{"id":816580,"url":"http://patchwork.ozlabs.org/api/patches/816580/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-mtd/patch/20170920224605.22030-8-ebiggers3@gmail.com/","project":{"id":3,"url":"http://patchwork.ozlabs.org/api/projects/3/?format=json","name":"Linux MTD development","link_name":"linux-mtd","list_id":"linux-mtd.lists.infradead.org","list_email":"linux-mtd@lists.infradead.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170920224605.22030-8-ebiggers3@gmail.com>","list_archive_url":null,"date":"2017-09-20T22:45:47","name":"[07/25] fscrypt: new helper function - fscrypt_prepare_link()","commit_ref":null,"pull_url":null,"state":"not-applicable","archived":false,"hash":"68c39ea88304206ec97dedde22218aaae4697b09","submitter":{"id":65202,"url":"http://patchwork.ozlabs.org/api/people/65202/?format=json","name":"Eric Biggers","email":"ebiggers3@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-mtd/patch/20170920224605.22030-8-ebiggers3@gmail.com/mbox/","series":[{"id":4250,"url":"http://patchwork.ozlabs.org/api/series/4250/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-mtd/list/?series=4250","date":"2017-09-20T22:45:45","name":"fscrypt: add some higher-level helper functions","version":1,"mbox":"http://patchwork.ozlabs.org/series/4250/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/816580/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/816580/checks/","tags":{},"related":[],"headers":{"Return-Path":"<linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"X9hbYHnh\"; \n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"aa/xwiIY\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xyFPz4hK0z9sBZ\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 21 Sep 2017 08:52:55 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dunrL-0001tH-Ky; Wed, 20 Sep 2017 22:52:47 +0000","from mail-pg0-x241.google.com ([2607:f8b0:400e:c05::241])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dunm2-0004xR-PS\n\tfor linux-mtd@lists.infradead.org; Wed, 20 Sep 2017 22:47:37 +0000","by mail-pg0-x241.google.com with SMTP id j16so2375784pga.2\n\tfor <linux-mtd@lists.infradead.org>;\n\tWed, 20 Sep 2017 15:46:59 -0700 (PDT)","from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81])\n\tby smtp.gmail.com with ESMTPSA id j2sm6249pgn.26.2017.09.20.15.46.58\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tWed, 20 Sep 2017 15:46:58 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:\n\tIn-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:\n\tContent-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc\n\t:Resent-Message-ID:List-Owner;\n\tbh=njq2yD8sNLy2LF3PuPQWW6tkN+PVFo5RewGj0gBFMMk=;\n\tb=X9hbYHnh6qLMYnN17qE166IreX\n\tmAfZDCmwCBYoPe6XgyYqo18u9iOIPEnRhQqSy3Lpr0TOBEMlHbQxnYzFhO2pYBO0s5NJ3hozURWO1\n\tkQRdpqM7i4+EwAFFJLljc2ZV9VA4+KL4NEJqIvhmJuen2TexHy/LnAxB7xLJZKNDHSYtvqLMDBw11\n\tjzGRTxyY+4DuYGxmqQiCu0ARHmKDrWbwNkbNKfV9Vtl5IvesK33GmJH9ylpmI2KG/HbbbuI3Qlmax\n\tAqGLwffv4twr7w8+4OyUQMhnnrqUYdvPZ9x+1n3aRWDKRxiz2guK6w8YzTnELeMUpjnVWjBEY/rFt\n\tn+9pR5NA==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=Na+LcD6lqvx6xIGMkP2UyfXEHy8yAmp8/kQocI7xCYc=;\n\tb=aa/xwiIY8GXBx8481C4rZLmDlmE0TeccbXTwb6tmfotlLjUHHvyQ5xuKnn8oCXDkwM\n\ta+D0Dn/vmn2kRwyM185JCrksx8cN8TXTCpaMZVUquMCtcNkclH3OVilCBF43YW98y5rA\n\tfuW0tAckwilTghmbHzeuRhABDmJjKVHtN6GmweUAkDI0gsfNpGNSbchq8Q+u7vpBMRRI\n\tsRn4//MU9ENYTfyylhuTyt7KHfSZ1RubhY8Rn6+x8U8Fx74RpW6dOwyKJ4t9OYdnx5ny\n\tvcz0Jow0Dv1inbvp/jDYjmjYGk5A9rfNZu3Z/47V0oZ67oeDAGLFBf5ohh4DM5pYv53F\n\thX0g=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=Na+LcD6lqvx6xIGMkP2UyfXEHy8yAmp8/kQocI7xCYc=;\n\tb=g4GXSN5Cq7QHizUvHAMKCwXBcF0yGFXnucYI+8kpQNHzPnEwDK0Wo3+oVC0WK1RUcM\n\t2qfioUfDaFajbVBW82WN/nE37dKQDLIfq9eHvw5CkESTRMEmLx1APsGb15S0GQbCVwh2\n\tL86Oe6iP97MFIxKXPtkJGxzpb4456Sxm/yKuEUOhUqws5YXMEBmxtjyBIzmhq0rZduTM\n\tUyS9H/yuix58QK/oi2NZm1D3SZe8ES0sm1wwqJG3EkAMBalvSCijQfr54kD+Fwz7ojPy\n\t2wA8jSV7J2IyKc1PXr678lny7q/cpnMNtU9oUe27/hbXKPmR/xDyqXVHZZxyEA3PsOFF\n\tBdlg==","X-Gm-Message-State":"AHPjjUilQkRNF7km5mk7Di7jn+O6QPBnitz4K8IzdetT+mJlIXZX3lQK\n\ta5ZfM7ED1rt3dAxdK93h5rA=","X-Google-Smtp-Source":"AOwi7QANmLwPyt/7LqNoZvEK8Q+r3p4fDCBZJzr0+cc5omYgnVKLPY9BkIjuQmHk+pfzzACLARwAOg==","X-Received":"by 10.84.252.144 with SMTP id y16mr3608861pll.113.1505947619063; \n\tWed, 20 Sep 2017 15:46:59 -0700 (PDT)","From":"Eric Biggers <ebiggers3@gmail.com>","To":"linux-fscrypt@vger.kernel.org","Subject":"[PATCH 07/25] fscrypt: new helper function - fscrypt_prepare_link()","Date":"Wed, 20 Sep 2017 15:45:47 -0700","Message-Id":"<20170920224605.22030-8-ebiggers3@gmail.com>","X-Mailer":"git-send-email 2.14.1.821.g8fa685d3b7-goog","In-Reply-To":"<20170920224605.22030-1-ebiggers3@gmail.com>","References":"<20170920224605.22030-1-ebiggers3@gmail.com>","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170920_154719_286357_D229054B ","X-CRM114-Status":"GOOD (  13.19  )","X-Spam-Score":"-1.8 (-)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-1.8 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,\n\tno\n\ttrust [2607:f8b0:400e:c05:0:0:0:241 listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends\n\tin digit (ebiggers3[at]gmail.com)\n\t0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\n\tprovider (ebiggers3[at]gmail.com)\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain","X-BeenThere":"linux-mtd@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/linux-mtd>,\n\t<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/linux-mtd/>","List-Post":"<mailto:linux-mtd@lists.infradead.org>","List-Help":"<mailto:linux-mtd-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/linux-mtd>,\n\t<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>","Cc":"\"Theodore Y . Ts'o\" <tytso@mit.edu>, Eric Biggers <ebiggers@google.com>, \n\tMichael Halcrow <mhalcrow@google.com>,\n\tlinux-f2fs-devel@lists.sourceforge.net, \n\tlinux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,\n\tJaegeuk Kim <jaegeuk@kernel.org>, linux-ext4@vger.kernel.org","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-mtd\" <linux-mtd-bounces@lists.infradead.org>","Errors-To":"linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Eric Biggers <ebiggers@google.com>\n\nIntroduce a helper function which prepares to link an inode into a\npossibly-encrypted directory.  