From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.0 required=3.0 tests=BAYES_00,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F21E6C8301A for ; Thu, 3 Dec 2020 02:23:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A739622201 for ; Thu, 3 Dec 2020 02:23:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729462AbgLCCX2 (ORCPT ); Wed, 2 Dec 2020 21:23:28 -0500 Received: from mail.kernel.org ([198.145.29.99]:48644 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725893AbgLCCX1 (ORCPT ); Wed, 2 Dec 2020 21:23:27 -0500 From: Eric Biggers Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org Subject: [PATCH v2 0/9] Allow deleting files with unsupported encryption policy Date: Wed, 2 Dec 2020 18:20:32 -0800 Message-Id: <20201203022041.230976-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org Currently it's impossible to delete files that use an unsupported encryption policy, as the kernel will just return an error when performing any operation on the top-level encrypted directory, even just a path lookup into the directory or opening the directory for readdir. It's desirable to return errors for most operations on files that use an unsupported encryption policy, but the current behavior is too strict. We need to allow enough to delete files, so that people can't be stuck with undeletable files when downgrading kernel versions. That includes allowing directories to be listed and allowing dentries to be looked up. This series fixes this (on ext4, f2fs, and ubifs) by treating an unsupported encryption policy in the same way as "key unavailable" in the cases that are required for a recursive delete to work. The actual fix is in patch 9, so see that for more details. Patches 1-8 are cleanups that prepare for the actual fix by removing direct use of fscrypt_get_encryption_info() by filesystems. This patchset applies to branch "master" (commit 4a4b8721f1a5) of https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git. Changed since v1: - Made some minor updates to commit messages. - Added Reviewed-by tags. Eric Biggers (9): ext4: remove ext4_dir_open() f2fs: remove f2fs_dir_open() ubifs: remove ubifs_dir_open() ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf() fscrypt: introduce fscrypt_prepare_readdir() fscrypt: move body of fscrypt_prepare_setattr() out-of-line fscrypt: move fscrypt_require_key() to fscrypt_private.h fscrypt: unexport fscrypt_get_encryption_info() fscrypt: allow deleting files with unsupported encryption policy fs/crypto/fname.c | 8 +++- fs/crypto/fscrypt_private.h | 28 ++++++++++++++ fs/crypto/hooks.c | 16 +++++++- fs/crypto/keysetup.c | 20 ++++++++-- fs/crypto/policy.c | 22 +++++++---- fs/ext4/dir.c | 16 ++------ fs/ext4/namei.c | 10 +---- fs/f2fs/dir.c | 10 +---- fs/ubifs/dir.c | 11 +----- include/linux/fscrypt.h | 75 +++++++++++++++++++------------------ 10 files changed, 126 insertions(+), 90 deletions(-) base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de -- 2.29.2 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FCF5C64E7C for ; Thu, 3 Dec 2020 02:23:09 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9314022244; Thu, 3 Dec 2020 02:23:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9314022244 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kkeGy-0001GV-4E; Thu, 03 Dec 2020 02:23:08 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kkeGv-0001GK-LN for linux-f2fs-devel@lists.sourceforge.net; Thu, 03 Dec 2020 02:23:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vedVFNHKKMnQrKdQtENUqBG9S2lmj1uGSaGiAV8HLJ8=; b=ZpbCS8LGOlZb8udfQ6u6uXD3Nw KInwmXjPHJmBSWdyhjOKXgdWfZ41v6a9oOJdmHjWBoVGjMC1ZqYL0S+Apdgos2GvgxE/GhIcvS2ks 8L+7d181qgufcgd1K+5ydqWX0cIOXYUbbnDmRAAzBFcK3r8vp8QtCn9MAr+i3Lgofam0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=vedVFNHKKMnQrKdQtENUqBG9S2lmj1uGSaGiAV8HLJ8=; b=h LYteREhA1jBagFg1auTOibQy7qKmU4Oipt3LDV5gMjFt7oLg0gGE50LG1S5rMxP7PpzbpaVZWshAN nsRWKdA5QGd113WcY9PD14HWZa5l9snDwlZmYhgy03Og9SQxXCDKPI1Vg14CnM9LvsQopI0bo6rM5 QIZvuheDGxcjyP34=; Received: from mail.kernel.org ([198.145.29.99]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kkeGn-00GwaT-2i for linux-f2fs-devel@lists.sourceforge.net; Thu, 03 Dec 2020 02:23:05 +0000 From: Eric Biggers Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: linux-fscrypt@vger.kernel.org Date: Wed, 2 Dec 2020 18:20:32 -0800 Message-Id: <20201203022041.230976-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-Headers-End: 1kkeGn-00GwaT-2i Subject: [f2fs-dev] [PATCH v2 0/9] Allow deleting files with unsupported encryption policy X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-mtd@lists.infradead.org, linux-f2fs-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net Currently it's impossible to delete files that use an unsupported encryption policy, as the kernel will just return an error when performing any operation on the top-level encrypted directory, even just a path lookup into the directory or opening the directory for readdir. It's desirable to return errors for most operations on files that use an unsupported encryption policy, but the current behavior is too strict. We need to allow enough to delete files, so that people can't be stuck with undeletable files when downgrading kernel versions. That