diff options
| author |   Eric Biggers <ebiggers@google.com> | 2019-03-20 11:39:11 -0700 |
|---|---|---|
| committer |   Theodore Ts'o <tytso@mit.edu> | 2019-04-17 10:05:51 -0400 |
| commit | 0bf3d5c1604ecbbd4e49e9f5b3c79152b87adb0d (patch) | |
| tree | 97a5f5cedec9b310490df829e03997036869c9fa /include/linux/fscrypt.h | |
| parent | fscrypt: fix race allowing rename() and link() of ciphertext dentries (diff) | |
| download | wireguard-linux-0bf3d5c1604ecbbd4e49e9f5b3c79152b87adb0d.tar.xz wireguard-linux-0bf3d5c1604ecbbd4e49e9f5b3c79152b87adb0d.zip | |
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
Make __d_move() clear DCACHE_ENCRYPTED_NAME on the source dentry. This
is needed for when d_splice_alias() moves a directory's encrypted alias
to its decrypted alias as a result of the encryption key being added.
Otherwise, the decrypted alias will incorrectly be invalidated on the
next lookup, causing problems such as unmounting a mount the user just
mount()ed there.
Note that we don't have to support arbitrary moves of this flag because
fscrypt doesn't allow dentries with DCACHE_ENCRYPTED_NAME to be the
source or target of a rename().
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'include/linux/fscrypt.h')
| -rw-r--r-- | include/linux/fscrypt.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 855f743c226e..76c518f1e4c7 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -89,6 +89,18 @@ static inline bool fscrypt_dummy_context_enabled(struct inode *inode) inode->i_sb->s_cop->dummy_context(inode); } +/* + * When d_splice_alias() moves a directory's encrypted alias to its decrypted + * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME + * must be cleared. Note that we don't have to support arbitrary moves of this + * flag because fscrypt doesn't allow encrypted aliases to be the source or + * target of a rename(). + */ +static inline void fscrypt_handle_d_move(struct dentry *dentry) +{ + dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; +} + /* crypto.c */ extern void fscrypt_enqueue_decrypt_work(struct work_struct *); extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t); @@ -244,6 +256,10 @@ static inline bool fscrypt_dummy_context_enabled(struct inode *inode) return false; } +static inline void fscrypt_handle_d_move(struct dentry *dentry) +{ +} + /* crypto.c */ static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) { |