From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 0/9] Allow deleting files with unsupported encryption policy
Date: Wed, 2 Dec 2020 13:07:53 -0800 [thread overview]
Message-ID: <X8gCKTx96rXUMh0i@gmail.com> (raw)
In-Reply-To: <20201125002336.274045-1-ebiggers@kernel.org>
On Tue, Nov 24, 2020 at 04:23:27PM -0800, Eric Biggers wrote:
> Currently it's impossible to delete files that use an unsupported
> encryption policy, as the kernel will just return an error when
> performing any operation on the top-level encrypted directory, even just
> a path lookup into the directory or opening the directory for readdir.
>
> It's desirable to return errors for most operations on files that use an
> unsupported encryption policy, but the current behavior is too strict.
> We need to allow enough to delete files, so that people can't be stuck
> with undeletable files when downgrading kernel versions. That includes
> allowing directories to be listed and allowing dentries to be looked up.
>
> This series fixes this (on ext4, f2fs, and ubifs) by treating an
> unsupported encryption policy in the same way as "key unavailable" in
> the cases that are required for a recursive delete to work.
>
> The actual fix is in patch 9, so see that for more details.
>
> Patches 1-8 are cleanups that prepare for the actual fix by removing
> direct use of fscrypt_get_encryption_info() by filesystems.
>
> This patchset applies to branch "master" (commit 4a4b8721f1a5) of
> https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git.
>
> Eric Biggers (9):
> ext4: remove ext4_dir_open()
> f2fs: remove f2fs_dir_open()
> ubifs: remove ubifs_dir_open()
> ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf()
> fscrypt: introduce fscrypt_prepare_readdir()
> fscrypt: move body of fscrypt_prepare_setattr() out-of-line
> fscrypt: move fscrypt_require_key() to fscrypt_private.h
> fscrypt: unexport fscrypt_get_encryption_info()
> fscrypt: allow deleting files with unsupported encryption policy
>
> fs/crypto/fname.c | 8 +++-
> fs/crypto/fscrypt_private.h | 28 ++++++++++++++
> fs/crypto/hooks.c | 16 +++++++-
> fs/crypto/keysetup.c | 20 ++++++++--
> fs/crypto/policy.c | 22 +++++++----
> fs/ext4/dir.c | 16 ++------
> fs/ext4/namei.c | 10 +----
> fs/f2fs/dir.c | 10 +----
> fs/ubifs/dir.c | 11 +-----
> include/linux/fscrypt.h | 75 +++++++++++++++++++------------------
> 10 files changed, 126 insertions(+), 90 deletions(-)
>
>
> base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de
Any more comments on this patch series?
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mtd@lists.infradead.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH 0/9] Allow deleting files with unsupported encryption policy
Date: Wed, 2 Dec 2020 13:07:53 -0800 [thread overview]
Message-ID: <X8gCKTx96rXUMh0i@gmail.com> (raw)
In-Reply-To: <20201125002336.274045-1-ebiggers@kernel.org>
On Tue, Nov 24, 2020 at 04:23:27PM -0800, Eric Biggers wrote:
> Currently it's impossible to delete files that use an unsupported
> encryption policy, as the kernel will just return an error when
> performing any operation on the top-level encrypted directory, even just
> a path lookup into the directory or opening the directory for readdir.
>
> It's desirable to return errors for most operations on files that use an
> unsupported encryption policy, but the current behavior is too strict.
> We need to allow enough to delete files, so that people can't be stuck
> with undeletable files when downgrading kernel versions. That includes
> allowing directories to be listed and allowing dentries to be looked up.
>
> This series fixes this (on ext4, f2fs, and ubifs) by treating an
> unsupported encryption policy in the same way as "key unavailable" in
> the cases that are required for a recursive delete to work.
>
> The actual fix is in patch 9, so see that for more details.
>
> Patches 1-8 are cleanups that prepare for the actual fix by removing
> direct use of fscrypt_get_encryption_info() by filesystems.
>
> This patchset applies to branch "master" (commit 4a4b8721f1a5) of
> https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git.
