tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'fscrypt-for-linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt

Pull fscrypto fixes from Ted Ts'o:
"A code cleanup and bugfix for fs/crypto"

* tag 'fscrypt-for-linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt:
fscrypt: eliminate ->prepare_context() operation
fscrypt: remove broken support for detecting keyring key revocation

Linus Torvalds a643f905 a00da40f

+15 -71
+1 -9
fs/crypto/crypto.c
··· 327 327 static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) 328 328 { 329 329 struct dentry *dir; 330 - struct fscrypt_info *ci; 331 330 int dir_has_key, cached_with_key; 332 331 333 332 if (flags & LOOKUP_RCU) ··· 338 339 return 0; 339 340 } 340 341 341 - ci = d_inode(dir)->i_crypt_info; 342 - if (ci && ci->ci_keyring_key && 343 - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | 344 - (1 << KEY_FLAG_REVOKED) | 345 - (1 << KEY_FLAG_DEAD)))) 346 - ci = NULL; 347 - 348 342 /* this should eventually be an flag in d_flags */ 349 343 spin_lock(&dentry->d_lock); 350 344 cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; 351 345 spin_unlock(&dentry->d_lock); 352 - dir_has_key = (ci != NULL); 346 + dir_has_key = (d_inode(dir)->i_crypt_info != NULL); 353 347 dput(dir); 354 348 355 349 /*
+1 -1
fs/crypto/fname.c
··· 350 350 fname->disk_name.len = iname->len; 351 351 return 0; 352 352 } 353 - ret = fscrypt_get_crypt_info(dir); 353 + ret = fscrypt_get_encryption_info(dir); 354 354 if (ret && ret != -EOPNOTSUPP) 355 355 return ret; 356 356
-4
fs/crypto/fscrypt_private.h
··· 67 67 u8 ci_filename_mode; 68 68 u8 ci_flags; 69 69 struct crypto_skcipher *ci_ctfm; 70 - struct key *ci_keyring_key; 71 70 u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE]; 72 71 }; 73 72 ··· 99 100 gfp_t gfp_flags); 100 101 extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx, 101 102 gfp_t gfp_flags); 102 - 103 - /* keyinfo.c */ 104 - extern int fscrypt_get_crypt_info(struct inode *); 105 103 106 104 #endif /* _FSCRYPT_PRIVATE_H */
+9 -43
fs/crypto/keyinfo.c
··· 95 95 kfree(description); 96 96 if (IS_ERR(keyring_key)) 97 97 return PTR_ERR(keyring_key); 98 + down_read(&keyring_key->sem); 98 99 99 100 if (keyring_key->type != &key_type_logon) { 100 101 printk_once(KERN_WARNING ··· 103 102 res = -ENOKEY; 104 103 goto out; 105 104 } 106 - down_read(&keyring_key->sem); 107 105 ukp = user_key_payload_locked(keyring_key); 108 106 if (ukp->datalen != sizeof(struct fscrypt_key)) { 109 107 res = -EINVAL; 110 - up_read(&keyring_key->sem); 111 108 goto out; 112 109 } 113 110 master_key = (struct fscrypt_key *)ukp->data; ··· 116 117 "%s: key size incorrect: %d\n", 117 118 __func__, master_key->size); 118 119 res = -ENOKEY; 119 - up_read(&keyring_key->sem); 120 120 goto out; 121 121 } 122 122 res = derive_key_aes(ctx->nonce, master_key->raw, raw_key); 123 - up_read(&keyring_key->sem); 124 - if (res) 125 - goto out; 126 - 127 - crypt_info->ci_keyring_key = keyring_key; 128 - return 0; 129 123 out: 124 + up_read(&keyring_key->sem); 130 125 key_put(keyring_key); 131 126 return res; 132 127 } ··· 162 169 if (!ci) 163 170 return; 164 171 165 - key_put(ci->ci_keyring_key); 166 172 crypto_free_skcipher(ci->ci_ctfm); 167 173 kmem_cache_free(fscrypt_info_cachep, ci); 168 174 } 169 175 170 - int fscrypt_get_crypt_info(struct inode *inode) 176 + int fscrypt_get_encryption_info(struct inode *inode) 171 177 { 172 178 struct fscrypt_info *crypt_info; 173 179 struct fscrypt_context ctx; ··· 176 184 u8 *raw_key = NULL; 177 185 int res; 178 186 187 + if (inode->i_crypt_info) 188 + return 0; 189 + 179 190 res = fscrypt_initialize(inode->i_sb->s_cop->flags); 180 191 if (res) 181 192 return res; 182 193 