The ext4 encryption code is pretty cruddy. So let's make sure that if
the kernel is compiled with CONFIG_EXT4_ENCRYPTION, that an
unprivileged user can't force the kernel into the not-very-hardened
code paths for file systems that don't have the encryption feature
enabled.
>From d4c8c990344c6c7a325c44be34bbe4b46a8789b9 Mon Sep 17 00:00:00 2001
From: Richard Weinberger <richard@xxxxxx>
Date: Fri, 30 Sep 2016 01:49:55 -0400
Subject: [PATCH] ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
[ Upstream commit 9a200d075e5d05be1fcad4547a0f8aee4e2f9a04 ]
...otherwise an user can enable encryption for certain files even
when the filesystem is unable to support it.
Such a case would be a filesystem created by mkfs.ext4's default
settings, 1KiB block size. Ext4 supports encyption only when block size
is equal to PAGE_SIZE.
But this constraint is only checked when the encryption feature flag
is set.
Signed-off-by: Richard Weinberger <richard@xxxxxx>
Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
---
fs/ext4/ioctl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 4196aa567784..0b0a35cef0ff 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -630,6 +630,10 @@ resizefs_out:
struct ext4_encryption_policy policy;
int err = 0;
+ if (!EXT4_HAS_INCOMPAT_FEATURE(sb,
+ EXT4_FEATURE_INCOMPAT_ENCRYPT))
+ return -EOPNOTSUPP;
+
if (copy_from_user(&policy,
(struct ext4_encryption_policy __user *)arg,
sizeof(policy))) {
--
2.11.0.rc0.7.gbe5a750