From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Michael Halcrow <mhalcrow@google.com>,
Eric Biggers <ebiggers@google.com>
Subject: [PATCH 09/25] fscrypt: new helper function - fscrypt_prepare_lookup()
Date: Wed, 20 Sep 2017 15:45:49 -0700 [thread overview]
Message-ID: <20170920224605.22030-10-ebiggers3@gmail.com> (raw)
In-Reply-To: <20170920224605.22030-1-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Introduce a helper function which prepares to look up the given dentry
in the given directory. If the directory is encrypted, it handles
loading the directory's encryption key, setting the dentry's ->d_op to
fscrypt_d_ops, and setting DCACHE_ENCRYPTED_WITH_KEY if the directory's
encryption key is available.
Note: once all filesystems switch over to this, we'll be able to move
fscrypt_d_ops and fscrypt_set_encrypted_dentry() to fscrypt_private.h.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/crypto/hooks.c | 18 ++++++++++++++++++
include/linux/fscrypt_notsupp.h | 9 +++++++++
include/linux/fscrypt_supp.h | 30 ++++++++++++++++++++++++++++++
3 files changed, 57 insertions(+)
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c
index 822cb78f9b45..9f5fb2eb9cf7 100644
--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -92,3 +92,21 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
return 0;
}
EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename);
+
+int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry)
+{
+ int err = fscrypt_get_encryption_info(dir);
+
+ if (err)
+ return err;
+
+ if (fscrypt_has_encryption_key(dir)) {
+ spin_lock(&dentry->d_lock);
+ dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY;
+ spin_unlock(&dentry->d_lock);
+ }
+
+ d_set_d_op(dentry, &fscrypt_d_ops);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup);
diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h
index a88a2959cd8c..e9b437605f9c 100644
--- a/include/linux/fscrypt_notsupp.h
+++ b/include/linux/fscrypt_notsupp.h
@@ -209,4 +209,13 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
return 0;
}
+static inline int fscrypt_prepare_lookup(struct inode *dir,
+ struct dentry *dentry,
+ unsigned int flags)
+{
+ if (IS_ENCRYPTED(dir))
+ return -EOPNOTSUPP;
+ return 0;
+}
+
#endif /* _LINUX_FSCRYPT_NOTSUPP_H */
diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h
index fa062d41b39a..2b99bc01c59b 100644
--- a/include/linux/fscrypt_supp.h
+++ b/include/linux/fscrypt_supp.h
@@ -240,4 +240,34 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
return 0;
}
+extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry);
+
+/**
+ * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
+ * @dir: directory being searched
+ * @dentry: filename being looked up
+ * @flags: lookup flags
+ *
+ * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
+ * done with or without the directory's encryption key; without the key,
+ * filenames are presented in encrypted form. Therefore, we'll try to set up
+ * the directory's encryption key, but even without it the lookup can continue.
+ *
+ * To allow invalidating stale dentries if the directory's encryption key is
+ * added later, we also install a custom ->d_revalidate() method and use the
+ * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
+ * plaintext name (flag set) or a ciphertext name (flag cleared).
+ *
+ * Return: 0 on success, -errno if a problem occurred while setting up the
+ * encryption key
+ */
+static inline int fscrypt_prepare_lookup(struct inode *dir,
+ struct dentry *dentry,
+ unsigned int flags)
+{
+ if (IS_ENCRYPTED(dir))
+ return __fscrypt_prepare_lookup(dir, dentry);
+ return 0;
+}
+
#endif /* _LINUX_FSCRYPT_SUPP_H */
--
2.14.1.821.g8fa685d3b7-goog
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>,
Eric Biggers <ebiggers@google.com>,
Michael Halcrow <mhalcrow@google.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-ext4@vger.kernel.org
Subject: [PATCH 09/25] fscrypt: new helper function - fscrypt_prepare_lookup()
Date: Wed, 20 Sep 2017 15:45:49 -0700 [thread overview]
Message-ID: <20170920224605.22030-10-ebiggers3@gmail.com> (raw)
In-Reply-To: <20170920224605.22030-1-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
Introduce a helper function which prepares to look up the given dentry
in the given directory. If the directory is encrypted, it handles
loading the directory's encryption key, setting the dentry's ->d_op to
fscrypt_d_ops, and setting DCACHE_ENCRYPTED_WITH_KEY if the directory's
encryption key is available.