includes allowing directories to be listed and allowing dentries to be looked up. This series fixes this (on ext4, f2fs, and ubifs) by treating an unsupported encryption policy in the same way as "key unavailable" in the cases that are required for a recursive delete to work. The actual fix is in patch 9, so see that for more details. Patches 1-8 are cleanups that prepare for the actual fix by removing direct use of fscrypt_get_encryption_info() by filesystems. This patchset applies to branch "master" (commit 4a4b8721f1a5) of https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git. Changed since v1: - Made some minor updates to commit messages. - Added Reviewed-by tags. Eric Biggers (9): ext4: remove ext4_dir_open() f2fs: remove f2fs_dir_open() ubifs: remove ubifs_dir_open() ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf() fscrypt: introduce fscrypt_prepare_readdir() fscrypt: move body of fscrypt_prepare_setattr() out-of-line fscrypt: move fscrypt_require_key() to fscrypt_private.h fscrypt: unexport fscrypt_get_encryption_info() fscrypt: allow deleting files with unsupported encryption policy fs/crypto/fname.c | 8 +++- fs/crypto/fscrypt_private.h | 28 ++++++++++++++ fs/crypto/hooks.c | 16 +++++++- fs/crypto/keysetup.c | 20 ++++++++-- fs/crypto/policy.c | 22 +++++++---- fs/ext4/dir.c | 16 ++------ fs/ext4/namei.c | 10 +---- fs/f2fs/dir.c | 10 +---- fs/ubifs/dir.c | 11 +----- include/linux/fscrypt.h | 75 +++++++++++++++++++------------------ 10 files changed, 126 insertions(+), 90 deletions(-) base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de -- 2.29.2 _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06DCDC83019 for ; Thu, 3 Dec 2020 02:24:12 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8485421D91 for ; Thu, 3 Dec 2020 02:24:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8485421D91 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=l0a2aMZWyvnCyh+MNhggtUGS1lRcOnCvaV9G7QOks3Y=; b=r04JNFgVcVZa7caYORQ2P3XoKY V8jN6T+s5MHbxTF786IV3E/K/LGCd1hLLEj8yR1CdMPG2W96YoK2vz4+ui3FQW2vxVq5sVz46ekeo rvLjDAQ57JjfmUHRKRQqPP75vpL/4gaceD+qRS4g2KUzxBm58oy+YphIsUmXXa4TzoEyzPHURiGPf ai1L7hSSQJeJOGDIw59hKTd2oRdzWMkf0zNFNqWPpk7MkW5oU8lilVG3DHZ5zsUtK+4lyid6P9qbZ m1c6dUXgJJ1wmdZyTYjXaZ6h/wd+TDpV8R8GN1VUUE9r9klkU9vJ+n0KsHyKru+Pkjah+Ag/WBW4t dQ1TUIAQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kkeGi-00079h-HP; Thu, 03 Dec 2020 02:22:52 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kkeGe-00076z-J3 for linux-mtd@lists.infradead.org; Thu, 03 Dec 2020 02:22:49 +0000 From: Eric Biggers Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: linux-fscrypt@vger.kernel.org Subject: [PATCH v2 0/9] Allow deleting files with unsupported encryption policy Date: Wed, 2 Dec 2020 18:20:32 -0800 Message-Id: <20201203022041.230976-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201202_212248_716781_F15BF2C0 X-CRM114-Status: UNSURE ( 8.50 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-mtd@lists.infradead.org, linux-f2fs-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org Currently it's impossible to delete files that use an unsupported encryption policy, as the kernel will just return an error when performing any operation on the top-level encrypted directory, even just a path lookup into the directory or opening the directory for readdir. It's desirable to return errors for most operations on files that use an unsupported encryption policy, but the current behavior is too strict. We need to allow enough to delete files, so that people can't be stuck with undeletable files when downgrading kernel versions. That includes allowing directories to be listed and allowing dentries to be looked up. This series fixes this (on ext4, f2fs, and ubifs) by treating an unsupported encryption policy in the same way as "key unavailable" in the cases that are required for a recursive delete to work. The actual fix is in patch 9, so see that for more details. Patches 1-8 are cleanups that prepare for the actual fix by removing direct use of fscrypt_get_encryption_info() by filesystems. This patchset applies to branch "master" (commit 4a4b8721f1a5) of https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git. Changed since v1: - Made some minor updates to commit messages. - Added Reviewed-by tags. Eric Biggers (9): ext4: remove ext4_dir_open() f2fs: remove f2fs_dir_open() ubifs: remove ubifs_dir_open() ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf() fscrypt: introduce fscrypt_prepare_readdir() fscrypt: move body of fscrypt_prepare_setattr() out-of-line fscrypt: move fscrypt_require_key() to fscrypt_private.h fscrypt: unexport fscrypt_get_encryption_info() fscrypt: allow deleting files with unsupported encryption policy fs/crypto/fname.c | 8 +++- fs/crypto/fscrypt_private.h | 28 ++++++++++++++ fs/crypto/hooks.c | 16 +++++++- fs/crypto/keysetup.c | 20 ++++++++-- fs/crypto/policy.c | 22 +++++++---- fs/ext4/dir.c | 16 ++------ fs/ext4/namei.c | 10 +---- fs/f2fs/dir.c | 10 +---- fs/ubifs/dir.c | 11 +----- include/linux/fscrypt.h | 75 +++++++++++++++++++------------------ 10 files changed, 126 insertions(+), 90 deletions(-) base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de -- 2.29.2 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/