ext4 crypto: move context consistency check to ext4_file_open() In the case where the per-file key for the directory is cached, but root does not have access to the key needed to derive the per-file key for the files in the directory, we allow the lookup to succeed, so that lstat(2) and unlink(2) can suceed. However, if a program tries to open the file, it will get an ENOKEY error. Signed-off-by: Theodore Ts'o <tytso@mit.edu>

commit: ff978b09f973db0d0597704eba350a994d7729e6 [log] [tgz]
author: Theodore Ts'o <tytso@mit.edu> Mon Feb 08 00:54:26 2016 -0500
committer: Theodore Ts'o <tytso@mit.edu> Mon Feb 08 00:54:26 2016 -0500
tree: 75f1066159641b2e1cc9891a7d6ccd5cb3b29826
parent: 28b4c263961c47da84ed8b5be0b5116bad1133eb [diff] [blame]
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 5de8483..48e4b89 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c

@@ -1603,11 +1603,15 @@
 			return ERR_PTR(-EFSCORRUPTED);
 		}
 		if (!IS_ERR(inode) && ext4_encrypted_inode(dir) &&
-		    (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
-		     S_ISLNK(inode->i_mode)) &&
+		    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
 		    !ext4_is_child_context_consistent_with_parent(dir,
 								  inode)) {
+			int nokey = ext4_encrypted_inode(inode) &&
+				!ext4_encryption_info(inode);
+
 			iput(inode);
+			if (nokey)
+				return ERR_PTR(-ENOKEY);
 			ext4_warning(inode->i_sb,
 				     "Inconsistent encryption contexts: %lu/%lu\n",
 				     (unsigned long) dir->i_ino,
commit	ff978b09f973db0d0597704eba350a994d7729e6	[log] [tgz]
author	Theodore Ts'o <tytso@mit.edu>	Mon Feb 08 00:54:26 2016 -0500
committer	Theodore Ts'o <tytso@mit.edu>	Mon Feb 08 00:54:26 2016 -0500
tree	75f1066159641b2e1cc9891a7d6ccd5cb3b29826
parent	28b4c263961c47da84ed8b5be0b5116bad1133eb [diff] [blame]