[PATCH v2 5/5] ubifs: consolidate fscrypt_has_permitted_context() checks

Eric Biggers <ebiggers3@xxxxxxxxx> · Mon, 19 Dec 2016 14:20:16 -0800

From: Eric Biggers <ebiggers@xxxxxxxxxx>

This ports the changes from the corresponding ext4 patch to ubifs.
ubifs was also missing the fscrypt_has_permitted_context() check in
ubifs_lookup(), so add it.

This patch should not be applied before my other two patches:

    fscrypt: fix loophole in one-encryption-policy-per-tree enforcement
    fscrypt: fix renaming and linking special files

Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
 fs/ubifs/dir.c  | 10 ++++++++++
 fs/ubifs/file.c | 20 +-------------------
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 528369f..d346f1e 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -285,6 +285,14 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
 		goto out_dent;
 	}
 
+	if (ubifs_crypt_is_encrypted(dir) &&
+	    !fscrypt_has_permitted_context(dir, inode)) {
+		ubifs_err(c, "Inconsistent encryption contexts: %lu/%lu",
+			  dir->i_ino, inode->i_ino);
+		err = -EPERM;
+		goto out_inode;
+	}
+
 done:
 	kfree(dent);
 	fscrypt_free_filename(&nm);
@@ -295,6 +303,8 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
 	d_add(dentry, inode);
 	return NULL;
 
+out_inode:
+	iput(inode);
 out_dent:
 	kfree(dent);
 out_fname:
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index b0d7837..465a47f 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -1630,30 +1630,12 @@ static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
 
 static int ubifs_file_open(struct inode *inode, struct file *filp)
 {
-	int ret;
-	struct dentry *dir;
-	struct ubifs_info *c = inode->i_sb->s_fs_info;
-
 	if (ubifs_crypt_is_encrypted(inode)) {
-		ret = fscrypt_get_encryption_info(inode);
-		if (ret)
+		if (fscrypt_get_encryption_info(inode))
 			return -EACCES;
 		if (!fscrypt_has_encryption_key(inode))
 			return -ENOKEY;
 	}
-
-	dir = dget_parent(file_dentry(filp));
-	if (ubifs_crypt_is_encrypted(d_inode(dir)) &&
-			!fscrypt_has_permitted_context(d_inode(dir), inode)) {
-		ubifs_err(c, "Inconsistent encryption contexts: %lu/%lu",
-			  (unsigned long) d_inode(dir)->i_ino,
-			  (unsigned long) inode->i_ino);
-		dput(dir);
-		ubifs_ro_mode(c, -EPERM);
-		return -EPERM;
-	}
-	dput(dir);
-
 	return 0;
 }
 
-- 
2.8.0.rc3.226.g39d4020

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






