From patchwork Mon Oct 9 19:15:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 823426 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-ext4-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="gsCqgQmD"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3y9qml3KD9z9t44 for ; Tue, 10 Oct 2017 06:19:19 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755165AbdJITTS (ORCPT ); Mon, 9 Oct 2017 15:19:18 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:34989 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754858AbdJITTL (ORCPT ); Mon, 9 Oct 2017 15:19:11 -0400 Received: by mail-pf0-f196.google.com with SMTP id i23so29877135pfi.2; Mon, 09 Oct 2017 12:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=mIQfrcKvXl+L0XXfMaaOpqK+8LME4intsCz2WyZSQqk=; b=gsCqgQmD/+9imbod3mnOM7HM9oAEmQgO+KhdqwsrwJD+9J1WvVfDzJyxMJpP/bQu8B 4IPPdY3NGekOOxTEyKoEyu4i83PA6y7dG/Cg838eFGNRV2VyiGRupGjwqiu+MJkx3+Hd qdHZQJwFb53B4AEcrOeAA++nERJdfaTQ0iRr8YAt8ijgtbEmkNR3c81rdUIbD7rolnLN E5iBZHgVjiuF0WkIJKDo5hCcRR7Jzo3rciJDX7NK5ix82m8Csp0c0pO0dOQPv/vUwMxs Su/T2g4fMyE8N5Xx8nu6mVLZ17vqddieMQJgNX8SPPCtQoS3Jofu1glLgYtrzM7EZCdd AI7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=mIQfrcKvXl+L0XXfMaaOpqK+8LME4intsCz2WyZSQqk=; b=TBlR5mUzsZoVC29dBhXvotmkSjX0N6xDV6J2HmlznCnlz9igWsYYguHHBdVGWA+Sov rgXJ+7TneOgpcoYsFJHGeirZr/GNvo20Dzik5BSsl6/baat3XmPQMObtrkoMmYHqL0v9 1XotLEVpzyFnqlcEkHB+C9P+U7sY/Ic0RjYS6OQ/lu2Z6SeGFRXvn73ayqkCW8ER7Lyg IXXoOPdIFeVf85lF0kKdaMUUdLmX3RBBfZh/1vZmxOCDuDqklokCBwKNOlhujTZeyKKK KjrKg1ZratCjmpOzZGZERmX4iRKQLJ3DA8kOiU+BYB13uRYzfdX9fUH9T1EEun58K5pE 5Ocg== X-Gm-Message-State: AMCzsaUWbcCjzRVfKl5dyuQW0j7hukFQrsjp0pBes52GHoWCycnWdqJd AJ1JEHeLOJMBl4d1/ByCybBWqxxi X-Google-Smtp-Source: AOwi7QBbCzUBW0bf5DoO8cchX5Dg0nMkCsaU+5FgLDsq8oZ1bNuyzAv3a1x8hB7cjE8Wdc8RnjJ8tA== X-Received: by 10.159.247.199 with SMTP id v7mr9671682plz.321.1507576750369; Mon, 09 Oct 2017 12:19:10 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81]) by smtp.gmail.com with ESMTPSA id n29sm17039819pgf.44.2017.10.09.12.19.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 09 Oct 2017 12:19:09 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org, "Theodore Y . Ts'o" Cc: Jaegeuk Kim , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, Eric Biggers Subject: [PATCH v2 10/11] fscrypt: new helper function - fscrypt_prepare_lookup() Date: Mon, 9 Oct 2017 12:15:43 -0700 Message-Id: <20171009191544.43656-11-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.2.920.gcf0c67979c-goog In-Reply-To: <20171009191544.43656-1-ebiggers3@gmail.com> References: <20171009191544.43656-1-ebiggers3@gmail.com> Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Eric Biggers Introduce a helper function which prepares to look up the given dentry in the given directory. If the directory is encrypted, it handles loading the directory's encryption key, setting the dentry's ->d_op to fscrypt_d_ops, and setting DCACHE_ENCRYPTED_WITH_KEY if the directory's encryption key is available. Note: once all filesystems switch over to this, we'll be able to move fscrypt_d_ops and fscrypt_set_encrypted_dentry() to fscrypt_private.h. Acked-by: Dave Chinner Signed-off-by: Eric Biggers --- fs/crypto/hooks.c | 18 ++++++++++++++++++ include/linux/fscrypt.h | 28 ++++++++++++++++++++++++++++ include/linux/fscrypt_notsupp.h | 6 ++++++ include/linux/fscrypt_supp.h | 1 + 4 files changed, 53 insertions(+) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 822cb78f9b45..9f5fb2eb9cf7 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -92,3 +92,21 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, return 0; } EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename); + +int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry) +{ + int err = fscrypt_get_encryption_info(dir); + + if (err) + return err; + + if (fscrypt_has_encryption_key(dir)) { + spin_lock(&dentry->d_lock); + dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY; + spin_unlock(&dentry->d_lock); + } + + d_set_d_op(dentry, &fscrypt_d_ops); + return 0; +} +EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index c422367baed9..2327859c8cd2 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -237,4 +237,32 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir, return 0; } +/** + * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory + * @dir: directory being searched + * @dentry: filename being looked up + * @flags: lookup flags + * + * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be + * done with or without the directory's encryption key; without the key, + * filenames are presented in encrypted form. Therefore, we'll try to set up + * the directory's encryption key, but even without it the lookup can continue. + * + * To allow invalidating stale dentries if the directory's encryption key is + * added later, we also install a custom ->d_revalidate() method and use the + * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a + * plaintext name (flag set) or a ciphertext name (flag cleared). + * + * Return: 0 on success, -errno if a problem occurred while setting up the + * encryption key + */ +static inline int fscrypt_prepare_lookup(struct inode *dir, + struct dentry *dentry, + unsigned int flags) +{ + if (IS_ENCRYPTED(dir)) + return __fscrypt_prepare_lookup(dir, dentry); + return 0; +} + #endif /* _LINUX_FSCRYPT_H */ diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h index 6af378d8126e..c4c6bf2c390e 100644 --- a/include/linux/fscrypt_notsupp.h +++ b/include/linux/fscrypt_notsupp.h @@ -201,4 +201,10 @@ static inline int __fscrypt_prepare_rename(struct inode *old_dir, return -EOPNOTSUPP; } +static inline int __fscrypt_prepare_lookup(struct inode *dir, + struct dentry *dentry) +{ + return -EOPNOTSUPP; +} + #endif /* _LINUX_FSCRYPT_NOTSUPP_H */ diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h index 40f35073145f..2db5e9706f60 100644 --- a/include/linux/fscrypt_supp.h +++ b/include/linux/fscrypt_supp.h @@ -151,5 +151,6 @@ extern int __fscrypt_prepare_rename(struct inode *old_dir, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags); +extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry); #endif /* _LINUX_FSCRYPT_SUPP_H */