| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220418135957.12056-6-lhenriques@suse.de>
Date: Mon, 18 Apr 2022 14:59:57 +0100
From: Luís Henriques <lhenriques@...e.de>
To: Jeff Layton <jlayton@...nel.org>, Xiubo Li <xiubli@...hat.com>,
Ilya Dryomov <idryomov@...il.com>
Cc: ceph-devel@...r.kernel.org, linux-kernel@...r.kernel.org,
Luís Henriques <lhenriques@...e.de>
Subject: [PATCH v5 5/5] ceph: prevent snapshots to be created in encrypted locked directories
With snapshot names encryption we can not allow snapshots to be created in
locked directories because the names wouldn't be encrypted. This patch
forces the directory to be unlocked to allow a snapshot to be created.
Signed-off-by: Luís Henriques <lhenriques@...e.de>
---
fs/ceph/dir.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index f48f1ff20927..44b7114ca267 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -1071,6 +1071,11 @@ static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
err = -EDQUOT;
goto out;
}
+ if ((op == CEPH_MDS_OP_MKSNAP) && IS_ENCRYPTED(dir) &&
+ !fscrypt_has_encryption_key(dir)) {
+ err = -ENOKEY;
+ goto out;
+ }
req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);
Powered by blists - more mailing lists