dont-allow-encrypted-rename-ops-without-key

   1 ext4: don't allow encrypted operations without keys
   2
   3 While we allow deletes without the key, the following should not be
   4 permitted:
   5
   6 # cd /vdc/encrypted-dir-without-key
   7 # ls -l
   8 total 4
   9 -rw-r--r-- 1 root root   0 Dec 27 22:35 6,LKNRJsp209FbXoSvJWzB
  10 -rw-r--r-- 1 root root 286 Dec 27 22:35 uRJ5vJh9gE7vcomYMqTAyD
  11 # mv uRJ5vJh9gE7vcomYMqTAyD  6,LKNRJsp209FbXoSvJWzB
  12
  13 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
  14 ---
  15  fs/ext4/namei.c | 12 ++++++++++++
  16  1 file changed, 12 insertions(+)
  17
  18 diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
  19 index eadba919f26b..45a5ba558074 100644
  20 --- a/fs/ext4/namei.c
  21 +++ b/fs/ext4/namei.c
  22 @@ -3525,6 +3525,12 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
  23                         EXT4_I(old_dentry->d_inode)->i_projid)))
  24                 return -EXDEV;
  25
  26 +       if ((ext4_encrypted_inode(old_dir) &&
  27 +            !fscrypt_has_encryption_key(old_dir)) ||
  28 +           (ext4_encrypted_inode(new_dir) &&
  29 +            !fscrypt_has_encryption_key(new_dir)))
  30 +               return -ENOKEY;
  31 +
  32         retval = dquot_initialize(old.dir);
  33         if (retval)
  34                 return retval;
  35 @@ -3725,6 +3731,12 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
  36         int retval;
  37         struct timespec ctime;
  38
  39 +       if ((ext4_encrypted_inode(old_dir) &&
  40 +            !fscrypt_has_encryption_key(old_dir)) ||
  41 +           (ext4_encrypted_inode(new_dir) &&
  42 +            !fscrypt_has_encryption_key(new_dir)))
  43 +               return -ENOKEY;
  44 +
  45         if ((ext4_encrypted_inode(old_dir) ||
  46              ext4_encrypted_inode(new_dir)) &&
  47             (old_dir != new_dir) &&