From d43388dea04b18f516bd7c837d9222fe7309b12d Mon Sep 17 00:00:00 2001 From: Robbie Ko Date: Tue, 21 Aug 2018 16:17:40 +0800 Subject: [Backport d43388dea04b] eCryptfs: fix permission denied with ecryptfs_xattr mount option when create readonly file When the ecryptfs_xattr mount option is turned on, the ecryptfs metadata will be written to xattr via vfs_setxattr, which will check the WRITE permissions. However, this will cause denial of permission when creating a file withoug write permission. So fix this by calling __vfs_setxattr directly to skip permission check. Signed-off-by: Robbie Ko [tyhicks: Copy up lower inode attributes when successful] Signed-off-by: Tyler Hicks --- src/crypto.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 708f931c36f14adace91af82229a6043386c9baf..bc2376726090b403ed3fa8d043efa07c6b45c23a 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -37,6 +37,7 @@ #include #include #include +#include #include "ecryptfs_kernel.h" #define DECRYPT 0 @@ -1131,9 +1132,21 @@ ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, char *page_virt, size_t size) { int rc; + struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); + struct inode *lower_inode = d_inode(lower_dentry); - rc = ecryptfs_setxattr(ecryptfs_dentry, ecryptfs_inode, - ECRYPTFS_XATTR_NAME, page_virt, size, 0); + if (!(lower_inode->i_opflags & IOP_XATTR)) { + rc = -EOPNOTSUPP; + goto out; + } + + inode_lock(lower_inode); + rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME, + page_virt, size, 0); + if (!rc && ecryptfs_inode) + fsstack_copy_attr_all(ecryptfs_inode, lower_inode); + inode_unlock(lower_inode); +out: return rc; } -- 2.31.1