diff options
author | Eric Biggers <ebiggers@google.com> | 2016-09-08 14:20:38 -0700 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2016-09-10 01:18:57 -0400 |
commit | ba63f23d69a3a10e7e527a02702023da68ef8a6d (patch) | |
tree | ef70ece0179f4d642e0b0b4d5f6aa6cfed7c9e74 /include | |
parent | 002ced4be6429918800ce3e41d5cbc2d7c01822c (diff) | |
download | linux-ba63f23d69a3a10e7e527a02702023da68ef8a6d.tar.gz linux-ba63f23d69a3a10e7e527a02702023da68ef8a6d.tar.bz2 linux-ba63f23d69a3a10e7e527a02702023da68ef8a6d.zip |
fscrypto: require write access to mount to set encryption policy
Since setting an encryption policy requires writing metadata to the
filesystem, it should be guarded by mnt_want_write/mnt_drop_write.
Otherwise, a user could cause a write to a frozen or readonly
filesystem. This was handled correctly by f2fs but not by ext4. Make
fscrypt_process_policy() handle it rather than relying on the filesystem
to get it right.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/fscrypto.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h index cfa6cde25f8e..76cff18bb032 100644 --- a/include/linux/fscrypto.h +++ b/include/linux/fscrypto.h @@ -274,8 +274,7 @@ extern void fscrypt_restore_control_page(struct page *); extern int fscrypt_zeroout_range(struct inode *, pgoff_t, sector_t, unsigned int); /* policy.c */ -extern int fscrypt_process_policy(struct inode *, - const struct fscrypt_policy *); +extern int fscrypt_process_policy(struct file *, const struct fscrypt_policy *); extern int fscrypt_get_policy(struct inode *, struct fscrypt_policy *); extern int fscrypt_has_permitted_context(struct inode *, struct inode *); extern int fscrypt_inherit_context(struct inode *, struct inode *, @@ -345,7 +344,7 @@ static inline int fscrypt_notsupp_zeroout_range(struct inode *i, pgoff_t p, } /* policy.c */ -static inline int fscrypt_notsupp_process_policy(struct inode *i, +static inline int fscrypt_notsupp_process_policy(struct file *f, const struct fscrypt_policy *p) { return -EOPNOTSUPP; |