Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 816587,
    "url": "http://patchwork.ozlabs.org/api/patches/816587/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/linux-mtd/patch/20170920224605.22030-7-ebiggers3@gmail.com/",
    "project": {
        "id": 3,
        "url": "http://patchwork.ozlabs.org/api/projects/3/?format=api",
        "name": "Linux MTD development",
        "link_name": "linux-mtd",
        "list_id": "linux-mtd.lists.infradead.org",
        "list_email": "linux-mtd@lists.infradead.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170920224605.22030-7-ebiggers3@gmail.com>",
    "list_archive_url": null,
    "date": "2017-09-20T22:45:46",
    "name": "[06/25] fscrypt: new helper function - fscrypt_file_open()",
    "commit_ref": null,
    "pull_url": null,
    "state": "not-applicable",
    "archived": false,
    "hash": "3ca274f9418391ae6a146fe4045bcfb6e8a0e02f",
    "submitter": {
        "id": 65202,
        "url": "http://patchwork.ozlabs.org/api/people/65202/?format=api",
        "name": "Eric Biggers",
        "email": "ebiggers3@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-mtd/patch/20170920224605.22030-7-ebiggers3@gmail.com/mbox/",
    "series": [
        {
            "id": 4250,
            "url": "http://patchwork.ozlabs.org/api/series/4250/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/linux-mtd/list/?series=4250",
            "date": "2017-09-20T22:45:45",
            "name": "fscrypt: add some higher-level helper functions",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/4250/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/816587/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/816587/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)",
            "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"jP2koh1x\"; \n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"HcAnmVF0\"; dkim-atps=neutral"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xyFVd6JR9z9sBZ\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 21 Sep 2017 08:56:57 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dunvL-0006hp-40; Wed, 20 Sep 2017 22:56:55 +0000",
            "from mail-pf0-x243.google.com ([2607:f8b0:400e:c00::243])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dunm2-0004x7-Cx\n\tfor linux-mtd@lists.infradead.org; Wed, 20 Sep 2017 22:47:32 +0000",
            "by mail-pf0-x243.google.com with SMTP id a7so1717656pfj.5\n\tfor <linux-mtd@lists.infradead.org>;\n\tWed, 20 Sep 2017 15:46:58 -0700 (PDT)",
            "from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81])\n\tby smtp.gmail.com with ESMTPSA id j2sm6249pgn.26.2017.09.20.15.46.57\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tWed, 20 Sep 2017 15:46:57 -0700 (PDT)"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:\n\tIn-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:\n\tContent-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc\n\t:Resent-Message-ID:List-Owner;\n\tbh=Ln9aIs6IB+B8vNcu8g95eZ0or9lmsemSHZ8ysceyFpU=;\n\tb=jP2koh1xDU5DxHinJ7QkNIf3j7\n\tehUH1QoDo+CidqUt/XTMXSTJdMjHq80asA0O2IFUcMMYm9M84GYEKXO9FJECYIo9M3SnV+/4S77y1\n\tEBrCgiJKRSl7wykpB3tLgroOXBWmr5SZ8DJdwRFbCChR+B6oyh9Kho6PVdofC/QGyABtLZA5X5Yw8\n\tzU0J7qOAdv30zXmwShAuDzwyYSyDz6wtriHylpvjVBuLf64BKbqKbkHKF9HHNsUwE4rjWa7p6iuzm\n\tEusbk6lauEzGY32ZZ4uKVczIaGizaG7GXrYgPvc0IpjJxiDAb7L/iVplQ83G7mY8JgIXXG4fWY/s9\n\tlfAdlmnA==;",
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=Mh1p6bEaf5UBvexRlo+vlN54JZtltE66yYlTh5JiNSU=;\n\tb=HcAnmVF0wufrU5CedheMhEIK0vF0fdvxcXEJceHNgLKZm1C9K6vgM9hUHO8p03F80W\n\tX//4vvaFlS9OipUPqNztK1eEa7GD8RijCM61jVbjM6895GnBgioLneJxKuaANl6p8YgP\n\tU5mCgHBrxsaznPNxFjEuhBi/fPy5a0EoLFFEkTcfHFk6XYbN38iLxtYByIIjUPvdqAow\n\tfl/E4I/DVegFOegiZDrdqL+9L+op3N7dqJFZbD9EPiKTdNrXzlb6knwdMWnB8CAch0jX\n\tNz1TyC350AG4wGxlXpfTCj/H//hrqd25X5mQIAiB1Cr3lLfR5gUZzXcbbt0j9ybvrkC/\n\tMPuQ=="
        ],
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=Mh1p6bEaf5UBvexRlo+vlN54JZtltE66yYlTh5JiNSU=;\n\tb=U7WINritlVsfRn+2aW0JC2KrIhiKXcqxNK2QVakHOFMC2UZpWpJReAMPUxwvkDVgSm\n\txpl3M9uW1hGKNpIwoUKMesjm26kjPcCBmN9jF1iaTpmB16BjKj162ehYL7RVSvZWLq8k\n\t+uLXGvIbDtZ8SNljsKk/GRNEk3Yv4fVPwPirN9COvX5m+Cvtz1FBBUVL1qmWNsJN6wox\n\tISvEQIKNbQLie3gz72JJMRxlJPrZ1AJNRODD8h/guAM3obKhPlBJapcSbltI03QlNHli\n\t9mM9xc0tenS2dBpGJKvFPBLjofyCFa0vjZdxKRomQfmEjsBlV2Ll5Og+FJQcQsBqL7nP\n\tLOvg==",
        "X-Gm-Message-State": "AHPjjUiRXvCS8RoWPaYwKIddvMu1vAo34URuUKYcyuxtc6mmzrva24s6\n\tqiNfAumInp49teoT6JlB1iSIWlBMxqg=",
        "X-Google-Smtp-Source": "AOwi7QDkvB7kLMmA3/LTvuaKzYLmJxjovEX1besLL7hSgybz9O1iAYHMQaPARnAS+8Dl5EGkzqMaAA==",
        "X-Received": "by 10.84.191.131 with SMTP id a3mr3495464pld.255.1505947617871; \n\tWed, 20 Sep 2017 15:46:57 -0700 (PDT)",
        "From": "Eric Biggers <ebiggers3@gmail.com>",
        "To": "linux-fscrypt@vger.kernel.org",
        "Subject": "[PATCH 06/25] fscrypt: new helper function - fscrypt_file_open()",
        "Date": "Wed, 20 Sep 2017 15:45:46 -0700",
        "Message-Id": "<20170920224605.22030-7-ebiggers3@gmail.com>",
        "X-Mailer": "git-send-email 2.14.1.821.g8fa685d3b7-goog",
        "In-Reply-To": "<20170920224605.22030-1-ebiggers3@gmail.com>",
        "References": "<20170920224605.22030-1-ebiggers3@gmail.com>",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20170920_154718_596263_4C6377E1 ",
        "X-CRM114-Status": "GOOD (  17.51  )",
        "X-Spam-Score": "-1.8 (-)",
        "X-Spam-Report": "SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-1.8 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,\n\tno\n\ttrust [2607:f8b0:400e:c00:0:0:0:243 listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends\n\tin digit (ebiggers3[at]gmail.com)\n\t0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\n\tprovider (ebiggers3[at]gmail.com)\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain",
        "X-BeenThere": "linux-mtd@lists.infradead.org",
        "X-Mailman-Version": "2.1.21",
        "Precedence": "list",
        "List-Id": "Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/linux-mtd>,\n\t<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/linux-mtd/>",
        "List-Post": "<mailto:linux-mtd@lists.infradead.org>",
        "List-Help": "<mailto:linux-mtd-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/linux-mtd>,\n\t<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>",
        "Cc": "\"Theodore Y . Ts'o\" <tytso@mit.edu>, Eric Biggers <ebiggers@google.com>, \n\tMichael Halcrow <mhalcrow@google.com>,\n\tlinux-f2fs-devel@lists.sourceforge.net, \n\tlinux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,\n\tJaegeuk Kim <jaegeuk@kernel.org>, linux-ext4@vger.kernel.org",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"linux-mtd\" <linux-mtd-bounces@lists.infradead.org>",
        "Errors-To": "linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "From: Eric Biggers <ebiggers@google.com>\n\nAdd a helper function which prepares to open a regular file which may be\nencrypted.  It handles setting up the file's encryption key, then\nchecking that the file's encryption policy matches that of its parent\ndirectory (if the parent directory is encrypted).  It may be set as the\n->open() method or it can be called from another ->open() method.\n\nSigned-off-by: Eric Biggers <ebiggers@google.com>\n---\n fs/crypto/Makefile              |  2 +-\n fs/crypto/hooks.c               | 49 +++++++++++++++++++++++++++++++++++++++++\n include/linux/fscrypt_notsupp.h |  7 ++++++\n include/linux/fscrypt_supp.h    |  2 ++\n 4 files changed, 59 insertions(+), 1 deletion(-)\n create mode 100644 fs/crypto/hooks.c",
