Commit 63136858 authored by Eric Biggers's avatar Eric Biggers Committed by Theodore Ts'o

ext4: require key for truncate(2) of encrypted file

Currently, filesystems allow truncate(2) on an encrypted file without
the encryption key.  However, it's impossible to correctly handle the
case where the size being truncated to is not a multiple of the
filesystem block size, because that would require decrypting the final
block, zeroing the part beyond i_size, then encrypting the block.

As other modifications to encrypted file contents are prohibited without
the key, just prohibit truncate(2) as well, making it fail with ENOKEY.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 66e0aaad
...@@ -5323,6 +5323,14 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr) ...@@ -5323,6 +5323,14 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr)
loff_t oldsize = inode->i_size; loff_t oldsize = inode->i_size;
int shrink = (attr->ia_size <= inode->i_size); int shrink = (attr->ia_size <= inode->i_size);
if (ext4_encrypted_inode(inode)) {
error = fscrypt_get_encryption_info(inode);
if (error)
return error;
if (!fscrypt_has_encryption_key(inode))
return -ENOKEY;
}
if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) { if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment