diff options
| author | Eric Biggers <ebiggers@google.com> | 2016-10-15 09:48:50 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2016-10-15 09:48:50 -0400 |
| commit | 8906a8223ad4909b391c5628f7991ebceda30e52 (patch) | |
| tree | 4ca39c9588486d5ad61c02669461e3555e46491b | |
| parent | 199625098a18a5522b424dea9b122b254c022fc5 (diff) | |
| download | linux-stable-8906a8223ad4909b391c5628f7991ebceda30e52.tar.gz linux-stable-8906a8223ad4909b391c5628f7991ebceda30e52.tar.bz2 linux-stable-8906a8223ad4909b391c5628f7991ebceda30e52.zip | |
fscrypto: lock inode while setting encryption policy
i_rwsem needs to be acquired while setting an encryption policy so that
concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly
serialized (especially the ->get_context() + ->set_context() pair), and
so that new files cannot be created in the directory during or after the
->empty_dir() check.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Richard Weinberger <richard@nod.at>
Cc: stable@vger.kernel.org
| -rw-r--r-- | fs/crypto/policy.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index ed115acb5dee..6865663aac69 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -109,6 +109,8 @@ int fscrypt_process_policy(struct file *filp, if (ret) return ret; + inode_lock(inode); + if (!inode_has_encryption_context(inode)) { if (!S_ISDIR(inode->i_mode)) ret = -EINVAL; @@ -127,6 +129,8 @@ int fscrypt_process_policy(struct file *filp, ret = -EINVAL; } + inode_unlock(inode); + mnt_drop_write_file(filp); return ret; } |