From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org, kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v3 11/11] fscrypt: factor helper for locking master key
Date: Tue, 18 Apr 2023 13:04:48 -0400 [thread overview]
Message-ID: <0624b444f5a952f27b9de209f28ce3c3387e2f35.1681837335.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1681837335.git.sweettea-kernel@dorminy.me>
When keys are prepared at the point of use, using a pooled prepared key,
we'll need to lock and check the existence of the master key secret in
multiple places. So go on and factor out the helper.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
fs/crypto/keysetup.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index 55c416df6a71..9cd60e09b0c5 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -106,6 +106,17 @@ select_encryption_mode(const union fscrypt_policy *policy,
return ERR_PTR(-EINVAL);
}
+static int lock_master_key(struct fscrypt_master_key *mk)
+{
+ down_read(&mk->mk_sem);
+
+ /* Has the secret been removed (via FS_IOC_REMOVE_ENCRYPTION_KEY)? */
+ if (!is_master_key_secret_present(&mk->mk_secret))
+ return -ENOKEY;
+
+ return 0;
+}
+
/*
* Prepare the crypto transform object or blk-crypto key in @prep_key, given the
* raw key, encryption mode (@ci->ci_mode), flag indicating which encryption
@@ -569,13 +580,10 @@ static int find_and_lock_master_key(const struct fscrypt_info *ci,
*mk_ret = NULL;
return 0;
}
- down_read(&mk->mk_sem);
- /* Has the secret been removed (via FS_IOC_REMOVE_ENCRYPTION_KEY)? */
- if (!is_master_key_secret_present(&mk->mk_secret)) {
- err = -ENOKEY;
+ err = lock_master_key(mk);
+ if (err)
goto out_release_key;
- }
if (!fscrypt_valid_master_key_size(mk, ci)) {
err = -ENOKEY;
--
2.40.0
prev parent reply other threads:[~2023-04-18 17:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-18 17:04 [PATCH 01/11] fscrypt: move inline crypt decision to info setup Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 02/11] fscrypt: split and rename setup_file_encryption_key() Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 03/11] fscrypt: split setup_per_mode_enc_key() Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 04/11] fscrypt: move dirhash key setup away from IO key setup Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 05/11] fscrypt: reduce special-casing of IV_INO_LBLK_32 Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 06/11] fscrypt: make infos have a pointer to prepared keys Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 07/11] fscrypt: move all the shared mode key setup deeper Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 08/11] fscrypt: make prepared keys record their type Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 09/11] fscrypt: lock every time a info needs a mode key Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 10/11] fscrypt: split key alloc and preparation Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH 11/11] fscrypt: factor helper for locking master key Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 00/11] fscrypt: rearrangements preliminary to extent encryption Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 01/11] fscrypt: move inline crypt decision to info setup Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 02/11] fscrypt: split and rename setup_file_encryption_key() Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 03/11] fscrypt: split setup_per_mode_enc_key() Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 04/11] fscrypt: move dirhash key setup away from IO key setup Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 05/11] fscrypt: reduce special-casing of IV_INO_LBLK_32 Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 06/11] fscrypt: make infos have a pointer to prepared keys Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 07/11] fscrypt: move all the shared mode key setup deeper Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 08/11] fscrypt: make prepared keys record their type Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 09/11] fscrypt: lock every time a info needs a mode key Sweet Tea Dorminy
2023-04-18 17:04 ` [PATCH v3 10/11] fscrypt: split key alloc and preparation Sweet Tea Dorminy
2023-04-18 17:04 ` Sweet Tea Dorminy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0624b444f5a952f27b9de209f28ce3c3387e2f35.1681837335.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=kernel-team@meta.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.