Linux-stable-mirror November 2020

linux-stable-mirror@lists.linaro.org

340 participants
1566 discussions

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.154 kernel. All users of the 4.19 kernel series must upgrade. Many thanks to Pavel Machek for pointing out that the last 4.19.y release was "short" a bunch of patches, which results in this "the rest of the series" release. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6sl.dtsi | 2 arch/arm/boot/dts/owl-s500.dtsi | 6 arch/arm/boot/dts/sun8i-r40-bananapi-m2-ultra.dts | 10 - arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/boot/dts/qcom/pm8916.dtsi | 2 arch/arm64/boot/dts/xilinx/zynqmp.dtsi | 4 arch/powerpc/include/asm/tlb.h | 13 - arch/powerpc/kernel/tau_6xx.c | 96 +++------- arch/powerpc/mm/tlb-radix.c | 23 +- arch/powerpc/perf/hv-gpci-requests.h | 6 arch/powerpc/perf/isa207-common.c | 10 + arch/powerpc/platforms/Kconfig | 14 - arch/powerpc/platforms/powernv/opal-dump.c | 41 +++- arch/x86/kvm/emulate.c | 2 block/blk-core.c | 9 drivers/clk/at91/clk-main.c | 11 - drivers/clk/bcm/clk-bcm2835.c | 4 drivers/clk/rockchip/clk-half-divider.c | 2 drivers/cpufreq/powernv-cpufreq.c | 9 drivers/crypto/ccp/ccp-ops.c | 2 drivers/gpu/drm/virtio/virtgpu_kms.c | 2 drivers/gpu/drm/virtio/virtgpu_vq.c | 10 - drivers/i2c/busses/Kconfig | 1 drivers/i2c/i2c-core-acpi.c | 11 + drivers/infiniband/core/cma.c | 84 +++----- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/sw/rdmavt/vt.c | 4 drivers/input/keyboard/ep93xx_keypad.c | 4 drivers/input/keyboard/omap4-keypad.c | 6 drivers/input/keyboard/twl4030_keypad.c | 8 drivers/input/serio/sun4i-ps2.c | 9 drivers/input/touchscreen/imx6ul_tsc.c | 27 +- drivers/input/touchscreen/stmfts.c | 2 drivers/mailbox/mailbox.c | 12 - drivers/media/firewire/firedtv-fw.c | 6 drivers/media/pci/bt8xx/bttv-driver.c | 13 + drivers/media/pci/saa7134/saa7134-tvaudio.c | 3 drivers/media/platform/exynos4-is/fimc-isp.c | 4 drivers/media/platform/exynos4-is/fimc-lite.c | 2 drivers/media/platform/exynos4-is/media-dev.c | 4 drivers/media/platform/exynos4-is/mipi-csis.c | 4 drivers/media/platform/qcom/venus/core.c | 5 drivers/media/platform/s3c-camif/camif-core.c | 5 drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 3 drivers/media/platform/sti/delta/delta-v4l2.c | 4 drivers/media/platform/sti/hva/hva-hw.c | 4 drivers/media/platform/vsp1/vsp1_drv.c | 11 - drivers/media/rc/ati_remote.c | 4 drivers/media/usb/uvc/uvc_v4l2.c | 30 +++ drivers/memory/fsl-corenet-cf.c | 6 drivers/memory/omap-gpmc.c | 8 drivers/misc/cardreader/rtsx_pcr.c | 4 drivers/misc/eeprom/at25.c | 2 drivers/misc/mic/vop/vop_main.c | 2 drivers/misc/mic/vop/vop_vringh.c | 24 +- drivers/mmc/core/sdio_cis.c | 3 drivers/net/can/flexcan.c | 34 ++- drivers/net/ethernet/korina.c | 4 drivers/net/wireless/ath/ath10k/htt_rx.c | 8 drivers/net/wireless/ath/ath9k/hif_usb.c | 19 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 4 drivers/net/wireless/marvell/mwifiex/usb.c | 3 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 10 - drivers/ntb/hw/amd/ntb_hw_amd.c | 1 drivers/nvme/target/core.c | 3 drivers/pci/controller/pcie-iproc-msi.c | 13 - drivers/pwm/pwm-img.c | 3 drivers/rapidio/devices/rio_mport_cdev.c | 18 + drivers/rpmsg/qcom_smd.c | 32 ++- drivers/scsi/ibmvscsi/ibmvfc.c | 1 drivers/scsi/mvumi.c | 1 drivers/scsi/qedi/qedi_fw.c | 23 +- drivers/scsi/qedi/qedi_iscsi.c | 2 drivers/scsi/ufs/ufs-qcom.c | 5 drivers/tty/ipwireless/network.c | 4 drivers/tty/ipwireless/tty.c | 2 drivers/tty/serial/fsl_lpuart.c | 2 drivers/usb/class/cdc-acm.c | 23 ++ drivers/usb/class/cdc-wdm.c | 72 +++++-- drivers/usb/core/urb.c | 89 +++++---- drivers/usb/dwc3/dwc3-of-simple.c | 1 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/function/f_printer.c | 16 + drivers/usb/host/ohci-hcd.c | 16 + drivers/vfio/pci/vfio_pci_intrs.c | 4 drivers/vfio/vfio_iommu_type1.c | 3 drivers/watchdog/sp5100_tco.h | 2 drivers/watchdog/watchdog_dev.c | 6 fs/dlm/config.c | 3 fs/ext4/fsmap.c | 3 fs/f2fs/sysfs.c | 1 fs/ntfs/inode.c | 6 fs/ramfs/file-nommu.c | 2 