From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: david@sigma-star.at, tytso@mit.edu, dedekind1@gmail.com,
ebiggers@google.com, mhalcrow@google.com,
adrian.hunter@intel.com, linux-kernel@vger.kernel.org,
hch@infradead.org, linux-fsdevel@vger.kernel.org,
jaegeuk@kernel.org, dengler@linutronix.de, sbabic@denx.de,
wd@denx.de, Richard Weinberger <richard@nod.at>
Subject: [PATCH 11/24] ubifs: Enforce crypto policy in mmap
Date: Thu, 1 Dec 2016 22:20:58 +0100 [thread overview]
Message-ID: <1480627271-10441-12-git-send-email-richard@nod.at> (raw)
In-Reply-To: <1480627271-10441-1-git-send-email-richard@nod.at>
We need this extra check in mmap because a process could
gain an already opened fd.
Signed-off-by: Richard Weinberger <richard@nod.at>
---
fs/ubifs/file.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index a9c5cc6c0bc5..60e789a9cac8 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = {
static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
{
int err;
+ struct inode *inode = file->f_mapping->host;
+
+ if (ubifs_crypt_is_encrypted(inode)) {
+ err = fscrypt_get_encryption_info(inode);
+ if (err)
+ return -EACCES;
+ if (!fscrypt_has_encryption_key(inode))
+ return -ENOKEY;
+ }
err = generic_file_mmap(file, vma);
if (err)
--
2.7.3
next prev parent reply other threads:[~2016-12-01 21:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-01 21:20 [PATCH 00/24] UBIFS File Encryption v2 Richard Weinberger
2016-12-01 21:20 ` [PATCH 01/24] ubifs: Export ubifs_check_dir_empty() Richard Weinberger
2016-12-01 21:20 ` [PATCH 02/24] ubifs: Export xattr get and set functions Richard Weinberger
2016-12-01 21:20 ` [PATCH 03/24] ubifs: Define UBIFS crypto context xattr Richard Weinberger
2016-12-01 21:20 ` [PATCH 04/24] ubifs: Add skeleton for fscrypto Richard Weinberger
2016-12-01 21:20 ` [PATCH 05/24] ubifs: Massage ubifs_listxattr() for encryption context Richard Weinberger
2016-12-01 21:20 ` [PATCH 06/24] ubifs: Implement directory open operation Richard Weinberger
2016-12-01 21:20 ` [PATCH 07/24] ubifs: Implement file " Richard Weinberger
2016-12-01 21:20 ` [PATCH 08/24] ubifs: Enforce crypto policy in ->link and ->rename Richard Weinberger
2016-12-01 21:20 ` [PATCH 09/24] ubifs: Preload crypto context in ->lookup() Richard Weinberger
2016-12-01 21:20 ` [PATCH 10/24] ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto Richard Weinberger
2016-12-01 21:20 ` Richard Weinberger [this message]
2016-12-01 21:20 ` [PATCH 12/24] ubifs: Introduce new data node field, compr_size Richard Weinberger
2016-12-01 21:21 ` [PATCH 13/24] ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() Richard Weinberger
2016-12-01 21:21 ` [PATCH 14/24] ubifs: Implement encrypt/decrypt for all IO Richard Weinberger
2016-12-01 21:21 ` [PATCH 15/24] ubifs: Relax checks in ubifs_validate_entry() Richard Weinberger
2016-12-01 21:21 ` [PATCH 16/24] ubifs: Make r5 hash binary string aware Richard Weinberger
2016-12-01 21:21 ` [PATCH 17/24] ubifs: Implement encrypted filenames Richard Weinberger
2016-12-01 21:21 ` [PATCH 18/24] ubifs: Add support for encrypted symlinks Richard Weinberger
2016-12-01 21:21 ` [PATCH 19/24] ubifs: Rename tnc_read_node_nm Richard Weinberger
2016-12-01 21:21 ` [PATCH 20/24] ubifs: Add full hash lookup support Richard Weinberger
2016-12-01 21:21 ` [PATCH 21/24] ubifs: Use a random number for cookies Richard Weinberger
2016-12-01 21:21 ` [PATCH 22/24] ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2016-12-01 21:21 ` [PATCH 23/24] ubifs: Implement UBIFS_FLG_ENCRYPTION Richard Weinberger
2016-12-01 21:21 ` [PATCH 24/24] ubifs: Raise write version to 5 Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1480627271-10441-12-git-send-email-richard@nod.at \
--to=richard@nod.at \
--cc=adrian.hunter@intel.com \
--cc=david@sigma-star.at \
--cc=dedekind1@gmail.com \
--cc=dengler@linutronix.de \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=sbabic@denx.de \
--cc=tytso@mit.edu \
--cc=wd@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).