mirror of
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git
synced 2024-12-12 11:23:32 +08:00
2ba05753f7
By design, the kernel enforces that all files in an encrypted directory use the same encryption policy as the directory. It's not possible to violate this constraint using syscalls. Lookups of files that violate this constraint also fail, in case the disk was manipulated. But this constraint can also be violated by accidental filesystem corruption. E.g., a power cut when using ext4 without a journal might leave new files without the encryption bit and/or xattr. Thus, it's important that e2fsck correct this condition. Therefore, this patch makes the following changes to e2fsck: - During pass 1 (inode table scan), create a map from inode number to encryption policy for all encrypted inodes. But it's optimized so that the full xattrs aren't saved but rather only 32-bit "policy IDs", since usually many inodes share the same encryption policy. Also, if an encryption xattr is missing, offer to clear the encrypt flag. If an encryption xattr is clearly corrupt, offer to clear the inode. - During pass 2 (directory structure check), use the map to verify that all regular files, directories, and symlinks in encrypted directories use the directory's encryption policy. Offer to clear any directory entries for which this isn't the case. Add a new test "f_bad_encryption" to test the new behavior. Due to the new checks, it was also necessary to update the existing test "f_short_encrypted_dirent" to add an encryption xattr to the test file, since it was missing one before, which is now considered invalid. Google-Bug-Id: 135138675 Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Andreas Dilger <adilger@dilger.ca> |
||
---|---|---|
.. | ||
expect.1 | ||
expect.2 | ||
image.gz | ||
mkimage.sh | ||
name |