From patchwork Mon Oct 9 19:15:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 823443 X-Patchwork-Delegate: richard@nod.at Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="MKPNa3Bn"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="sN8Y5j/Y"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3y9qr52FRyz9t4r for ; Tue, 10 Oct 2017 06:22:13 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=/CkWKn0VBBvm0vUmZ/6hxm67ZmUWASF62aPfGZta+ew=; b=MKPNa3BnQuzDxzvp5ggDpEhQHI 54PDPX8gRV+PkKrNqcXaJ6BPdb6La511hIUH/TBDVy6duQ1co3Lr0k003yWdzOwf2rbS+QljchXKh NztGUaRzBKbNjxZGCnLrAWk+SC12F/1rfgnHLfmMslrDV2y/KBUyNbAj+E/98BHhpWbxi+uNdRYp8 4m6+Bd0mijvxLEv8bjyr0DNpnQ5+nwd7IE6A6CHa+P5eB+4RP29zBSGdSp+cOn5G5NVs9A5ecl3Rs HBPieUzFiD53SWeXn1D/eTTBwwMtPN4R5diBLYad2KEeh1/0yrShE9yJV5U3BoFjK0k8jRCZ/9yuT th4Bgo6w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1e1dco-0003kE-TM; Mon, 09 Oct 2017 19:22:02 +0000 Received: from mail-pf0-x242.google.com ([2607:f8b0:400e:c00::242]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1e1daI-0000El-7z for linux-mtd@lists.infradead.org; Mon, 09 Oct 2017 19:19:44 +0000 Received: by mail-pf0-x242.google.com with SMTP id m28so29746267pfi.0 for ; Mon, 09 Oct 2017 12:19:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HTincmMaw22oTX97ih7Dn/E4P9ceZ7Ga51nD9JdQPxw=; b=sN8Y5j/YwdYu0VL0dbUbp/Zi3PTfQXHjDIUS1miXgarq88bD2mQStqVvJT+DQgeBr7 NOlBm4SLoDVgjVULmJUIY3ql7RTncs1HyQk1dvVojXRlCRQKuxi4XvluFQ08YC4OKVgM fiQ5P4E+uu8E9eMcYvufUN5BVRMV0BVDxAE1ds9aap1m7VsNlmdox5/U8CM+7boVJ/Nv roHNPEFTa2joMMCNpwkT+grtYHV7yJA6sG7lyT7k3RhWgsrPF7izSikaSW1Iv2Sujzj7 B9t43CuceTkZFHGbbqcUp++pSyZe6Cq892ng/UyNtjx+OfbIutJGELVr9ltGWAHu60s9 xw8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HTincmMaw22oTX97ih7Dn/E4P9ceZ7Ga51nD9JdQPxw=; b=jjiysTrLvtdXen/GEKVoXDHStRvwpYmyZxM1XnAe+7Nm0bNy/jL8MLM7zyLqWbdKjL S5uWO8zcXPfi7otrIF97TzcP4jIDGWrP7sJO9Zdb8m2APx72uhU70UYzwP5Nimwho8ib BJCUkMs5kJYM6gmvJ00yNvXxYZsAW0G6lTnOm7Ry7oBV9Qc3FUiMeDaEOAI/jg6XqrJO M0wAy1FIaw0YTl2y5LNT7yIkj3zwIT7f5e90mYiie8b/STE42Qkze2e1E3tmA1F1iS1K 9f4wGWHoUqBvqfP2j3jRWNo9lazR9KhSgGzj/QbRzmb1ZYUfwYWp6ke324s1jOTz6fDC XyJw== X-Gm-Message-State: AMCzsaW1/d6Tf+VZuNaH8j7Dk+LO2loGX0AZ516nxPIEswf0SEYZ3N6V kUjM55lZhbOXWRa/TQj7p2U= X-Google-Smtp-Source: AOwi7QCP8kBJ+cC3LtzTVt91OJGDuuJgmh+MzGJkqGi90tpZOGOuLuxm1YSgEQxM84kXwno6rElXiA== X-Received: by 10.99.66.196 with SMTP id p187mr10105456pga.0.1507576746263; Mon, 09 Oct 2017 12:19:06 -0700 (PDT) Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.174.81]) by smtp.gmail.com with ESMTPSA id n29sm17039819pgf.44.2017.10.09.12.19.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 09 Oct 2017 12:19:05 -0700 (PDT) From: Eric Biggers To: linux-fscrypt@vger.kernel.org, "Theodore Y . Ts'o" Subject: [PATCH v2 07/11] fscrypt: new helper function - fscrypt_file_open() Date: Mon, 9 Oct 2017 12:15:40 -0700 Message-Id: <20171009191544.43656-8-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.2.920.gcf0c67979c-goog In-Reply-To: <20171009191544.43656-1-ebiggers3@gmail.com> References: <20171009191544.43656-1-ebiggers3@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171009_121926_893667_061C20EA X-CRM114-Status: GOOD ( 18.49 ) X-Spam-Score: -1.8 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.8 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:400e:c00:0:0:0:242 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (ebiggers3[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ebiggers3[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eric Biggers , linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Eric Biggers Add a helper function which prepares to open a regular file which may be encrypted. It