc_buffer(inode, F2FS_NAME_LEN, &fstr);
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index f4498398f..79eda1689 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -460,6 +460,7 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma)
static int f2fs_file_open(struct inode *inode, struct file *filp)
{
int ret = generic_file_open(inode, filp);
+ struct inode *dir = filp->f_path.dentry->d_parent->d_inode;
if (!ret && f2fs_encrypted_inode(inode)) {
ret = fscrypt_get_encryption_info(inode);
@@ -468,6 +469,9 @@ static int f2fs_file_open(struct inode *inode, struct file *filp)
if (!fscrypt_has_encryption_key(inode))
return -ENOKEY;
}
+ if (f2fs_encrypted_inode(dir) &&
+ !fscrypt_has_permitted_context(dir, inode))
+ return -EPERM;
return ret;
}
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 858bad3fb..bc3739769 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -263,6 +263,21 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry,
int err = 0;
unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir));
+ if (f2fs_encrypted_inode(dir)) {
+ int res = fscrypt_get_encryption_info(dir);
+
+ /*
+ * DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
+ * created while the directory was encrypted and we
+ * don't have access to the key.
+ */
+ if (fscrypt_has_encryption_key(dir))
+ fscrypt_set_encrypted_dentry(dentry);
+ fscrypt_set_d_op(dentry);
+ if (res && res != -ENOKEY)
+ return ERR_PTR(res);
+ }
+
if (dentry->d_name.len > F2FS_NAME_LEN)
return ERR_PTR(-ENAMETOOLONG);
@@ -289,6 +304,14 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry,
if (err)
goto err_out;
}
+ if (!IS_ERR(inode) && f2fs_encrypted_inode(dir) &&
+ (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
+ !fscrypt_has_permitted_context(dir, inode)) {
+ bool nokey = f2fs_encrypted_inode(inode) &&
+ !fscrypt_has_encryption_key(inode);
+ iput(inode);
+ return nokey ? ERR_PTR(-ENOKEY) : ERR_PTR(-EPERM);
+ }
return d_splice_alias(inode, dentry);
err_out:
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 18:02:04 +0000