Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 8f39850dffa9cba0f6920ff907710bcddc7f2a26
commit8f39850dffa9cba0f6920ff907710bcddc7f2a26[log] [tgz]
authorEric Biggers <ebiggers@google.com>Thu Sep 15 13:32:11 2016 -0400
committerTheodore Ts'o <tytso@mit.edu>Thu Sep 15 13:32:11 2016 -0400
tree981f9f701c25c4bf160fae1101476a5f516f5a03
parentdcce7a46c6f28f41447272fb44348ead8f584573 [diff]
fscrypto: improved validation when loading inode encryption metadata

- Validate fscrypt_context.format and fscrypt_context.flags.  If
  unrecognized values are set, then the kernel may not know how to
  interpret the encrypted file, so it should fail the operation.

- Validate that AES_256_XTS is used for contents and that AES_256_CTS is
  used for filenames.  It was previously possible for the kernel to
  accept these reversed, though it would have taken manual editing of
  the block device.  This was not intended.

- Fail cleanly rather than BUG()-ing if a file has an unexpected type.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2 files changed
tree: 981f9f701c25c4bf160fae1101476a5f516f5a03
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS