Patch "f2fs: don't allow encrypted operations without keys" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 10 Oct 2017 20:16:20 +0200

This is a note to let you know that I've just added the patch titled

    f2fs: don't allow encrypted operations without keys

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     f2fs-don-t-allow-encrypted-operations-without-keys.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 363fa4e078cbdc97a172c19d19dc04b41b52ebc8 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
Date: Wed, 28 Dec 2016 17:31:15 -0800
Subject: f2fs: don't allow encrypted operations without keys

From: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>

commit 363fa4e078cbdc97a172c19d19dc04b41b52ebc8 upstream.

This patch fixes the renaming bug on encrypted filenames, which was pointed by

 (ext4: don't allow encrypted operations without keys)

Cc: Theodore Ts'o <tytso@xxxxxxx>
Reviewed-by: Chao Yu <yuchao0@xxxxxxxxxx>
Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/f2fs/namei.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -597,6 +597,12 @@ static int f2fs_rename(struct inode *old
 	struct f2fs_dir_entry *new_entry;
 	int err = -ENOENT;
 
+	if ((f2fs_encrypted_inode(old_dir) &&
+			!fscrypt_has_encryption_key(old_dir)) ||
+			(f2fs_encrypted_inode(new_dir) &&
+			!fscrypt_has_encryption_key(new_dir)))
+		return -ENOKEY;
+
 	if ((old_dir != new_dir) && f2fs_encrypted_inode(new_dir) &&
 		!f2fs_is_child_context_consistent_with_parent(new_dir,
 							old_inode)) {
@@ -755,6 +761,12 @@ static int f2fs_cross_rename(struct inod
 	int old_nlink = 0, new_nlink = 0;
 	int err = -ENOENT;
 
+	if ((f2fs_encrypted_inode(old_dir) &&
+			!fscrypt_has_encryption_key(old_dir)) ||
+			(f2fs_encrypted_inode(new_dir) &&
+			!fscrypt_has_encryption_key(new_dir)))
+		return -ENOKEY;
+
 	if ((f2fs_encrypted_inode(old_dir) || f2fs_encrypted_inode(new_dir)) &&
 		(old_dir != new_dir) &&
 		(!f2fs_is_child_context_consistent_with_parent(new_dir,


Patches currently in stable-queue which might be from jaegeuk@xxxxxxxxxx are

queue-4.4/f2fs-don-t-allow-encrypted-operations-without-keys.patch






