summaryrefslogtreecommitdiff
path: root/fs/crypto/policy.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2016-10-15 16:48:50 +0300
committerTheodore Ts'o <tytso@mit.edu>2016-10-15 16:48:50 +0300
commit8906a8223ad4909b391c5628f7991ebceda30e52 (patch)
tree4ca39c9588486d5ad61c02669461e3555e46491b /fs/crypto/policy.c
parent199625098a18a5522b424dea9b122b254c022fc5 (diff)
downloadlinux-8906a8223ad4909b391c5628f7991ebceda30e52.tar.xz
fscrypto: lock inode while setting encryption policy
i_rwsem needs to be acquired while setting an encryption policy so that concurrent calls to FS_IOC_SET_ENCRYPTION_POLICY are correctly serialized (especially the ->get_context() + ->set_context() pair), and so that new files cannot be created in the directory during or after the ->empty_dir() check. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Richard Weinberger <richard@nod.at> Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/crypto/policy.c')
-rw-r--r--fs/crypto/policy.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index ed115acb5dee..6865663aac69 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -109,6 +109,8 @@ int fscrypt_process_policy(struct file *filp,
if (ret)
return ret;
+ inode_lock(inode);
+
if (!inode_has_encryption_context(inode)) {
if (!S_ISDIR(inode->i_mode))
ret = -EINVAL;
@@ -127,6 +129,8 @@ int fscrypt_process_policy(struct file *filp,
ret = -EINVAL;
}
+ inode_unlock(inode);
+
mnt_drop_write_file(filp);
return ret;
}