The ext4 encryption code is pretty cruddy. So let's make sure that if the kernel is compiled with CONFIG_EXT4_ENCRYPTION, that an unprivileged user can't force the kernel into the not-very-hardened code paths for file systems that don't have the encryption feature enabled. >From d4c8c990344c6c7a325c44be34bbe4b46a8789b9 Mon Sep 17 00:00:00 2001 From: Richard Weinberger <richard@xxxxxx> Date: Fri, 30 Sep 2016 01:49:55 -0400 Subject: [PATCH] ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY [ Upstream commit 9a200d075e5d05be1fcad4547a0f8aee4e2f9a04 ] ...otherwise an user can enable encryption for certain files even when the filesystem is unable to support it. Such a case would be a filesystem created by mkfs.ext4's default settings, 1KiB block size. Ext4 supports encyption only when block size is equal to PAGE_SIZE. But this constraint is only checked when the encryption feature flag is set. Signed-off-by: Richard Weinberger <richard@xxxxxx> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> --- fs/ext4/ioctl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 4196aa567784..0b0a35cef0ff 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -630,6 +630,10 @@ resizefs_out: struct ext4_encryption_policy policy; int err = 0; + if (!EXT4_HAS_INCOMPAT_FEATURE(sb, + EXT4_FEATURE_INCOMPAT_ENCRYPT)) + return -EOPNOTSUPP; + if (copy_from_user(&policy, (struct ext4_encryption_policy __user *)arg, sizeof(policy))) { -- 2.11.0.rc0.7.gbe5a750