summaryrefslogtreecommitdiffstats
path: root/fs/ubifs/file.c
diff options
context:
space:
mode:
authorRichard Weinberger <richard@nod.at>2016-09-29 20:44:05 +0200
committerRichard Weinberger <richard@nod.at>2016-12-12 23:07:38 +0100
commit959c2de2b30bd09582392105889f68a96cb94fa4 (patch)
tree27766bc06529b2f197bc591e4e176e8d63f7999e /fs/ubifs/file.c
parent700eada82a349f0aeadd43ce4b182b32e4adc5b5 (diff)
downloadlinux-959c2de2b30bd09582392105889f68a96cb94fa4.tar.gz
linux-959c2de2b30bd09582392105889f68a96cb94fa4.tar.bz2
linux-959c2de2b30bd09582392105889f68a96cb94fa4.zip
ubifs: Enforce crypto policy in mmap
We need this extra check in mmap because a process could gain an already opened fd. Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/file.c')
-rw-r--r--fs/ubifs/file.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index a9c5cc6c0bc5..60e789a9cac8 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = {
static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
{
int err;
+ struct inode *inode = file->f_mapping->host;
+
+ if (ubifs_crypt_is_encrypted(inode)) {
+ err = fscrypt_get_encryption_info(inode);
+ if (err)
+ return -EACCES;
+ if (!fscrypt_has_encryption_key(inode))
+ return -ENOKEY;
+ }
err = generic_file_mmap(file, vma);
if (err)