diff options
| author | Theodore Ts'o <tytso@google.com> | 2015-06-04 16:41:15 -0400 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-05-27 19:40:05 +0200 |
| commit | 5c6c17f30d85109a1f7b9a388f29a08e2a615daf (patch) | |
| tree | 98b4ad12beae899ed2288f3dc0bcaed619298fef | |
| parent | f486b03542e384e2a5c08f4b65df6e3bda68a82f (diff) | |
| download | android_kernel_m2note-5c6c17f30d85109a1f7b9a388f29a08e2a615daf.tar.gz | |
ext4 crypto: handle unexpected lack of encryption keys
Fix up attempts by users to try to write to a file when they don't
have access to the encryption key.
Change-Id: Iabdd438b26b409eaccf9c847fcf9c3ab52f1959e
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
| -rw-r--r-- | fs/ext4/crypto.c | 3 | ||||
| -rw-r--r-- | fs/ext4/crypto_policy.c | 3 | ||||
| -rw-r--r-- | fs/ext4/file.c | 17 |
3 files changed, 14 insertions, 9 deletions
diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c index acda3157a..e907b6fe8 100644 --- a/fs/ext4/crypto.c +++ b/fs/ext4/crypto.c @@ -104,7 +104,8 @@ struct ext4_crypto_ctx *ext4_get_crypto_ctx(struct inode *inode) unsigned long flags; struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info; - BUG_ON(ci == NULL); + if (ci == NULL) + return ERR_PTR(-ENOKEY); /* * We first try getting the ctx from a free list because in diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c index a1d434d0d..02c4e5df7 100644 --- a/fs/ext4/crypto_policy.c +++ b/fs/ext4/crypto_policy.c @@ -183,7 +183,8 @@ int ext4_inherit_context(struct inode *parent, struct inode *child) if (res < 0) return res; ci = EXT4_I(parent)->i_crypt_info; - BUG_ON(ci == NULL); + if (ci == NULL) + return -ENOKEY; ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1; if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) { diff --git a/fs/ext4/file.c b/fs/ext4/file.c index ed2fd9904..da4370544 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -344,6 +344,8 @@ static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma) int err = ext4_get_encryption_info(inode); if (err) return 0; + if (ext4_encryption_info(inode) == NULL) + return -ENOKEY; } file_accessed(file); vma->vm_ops = &ext4_file_vm_ops; @@ -391,6 +393,13 @@ static int ext4_file_open(struct inode * inode, struct file * filp) ext4_journal_stop(handle); } } + if (ext4_encrypted_inode(inode)) { + ret = ext4_get_encryption_info(inode); + if (ret) + return -EACCES; + if (ext4_encryption_info(inode) == NULL) + return -ENOKEY; + } /* * Set up the jbd2_inode if we are opening the inode for * writing and the journal is present @@ -400,13 +409,7 @@ static int ext4_file_open(struct inode * inode, struct file * filp) if (ret < 0) return ret; } - ret = dquot_file_open(inode, filp); - if (!ret && ext4_encrypted_inode(inode)) { - ret = ext4_get_encryption_info(inode); - if (ret) - ret = -EACCES; - } - return ret; + return dquot_file_open(inode, filp); } /* |