From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f67.google.com ([74.125.83.67]:36152 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934660AbdDGSBE (ORCPT ); Fri, 7 Apr 2017 14:01:04 -0400 From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, "Theodore Y . Ts'o" , Jaegeuk Kim , Richard Weinberger , Michael Halcrow , Eric Biggers Subject: [PATCH 4/4] ubifs: check for consistent encryption contexts in ubifs_lookup() Date: Fri, 7 Apr 2017 10:58:40 -0700 Message-Id: <20170407175840.95740-5-ebiggers3@gmail.com> In-Reply-To: <20170407175840.95740-1-ebiggers3@gmail.com> References: <20170407175840.95740-1-ebiggers3@gmail.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: From: Eric Biggers As ext4 and f2fs do, ubifs should check for consistent encryption contexts during ->lookup() in an encrypted directory. This protects certain users of filesystem encryption against certain types of offline attacks. Signed-off-by: Eric Biggers --- fs/ubifs/dir.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 30825d882aa9..bbe2b346a94f 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -285,6 +285,15 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, goto out_dent; } + if (ubifs_crypt_is_encrypted(dir) && + (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && + !fscrypt_has_permitted_context(dir, inode)) { + ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu", + dir->i_ino, inode->i_ino); + err = -EPERM; + goto out_inode; + } + done: kfree(dent); fscrypt_free_filename(&nm); @@ -295,6 +304,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, d_add(dentry, inode); return NULL; +out_inode: + iput(inode); out_dent: kfree(dent); out_fname: -- 2.12.2.715.g7642488e1d-goog