From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-pg0-f68.google.com ([74.125.83.68]:36472 "EHLO
        mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754818AbdCPWX7 (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 16 Mar 2017 18:23:59 -0400
Received: by mail-pg0-f68.google.com with SMTP id m5so7468654pgk.3
        for <stable@vger.kernel.org>; Thu, 16 Mar 2017 15:23:58 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Eric Biggers <ebiggers@google.com>,
        Theodore Ts'o <tytso@mit.edu>
Subject: [PATCH] fscrypto: lock inode while setting encryption policy
Date: Thu, 16 Mar 2017 15:22:29 -0700
Message-Id: <20170316222229.3285-1-ebiggers3@gmail.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

From: Eric Biggers <ebiggers@google.com>

commit 8906a8223ad4909b391c5628f7991ebceda30e52 upstream.  Please apply
to 4.4-stable; it is already in 4.9-stable.  This is a backport of the
fix to fs/ext4/ and fs/f2fs/ for old kernels.

i_rwsem needs to be acquired while setting an encryption policy so that
concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly
serialized (especially the ->get_context() + ->set_context() pair), and
so that new files cannot be created in the directory during or after the
->empty_dir() check.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Richard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
---
 fs/ext4/ioctl.c | 4 ++++
 fs/f2fs/file.c  | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 1fb12f9c97a6..789e2d6724a9 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -633,8 +633,12 @@ resizefs_out:
 		if (err)
 			goto encryption_policy_out;
 
+		mutex_lock(&inode->i_mutex);
+
 		err = ext4_process_policy(&policy, inode);
 
+		mutex_unlock(&inode->i_mutex);
+
 		mnt_drop_write_file(filp);
 encryption_policy_out:
 		return err;
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index a197215ad52b..4b449d263333 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1535,12 +1535,19 @@ static int f2fs_ioc_set_encryption_policy(struct file *filp, unsigned long arg)
 #ifdef CONFIG_F2FS_FS_ENCRYPTION
 	struct f2fs_encryption_policy policy;
 	struct inode *inode = file_inode(filp);
+	int err;
 
 	if (copy_from_user(&policy, (struct f2fs_encryption_policy __user *)arg,
 				sizeof(policy)))
 		return -EFAULT;
 
-	return f2fs_process_policy(&policy, inode);
+	mutex_lock(&inode->i_mutex);
+
+	err = f2fs_process_policy(&policy, inode);
+
+	mutex_unlock(&inode->i_mutex);
+
+	return err;
 #else
 	return -EOPNOTSUPP;
 #endif
-- 
2.12.0.367.g23dc2f6d3c-goog