From: Daniel Rosenberg <drosen@google.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
linux-ext4@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
Chao Yu <chao@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net,
Eric Biggers <ebiggers@kernel.org>,
linux-fscrypt@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>,
kernel-team@android.com, Daniel Rosenberg <drosen@google.com>
Subject: [PATCH v3 2/9] fscrypt: Don't allow v1 policies with casefolding
Date: Fri, 17 Jan 2020 13:42:39 -0800 [thread overview]
Message-ID: <20200117214246.235591-3-drosen@google.com> (raw)
In-Reply-To: <20200117214246.235591-1-drosen@google.com>
Casefolding currently requires a derived key for computing the siphash.
This is available for v2 policies, but not v1, so we disallow it for v1.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
fs/crypto/policy.c | 28 ++++++++++++++++++++++++++++
fs/inode.c | 3 ++-
include/linux/fscrypt.h | 11 +++++++++++
3 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index f1cff83c151ac..2cd9a940d8f46 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,
policy->filenames_encryption_mode))
return false;
+ if (IS_CASEFOLDED(inode)) {
+ fscrypt_warn(inode,
+ "v1 policy does not support casefolded directories");
+ return false;
+ }
+
return true;
}
@@ -579,3 +585,25 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
return preload ? fscrypt_get_encryption_info(child): 0;
}
EXPORT_SYMBOL(fscrypt_inherit_context);
+
+int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags)
+{
+ union fscrypt_policy policy;
+ int err;
+
+ /*
+ * When a directory is encrypted, the CASEFOLD flag can only be turned
+ * on if the fscrypt policy supports it.
+ */
+ if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
+ err = fscrypt_get_policy(inode, &policy);
+ if (err)
+ return err;
+ if (policy.version != FSCRYPT_POLICY_V2)
+ return -EINVAL;
+ }
+
+ return 0;
+}
diff --git a/fs/inode.c b/fs/inode.c
index 96d62d97694ef..8f6267858d0c1 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -20,6 +20,7 @@
#include <linux/ratelimit.h>
#include <linux/list_lru.h>
#include <linux/iversion.h>
+#include <linux/fscrypt.h>
#include <trace/events/writeback.h>
#include "internal.h"
@@ -2252,7 +2253,7 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
!capable(CAP_LINUX_IMMUTABLE))
return -EPERM;
- return 0;
+ return fscrypt_ioc_setflags_prepare(inode, oldflags, flags);
}
EXPORT_SYMBOL(vfs_ioc_setflags_prepare);
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 1dfbed855beeb..2c292f19c6b94 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -142,6 +142,10 @@ extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
extern int fscrypt_inherit_context(struct inode *, struct inode *,
void *, bool);
+extern int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags);
+
/* keyring.c */
extern void fscrypt_sb_free(struct super_block *sb);
extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
@@ -383,6 +387,13 @@ static inline int fscrypt_inherit_context(struct inode *parent,
return -EOPNOTSUPP;
}
+static inline int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags)
+{
+ return 0;
+}
+
/* keyring.c */
static inline void fscrypt_sb_free(struct super_block *sb)
{
--
2.25.0.341.g760bfbb309-goog
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Rosenberg via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: "Theodore Ts'o" <tytso@mit.edu>,
linux-ext4@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
Chao Yu <chao@kernel.org>,
linux-f2fs-devel@lists.sourceforge.net,
Eric Biggers <ebiggers@kernel.org>,
linux-fscrypt@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Daniel Rosenberg <drosen@google.com>,
linux-doc@vger.kernel.org, kernel-team@android.com,
Jonathan Corbet <corbet@lwn.net>,
linux-kernel@vger.kernel.org,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>
Subject: [f2fs-dev] [PATCH v3 2/9] fscrypt: Don't allow v1 policies with casefolding
Date: Fri, 17 Jan 2020 13:42:39 -0800 [thread overview]
Message-ID: <20200117214246.235591-3-drosen@google.com> (raw)
In-Reply-To: <20200117214246.235591-1-drosen@google.com>
Casefolding currently requires a derived key for computing the siphash.
