ext4 crypto: handle unexpected lack of encryption keys
Fix up attempts by users to try to write to a file when they don't
have access to the encryption key.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 875ca6b..ac517f1 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -226,6 +226,8 @@
int err = ext4_get_encryption_info(inode);
if (err)
return 0;
+ if (ext4_encryption_info(inode) == NULL)
+ return -ENOKEY;
}
file_accessed(file);
if (IS_DAX(file_inode(file))) {
@@ -278,6 +280,13 @@
ext4_journal_stop(handle);
}
}
+ if (ext4_encrypted_inode(inode)) {
+ ret = ext4_get_encryption_info(inode);
+ if (ret)
+ return -EACCES;
+ if (ext4_encryption_info(inode) == NULL)
+ return -ENOKEY;
+ }
/*
* Set up the jbd2_inode if we are opening the inode for
* writing and the journal is present
@@ -287,13 +296,7 @@
if (ret < 0)
return ret;
}
- ret = dquot_file_open(inode, filp);
- if (!ret && ext4_encrypted_inode(inode)) {
- ret = ext4_get_encryption_info(inode);
- if (ret)
- ret = -EACCES;
- }
- return ret;
+ return dquot_file_open(inode, filp);
}
/*