From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Eric Biggers <ebiggers@google.com>
Subject: [PATCH 4.19 05/29] ubifs: prevent creating duplicate encrypted filenames
Date: Tue, 5 Jan 2021 10:28:51 +0100 [thread overview]
Message-ID: <20210105090819.190734774@linuxfoundation.org> (raw)
In-Reply-To: <20210105090818.518271884@linuxfoundation.org>
From: Eric Biggers <ebiggers@google.com>
commit 76786a0f083473de31678bdb259a3d4167cf756d upstream.
As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to
create a duplicate filename in an encrypted directory by creating a file
concurrently with adding the directory's encryption key.
Fix this bug on ubifs by rejecting no-key dentries in ubifs_create(),
ubifs_mkdir(), ubifs_mknod(), and ubifs_symlink().
Note that ubifs doesn't actually report the duplicate filenames from
readdir, but rather it seems to replace the original dentry with a new
one (which is still wrong, just a different effect from ext4).
On ubifs, this fixes xfstest generic/595 as well as the new xfstest I
wrote specifically for this bug.
Fixes: f4f61d2cc6d8 ("ubifs: Implement encrypted filenames")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20201118075609.120337-5-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -290,6 +290,15 @@ done:
return d_splice_alias(inode, dentry);
}
+static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
+ struct fscrypt_name *nm)
+{
+ if (fscrypt_is_nokey_name(dentry))
+ return -ENOKEY;
+
+ return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
+}
+
static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
bool excl)
{
@@ -313,7 +322,7 @@ static int ubifs_create(struct inode *di
if (err)
return err;
- err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+ err = ubifs_prepare_create(dir, dentry, &nm);
if (err)
goto out_budg;
@@ -977,7 +986,7 @@ static int ubifs_mkdir(struct inode *dir
if (err)
return err;
- err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+ err = ubifs_prepare_create(dir, dentry, &nm);
if (err)
goto out_budg;
@@ -1062,7 +1071,7 @@ static int ubifs_mknod(struct inode *dir
return err;
}
- err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+ err = ubifs_prepare_create(dir, dentry, &nm);
if (err) {
kfree(dev);
goto out_budg;
@@ -1146,7 +1155,7 @@ static int ubifs_symlink(struct inode *d
if (err)
return err;
- err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
+ err = ubifs_prepare_create(dir, dentry, &nm);
if (err)
goto out_budg;
next prev parent reply other threads:[~2021-01-05 9:30 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-05 9:28 [PATCH 4.19 00/29] 4.19.165-rc2 review Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 01/29] md/raid10: initialize r10_bio->read_slot before use Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 02/29] fscrypt: add fscrypt_is_nokey_name() Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 03/29] ext4: prevent creating duplicate encrypted filenames Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 04/29] f2fs: " Greg Kroah-Hartman
2021-01-05 9:28 ` Greg Kroah-Hartman [this message]
2021-01-05 9:28 ` [PATCH 4.19 06/29] vfio/pci: Move dummy_resources_list init in vfio_pci_probe() Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 07/29] ext4: dont remount read-only with errors=continue on reboot Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 08/29] uapi: move constants from <linux/kernel.h> to <linux/const.h> Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 09/29] KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 10/29] KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 11/29] powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 12/29] xen/gntdev.c: Mark pages as dirty Greg Kroah-Hartman
2021-01-05 9:28 ` [PATCH 4.19 13/29] null_blk: Fix zone size initialization Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 14/29] of: fix linker-section match-table corruption Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 15/29] Bluetooth: hci_h5: close serdev device and free hu in h5_close Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 16/29] reiserfs: add check for an invalid ih_entry_count Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 17/29] misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 18/29] media: gp8psk: initialize stats at power control logic Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 19/29] ALSA: seq: Use bool for snd_seq_queue internal flags Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 20/29] ALSA: rawmidi: Access runtime->avail always in spinlock Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 21/29] fcntl: Fix potential deadlock in send_sig{io, urg}() Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 22/29] rtc: sun6i: Fix memleak in sun6i_rtc_clk_init Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 23/29] module: set MODULE_STATE_GOING state when a module fails to load Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 24/29] quota: Dont overflow quota file offsets Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 25/29] powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 26/29] NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 27/29] module: delay kobject uevent until after module init call Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 28/29] ALSA: pcm: Clear the full allocated memory at hw_params Greg Kroah-Hartman
2021-01-05 9:29 ` [PATCH 4.19 29/29] dm verity: skip verity work if I/O error when system is shutting down Greg Kroah-Hartman
2021-01-05 10:12 ` [PATCH 4.19 00/29] 4.19.165-rc2 review Pavel Machek
2021-01-06 13:46 ` Greg Kroah-Hartman
2021-01-05 11:08 ` Jon Hunter
2021-01-06 13:46 ` Greg Kroah-Hartman
2021-01-05 18:16 ` Guenter Roeck
2021-01-06 13:45 ` Greg Kroah-Hartman
2021-01-05 22:29 ` Daniel Díaz
2021-01-06 13:45 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210105090819.190734774@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox