From patchwork Mon Oct 9 19:15:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 823442 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pKxcjDzK"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="sdxmU7EV"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3y9qqg5BT7z9t4r for ; Tue, 10 Oct 2017 06:21:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=NnboGCuJoKtCaRot1uAm9ELi6Y7FQTaFUWLPE7/yNmM=; b=pKxcjDzKxYDVanDzq6/J+DkL7o 0d9/ZzYYBvLgdisZPdbGaB6sAho+ihUJWCYiGiO6rLSbUR1ZekXftkrE+A4OVhRBGuSxWnIzyL/rv ifk2ullD5lhtP3VlUsSBJpQBx+ppzU9J6LOB7Iute4N6BxAJPWec6as2EwyalGDF6YlN1EmWjfqqu 2jyZMHWC7Kqzn/ycCsNNxbm/970mnqQt/oOkmQZwTAVvoFF6O9tYQXxdZTg8PVfMoWzxRaobzhX2e KGqgAuZp+zmAoCAFue1CQfAxdj+iLkh9646rKhCOAZdQW55KlYVyjHrWp7pngKwo5Kmx7MHT0zwZ7 fJ68obAQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e1dcX-0003VE-M0; Mon, 09 Oct 2017 19:21:45 +0000 Received: from mail-pf0-x242.google.com ([2607:f8b0:400e:c00::242]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e1daI-0000FK-81 for linux-mtd@lists.infradead.org; Mon, 09 Oct 2017 19:19:43 +0000 Received: by mail-pf0-x242.google.com with SMTP id b85so9515255pfj.1 for ; Mon, 09 Oct 2017 12:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Vn5RVAZadwxXyOOngRLJeTeT7TsGPBcXkeCXRxLx8Rs=; b=sdxmU7EVxngr9gOR3kPoQS+3fx/9qb+cnMOqYC/nKS7l6jH5CH1rug87QIPQbiJRgn JaAUByHZNl77k3HrBaH0Q3cA6EG3HPERgGmHI787qeXNC103cgL2ooJL0XGnhS8pXnfY AaXyGP3oLdDiF0VnVkFzN+zj97jLPMzZvWf2XT5ajWv4pwSpmDi6xUFcsEEuJ3dCxvKt 1H5h0WLGpNIuNSitt12zNLjJELg3976uZYUvDGG9v6Otued8fbqSf86ncE7s+z1PHoD6 FUOLOF7Q3lEh+dmr20A0DS5LpthO8M/SSSB4LJPCcArBNHctU+dnQ6QSNFJ9h/V6NY9P Kwaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Vn5RVAZadwxXyOOngRLJeTeT7TsGPBcXkeCXRxLx8Rs=; b=XN9BCIT9cgaY4j4dieUzwR5dmdjAJuILvfbEzgxoZgcP919cvqAmxUZ9bUTLwNBu9/ KCJhcjuOlFB2vMCG8vdhc4J1lUhaY9FfFjavupeKq3lJNQn7lBe1mz0WuAVVg1ZL0OZH Ph487VzwbEBQGYLwkmOiRBJEnMFWRcafeSsviwtcRz31Ib9zRW4Iv3QPbeUrcW+ykNwm +JNFUQ1vElbd+WGiF8LY+Ato+wH0pYY3fDM3b2Q4S+eE9nE9lGU8ECPAVy8mE7lGfOKZ MJk4Vkb5yIEf6F3huosgWbu4dLFMjOmn6/CVkPqVpr04OnotR9j+2obIX4k4qEwpc0iQ uEVQ== X-Gm-Message-State: AMCzsaWVLwvuOqcH7TmAlp4NHEJzOMcdXQHaV3nRr6ZntEz1r/RJ7dsv yuWoCvegTYGIu5rjqnNRgos= X-Google-Smtp-Source: AOwi7QCss3GfOzOaIbTeiWn7MqfuppaAu3V1vfc+DAzSWrsVujvGqYV3BK2pkTrAX2SsqU+amt1wYA== X-Received: by 10.84.252.152 with SMTP id y24mr10138353pll.392.1507576747571; Mon, 09 Oct 2017 12:19:07 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81]) by smtp.gmail.com with ESMTPSA id n29sm17039819pgf.44.2017.10.09.12.19.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 09 Oct 2017 12:19:07 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org, "Theodore Y . Ts'o" Subject: [PATCH v2 08/11] fscrypt: new helper function - fscrypt_prepare_link() Date: Mon, 9 Oct 2017 12:15:41 -0700 Message-Id: <20171009191544.43656-9-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.2.920.gcf0c67979c-goog In-Reply-To: <20171009191544.43656-1-ebiggers3@gmail.com> References: <20171009191544.43656-1-ebiggers3@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171009_121927_084982_D7391F40 X-CRM114-Status: GOOD ( 14.11 ) X-Spam-Score: -1.8 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:400e:c00:0:0:0:242 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (ebiggers3[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ebiggers3[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eric