提交 67773a1f 编写于 作者: E Eric Biggers 提交者: Jaegeuk Kim

f2fs: require key for truncate(2) of encrypted file

Currently, filesystems allow truncate(2) on an encrypted file without
the encryption key.  However, it's impossible to correctly handle the
case where the size being truncated to is not a multiple of the
filesystem block size, because that would require decrypting the final
block, zeroing the part beyond i_size, then encrypting the block.

As other modifications to encrypted file contents are prohibited without
the key, just prohibit truncate(2) as well, making it fail with ENOKEY.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Acked-by: NChao Yu <yuchao0@huawei.com>
Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
上级 8ceffcb2
...@@ -710,9 +710,13 @@ int f2fs_setattr(struct dentry *dentry, struct iattr *attr) ...@@ -710,9 +710,13 @@ int f2fs_setattr(struct dentry *dentry, struct iattr *attr)
return err; return err;
if (attr->ia_valid & ATTR_SIZE) { if (attr->ia_valid & ATTR_SIZE) {
if (f2fs_encrypted_inode(inode) && if (f2fs_encrypted_inode(inode)) {
fscrypt_get_encryption_info(inode)) err = fscrypt_get_encryption_info(inode);
return -EACCES; if (err)
return err;
if (!fscrypt_has_encryption_key(inode))
return -ENOKEY;
}
if (attr->ia_size <= i_size_read(inode)) { if (attr->ia_size <= i_size_read(inode)) {
down_write(&F2FS_I(inode)->i_mmap_sem); down_write(&F2FS_I(inode)->i_mmap_sem);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册