| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Mar 2022 11:30:57 -0400
From: Jeff Layton <jlayton@...nel.org>
To: ceph-devel@...r.kernel.org
Cc: xiubli@...hat.com, idryomov@...il.com, lhenriques@...e.de,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v12 21/54] ceph: set DCACHE_NOKEY_NAME in atomic open
Atomic open can act as a lookup if handed a dentry that is negative on
the MDS. Ensure that we set DCACHE_NOKEY_NAME on the dentry in
atomic_open, if we don't have the key for the parent. Otherwise, we can
end up validating the dentry inappropriately if someone later adds a
key.
Reviewed-by: Xiubo Li <xiubli@...hat.com>
Reviewed-by: Luís Henriques <lhenriques@...e.de>
Signed-off-by: Jeff Layton <jlayton@...nel.org>
---
fs/ceph/file.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 5832dcea2d8c..f9f7dc4c902d 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -760,6 +760,13 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry,
req->r_args.open.mask = cpu_to_le32(mask);
req->r_parent = dir;
ihold(dir);
+ if (IS_ENCRYPTED(dir)) {
+ if (!fscrypt_has_encryption_key(dir)) {
+ spin_lock(&dentry->d_lock);
+ dentry->d_flags |= DCACHE_NOKEY_NAME;
+ spin_unlock(&dentry->d_lock);
+ }
+ }
if (flags & O_CREAT) {
struct ceph_file_layout lo;
--
2.35.1
Powered by blists - more mailing lists