183 194 if (!inode->i_sb->s_cop->get_context) 184 195 return -EOPNOTSUPP; 185 - retry: 186 - crypt_info = ACCESS_ONCE(inode->i_crypt_info); 187 - if (crypt_info) { 188 - if (!crypt_info->ci_keyring_key || 189 - key_validate(crypt_info->ci_keyring_key) == 0) 190 - return 0; 191 - fscrypt_put_encryption_info(inode, crypt_info); 192 - goto retry; 193 - } 194 196 195 197 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 196 198 if (res < 0) { ··· 215 229 crypt_info->ci_data_mode = ctx.contents_encryption_mode; 216 230 crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; 217 231 crypt_info->ci_ctfm = NULL; 218 - crypt_info->ci_keyring_key = NULL; 219 232 memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor, 220 233 sizeof(crypt_info->ci_master_key)); 221 234 ··· 258 273 if (res) 259 274 goto out; 260 275 261 - kzfree(raw_key); 262 - raw_key = NULL; 263 - if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) { 264 - put_crypt_info(crypt_info); 265 - goto retry; 266 - } 267 - return 0; 268 - 276 + if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL) 277 + crypt_info = NULL; 269 278 out: 270 279 if (res == -ENOKEY) 271 280 res = 0; ··· 267 288 kzfree(raw_key); 268 289 return res; 269 290 } 291 + EXPORT_SYMBOL(fscrypt_get_encryption_info); 270 292 271 293 void fscrypt_put_encryption_info(struct inode *inode, struct fscrypt_info *ci) 272 294 { ··· 285 305 put_crypt_info(ci); 286 306 } 287 307 EXPORT_SYMBOL(fscrypt_put_encryption_info); 288 - 289 - int fscrypt_get_encryption_info(struct inode *inode) 290 - { 291 - struct fscrypt_info *ci = inode->i_crypt_info; 292 - 293 - if (!ci || 294 - (ci->ci_keyring_key && 295 - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | 296 - (1 << KEY_FLAG_REVOKED) | 297 - (1 << KEY_FLAG_DEAD))))) 298 - return fscrypt_get_crypt_info(inode); 299 - return 0; 300 - } 301 - EXPORT_SYMBOL(fscrypt_get_encryption_info);
-7
fs/crypto/policy.c
··· 33 33 const struct fscrypt_policy *policy) 34 34 { 35 35 struct fscrypt_context ctx; 36 - int res; 37 36 38 37 if (!inode->i_sb->s_cop->set_context) 39 38 return -EOPNOTSUPP; 40 - 41 - if (inode->i_sb->s_cop->prepare_context) { 42 - res = inode->i_sb->s_cop->prepare_context(inode); 43 - if (res) 44 - return res; 45 - } 46 39 47 40 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 48 41 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
+4 -6
fs/ext4/super.c
··· 1120 1120 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); 1121 1121 } 1122 1122 1123 - static int ext4_prepare_context(struct inode *inode) 1124 - { 1125 - return ext4_convert_inline_data(inode); 1126 - } 1127 - 1128 1123 static int ext4_set_context(struct inode *inode, const void *ctx, size_t len, 1129 1124 void *fs_data) 1130 1125 { 1131 1126 handle_t *handle = fs_data; 1132 1127 int res, res2, retries = 0; 1128 + 1129 + res = ext4_convert_inline_data(inode); 1130 + if (res) 1131 + return res; 1133 1132 1134 1133 /* 1135 1134 * If a journal handle was specified, then the encryption context is ··· 1195 1196 static const struct fscrypt_operations ext4_cryptops = { 1196 1197 .key_prefix = "ext4:", 1197 1198 .get_context = ext4_get_context, 1198 - .prepare_context = ext4_prepare_context, 1199 1199 .set_context = ext4_set_context, 1200 1200 .dummy_context = ext4_dummy_context, 1201 1201 .is_encrypted = ext4_encrypted_inode,
-1
include/linux/fscrypt_common.h
··· 87 87 unsigned int flags; 88 88 const char *key_prefix; 89 89 int (*get_context)(struct inode *, void *, size_t); 90 - int (*prepare_context)(struct inode *); 91 90 int (*set_context)(struct inode *, const void *, size_t, void *); 92 91 int (*dummy_context)(struct inode *); 93 92 bool (*is_encrypted)(struct inode *);