fs/reiserfs/inode.c | 3 fs/reiserfs/super.c | 8 fs/udf/inode.c | 25 +- fs/udf/super.c | 6 fs/xfs/xfs_rtalloc.c | 11 + include/linux/overflow.h | 1 include/scsi/scsi_common.h | 7 include/trace/events/target.h | 12 - include/uapi/linux/perf_event.h | 2 kernel/debug/kdb/kdb_io.c | 8 kernel/power/hibernate.c | 11 - kernel/sched/core.c | 2 kernel/sched/sched.h | 13 + lib/crc32.c | 2 net/bluetooth/l2cap_sock.c | 7 net/ipv4/ip_gre.c | 15 + net/mac80211/cfg.c | 3 net/mac80211/sta_info.c | 4 net/netfilter/ipvs/ip_vs_ctl.c | 7 net/netfilter/nf_conntrack_proto_tcp.c | 19 + net/netfilter/nf_dup_netdev.c | 1 net/netfilter/nft_fwd_netdev.c | 1 net/sunrpc/auth_gss/svcauth_gss.c | 27 +- net/sunrpc/xprtrdma/svc_rdma_sendto.c | 3 samples/mic/mpssd/mpssd.c | 4 tools/perf/util/intel-pt.c | 8 122 files changed, 808 insertions(+), 450 deletions(-) Abhishek Pandit-Subedi (1): Bluetooth: Only mark socket zapped after unlocking Adam Goode (1): media: uvcvideo: Ensure all probed info is returned to v4l2 Aditya Pakki (1): media: st-delta: Fix reference count leak in delta_run_work Adrian Hunter (1): perf intel-pt: Fix "context_switch event has no tid" error Al Grant (1): perf: correct SNOOPX field offset Alex Williamson (1): vfio/pci: Clear token on bypass registration failure Alexander Aring (1): fs: dlm: fix configfs memory leak Athira Rajeev (1): powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints Brooke Basile (1): ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() Can Guo (1): scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() Chris Chiu (1): rtl8xxxu: prevent potential memory leak Christian Eggers (1): eeprom: at25: set minimum read/write access stride to 1 Christoph Hellwig (1): PM: hibernate: remove the bogus call to get_gendisk() in software_resume() Claudiu Beznea (1): clk: at91: clk-main: update key before writing AT91_CKGR_MOR Colin Ian King (1): IB/rdmavt: Fix sizeof mismatch Cong Wang (1): ip_gre: set dev->hard_header_len and dev->needed_headroom properly Cristian Ciocaltea (1): ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers Dan Aloni (1): svcrdma: fix bounce buffers for unaligned offsets and multiple pages Dan Carpenter (3): rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge() Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() memory: omap-gpmc: Fix a couple off by ones Daniel Thompson (1): kdb: Fix pager search for multi-line strings Darrick J. Wong (2): ext4: limit entries returned when counting fsmap records xfs: make sure the rt allocator doesn't run off the end Dinghao Liu (7): watchdog: Fix memleak in watchdog_cdev_register watchdog: Use put_device on error media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: venus: core: Fix runtime PM imbalance in venus_probe Dirk Behme (1): i2c: rcar: Auto select RESET_CONTROLLER Doug Horn (1): Fix use after free in get_capset_info callback. Eli Billauer (1): usb: core: Solve race condition in anchor cleanup functions Eric Biggers (1): reiserfs: only call unlock_new_inode() if I_NEW Finn Thain (2): powerpc/tau: Check processor type before enabling TAU interrupt powerpc/tau: Disable TAU between measurements Francesco Ruggeri (1): netfilter: conntrack: connection timeout after re-register Greg Kroah-Hartman (1): Linux 4.19.154 Guenter Roeck (1): watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 Hamish Martin (1): usb: ohci: Default to per-port over-current protection Hans de Goede (1): i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs Hauke Mehrtens (1): pwm: img: Fix null pointer access in probe Horia Geantă (1): ARM: dts: imx6sl: fix rng node Jamie Iles (1): f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info Jan Kara (3): udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read reiserfs: Fix memory leak in reiserfs_parse_options() Jason Gunthorpe (2): RDMA/cma: Remove dead code for kernel rdmacm multicast RDMA/cma: Consolidate the destruction of a cma_multicast in one place Jassi Brar (1): mailbox: avoid timer start from callback Jernej Skrabec (1): ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator Jing Xiangfeng (3): rapidio: fix the missed put_device() for rio_mport_add_riodev scsi: mvumi: Fix error return in mvumi_io_attach() scsi: ibmvfc: Fix error return in ibmvfc_probe() Joakim Zhang (1): can: flexcan: flexcan_chip_stop(): add error handling and propagate error value Johan Hovold (1): USB: cdc-acm: handle broken union descriptors Juri Lelli (1): sched/features: Fix !CONFIG_JUMP_LABEL case Kaige Li (1): NTB: hw: amd: fix an issue about leak system resources Kajol Jain (1): powerpc/perf/hv-gpci: Fix starting index value Keita Suzuki (2): misc: rtsx: Fix memory leak in rtsx_pci_probe brcmsmac: fix memory leak in wlc_phy_attach_lcnphy Krzysztof Kozlowski (5): Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error memory: fsl-corenet-cf: Fix handling of platform_get_irq() error Leon Romanovsky (1): overflow: Include header file with SIZE_MAX declaration Lijun Ou (1): RDMA/hns: Set the unsupported wr opcode Lorenzo Colitti (1): usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. Mark Tomlinson (1): PCI: iproc: Set affinity mask on MSI interrupts Martijn de Gouw (1): SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() Matthew Wilcox (Oracle) (1): ramfs: fix nommu mmap with gaps in the page cache Mauro Carvalho Chehab (2): media: saa7134: avoid a shift overflow usb: dwc3: simple: add support for Hikey 970 Michal Simek (1): arm64: dts: zynqmp: Remove additional compatible string for i2c IPs Navid Emamdoost (1): clk: bcm2835: add missing release if devm_clk_hw_register fails Nicholas Piggin (1): powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm Nilesh Javali (2): scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O Oliver Neukum (2): media: ati_remote: sanity check for both endpoints USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). Pablo Neira Ayuso (1): netfilter: nf_fwd_netdev: clear timestamp in forwarding path Pali Rohár (1): mmc: sdio: Check for CISTPL_VERS_1 buffer size Pavel Machek (2): crypto: ccp - fix error handling media: firewire: fix memory leak Peilin Ye (1): ipvs: Fix uninit-value in do_ip_vs_set_ctl() Peng Fan (1): tty: serial: fsl_lpuart: fix lpuart32_poll_get_char Qiushi Wu (4): media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak Robert Hoo (1): KVM: x86: emulating RDPID failure shall return #UD rather than #GP Roman Bolshakov (1): scsi: target: core: Add CONTROL field for trace events Rustam Kovhaev (1): ntfs: add check for mft record size in superblock Sherry Sun (2): mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic Souptick Joarder (1): rapidio: fix error handling path Srikar Dronamraju (1): cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier Stephan Gerhold (2): arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts Stephen Boyd (1): clk: rockchip: Initialize hw to error to avoid undefined behavior Tetsuo Handa (2): block: ratelimit handle_bad_sector() message mwifiex: don't call del_timer_sync() on uninitialized timer Thomas Pedersen (1): mac80211: handle lack of sband->bitrates in rates Tobias Jordan (1): lib/crc32.c: fix trivial typo in preprocessor condition Tong Zhang (1): tty: ipwireless: fix error handling Valentin Vidic (1): net: korina: cast KSEG0 address to pointer in kfree Vasant Hegde (1): powerpc/powernv/dump: Fix race while processing OPAL dump Vincent Mailhol (1): usb: cdc-acm: add quirk to blacklist ETAS ES58X devices Wang Yufen (1): brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach Weihang Li (1): RDMA/hns: Fix missing sq_sig_type when querying QP Xiaolong Huang (1): media: media/pci: prevent memory leak in bttv_probe Xiaoyang Xu (1): vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages YueHaibing (2): Input: stmfts - fix a & vs && typo memory: omap-gpmc: Fix build error without CONFIG_OF Zekun Shen (1): ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() Zqiang (1): usb: gadget: function: printer: fix use-after-free in __lock_acquire zhenwei pi (1): nvmet: fix uninitialized work for zero kato

