The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable@xxxxxxxxxxxxxxx>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 75d18cd1868c2aee43553723872c35d7908f240f Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers@xxxxxxxxxx> Date: Tue, 17 Nov 2020 23:56:06 -0800 Subject: [PATCH] ext4: prevent creating duplicate encrypted filenames As described in "fscrypt: add fscrypt_is_nokey_name()", it's possible to create a duplicate filename in an encrypted directory by creating a file concurrently with adding the directory's encryption key. Fix this bug on ext4 by rejecting no-key dentries in ext4_add_entry(). Note that the duplicate check in ext4_find_dest_de() sometimes prevented this bug. However in many cases it didn't, since ext4_find_dest_de() doesn't examine every dentry. Fixes: 4461471107b7 ("ext4 crypto: enable filename encryption") Cc: stable@xxxxxxxxxxxxxxx Link: https://lore.kernel.org/r/20201118075609.120337-3-ebiggers@xxxxxxxxxx Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 33509266f5a0..793fc7db9d28 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -2195,6 +2195,9 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, if (!dentry->d_name.len) return -EINVAL; + if (fscrypt_is_nokey_name(dentry)) + return -ENOKEY; + #ifdef CONFIG_UNICODE if (sb_has_strict_encoding(sb) && IS_CASEFOLDED(dir) && sb->s_encoding && utf8_validate(sb->s_encoding, &dentry->d_name))