handles setting up the file's encryption key, then checking that the file's encryption policy matches that of its parent directory (if the parent directory is encrypted). It may be set as the ->open() method or it can be called from another ->open() method. Acked-by: Dave Chinner Signed-off-by: Eric Biggers --- fs/crypto/Makefile | 2 +- fs/crypto/hooks.c | 49 +++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt_notsupp.h | 9 ++++++++ include/linux/fscrypt_supp.h | 3 +++ 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 fs/crypto/hooks.c diff --git a/fs/crypto/Makefile b/fs/crypto/Makefile index 9f6607f17b53..cb496989a6b6 100644 --- a/fs/crypto/Makefile +++ b/fs/crypto/Makefile @@ -1,4 +1,4 @@ obj-$(CONFIG_FS_ENCRYPTION) += fscrypto.o -fscrypto-y := crypto.o fname.o policy.o keyinfo.o +fscrypto-y := crypto.o fname.o hooks.o keyinfo.o policy.o fscrypto-$(CONFIG_BLOCK) += bio.o diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c new file mode 100644 index 000000000000..069088e91ea9 --- /dev/null +++ b/fs/crypto/hooks.c @@ -0,0 +1,49 @@ +/* + * fs/crypto/hooks.c + * + * Encryption hooks for higher-level filesystem operations. + */ + +#include +#include "fscrypt_private.h" + +/** + * fscrypt_file_open - prepare to open a possibly-encrypted regular file + * @inode: the inode being opened + * @filp: the struct file being set up + * + * Currently, an encrypted regular file can only be opened if its encryption key + * is available; access to the raw encrypted contents is not supported. + * Therefore, we first set up the inode's encryption key (if not already done) + * and return an error if it's unavailable. + * + * We also verify that if the parent directory (from the path via which the file + * is being opened) is encrypted, then the inode being opened uses the same + * encryption policy. This is needed as part of the enforcement that all files + * in an encrypted directory tree use the same encryption policy, as a + * protection against certain types of offline attacks. Note that this check is + * needed even when opening an *unencrypted* file, since it's forbidden to have + * an unencrypted file in an encrypted directory. + * + * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code + */ +int fscrypt_file_open(struct inode *inode, struct file *filp) +{ + int err; + struct dentry *dir; + + err = fscrypt_require_key(inode); + if (err) + return err; + + dir = dget_parent(file_dentry(filp)); + if (IS_ENCRYPTED(d_inode(dir)) && + !fscrypt_has_permitted_context(d_inode(dir), inode)) { + pr_warn_ratelimited("fscrypt: inconsistent encryption contexts: %lu/%lu", + d_inode(dir)->i_ino, inode->i_ino); + err = -EPERM; + } + dput(dir); + return err; +} +EXPORT_SYMBOL_GPL(fscrypt_file_open); diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h index 7b390e356f7f..162da6517ac4 100644 --- a/include/linux/fscrypt_notsupp.h +++ b/include/linux/fscrypt_notsupp.h @@ -177,4 +177,13 @@ static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, return -EOPNOTSUPP; } +/* hooks.c */ + +static inline int fscrypt_file_open(struct inode *inode, struct file *filp) +{ + if (IS_ENCRYPTED(inode)) + return -EOPNOTSUPP; + return 0; +} + #endif /* _LINUX_FSCRYPT_NOTSUPP_H */ diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h index 5a90e5ef4687..fd2f6decaee4 100644 --- a/include/linux/fscrypt_supp.h +++ b/include/linux/fscrypt_supp.h @@ -143,4 +143,7 @@ extern void fscrypt_pullback_bio_page(struct page **, bool); extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, unsigned int); +/* hooks.c */ +extern int fscrypt_file_open(struct inode *inode, struct file *filp); + #endif /* _LINUX_FSCRYPT_SUPP_H */