Biggers , linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Eric Biggers Introduce a helper function which prepares to link an inode into a possibly-encrypted directory. It handles setting up the target directory's encryption key, then verifying that the link won't violate the constraint that all files in an encrypted directory tree use the same encryption policy. Acked-by: Dave Chinner Signed-off-by: Eric Biggers --- fs/crypto/hooks.c | 15 +++++++++++++++ include/linux/fscrypt.h | 27 +++++++++++++++++++++++++++ include/linux/fscrypt_notsupp.h | 6 ++++++ include/linux/fscrypt_supp.h | 1 + 4 files changed, 49 insertions(+) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 069088e91ea9..8b90217320dd 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -47,3 +47,18 @@ int fscrypt_file_open(struct inode *inode, struct file *filp) return err; } EXPORT_SYMBOL_GPL(fscrypt_file_open); + +int __fscrypt_prepare_link(struct inode *inode, struct inode *dir) +{ + int err; + + err = fscrypt_require_key(dir); + if (err) + return err; + + if (!fscrypt_has_permitted_context(dir, inode)) + return -EPERM; + + return 0; +} +EXPORT_SYMBOL_GPL(__fscrypt_prepare_link); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index b3e2a5f93415..9c9a53f99327 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -177,4 +177,31 @@ static inline int fscrypt_require_key(struct inode *inode) return 0; } +/** + * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory + * @old_dentry: an existing dentry for the inode being linked + * @dir: the target directory + * @dentry: negative dentry for the target filename + * + * A new link can only be added to an encrypted directory if the directory's + * encryption key is available --- since otherwise we'd have no way to encrypt + * the filename. Therefore, we first set up the directory's encryption key (if + * not already done) and return an error if it's unavailable. + * + * We also verify that the link will not violate the constraint that all files + * in an encrypted directory tree use the same encryption policy. + * + * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, + * -EPERM if the link would result in an inconsistent encryption policy, or + * another -errno code. + */ +static inline int fscrypt_prepare_link(struct dentry *old_dentry, + struct inode *dir, + struct dentry *dentry) +{ + if (IS_ENCRYPTED(dir)) + return __fscrypt_prepare_link(d_inode(old_dentry), dir); + return 0; +} + #endif /* _LINUX_FSCRYPT_H */ diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h index 162da6517ac4..d7d1039eb6b5 100644 --- a/include/linux/fscrypt_notsupp.h +++ b/include/linux/fscrypt_notsupp.h @@ -186,4 +186,10 @@ static inline int fscrypt_file_open(struct inode *inode, struct file *filp) return 0; } +static inline int __fscrypt_prepare_link(struct inode *inode, + struct inode *dir) +{ + return -EOPNOTSUPP; +} + #endif /* _LINUX_FSCRYPT_NOTSUPP_H */ diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h index fd2f6decaee4..80706283da75 100644 --- a/include/linux/fscrypt_supp.h +++ b/include/linux/fscrypt_supp.h @@ -145,5 +145,6 @@ extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, /* hooks.c */ extern int fscrypt_file_open(struct inode *inode, struct file *filp); +extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir); #endif /* _LINUX_FSCRYPT_SUPP_H */