From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BAC8C4360F for ; Sun, 17 Mar 2019 20:07:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 09BDD21741 for ; Sun, 17 Mar 2019 20:07:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552853245; bh=hl2rdke2dF46rBeCelfCcRBHtrXDX7oT7cNW2Sq/1uc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=SGPaqx1ZDKtGAK0tpCzLUp38jA+AF+FE2g6TkhKGFR8Jp7ueYebrUHtBH/8rVdl+A itT66IrarZoEvFrV002N+f79+TyPQx+dFYET7uKAWAcgy4cl4iCjQ3Cxl3PEpgOwmg AIXb/CdlaEBS6VhyP2UQJ6aDacvV/mi3kneDvtY0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727524AbfCQUHX (ORCPT ); Sun, 17 Mar 2019 16:07:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:56086 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727452AbfCQUHP (ORCPT ); Sun, 17 Mar 2019 16:07:15 -0400 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 17EF22184C; Sun, 17 Mar 2019 20:07:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552853234; bh=hl2rdke2dF46rBeCelfCcRBHtrXDX7oT7cNW2Sq/1uc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vPGW0vZyUdX3cdN0YRxvFiYGJNJj9mC/CU+whCHhyO3iIWzoUta7bNCyxL988f5w6 UX6WZp/1OeBPTrRrBf3gWOoajvowQQDMZRi9jBnXgqNykzW4i8DnAzxYcVaF9RVyWa 0kYOYjIDCnmUv4SdvvyTvYu7yUezgPI1nWleACP4= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-unionfs@vger.kernel.org, Sarthak Kukreti , Gao Xiang Subject: [PATCH 4/5] fscrypt: only set dentry_operations on ciphertext dentries Date: Sun, 17 Mar 2019 13:04:43 -0700 Message-Id: <20190317200444.5967-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190317200444.5967-1-ebiggers@kernel.org> References: <20190317200444.5967-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Plaintext dentries are always valid, so only set fscrypt_d_ops on ciphertext dentries. Besides marginally improved performance, this allows overlayfs to use an fscrypt-encrypted upperdir, provided that all the following are true: (1) The fscrypt encryption key is placed in the keyring before mounting overlayfs, and remains while the overlayfs is mounted. (2) The workdir uses the same encryption policy. (3) No dentries for the ciphertext names of subdirectories have been created in the upperdir or workdir yet. (Since otherwise d_splice_alias() will reuse the old dentry with ->d_op set.) One potential use case is using an ephemeral encryption key to encrypt all files created or changed by a container, so that they can be securely erased ("crypto-shredded") after the container stops. Signed-off-by: Eric Biggers --- fs/crypto/hooks.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 2e7498a821a4..9d8910e86ee5 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -115,9 +115,8 @@ int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry) spin_lock(&dentry->d_lock); dentry->d_flags |= DCACHE_ENCRYPTED_NAME; spin_unlock(&dentry->d_lock); + d_set_d_op(dentry, &fscrypt_d_ops); } - - d_set_d_op(dentry, &fscrypt_d_ops); return 0; } EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); -- 2.21.0