• Tyler Hicks's avatar
    eCryptfs: don't pass up plaintext names when using filename encryption · d066fd9d
    Tyler Hicks authored
    [ Upstream commit e86281e700cca8a773f9a572fa406adf2784ba5c ]
    
    Both ecryptfs_filldir() and ecryptfs_readlink_lower() use
    ecryptfs_decode_and_decrypt_filename() to translate lower filenames to
    upper filenames. The function correctly passes up lower filenames,
    unchanged, when filename encryption isn't in use. However, it was also
    passing up lower filenames when the filename wasn't encrypted or
    when decryption failed. Since 88ae4ab9, eCryptfs refuses to lookup
    lower plaintext names when filename encryption is enabled so this
    resulted in a situation where userspace would see lower plaintext
    filenames in calls to getdents(2) but then not be able to lookup those
    filenames.
    
    An example of this can be seen when enabling filename encryption on an
    eCryptfs mount at the root directory of an Ext4 filesystem:
    
    $ ls -1i /lower
    12 ECRYPTFS_FNEK_ENCRYPTED.FWYZD8TcW.5FV-TKTEYOHsheiHX9a-w.NURCCYIMjI8pn5BDB9-h3fXwrE--
    11 lost+found
    $ ls -1i /upper
    ls: cannot access '/upper/lost+found': No such file or directory
     ? lost+found
    12 test
    
    With this change, the lower lost+found dentry is ignored:
    
    $ ls -1i /lower
    12 ECRYPTFS_FNEK_ENCRYPTED.FWYZD8TcW.5FV-TKTEYOHsheiHX9a-w.NURCCYIMjI8pn5BDB9-h3fXwrE--
    11 lost+found
    $ ls -1i /upper
    12 test
    
    Additionally, some potentially noisy error/info messages in the related
    code paths are turned into debug messages so that the logs can't be
    easily filled.
    
    Fixes: 88ae4ab9 ("ecryptfs_lookup(): try either only encrypted or plaintext name")
    Reported-by: 's avatarGuenter Roeck <linux@roeck-us.net>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: 's avatarTyler Hicks <tyhicks@canonical.com>
    Signed-off-by: 's avatarSasha Levin <alexander.levin@microsoft.com>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    d066fd9d
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
crypto.c Loading commit data...
debug.c Loading commit data...
dentry.c Loading commit data...
ecryptfs_kernel.h Loading commit data...
file.c Loading commit data...
inode.c Loading commit data...
keystore.c Loading commit data...
kthread.c Loading commit data...
main.c Loading commit data...
messaging.c Loading commit data...
miscdev.c Loading commit data...
mmap.c Loading commit data...
read_write.c Loading commit data...
super.c Loading commit data...