This is available for v2 policies, but not v1, so we disallow it for v1.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
fs/crypto/policy.c | 28 ++++++++++++++++++++++++++++
fs/inode.c | 3 ++-
include/linux/fscrypt.h | 11 +++++++++++
3 files changed, 41 insertions(+), 1 deletion(-)
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index f1cff83c151ac..2cd9a940d8f46 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,
policy->filenames_encryption_mode))
return false;
+ if (IS_CASEFOLDED(inode)) {
+ fscrypt_warn(inode,
+ "v1 policy does not support casefolded directories");
+ return false;
+ }
+
return true;
}
@@ -579,3 +585,25 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
return preload ? fscrypt_get_encryption_info(child): 0;
}
EXPORT_SYMBOL(fscrypt_inherit_context);
+
+int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags)
+{
+ union fscrypt_policy policy;
+ int err;
+
+ /*
+ * When a directory is encrypted, the CASEFOLD flag can only be turned
+ * on if the fscrypt policy supports it.
+ */
+ if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
+ err = fscrypt_get_policy(inode, &policy);
+ if (err)
+ return err;
+ if (policy.version != FSCRYPT_POLICY_V2)
+ return -EINVAL;
+ }
+
+ return 0;
+}
diff --git a/fs/inode.c b/fs/inode.c
index 96d62d97694ef..8f6267858d0c1 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -20,6 +20,7 @@
#include <linux/ratelimit.h>
#include <linux/list_lru.h>
#include <linux/iversion.h>
+#include <linux/fscrypt.h>
#include <trace/events/writeback.h>
#include "internal.h"
@@ -2252,7 +2253,7 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
!capable(CAP_LINUX_IMMUTABLE))
return -EPERM;
- return 0;
+ return fscrypt_ioc_setflags_prepare(inode, oldflags, flags);
}
EXPORT_SYMBOL(vfs_ioc_setflags_prepare);
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 1dfbed855beeb..2c292f19c6b94 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -142,6 +142,10 @@ extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
extern int fscrypt_inherit_context(struct inode *, struct inode *,
void *, bool);
+extern int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags);
+
/* keyring.c */
extern void fscrypt_sb_free(struct super_block *sb);
extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
@@ -383,6 +387,13 @@ static inline int fscrypt_inherit_context(struct inode *parent,
return -EOPNOTSUPP;
}
+static inline int fscrypt_ioc_setflags_prepare(struct inode *inode,
+ unsigned int oldflags,
+ unsigned int flags)
+{
+ return 0;
+}
+
/* keyring.c */
static inline void fscrypt_sb_free(struct super_block *sb)
{
--
2.25.0.341.g760bfbb309-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2020-01-17 21:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-17 21:42 [PATCH v3 0/9] Support for Casefolding and Encryption Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 1/9] fscrypt: Add siphash and hash key for policy v2 Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` Daniel Rosenberg [this message]
2020-01-17 21:42 ` [f2fs-dev] [PATCH v3 2/9] fscrypt: Don't allow v1 policies with casefolding Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 3/9] fscrypt: Change format of no-key token Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 4/9] fscrypt: Only create hash key when needed Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 5/9] vfs: Fold casefolding into vfs Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-20 1:35 ` Al Viro
2020-01-20 1:35 ` [f2fs-dev] " Al Viro
2020-01-24 4:30 ` Daniel Rosenberg
2020-01-24 4:30 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 6/9] f2fs: Handle casefolding with Encryption Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 7/9] ext4: Use struct super_blocks' casefold data Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 8/9] ext4: Hande casefolding with encryption Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-17 21:42 ` [PATCH v3 9/9] ext4: Optimize match for casefolded encrypted dirs Daniel Rosenberg
2020-01-17 21:42 ` [f2fs-dev] " Daniel Rosenberg via Linux-f2fs-devel
2020-01-20 4:52 ` [PATCH v3 0/9] Support for Casefolding and Encryption Eric Biggers
2020-01-20 4:52 ` [f2fs-dev] " Eric Biggers
2020-01-20 22:10 ` Eric Biggers
2020-01-20 22:10 ` [f2fs-dev] " Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200117214246.235591-3-drosen@google.com \
--to=drosen@google.com \
--cc=adilger.kernel@dilger.ca \
--cc=chao@kernel.org \
--cc=corbet@lwn.net \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=kernel-team@android.com \
--cc=krisman@collabora.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.