4 years, 2 months

[PATCH 4.19 0/5] backport some more fscrypt fixes to 4.19

by Eric Biggers

Backport some fscrypt fixes from upstream 5.2 to 4.19-stable. This is needed to get 'kvm-xfstests -c ext4,f2fs,ubifs -g encrypt' to fully pass on 4.19-stable. Before, generic/397 and generic/429 failed on UBIFS due to missing "fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext". This also fixes some bugs that aren't yet covered by the xfstests. E.g., "fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory" fixes a bug that caused real-world problems on Chrome OS. Some relatively straightforward adjustments were needed to the patches, mainly due to the refactoring of fscrypt.h that was done in 5.1. Eric Biggers (5): fscrypt: clean up and improve dentry revalidation fscrypt: fix race allowing rename() and link() of ciphertext dentries fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory fscrypt: only set dentry_operations on ciphertext dentries fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext fs/crypto/crypto.c | 58 +++++++++++++------------ fs/crypto/fname.c | 1 + fs/crypto/hooks.c | 28 ++++++++---- fs/dcache.c | 15 +++++++ fs/ext4/ext4.h | 62 ++++++++++++++++++++------- fs/ext4/namei.c | 76 ++++++++++++++++++++++----------- fs/f2fs/namei.c | 17 +++++--- fs/ubifs/dir.c | 8 ++-- include/linux/dcache.h | 2 +- include/linux/fscrypt.h | 30 +++++++------ include/linux/fscrypt_notsupp.h | 9 ++-- include/linux/fscrypt_supp.h | 6 ++- 12 files changed, 205 insertions(+), 107 deletions(-) -- 2.29.1

4 years, 2 months

[PATCH 4.9 0/2] backport some more fscrypt fixes to 4.9

by Eric Biggers

Backport some fscrypt fixes from 4.10 and 4.11 to 4.9-stable. These will be needed for xfstest generic/395 to pass if https://lkml.kernel.org/fstests/20201031054018.695314-1-ebiggers@kernel.org is applied. These are clean cherry picks. Tested with 'kvm-xfstests -c ext4,f2fs -g encrypt'. Eric Biggers (2): fscrypto: move ioctl processing more fully into common code fscrypt: use EEXIST when file already uses different policy fs/crypto/policy.c | 36 ++++++++++++++++++++++-------------- fs/ext4/ext4.h | 4 ++-- fs/ext4/ioctl.c | 34 +++++----------------------------- fs/f2fs/f2fs.h | 4 ++-- fs/f2fs/file.c | 19 ++----------------- include/linux/fscrypto.h | 12 ++++++------ 6 files changed, 39 insertions(+), 70 deletions(-) -- 2.29.1