Note: once all filesystems switch over to this, we'll be able to move
fscrypt_d_ops and fscrypt_set_encrypted_dentry() to fscrypt_private.h.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/crypto/hooks.c | 18 ++++++++++++++++++
include/linux/fscrypt_notsupp.h | 9 +++++++++
include/linux/fscrypt_supp.h | 30 ++++++++++++++++++++++++++++++
3 files changed, 57 insertions(+)
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c
index 822cb78f9b45..9f5fb2eb9cf7 100644
--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -92,3 +92,21 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
return 0;
}
EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename);
+
+int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry)
+{
+ int err = fscrypt_get_encryption_info(dir);
+
+ if (err)
+ return err;
+
+ if (fscrypt_has_encryption_key(dir)) {
+ spin_lock(&dentry->d_lock);
+ dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY;
+ spin_unlock(&dentry->d_lock);
+ }
+
+ d_set_d_op(dentry, &fscrypt_d_ops);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup);
diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h
index a88a2959cd8c..e9b437605f9c 100644
--- a/include/linux/fscrypt_notsupp.h
+++ b/include/linux/fscrypt_notsupp.h
@@ -209,4 +209,13 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
return 0;
}
+static inline int fscrypt_prepare_lookup(struct inode *dir,
+ struct dentry *dentry,
+ unsigned int flags)
+{
+ if (IS_ENCRYPTED(dir))
+ return -EOPNOTSUPP;
+ return 0;
+}
+
#endif /* _LINUX_FSCRYPT_NOTSUPP_H */
diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h
index fa062d41b39a..2b99bc01c59b 100644
--- a/include/linux/fscrypt_supp.h
+++ b/include/linux/fscrypt_supp.h
@@ -240,4 +240,34 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
return 0;
}
+extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry);
+
+/**
+ * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
+ * @dir: directory being searched
+ * @dentry: filename being looked up
+ * @flags: lookup flags
+ *
+ * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be
+ * done with or without the directory's encryption key; without the key,
+ * filenames are presented in encrypted form. Therefore, we'll try to set up
+ * the directory's encryption key, but even without it the lookup can continue.
+ *
+ * To allow invalidating stale dentries if the directory's encryption key is
+ * added later, we also install a custom ->d_revalidate() method and use the
+ * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a
+ * plaintext name (flag set) or a ciphertext name (flag cleared).
+ *
+ * Return: 0 on success, -errno if a problem occurred while setting up the
+ * encryption key
+ */
+static inline int fscrypt_prepare_lookup(struct inode *dir,
+ struct dentry *dentry,
+ unsigned int flags)
+{
+ if (IS_ENCRYPTED(dir))
+ return __fscrypt_prepare_lookup(dir, dentry);
+ return 0;
+}
+
#endif /* _LINUX_FSCRYPT_SUPP_H */
--
2.14.1.821.g8fa685d3b7-goog
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-09-20 22:45 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-20 22:45 [PATCH 00/25] fscrypt: add some higher-level helper functions Eric Biggers
2017-09-20 22:45 ` [PATCH 01/25] fs, fscrypt: add an S_ENCRYPTED inode flag Eric Biggers
2017-09-20 22:45 ` [PATCH 02/25] fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 03/25] fscrypt: remove ->is_encrypted() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 04/25] fscrypt: remove unneeded empty fscrypt_operations structs Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 05/25] fscrypt: new helper function - fscrypt_require_key() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 06/25] fscrypt: new helper function - fscrypt_file_open() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 07/25] fscrypt: new helper function - fscrypt_prepare_link() Eric Biggers
2017-09-20 22:45 ` [PATCH 08/25] fscrypt: new helper function - fscrypt_prepare_rename() Eric Biggers
2017-09-20 22:45 ` Eric Biggers [this message]
2017-09-20 22:45 ` [PATCH 09/25] fscrypt: new helper function - fscrypt_prepare_lookup() Eric Biggers
2017-09-20 22:45 ` [PATCH 10/25] fscrypt: new helper function - fscrypt_prepare_setattr() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 11/25] ext4: switch to fscrypt_file_open() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 12/25] ext4: switch to fscrypt_prepare_link() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 13/25] ext4: switch to fscrypt_prepare_rename() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 14/25] ext4: switch to fscrypt_prepare_lookup() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 15/25] ext4: switch to fscrypt_prepare_setattr() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 16/25] f2fs: switch to fscrypt_file_open() Eric Biggers
2017-09-20 22:45 ` [PATCH 17/25] f2fs: switch to fscrypt_prepare_link() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:45 ` [PATCH 18/25] f2fs: switch to fscrypt_prepare_rename() Eric Biggers
2017-09-20 22:45 ` [PATCH 19/25] f2fs: switch to fscrypt_prepare_lookup() Eric Biggers
2017-09-20 22:45 ` Eric Biggers
2017-09-20 22:46 ` [PATCH 20/25] f2fs: switch to fscrypt_prepare_setattr() Eric Biggers
2017-09-20 22:46 ` Eric Biggers
2017-09-20 22:46 ` [PATCH 21/25] ubifs: switch to fscrypt_file_open() Eric Biggers
2017-09-20 22:46 ` Eric Biggers
2017-09-20 22:46 ` [PATCH 22/25] ubifs: switch to fscrypt_prepare_link() Eric Biggers
2017-09-20 22:46 ` Eric Biggers
2017-09-20 22:46 ` [PATCH 23/25] ubifs: switch to fscrypt_prepare_rename() Eric Biggers
2017-09-20 22:46 ` Eric Biggers
2017-09-20 22:46 ` [PATCH 24/25] ubifs: switch to fscrypt_prepare_lookup() Eric Biggers
2017-09-20 22:46 ` [PATCH 25/25] ubifs: switch to fscrypt_prepare_setattr() Eric Biggers
2017-09-21 6:45 ` [PATCH 00/25] fscrypt: add some higher-level helper functions Dave Chinner
2017-09-21 17:47 ` Eric Biggers
2017-09-21 20:48 ` Dave Chinner
2017-09-21 14:19 ` [f2fs-dev] " Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170920224605.22030-10-ebiggers3@gmail.com \
--to=ebiggers3@gmail.com \
--cc=ebiggers@google.com \
--cc=jaegeuk@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.