diff mbox series

[16/27] lustre: sec: forbid file rename from enc to unencrypted dir

Message ID 1623625897-17706-17-git-send-email-jsimmons@infradead.org (mailing list archive)
State New, archived
Headers show
Series lustre: sync to 2.14.52 | expand

Commit Message

James Simmons June 13, 2021, 11:11 p.m. UTC 
From: Sebastien Buisson <sbuisson@ddn.com>

fscrypt allows renaming an encrypted file from an encrypted directory
into an unencrypted directory. But it leaves the file encrypted,
sitting in an unencrypted directory, which can lead to unexpected
issues.
So just prevent this kind of rename, and adapt sanity-sec test_47
accordingly.

WC-bug-id: https://jira.whamcloud.com/browse/LU-14629
Lustre-commit: 1158386ac9c6a63 ("LU-14629 sec: forbid file rename from enc to unencrypted dir")
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-on: https://review.whamcloud.com/43404
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Signed-off-by: James Simmons <jsimmons@infradead.org>
---
 fs/lustre/llite/namei.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/fs/lustre/llite/namei.c b/fs/lustre/llite/namei.c
index a2f5d8d..43cbfbd 100644
--- a/fs/lustre/llite/namei.c
+++ b/fs/lustre/llite/namei.c
@@ -1792,6 +1792,11 @@  static int ll_rename(struct inode *src, struct dentry *src_dchild,
 	err = fscrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, flags);
 	if (err)
 		return err;
+	/* we prevent an encrypted file from being renamed
+	 * into an unencrypted dir
+	 */
+	if (IS_ENCRYPTED(src) && !IS_ENCRYPTED(tgt))
+		return -EXDEV;
 
 	if (src_dchild->d_inode)
 		mode = src_dchild->d_inode->i_mode;