Patch "f2fs: don't allow encrypted operations without keys" has been added to the 4.4-stable tree

Patch "f2fs: don't allow encrypted operations without keys" has been added to the 4.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    f2fs: don't allow encrypted operations without keys

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     f2fs-don-t-allow-encrypted-operations-without-keys.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 363fa4e078cbdc97a172c19d19dc04b41b52ebc8 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Wed, 28 Dec 2016 17:31:15 -0800
Subject: f2fs: don't allow encrypted operations without keys

From: Jaegeuk Kim <jaegeuk@kernel.org>

commit 363fa4e078cbdc97a172c19d19dc04b41b52ebc8 upstream.

This patch fixes the renaming bug on encrypted filenames, which was pointed by

 (ext4: don't allow encrypted operations without keys)

Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/f2fs/namei.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -597,6 +597,12 @@ static int f2fs_rename(struct inode *old
 	struct f2fs_dir_entry *new_entry;
 	int err = -ENOENT;
 
+	if ((f2fs_encrypted_inode(old_dir) &&
+			!fscrypt_has_encryption_key(old_dir)) ||
+			(f2fs_encrypted_inode(new_dir) &&
+			!fscrypt_has_encryption_key(new_dir)))
+		return -ENOKEY;
+
 	if ((old_dir != new_dir) && f2fs_encrypted_inode(new_dir) &&
 		!f2fs_is_child_context_consistent_with_parent(new_dir,
 							old_inode)) {
@@ -755,6 +761,12 @@ static int f2fs_cross_rename(struct inod
 	int old_nlink = 0, new_nlink = 0;
 	int err = -ENOENT;
 
+	if ((f2fs_encrypted_inode(old_dir) &&
+			!fscrypt_has_encryption_key(old_dir)) ||
+			(f2fs_encrypted_inode(new_dir) &&
+			!fscrypt_has_encryption_key(new_dir)))
+		return -ENOKEY;
+
 	if ((f2fs_encrypted_inode(old_dir) || f2fs_encrypted_inode(new_dir)) &&
 		(old_dir != new_dir) &&
 		(!f2fs_is_child_context_consistent_with_parent(new_dir,


Patches currently in stable-queue which might be from jaegeuk@kernel.org are

queue-4.4/f2fs-don-t-allow-encrypted-operations-without-keys.patch

Re: Patch "f2fs: don't allow encrypted operations without keys" has been added to the 4.4-stable tree

[Greg KH]

On Tue, Oct 10, 2017 at 08:16:20PM +0200, gregkh@linuxfoundation.org wrote:
> 
> This is a note to let you know that I've just added the patch titled
> 
>     f2fs: don't allow encrypted operations without keys
> 
> to the 4.4-stable tree which can be found at:
>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> 
> The filename of the patch is:
>      f2fs-don-t-allow-encrypted-operations-without-keys.patch
> and it can be found in the queue-4.4 subdirectory.
> 
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
> 

Nope, breaks the build.

Ted, do you have a working backport for this one?

thanks,

greg k-h