From: Eric Biggers <ebiggers@kernel.org> To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, Linus Torvalds <torvalds@linux-foundation.org> Subject: [PATCH 1/5] fscrypt: add the test dummy encryption key on-demand Date: Tue, 7 Feb 2023 22:21:03 -0800 [thread overview] Message-ID: <20230208062107.199831-2-ebiggers@kernel.org> (raw) In-Reply-To: <20230208062107.199831-1-ebiggers@kernel.org> From: Eric Biggers <ebiggers@google.com> When the key for an inode is not found but the inode is using the test_dummy_encryption policy, automatically add the test_dummy_encryption key to the filesystem keyring. This eliminates the need for all the individual filesystems to do this at mount time, which is a bit tricky to clean up from on failure. Note: this covers the call to fscrypt_find_master_key() from inode key setup, but not from the fscrypt ioctls. So, this isn't *exactly* the same as the key being present from the very beginning. I think we can tolerate that, though, since the inode key setup caller is the only one that actually matters in the context of test_dummy_encryption. Signed-off-by: Eric Biggers <ebiggers@google.com> --- fs/crypto/fscrypt_private.h | 1 + fs/crypto/keysetup.c | 25 +++++++++++++++++++++++-- fs/crypto/policy.c | 3 +-- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 316a778cec0ff..17dd33d9a522e 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -651,6 +651,7 @@ bool fscrypt_policies_equal(const union fscrypt_policy *policy1, const union fscrypt_policy *policy2); int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy, struct fscrypt_key_specifier *key_spec); +const union fscrypt_policy *fscrypt_get_dummy_policy(struct super_block *sb); bool fscrypt_supported_policy(const union fscrypt_policy *policy_u, const struct inode *inode); int fscrypt_policy_from_context(union fscrypt_policy *policy_u, diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 94757ccd30568..20323c0ba4c5e 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -438,6 +438,7 @@ static int setup_file_encryption_key(struct fscrypt_info *ci, bool need_dirhash_key, struct fscrypt_master_key **mk_ret) { + struct super_block *sb = ci->ci_inode->i_sb; struct fscrypt_key_specifier mk_spec; struct fscrypt_master_key *mk; int err; @@ -450,8 +451,28 @@ static int setup_file_encryption_key(struct fscrypt_info *ci, if (err) return err; - mk = fscrypt_find_master_key(ci->ci_inode->i_sb, &mk_spec); - if (!mk) { + mk = fscrypt_find_master_key(sb, &mk_spec); + if (unlikely(!mk)) { + const union fscrypt_policy *dummy_policy = + fscrypt_get_dummy_policy(sb); + + /* + * Add the test_dummy_encryption key on-demand. In principle, + * it should be added at mount time. Do it here instead so that + * the individual filesystems don't need to worry about adding + * this key at mount time and cleaning up on mount failure. + */ + if (dummy_policy && + fscrypt_policies_equal(dummy_policy, &ci->ci_policy)) { + struct fscrypt_dummy_policy tmp = { dummy_policy }; + + err = fscrypt_add_test_dummy_key(sb, &tmp); + if (err) + return err; + mk = fscrypt_find_master_key(sb, &mk_spec); + } + } + if (unlikely(!mk)) { if (ci->ci_policy.version != FSCRYPT_POLICY_V1) return -ENOKEY; diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 893661b523769..69dca4ff5f488 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -53,8 +53,7 @@ int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy, } } -static const union fscrypt_policy * -fscrypt_get_dummy_policy(struct super_block *sb) +const union fscrypt_policy *fscrypt_get_dummy_policy(struct super_block *sb) { if (!sb->s_cop->get_dummy_policy) return NULL; -- 2.39.1
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org> To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, Linus Torvalds <torvalds@linux-foundation.org>, linux-f2fs-devel@lists.sourceforge.net Subject: [f2fs-dev] [PATCH 1/5] fscrypt: add the test dummy encryption key on-demand Date: Tue, 7 Feb 2023 22:21:03 -0800 [thread overview] Message-ID: <20230208062107.199831-2-ebiggers@kernel.org> (raw) In-Reply-To: <20230208062107.199831-1-ebiggers@kernel.org> From: Eric Biggers <ebiggers@google.com> When the key for an inode is not found but the inode is using the test_dummy_encryption policy, automatically add the test_dummy_encryption key to the filesystem keyring. This eliminates the need for all