From patchwork Sun Jun 13 23:11:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Simmons X-Patchwork-Id: 12317969 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3626DC48BE8 for ; Sun, 13 Jun 2021 23:13:03 +0000 (UTC) Received: from pdx1-mailman02.dreamhost.com (pdx1-mailman02.dreamhost.com [64.90.62.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id ECC0F61363 for ; Sun, 13 Jun 2021 23:13:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ECC0F61363 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lustre-devel-bounces@lists.lustre.org Received: from pdx1-mailman02.dreamhost.com (localhost [IPv6:::1]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id 2877321F763; Sun, 13 Jun 2021 16:12:29 -0700 (PDT) Received: from smtp4.ccs.ornl.gov (smtp4.ccs.ornl.gov [160.91.203.40]) by pdx1-mailman02.dreamhost.com (Postfix) with ESMTP id 288B021EBDE for ; Sun, 13 Jun 2021 16:11:45 -0700 (PDT) Received: from star.ccs.ornl.gov (star.ccs.ornl.gov [160.91.202.134]) by smtp4.ccs.ornl.gov (Postfix) with ESMTP id D1801100B058; Sun, 13 Jun 2021 19:11:38 -0400 (EDT) Received: by star.ccs.ornl.gov (Postfix, from userid 2004) id CF2709C304; Sun, 13 Jun 2021 19:11:38 -0400 (EDT) From: James Simmons To: Andreas Dilger , Oleg Drokin , NeilBrown Date: Sun, 13 Jun 2021 19:11:26 -0400 Message-Id: <1623625897-17706-17-git-send-email-jsimmons@infradead.org> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1623625897-17706-1-git-send-email-jsimmons@infradead.org> References: <1623625897-17706-1-git-send-email-jsimmons@infradead.org> Subject: [lustre-devel] [PATCH 16/27] lustre: sec: forbid file rename from enc to unencrypted dir X-BeenThere: lustre-devel@lists.lustre.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "For discussing Lustre software development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lustre Development List MIME-Version: 1.0 Errors-To: lustre-devel-bounces@lists.lustre.org Sender: "lustre-devel" From: Sebastien Buisson fscrypt allows renaming an encrypted file from an encrypted directory into an unencrypted directory. But it leaves the file encrypted, sitting in an unencrypted directory, which can lead to unexpected issues. So just prevent this kind of rename, and adapt sanity-sec test_47 accordingly. WC-bug-id: https://jira.whamcloud.com/browse/LU-14629 Lustre-commit: 1158386ac9c6a63 ("LU-14629 sec: forbid file rename from enc to unencrypted dir") Signed-off-by: Sebastien Buisson Reviewed-on: https://review.whamcloud.com/43404 Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Signed-off-by: James Simmons --- fs/lustre/llite/namei.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fs/lustre/llite/namei.c b/fs/lustre/llite/namei.c index a2f5d8d..43cbfbd 100644 --- a/fs/lustre/llite/namei.c +++ b/fs/lustre/llite/namei.c @@ -1792,6 +1792,11 @@ static int ll_rename(struct inode *src, struct dentry *src_dchild, err = fscrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, flags); if (err) return err; + /* we prevent an encrypted file from being renamed + * into an unencrypted dir + */ + if (IS_ENCRYPTED(src) && !IS_ENCRYPTED(tgt)) + return -EXDEV; if (src_dchild->d_inode) mode = src_dchild->d_inode->i_mode;