    "diff": "diff --git a/fs/crypto/Makefile b/fs/crypto/Makefile\nindex 9f6607f17b53..cb496989a6b6 100644\n--- a/fs/crypto/Makefile\n+++ b/fs/crypto/Makefile\n@@ -1,4 +1,4 @@\n obj-$(CONFIG_FS_ENCRYPTION)\t+= fscrypto.o\n \n-fscrypto-y := crypto.o fname.o policy.o keyinfo.o\n+fscrypto-y := crypto.o fname.o hooks.o keyinfo.o policy.o\n fscrypto-$(CONFIG_BLOCK) += bio.o\ndiff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c\nnew file mode 100644\nindex 000000000000..069088e91ea9\n--- /dev/null\n+++ b/fs/crypto/hooks.c\n@@ -0,0 +1,49 @@\n+/*\n+ * fs/crypto/hooks.c\n+ *\n+ * Encryption hooks for higher-level filesystem operations.\n+ */\n+\n+#include <linux/ratelimit.h>\n+#include \"fscrypt_private.h\"\n+\n+/**\n+ * fscrypt_file_open - prepare to open a possibly-encrypted regular file\n+ * @inode: the inode being opened\n+ * @filp: the struct file being set up\n+ *\n+ * Currently, an encrypted regular file can only be opened if its encryption key\n+ * is available; access to the raw encrypted contents is not supported.\n+ * Therefore, we first set up the inode's encryption key (if not already done)\n+ * and return an error if it's unavailable.\n+ *\n+ * We also verify that if the parent directory (from the path via which the file\n+ * is being opened) is encrypted, then the inode being opened uses the same\n+ * encryption policy.  This is needed as part of the enforcement that all files\n+ * in an encrypted directory tree use the same encryption policy, as a\n+ * protection against certain types of offline attacks.  Note that this check is\n+ * needed even when opening an *unencrypted* file, since it's forbidden to have\n+ * an unencrypted file in an encrypted directory.\n+ *\n+ * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code\n+ */\n+int fscrypt_file_open(struct inode *inode, struct file *filp)\n+{\n+\tint err;\n+\tstruct dentry *dir;\n+\n+\terr = fscrypt_require_key(inode);\n+\tif (err)\n+\t\treturn err;\n+\n+\tdir = dget_parent(file_dentry(filp));\n+\tif (IS_ENCRYPTED(d_inode(dir)) &&\n+\t    !fscrypt_has_permitted_context(d_inode(dir), inode)) {\n+\t\tpr_warn_ratelimited(\"fscrypt: inconsistent encryption contexts: %lu/%lu\",\n+\t\t\t\t    d_inode(dir)->i_ino, inode->i_ino);\n+\t\terr = -EPERM;\n+\t}\n+\tdput(dir);\n+\treturn err;\n+}\n+EXPORT_SYMBOL_GPL(fscrypt_file_open);\ndiff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h\nindex 3cfc953fef71..99e8ee6f2ce4 100644\n--- a/include/linux/fscrypt_notsupp.h\n+++ b/include/linux/fscrypt_notsupp.h\n@@ -182,4 +182,11 @@ static inline int fscrypt_require_key(struct inode *inode)\n \treturn 0;\n }\n \n+static inline int fscrypt_file_open(struct inode *inode, struct file *filp)\n+{\n+\tif (IS_ENCRYPTED(inode))\n+\t\treturn -EOPNOTSUPP;\n+\treturn 0;\n+}\n+\n #endif\t/* _LINUX_FSCRYPT_NOTSUPP_H */\ndiff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h\nindex b6d4b5d303a3..521f15adf83c 100644\n--- a/include/linux/fscrypt_supp.h\n+++ b/include/linux/fscrypt_supp.h\n@@ -170,4 +170,6 @@ static inline int fscrypt_require_key(struct inode *inode)\n \treturn 0;\n }\n \n+extern int fscrypt_file_open(struct inode *inode, struct file *filp);\n+\n #endif\t/* _LINUX_FSCRYPT_SUPP_H */\n",
    "prefixes": [
        "06/25"
    ]
}