the individual filesystems to do this at mount time, which is a bit tricky to clean up from on failure. Note: this covers the call to fscrypt_find_master_key() from inode key setup, but not from the fscrypt ioctls. So, this isn't *exactly* the same as the key being present from the very beginning. I think we can tolerate that, though, since the inode key setup caller is the only one that actually matters in the context of test_dummy_encryption. Signed-off-by: Eric Biggers <ebiggers@google.com> --- fs/crypto/fscrypt_private.h | 1 + fs/crypto/keysetup.c | 25 +++++++++++++++++++++++-- fs/crypto/policy.c | 3 +-- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 316a778cec0ff..17dd33d9a522e 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -651,6 +651,7 @@ bool fscrypt_policies_equal(const union fscrypt_policy *policy1, const union fscrypt_policy *policy2); int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy, struct fscrypt_key_specifier *key_spec); +const union fscrypt_policy *fscrypt_get_dummy_policy(struct super_block *sb); bool fscrypt_supported_policy(const union fscrypt_policy *policy_u, const struct inode *inode); int fscrypt_policy_from_context(union fscrypt_policy *policy_u, diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 94757ccd30568..20323c0ba4c5e 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -438,6 +438,7 @@ static int setup_file_encryption_key(struct fscrypt_info *ci, bool need_dirhash_key, struct fscrypt_master_key **mk_ret) { + struct super_block *sb = ci->ci_inode->i_sb; struct fscrypt_key_specifier mk_spec; struct fscrypt_master_key *mk; int err; @@ -450,8 +451,28 @@ static int setup_file_encryption_key(struct fscrypt_info *ci, if (err) return err; - mk = fscrypt_find_master_key(ci->ci_inode->i_sb, &mk_spec); - if (!mk) { + mk = fscrypt_find_master_key(sb, &mk_spec); + if (unlikely(!mk)) { + const union fscrypt_policy *dummy_policy = + fscrypt_get_dummy_policy(sb); + + /* + * Add the test_dummy_encryption key on-demand. In principle, + * it should be added at mount time. Do it here instead so that + * the individual filesystems don't need to worry about adding + * this key at mount time and cleaning up on mount failure. + */ + if (dummy_policy && + fscrypt_policies_equal(dummy_policy, &ci->ci_policy)) { + struct fscrypt_dummy_policy tmp = { dummy_policy }; + + err = fscrypt_add_test_dummy_key(sb, &tmp); + if (err) + return err; + mk = fscrypt_find_master_key(sb, &mk_spec); + } + } + if (unlikely(!mk)) { if (ci->ci_policy.version != FSCRYPT_POLICY_V1) return -ENOKEY; diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 893661b523769..69dca4ff5f488 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -53,8 +53,7 @@ int fscrypt_policy_to_key_spec(const union fscrypt_policy *policy, } } -static const union fscrypt_policy * -fscrypt_get_dummy_policy(struct super_block *sb) +const union fscrypt_policy *fscrypt_get_dummy_policy(struct super_block *sb) { if (!sb->s_cop->get_dummy_policy) return NULL; -- 2.39.1 _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2023-02-08 6:21 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-02-08 6:21 [PATCH 0/5] Add the test_dummy_encryption key on-demand Eric Biggers 2023-02-08 6:21 ` [f2fs-dev] " Eric Biggers 2023-02-08 6:21 ` Eric Biggers [this message] 2023-02-08 6:21 ` [f2fs-dev] [PATCH 1/5] fscrypt: add the test dummy encryption " Eric Biggers 2023-02-08 6:21 ` [PATCH 2/5] ext4: stop calling fscrypt_add_test_dummy_key() Eric Biggers 2023-02-08 6:21 ` [f2fs-dev] " Eric Biggers 2023-02-08 6:21 ` [PATCH 3/5] f2fs: " Eric Biggers 2023-02-08 6:21 ` [f2fs-dev] " Eric Biggers 2023-02-08 6:21 ` [PATCH 4/5] fs/super.c: stop calling fscrypt_destroy_keyring() from __put_super() Eric Biggers 2023-02-08 6:21 ` [f2fs-dev] " Eric Biggers 2023-02-08 6:21 ` [PATCH 5/5] fscrypt: clean up fscrypt_add_test_dummy_key() Eric Biggers 2023-02-08 6:21 ` [f2fs-dev] " Eric Biggers 2023-02-08 15:38 ` [PATCH 0/5] Add the test_dummy_encryption key on-demand Linus Torvalds 2023-02-08 15:38 ` [f2fs-dev] " Linus Torvalds 2023-02-28 1:01 ` patchwork-bot+f2fs 2023-02-28 1:01 ` patchwork-bot+f2fs
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230208062107.199831-2-ebiggers@kernel.org \ --to=ebiggers@kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fscrypt@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.