From: Eric Biggers <ebiggers@kernel.org>
To: Daniel Rosenberg <drosen@google.com>
Cc: linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>,
kernel-team@android.com
Subject: Re: [PATCH v2 2/3] fscrypt: Don't allow v1 policies with casefolding
Date: Mon, 6 Jan 2020 19:35:02 -0800 [thread overview]
Message-ID: <20200107033502.GC705@sol.localdomain> (raw)
In-Reply-To: <20200107023323.38394-3-drosen@google.com>
On Mon, Jan 06, 2020 at 06:33:22PM -0800, Daniel Rosenberg wrote:
> Casefolding currently requires a derived key for computing the siphash.
> This is available for v2 policies, but not v1, so we disallow it for v1.
>
> Signed-off-by: Daniel Rosenberg <drosen@google.com>
> ---
> fs/crypto/keysetup.c | 7 ++++---
> fs/crypto/policy.c | 39 +++++++++++++++++++++++++++++++++++++++
> fs/inode.c | 7 +++++++
> include/linux/fscrypt.h | 11 +++++++++++
> 4 files changed, 61 insertions(+), 3 deletions(-)
>
> diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
> index c1bd897c9310..7445ab76e0b3 100644
> --- a/fs/crypto/keysetup.c
> +++ b/fs/crypto/keysetup.c
> @@ -224,10 +224,11 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
> FS_KEY_DERIVATION_NONCE_SIZE,
> (u8 *)&ci->ci_hash_key,
> sizeof(ci->ci_hash_key));
> - if (!err)
> - ci->ci_hash_key_initialized = true;
> + if (err)
> + return err;
> + ci->ci_hash_key_initialized = true;
> }
> - return err;
> + return 0;
> }
This part should be folded into patch 1.
>
> /*
> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> index f1cff83c151a..9e937cfa732c 100644
> --- a/fs/crypto/policy.c
> +++ b/fs/crypto/policy.c
> @@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,
> policy->filenames_encryption_mode))
> return false;
>
> + if (IS_CASEFOLDED(inode)) {
> + fscrypt_warn(inode,
> + "v1 policy does not support casefolded directories");
> + return false;
> + }
> +
> return true;
> }
>
> @@ -579,3 +585,36 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
> return preload ? fscrypt_get_encryption_info(child): 0;
> }
> EXPORT_SYMBOL(fscrypt_inherit_context);
> +
> +static int fscrypt_set_casefolding_allowed(struct inode *inode)
> +{
> + union fscrypt_policy policy;
> + int err = fscrypt_get_policy(inode, &policy);
> +
> + if (err)
> + return err;
> +
> + if (policy.version != FSCRYPT_POLICY_V2)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +int fscrypt_ioc_setflags_prepare(struct inode *inode,
> + unsigned int oldflags,
> + unsigned int flags)
> +{
> + int err;
> +
> + /*
> + * When a directory is encrypted, the CASEFOLD flag can only be turned
> + * on if the fscrypt policy supports it.
> + */
> + if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
> + err = fscrypt_set_casefolding_allowed(inode);
> + if (err)
> + return err;
> + }
> +
> + return 0;
> +}
There's not really any point to the fscrypt_set_casefolding_allowed() function.
It can just be folded into fscrypt_ioc_setflags_prepare():
int fscrypt_ioc_setflags_prepare(struct inode *inode,
unsigned int oldflags,
unsigned int flags)
{
union fscrypt_policy policy;
int err;
/*
* When a directory is encrypted, the CASEFOLD flag can only be turned
* on if the fscrypt policy supports it.
*/
if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
err = fscrypt_get_policy(inode, &policy);
if (err)
return err;
if (policy.version != FSCRYPT_POLICY_V2)
return -EINVAL;
}
return 0;
}
> @@ -2242,6 +2243,8 @@ EXPORT_SYMBOL(current_time);
> int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
> unsigned int flags)
> {
> + int err;
> +
> /*
> * The IMMUTABLE and APPEND_ONLY flags can only be changed by
> * the relevant capability.
> @@ -2252,6 +2255,10 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
> !capable(CAP_LINUX_IMMUTABLE))
> return -EPERM;
>
> + err = fscrypt_ioc_setflags_prepare(inode, oldflags, flags);
> + if (err)
> + return err;
> +
> return 0;
> }
Can just do 'return fscrypt_ioc_setflags_prepare(inode, oldflags, flags);'
- Eric
next prev parent reply other threads:[~2020-01-07 3:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 2:33 [PATCH v2 0/3] Fscrypt support for casefolded encryption Daniel Rosenberg
2020-01-07 2:33 ` [PATCH v2 1/3] fscrypt: Add siphash and hash key for policy v2 Daniel Rosenberg
2020-01-07 4:02 ` Eric Biggers
2020-01-07 2:33 ` [PATCH v2 2/3] fscrypt: Don't allow v1 policies with casefolding Daniel Rosenberg
2020-01-07 3:35 ` Eric Biggers [this message]
2020-01-07 2:33 ` [PATCH v2 3/3] fscrypt: Change format of no-key token Daniel Rosenberg
2020-01-08 22:07 ` Eric Biggers
2020-01-07 3:26 ` [PATCH v2 0/3] Fscrypt support for casefolded encryption Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200107033502.GC705@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=drosen@google.com \
--cc=kernel-team@android.com \
--cc=krisman@collabora.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.