4 years, 2 months

[PATCH 4.4] f2fs crypto: avoid unneeded memory allocation in ->readdir

by Eric Biggers

From: Chao Yu <yuchao0(a)huawei.com> commit e06f86e61d7a67fe6e826010f57aa39c674f4b1b upstream. [This backport fixes a regression in 4.4-stable caused by commit 11a6e8f89521 ("f2fs: check memory boundary by insane namelen"), which depended on this missing commit. This bad backport broke f2fs encryption because it moved the incrementing of 'bit_pos' to earlier in f2fs_fill_dentries() without accounting for it being used in the encrypted dir case. This caused readdir() on encrypted directories to start failing. Tested with 'kvm-xfstests -c f2fs -g encrypt'.] When decrypting dirents in ->readdir, fscrypt_fname_disk_to_usr won't change content of original encrypted dirent, we don't need to allocate additional buffer for storing mirror of it, so get rid of it. Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/dir.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e2ff0eb16f89c..c1130914d6ed7 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -820,15 +820,8 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, int save_len = fstr->len; int ret; - de_name.name = kmalloc(de_name.len, GFP_NOFS); - if (!de_name.name) - return false; - - memcpy(de_name.name, d->filename[bit_pos], de_name.len); - ret = f2fs_fname_disk_to_usr(d->inode, &de->hash_code, &de_name, fstr); - kfree(de_name.name); if (ret < 0) return true; -- 2.29.1

4 years, 2 months

[PATCH 4.19] fscrypt: return -EXDEV for incompatible rename or link into encrypted dir

