From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Richard Weinberger <richard@nod.at>,
Michael Halcrow <mhalcrow@google.com>,
Eric Biggers <ebiggers@google.com>
Subject: [PATCH 4/4] ubifs: check for consistent encryption contexts in ubifs_lookup()
Date: Fri, 7 Apr 2017 10:58:40 -0700 [thread overview]
Message-ID: <20170407175840.95740-5-ebiggers3@gmail.com> (raw)
In-Reply-To: <20170407175840.95740-1-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
As ext4 and f2fs do, ubifs should check for consistent encryption
contexts during ->lookup() in an encrypted directory. This protects
certain users of filesystem encryption against certain types of offline
attacks.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/ubifs/dir.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 30825d882aa9..bbe2b346a94f 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -285,6 +285,15 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
goto out_dent;
}
+ if (ubifs_crypt_is_encrypted(dir) &&
+ (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
+ !fscrypt_has_permitted_context(dir, inode)) {
+ ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
+ dir->i_ino, inode->i_ino);
+ err = -EPERM;
+ goto out_inode;
+ }
+
done:
kfree(dent);
fscrypt_free_filename(&nm);
@@ -295,6 +304,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
d_add(dentry, inode);
return NULL;
+out_inode:
+ iput(inode);
out_dent:
kfree(dent);
out_fname:
--
2.12.2.715.g7642488e1d-goog
next prev parent reply other threads:[~2017-04-07 18:01 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-07 17:58 [PATCH 0/4] fscrypt context consistency check fixes Eric Biggers
2017-04-07 17:58 ` [PATCH 1/4] fscrypt: fix context consistency check when key(s) unavailable Eric Biggers
2017-04-30 6:17 ` [1/4] " Theodore Ts'o
2017-05-02 17:36 ` Eric Biggers
2017-05-04 15:49 ` Theodore Ts'o
2017-04-07 17:58 ` [PATCH 2/4] ext4: remove "nokey" check from ext4_lookup() Eric Biggers
2017-04-30 6:17 ` [2/4] " Theodore Ts'o
2017-04-07 17:58 ` [PATCH 3/4] f2fs: sync f2fs_lookup() with ext4_lookup() Eric Biggers
2017-04-30 6:18 ` [3/4] " Theodore Ts'o
2017-04-07 17:58 ` Eric Biggers [this message]
2017-04-30 6:18 ` [4/4] ubifs: check for consistent encryption contexts in ubifs_lookup() Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170407175840.95740-5-ebiggers3@gmail.com \
--to=ebiggers3@gmail.com \
--cc=ebiggers@google.com \
--cc=jaegeuk@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mhalcrow@google.com \
--cc=richard@nod.at \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).