From a877fd2c4a9f301606ba7c5f3cf5d84289999d57 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 1 Dec 2016 11:56:42 -0500 Subject: [PATCH] add patch disable-pwsalt-ioctl-when-encryption-disabled-by-config --- ...pwsalt-ioctl-when-encryption-disabled-by-config | 65 ++++++++++++++++++++++ series | 1 + timestamps | 8 ++- 3 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 disable-pwsalt-ioctl-when-encryption-disabled-by-config diff --git a/disable-pwsalt-ioctl-when-encryption-disabled-by-config b/disable-pwsalt-ioctl-when-encryption-disabled-by-config new file mode 100644 index 00000000..34f7c4aa --- /dev/null +++ b/disable-pwsalt-ioctl-when-encryption-disabled-by-config @@ -0,0 +1,65 @@ +ext4: disable pwsalt ioctl when encryption disabled by config + +From: Eric Biggers + +On a CONFIG_EXT4_FS_ENCRYPTION=n kernel, the ioctls to get and set +encryption policies were disabled but EXT4_IOC_GET_ENCRYPTION_PWSALT was +not. But there's no good reason to expose the pwsalt ioctl if the +kernel doesn't support encryption. The pwsalt ioctl was also disabled +pre-4.8 (via ext4_sb_has_crypto() previously returning 0 when encryption +was disabled by config) and seems to have been enabled by mistake when +ext4 encryption was refactored to use fs/crypto/. So let's disable it +again. + +Signed-off-by: Eric Biggers +Signed-off-by: Theodore Ts'o +--- + fs/ext4/ioctl.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c +index a0db5d9..a8957d9 100644 +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -191,6 +191,7 @@ static long swap_inode_boot_loader(struct super_block *sb, + return err; + } + ++#ifdef CONFIG_EXT4_FS_ENCRYPTION + static int uuid_is_zero(__u8 u[16]) + { + int i; +@@ -200,6 +201,7 @@ static int uuid_is_zero(__u8 u[16]) + return 0; + return 1; + } ++#endif + + static int ext4_ioctl_setflags(struct inode *inode, + unsigned int flags) +@@ -782,6 +784,7 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + #endif + } + case EXT4_IOC_GET_ENCRYPTION_PWSALT: { ++#ifdef CONFIG_EXT4_FS_ENCRYPTION + int err, err2; + struct ext4_sb_info *sbi = EXT4_SB(sb); + handle_t *handle; +@@ -816,6 +819,9 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + sbi->s_es->s_encrypt_pw_salt, 16)) + return -EFAULT; + return 0; ++#else ++ return -EOPNOTSUPP; ++#endif + } + case EXT4_IOC_GET_ENCRYPTION_POLICY: { + #ifdef CONFIG_EXT4_FS_ENCRYPTION +-- +2.8.0.rc3.226.g39d4020 + +-- +To unsubscribe from this list: send the line "unsubscribe linux-ext4" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html + diff --git a/series b/series index 37cf01fa..1c83b99e 100644 --- a/series +++ b/series @@ -43,6 +43,7 @@ be-more-strict-when-verifying-flags-set-via-SETFLAGS-ioctls warn-when-page-is-dirtied-without-buffers fix-inode-checksum-calculation-if-i_extra_size-is-too-small get-rid-of-ext4_sb_has_crypto +disable-pwsalt-ioctl-when-encryption-disabled-by-config #################################################### # unstable patches diff --git a/timestamps b/timestamps index b7a1fc94..fe20b44a 100755 --- a/timestamps +++ b/timestamps @@ -82,6 +82,8 @@ touch -d @1480435993 add-EXT4_JOURNAL_DATA_FL-and-EXT4_EXTENTS_FL-to-modifiable- touch -d @1480436319 be-more-strict-when-verifying-flags-set-via-SETFLAGS-ioctls touch -d @1480610800 warn-when-page-is-dirtied-without-buffers touch -d @1480610952 fix-inode-checksum-calculation-if-i_extra_size-is-too-small -touch -d @1480611084 series -touch -d @1480611087 status -touch -d @1480611092 timestamps +touch -d @1480611258 get-rid-of-ext4_sb_has_crypto +touch -d @1480611351 disable-pwsalt-ioctl-when-encryption-disabled-by-config +touch -d @1480611384 series +touch -d @1480611389 status +touch -d @1480611394 timestamps -- 2.11.4.GIT