From patchwork Fri Dec 15 17:42:23 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 849303
Return-Path: <linux-ext4-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=linux-ext4-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Hfr9xPVf"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3yyyYl0sYYz9t2l
	for <patchwork-incoming@ozlabs.org>;
	Sat, 16 Dec 2017 04:47:23 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756188AbdLORrU (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 15 Dec 2017 12:47:20 -0500
Received: from mail-pf0-f195.google.com ([209.85.192.195]:36590 "EHLO
	mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755684AbdLORrE (ORCPT
	<rfc822; linux-ext4@vger.kernel.org>); Fri, 15 Dec 2017 12:47:04 -0500
Received: by mail-pf0-f195.google.com with SMTP id p84so6639844pfd.3;
	Fri, 15 Dec 2017 09:47:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=89rqkgVHxCJ0stdUoPFyfXy6IwBQu3MvnIJK8pfaeD4=;
	b=Hfr9xPVfQJKLzZEDrNeFs1czZwDaVBahTY/gHAXgZERNP2AQKvuQxRpK85gJcePSIP
	tgWl2TTagwycdy7kupN8R9zMSa6GJyDoOWzhHqAcdykN2oBbVAT8m9PyfLMiowWS5+hY
	lAzHToODALPPRQqk/3mSFZqCjGFR2o5RZJahOgnF1hwFd7svXe2stfFFFP0IX7huOfP3
	ZJzL6De/oU7dUP0jhg5+1LBaQ067oUh+n3JPzkiniQXln9XLkNP9uMCcdZ0WfL3qOwTy
	/gL+xP5pXxQuktLF8M+VU8OxyuUIpPeCOf9cyPIcaEz5vpiesXori9Xpm6eBdjQEqBnY
	OaTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=89rqkgVHxCJ0stdUoPFyfXy6IwBQu3MvnIJK8pfaeD4=;
	b=iF0Xrcqd0YZevE20HcuZD9VNT2huZ7+1Rf1eAPej4RE44ACbjAr75Hp+S+NmGqud3J
	KGyKaeFVIW40tEKzV/DR26CYzRI3eZUvTzIPuk0Op0d1wuoRpvJoSZFtI7Arkf1KAcEX
	2XidviA4Wrj9jmbQu3sJZGAKNRqr1gUvtz/+2uSf4VJpXwhRv1hSzrBnd0vbW9+Q2qUE
	RDTxjuYoyDPDh8xQ4u7UDzF3MD4KCeTeCKAKUKHG6Wq/cxSso+MTnUwYMNFkYq4qXqzx
	LbrevLLTiP9o5h0+UVwCVCLA9L5HIPz3q91OoxsKqi/BQT+2uW7eyP452LF/k3ytRTaL
	FGhA==
X-Gm-Message-State: AKGB3mK5RMAxQ8Jx1C0YdrusYzhtAYLr1aowhPWg2i41vY2jwEmzqTFC
	b4TB8n/q2GckzNGRG6S20Bhl58T88ZE=
X-Google-Smtp-Source: 
 ACJfBouj8lDMz83Xmwzq6QMBwAlccFqadVl5kS3ZebHVleyvxuBO7oUtJoYMlmsZfDyBQhCADn8naQ==
X-Received: by 10.84.202.12 with SMTP id w12mr13964271pld.107.1513360022997;
	Fri, 15 Dec 2017 09:47:02 -0800 (PST)
Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net.
	[67.185.97.198]) by smtp.gmail.com with ESMTPSA id
	j62sm12980149pfc.18.2017.12.15.09.47.01
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 15 Dec 2017 09:47:02 -0800 (PST)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
	Jaegeuk Kim <jaegeuk@kernel.org>, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-mtd@lists.infradead.org, Eric Biggers <ebiggers@google.com>
Subject: [PATCH 22/24] fscrypt: define fscrypt_fname_alloc_buffer() to be
	for presented names
Date: Fri, 15 Dec 2017 09:42:23 -0800
Message-Id: <20171215174225.31583-23-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.15.1
In-Reply-To: <20171215174225.31583-1-ebiggers3@gmail.com>
References: <20171215174225.31583-1-ebiggers3@gmail.com>
Sender: linux-ext4-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

From: Eric Biggers <ebiggers@google.com>

Previously fscrypt_fname_alloc_buffer() was used to allocate buffers for
both presented (decrypted or encoded) and encrypted filenames.  That was
confusing, because it had to allocate the worst-case size for either,
e.g. including NUL-padding even when it was meaningless.

But now that fscrypt_setup_filename() no longer calls it, it is only
used in the ->get_link() and ->readdir() paths, which specifically want
a buffer for presented filenames.  Therefore, switch the behavior over
to allocating the buffer for presented filenames only.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/crypto/fname.c               | 29 ++++++++++++++---------------
 include/linux/fscrypt_notsupp.h |  2 +-
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 65424b89a1d1..44ddd094b7c5 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -204,37 +204,36 @@ u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen)
 EXPORT_SYMBOL(fscrypt_fname_encrypted_size);
 
 /**
- * fscrypt_fname_crypto_alloc_obuff() -
+ * fscrypt_fname_alloc_buffer - allocate a buffer for presented filenames
  *
- * Allocates an output buffer that is sufficient for the crypto operation
- * specified by the context and the direction.
+ * Allocate a buffer that is large enough to hold any decrypted or encoded
+ * filename (null-terminated), for the given maximum encrypted filename length.
+ *
+ * Return: 0 on success, -errno on failure
  */
 int fscrypt_fname_alloc_buffer(const struct inode *inode,
-				u32 ilen, struct fscrypt_str *crypto_str)
+			       u32 max_encrypted_len,
+			       struct fscrypt_str *crypto_str)
 {
-	u32 olen = fscrypt_fname_encrypted_size(inode, ilen);
 	const u32 max_encoded_len =
 		max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE),
 		      1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)));
+	u32 max_presented_len;
 
-	crypto_str->len = olen;
-	olen = max(olen, max_encoded_len);
+	max_presented_len = max(max_encoded_len, max_encrypted_len);
 
-	/*
-	 * Allocated buffer can hold one more character to null-terminate the
-	 * string
-	 */
-	crypto_str->name = kmalloc(olen + 1, GFP_NOFS);
-	if (!(crypto_str->name))
+	crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
+	if (!crypto_str->name)
 		return -ENOMEM;
+	crypto_str->len = max_presented_len;
 	return 0;
 }
 EXPORT_SYMBOL(fscrypt_fname_alloc_buffer);
 
 /**
- * fscrypt_fname_crypto_free_buffer() -
+ * fscrypt_fname_free_buffer - free the buffer for presented filenames
  *
- * Frees the buffer allocated for crypto operation.
+ * Free the buffer allocated by fscrypt_fname_alloc_buffer().
  */
 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
 {
diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h
index 0962f504aa91..c9592e307df5 100644
--- a/include/linux/fscrypt_notsupp.h
+++ b/include/linux/fscrypt_notsupp.h
@@ -140,7 +140,7 @@ static inline u32 fscrypt_fname_encrypted_size(const struct inode *inode,
 }
 
 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
-					     u32 ilen,
+					     u32 max_encrypted_len,
 					     struct fscrypt_str *crypto_str)
 {
 	return -EOPNOTSUPP;