[lustre-devel] [PATCH 16/27] lustre: sec: forbid file rename from enc to unencrypted dir

James Simmons jsimmons at infradead.org
Sun Jun 13 16:11:26 PDT 2021

From: Sebastien Buisson <sbuisson at ddn.com>

fscrypt allows renaming an encrypted file from an encrypted directory
into an unencrypted directory. But it leaves the file encrypted,
sitting in an unencrypted directory, which can lead to unexpected
So just prevent this kind of rename, and adapt sanity-sec test_47

WC-bug-id: https://jira.whamcloud.com/browse/LU-14629
Lustre-commit: 1158386ac9c6a63 ("LU-14629 sec: forbid file rename from enc to unencrypted dir")
Signed-off-by: Sebastien Buisson <sbuisson at ddn.com>
Reviewed-on: https://review.whamcloud.com/43404
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
 fs/lustre/llite/namei.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/lustre/llite/namei.c b/fs/lustre/llite/namei.c
index a2f5d8d..43cbfbd 100644
--- a/fs/lustre/llite/namei.c
+++ b/fs/lustre/llite/namei.c
@@ -1792,6 +1792,11 @@ static int ll_rename(struct inode *src, struct dentry *src_dchild,
 	err = fscrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, flags);
 	if (err)
 		return err;
+	/* we prevent an encrypted file from being renamed
+	 * into an unencrypted dir
+	 */
+	if (IS_ENCRYPTED(src) && !IS_ENCRYPTED(tgt))
+		return -EXDEV;
 	if (src_dchild->d_inode)
 		mode = src_dchild->d_inode->i_mode;

More information about the lustre-devel mailing list