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> commit f5e55e777cc93eae1416f0fa4908e8846b6d7825 upstream. [Please apply to 4.19-stable. This is an important fix to have, and it will be needed for xfstest generic/398 to pass if https://lkml.kernel.org/r/20201031054141.695517-1-ebiggers@kernel.org is applied. This is a clean cherry-pick to 4.19, but it doesn't apply to 4.14 and earlier; different backports would be needed for that.] Currently, trying to rename or link a regular file, directory, or symlink into an encrypted directory fails with EPERM when the source file is unencrypted or is encrypted with a different encryption policy, and is on the same mountpoint. It is correct for the operation to fail, but the choice of EPERM breaks tools like 'mv' that know to copy rather than rename if they see EXDEV, but don't know what to do with EPERM. Our original motivation for EPERM was to encourage users to securely handle their data. Encrypting files by "moving" them into an encrypted directory can be insecure because the unencrypted data may remain in free space on disk, where it can later be recovered by an attacker. It's much better to encrypt the data from the start, or at least try to securely delete the source data e.g. using the 'shred' program. However, the current behavior hasn't been effective at achieving its goal because users tend to be confused, hack around it, and complain; see e.g. https://github.com/google/fscrypt/issues/76. And in some cases it's actually inconsistent or unnecessary. For example, 'mv'-ing files between differently encrypted directories doesn't work even in cases where it can be secure, such as when in userspace the same passphrase protects both directories. Yet, you *can* already 'mv' unencrypted files into an encrypted directory if the source files are on a different mountpoint, even though doing so is often insecure. There are probably better ways to teach users to securely handle their files. For example, the 'fscrypt' userspace tool could provide a command that migrates unencrypted files into an encrypted directory, acting like 'shred' on the source files and providing appropriate warnings depending on the type of the source filesystem and disk. Receiving errors on unimportant files might also force some users to disable encryption, thus making the behavior counterproductive. It's desirable to make encryption as unobtrusive as possible. Therefore, change the error code from EPERM to EXDEV so that tools looking for EXDEV will fall back to a copy. This, of course, doesn't prevent users from still doing the right things to securely manage their files. Note that this also matches the behavior when a file is renamed between two project quota hierarchies; so there's precedent for using EXDEV for things other than mountpoints. xfstests generic/398 will require an update with this change. [Rewritten from an earlier patch series by Michael Halcrow.] Cc: Michael Halcrow <mhalcrow(a)google.com> Cc: Joe Richey <joerichey(a)google.com> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- Documentation/filesystems/fscrypt.rst | 12 ++++++++++-- fs/crypto/hooks.c | 6 +++--- fs/crypto/policy.c | 3 +-- include/linux/fscrypt.h | 4 ++-- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index cfbc18f0d9c98..5b667ee1242ae 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -426,10 +426,18 @@ astute users may notice some differences in behavior: - Unencrypted files, or files encrypted with a different encryption policy (i.e. different key, modes, or flags), cannot be renamed or linked into an encrypted directory; see `Encryption policy - enforcement`_. Attempts to do so will fail with EPERM. However, + enforcement`_. Attempts to do so will fail with EXDEV. However, encrypted files can be renamed within an encrypted directory, or into an unencrypted directory. + Note: "moving" an unencrypted file into an encrypted directory, e.g. + with the `mv` program, is implemented in userspace by a copy + followed by a delete. Be aware that the original unencrypted data + may remain recoverable from free space on the disk; prefer to keep + all files encrypted from the very beginning. The `shred` program + may be used to overwrite the source files but isn't guaranteed to be + effective on all filesystems and storage devices. + - Direct I/O is not supported on encrypted files. Attempts to use direct I/O on such files will fall back to buffered I/O. @@ -516,7 +524,7 @@ not be encrypted. Except for those special files, it is forbidden to have unencrypted files, or files encrypted with a different encryption policy, in an encrypted directory tree. Attempts to link or rename such a file into -an encrypted directory will fail with EPERM. This is also enforced +an encrypted directory will fail with EXDEV. This is also enforced during ->lookup() to provide limited protection against offline attacks that try to disable or downgrade encryption in known locations where applications may later write sensitive data. It is recommended diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 926e5df20ec31..56debb1fcf5eb 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -58,7 +58,7 @@ int __fscrypt_prepare_link(struct inode *inode, struct inode *dir) return err; if (!fscrypt_has_permitted_context(dir, inode)) - return -EPERM; + return -EXDEV; return 0; } @@ -82,13 +82,13 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, if (IS_ENCRYPTED(new_dir) && !fscrypt_has_permitted_context(new_dir, d_inode(old_dentry))) - return -EPERM; + return -EXDEV; if ((flags & RENAME_EXCHANGE) && IS_ENCRYPTED(old_dir) && !fscrypt_has_permitted_context(old_dir, d_inode(new_dentry))) - return -EPERM; + return -EXDEV; } return 0; } diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 4288839501e94..e9d975f39f46b 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -153,8 +153,7 @@ EXPORT_SYMBOL(fscrypt_ioctl_get_policy); * malicious offline violations of this constraint, while the link and rename * checks are needed to prevent online violations of this constraint. * - * Return: 1 if permitted, 0 if forbidden. If forbidden, the caller must fail - * the filesystem operation with EPERM. + * Return: 1 if permitted, 0 if forbidden. */ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) { diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 952ab97af325e..9fa48180a1f5f 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -89,7 +89,7 @@ static inline int fscrypt_require_key(struct inode *inode) * in an encrypted directory tree use the same encryption policy. * * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, - * -EPERM if the link would result in an inconsistent encryption policy, or + * -EXDEV if the link would result in an inconsistent encryption policy, or * another -errno code. */ static inline int fscrypt_prepare_link(struct dentry *old_dentry, @@ -119,7 +119,7 @@ static inline int fscrypt_prepare_link(struct dentry *old_dentry, * We also verify that the rename will not violate the constraint that all files * in an encrypted directory tree use the same encryption policy. * - * Return: 0 on success, -ENOKEY if an encryption key is missing, -EPERM if the + * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the * rename would cause inconsistent encryption policies, or another -errno code. */ static inline int fscrypt_prepare_rename(struct inode *old_dir, -- 2.29.1

4 years, 2 months

v4.9.241 build failures

by Guenter Roeck

Building powerpc:defconfig ... failed Building powerpc:allmodconfig ... failed -------------- Error log: arch/powerpc/platforms/powernv/opal-dump.c: In function ‘process_dump’: arch/powerpc/platforms/powernv/opal-dump.c:409:7: error: void value not ignored as it ought to be dump = create_dump_obj(dump_id, dump_size, dump_type);

4 years, 2 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2020