It handles setting up the target\ndirectory's encryption key, then verifying that the link won't violate\nthe constraint that all files in an encrypted directory tree use the\nsame encryption policy.\n\nSigned-off-by: Eric Biggers <ebiggers@google.com>\n---\n fs/crypto/hooks.c               | 15 +++++++++++++++\n include/linux/fscrypt_notsupp.h |  9 +++++++++\n include/linux/fscrypt_supp.h    | 29 +++++++++++++++++++++++++++++\n 3 files changed, 53 insertions(+)","diff":"diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c\nindex 069088e91ea9..8b90217320dd 100644\n--- a/fs/crypto/hooks.c\n+++ b/fs/crypto/hooks.c\n@@ -47,3 +47,18 @@ int fscrypt_file_open(struct inode *inode, struct file *filp)\n \treturn err;\n }\n EXPORT_SYMBOL_GPL(fscrypt_file_open);\n+\n+int __fscrypt_prepare_link(struct inode *inode, struct inode *dir)\n+{\n+\tint err;\n+\n+\terr = fscrypt_require_key(dir);\n+\tif (err)\n+\t\treturn err;\n+\n+\tif (!fscrypt_has_permitted_context(dir, inode))\n+\t\treturn -EPERM;\n+\n+\treturn 0;\n+}\n+EXPORT_SYMBOL_GPL(__fscrypt_prepare_link);\ndiff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h\nindex 99e8ee6f2ce4..2cb400440be3 100644\n--- a/include/linux/fscrypt_notsupp.h\n+++ b/include/linux/fscrypt_notsupp.h\n@@ -189,4 +189,13 @@ static inline int fscrypt_file_open(struct inode *inode, struct file *filp)\n \treturn 0;\n }\n \n+static inline int fscrypt_prepare_link(struct dentry *old_dentry,\n+\t\t\t\t       struct inode *dir,\n+\t\t\t\t       struct dentry *dentry)\n+{\n+\tif (IS_ENCRYPTED(dir))\n+\t\treturn -EOPNOTSUPP;\n+\treturn 0;\n+}\n+\n #endif\t/* _LINUX_FSCRYPT_NOTSUPP_H */\ndiff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h\nindex 521f15adf83c..ebc0cc41aaf9 100644\n--- a/include/linux/fscrypt_supp.h\n+++ b/include/linux/fscrypt_supp.h\n@@ -172,4 +172,33 @@ static inline int fscrypt_require_key(struct inode *inode)\n \n extern int fscrypt_file_open(struct inode *inode, struct file *filp);\n \n+extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir);\n+\n+/**\n+ * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory\n+ * @old_dentry: an existing dentry for the inode being linked\n+ * @dir: the target directory\n+ * @dentry: negative dentry for the target filename\n+ *\n+ * A new link can only be added to an encrypted directory if the directory's\n+ * encryption key is available --- since otherwise we'd have no way to encrypt\n+ * the filename.  Therefore, we first set up the directory's encryption key (if\n+ * not already done) and return an error if it's unavailable.\n+ *\n+ * We also verify that the link will not violate the constraint that all files\n+ * in an encrypted directory tree use the same encryption policy.\n+ *\n+ * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,\n+ * -EPERM if the link would result in an inconsistent encryption policy, or\n+ * another -errno code.\n+ */\n+static inline int fscrypt_prepare_link(struct dentry *old_dentry,\n+\t\t\t\t       struct inode *dir,\n+\t\t\t\t       struct dentry *dentry)\n+{\n+\tif (IS_ENCRYPTED(dir))\n+\t\treturn __fscrypt_prepare_link(d_inode(old_dentry), dir);\n+\treturn 0;\n+}\n+\n #endif\t/* _LINUX_FSCRYPT_SUPP_H */\n","prefixes":["07/25"]}