This patch tries to catch up with lookup and open policies in ext4.
Signed-off-by: Jaegeuk Kim <jaeg...@kernel.org>
---
fs/f2fs/dir.c | 2 +-
fs/f2fs/file.c | 4 ++++
fs/f2fs/namei.c | 23 +++++++++++++++++++++++
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index f82e28b..479467e 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -855,7 +855,7 @@ static int f2fs_readdir(struct file *file, struct
dir_context *ctx)
if (f2fs_encrypted_inode(inode)) {
err = fscrypt_get_encryption_info(inode);
- if (err)
+ if (err && err != -ENOKEY)
return err;
err = fscrypt_fname_alloc_buffer(inode, F2FS_NAME_LEN, &fstr);
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index f326764..533c2dc 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -441,6 +441,7 @@ static int f2fs_file_mmap(struct file *file, struct
vm_area_struct *vma)
static int f2fs_file_open(struct inode *inode, struct file *filp)
{
int ret = generic_file_open(inode, filp);
+ struct inode *dir = filp->f_path.dentry->d_parent->d_inode;
if (!ret && f2fs_encrypted_inode(inode)) {
ret = fscrypt_get_encryption_info(inode);
@@ -449,6 +450,9 @@ static int f2fs_file_open(struct inode *inode, struct file
*filp)
if (!f2fs_encrypted_inode(inode))
return -ENOKEY;
}
+ if (f2fs_encrypted_inode(dir) &&
+ !fscrypt_has_permitted_context(dir, inode))
+ return -EPERM;
return ret;
}
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 3bddd9f..7b07a47 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -262,6 +262,21 @@ static struct dentry *f2fs_lookup(struct inode *dir,
struct dentry *dentry,
int err = 0;
unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir));
+ if (f2fs_encrypted_inode(dir)) {
+ int res = fscrypt_get_encryption_info(dir);
+
+ /*
+ * DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
+ * created while the directory was encrypted and we
+ * don't have access to the key.
+ */
+ if (fscrypt_has_encryption_key(dir))
+ fscrypt_set_encrypted_dentry(dentry);
+ fscrypt_set_d_op(dentry);
+ if (res && res != -ENOKEY)
+ return ERR_PTR(res);
+ }
+
if (dentry->d_name.len > F2FS_NAME_LEN)
return ERR_PTR(-ENAMETOOLONG);
@@ -288,6 +303,14 @@ static struct dentry *f2fs_lookup(struct inode *dir,
struct dentry *dentry,
if (err)
goto err_out;
}
+ if (!IS_ERR(inode) && f2fs_encrypted_inode(dir) &&
+ (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
+ !fscrypt_has_permitted_context(dir, inode)) {
+ bool nokey = f2fs_encrypted_inode(inode) &&
+ !fscrypt_has_encryption_key(inode);
+ iput(inode);
+ return nokey ? ERR_PTR(-ENOKEY) : ERR_PTR(-EPERM);
+ }
return d_splice_alias(inode, dentry);
err_out:
--
2.6.3
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