>
> Eric Biggers (9):
> ext4: remove ext4_dir_open()
> f2fs: remove f2fs_dir_open()
> ubifs: remove ubifs_dir_open()
> ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf()
> fscrypt: introduce fscrypt_prepare_readdir()
> fscrypt: move body of fscrypt_prepare_setattr() out-of-line
> fscrypt: move fscrypt_require_key() to fscrypt_private.h
> fscrypt: unexport fscrypt_get_encryption_info()
> fscrypt: allow deleting files with unsupported encryption policy
>
> fs/crypto/fname.c | 8 +++-
> fs/crypto/fscrypt_private.h | 28 ++++++++++++++
> fs/crypto/hooks.c | 16 +++++++-
> fs/crypto/keysetup.c | 20 ++++++++--
> fs/crypto/policy.c | 22 +++++++----
> fs/ext4/dir.c | 16 ++------
> fs/ext4/namei.c | 10 +----
> fs/f2fs/dir.c | 10 +----
> fs/ubifs/dir.c | 11 +-----
> include/linux/fscrypt.h | 75 +++++++++++++++++++------------------
> 10 files changed, 126 insertions(+), 90 deletions(-)
>
>
> base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de
Any more comments on this patch series?
- Eric
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-mtd@lists.infradead.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH 0/9] Allow deleting files with unsupported encryption policy
Date: Wed, 2 Dec 2020 13:07:53 -0800 [thread overview]
Message-ID: <X8gCKTx96rXUMh0i@gmail.com> (raw)
In-Reply-To: <20201125002336.274045-1-ebiggers@kernel.org>
On Tue, Nov 24, 2020 at 04:23:27PM -0800, Eric Biggers wrote:
> Currently it's impossible to delete files that use an unsupported
> encryption policy, as the kernel will just return an error when
> performing any operation on the top-level encrypted directory, even just
> a path lookup into the directory or opening the directory for readdir.
>
> It's desirable to return errors for most operations on files that use an
> unsupported encryption policy, but the current behavior is too strict.
> We need to allow enough to delete files, so that people can't be stuck
> with undeletable files when downgrading kernel versions. That includes
> allowing directories to be listed and allowing dentries to be looked up.
>
> This series fixes this (on ext4, f2fs, and ubifs) by treating an
> unsupported encryption policy in the same way as "key unavailable" in
> the cases that are required for a recursive delete to work.
>
> The actual fix is in patch 9, so see that for more details.
>
> Patches 1-8 are cleanups that prepare for the actual fix by removing
> direct use of fscrypt_get_encryption_info() by filesystems.
>
> This patchset applies to branch "master" (commit 4a4b8721f1a5) of
> https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git.
>
> Eric Biggers (9):
> ext4: remove ext4_dir_open()
> f2fs: remove f2fs_dir_open()
> ubifs: remove ubifs_dir_open()
> ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf()
> fscrypt: introduce fscrypt_prepare_readdir()
> fscrypt: move body of fscrypt_prepare_setattr() out-of-line
> fscrypt: move fscrypt_require_key() to fscrypt_private.h
> fscrypt: unexport fscrypt_get_encryption_info()
> fscrypt: allow deleting files with unsupported encryption policy
>
> fs/crypto/fname.c | 8 +++-
> fs/crypto/fscrypt_private.h | 28 ++++++++++++++
> fs/crypto/hooks.c | 16 +++++++-
> fs/crypto/keysetup.c | 20 ++++++++--
> fs/crypto/policy.c | 22 +++++++----
> fs/ext4/dir.c | 16 ++------
> fs/ext4/namei.c | 10 +----
> fs/f2fs/dir.c | 10 +----
> fs/ubifs/dir.c | 11 +-----
> include/linux/fscrypt.h | 75 +++++++++++++++++++------------------
> 10 files changed, 126 insertions(+), 90 deletions(-)
>
>
> base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de
Any more comments on this patch series?
- Eric
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next prev parent reply other threads:[~2020-12-02 21:08 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-25 0:23 [PATCH 0/9] Allow deleting files with unsupported encryption policy Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-11-25 0:23 ` [PATCH 1/9] ext4: remove ext4_dir_open() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:47 ` Andreas Dilger
2020-12-02 22:47 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 2/9] f2fs: remove f2fs_dir_open() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-11-26 7:04 ` Chao Yu
2020-11-26 7:04 ` Chao Yu
2020-11-26 7:04 ` [f2fs-dev] " Chao Yu
2020-12-01 23:00 ` Eric Biggers
2020-12-01 23:00 ` Eric Biggers
2020-12-01 23:00 ` [f2fs-dev] " Eric Biggers
2020-11-25 0:23 ` [PATCH 3/9] ubifs: remove ubifs_dir_open() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-11-25 0:23 ` [PATCH 4/9] ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:48 ` Andreas Dilger
2020-12-02 22:48 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 5/9] fscrypt: introduce fscrypt_prepare_readdir() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:52 ` Andreas Dilger
2020-12-02 22:52 ` Andreas Dilger
2020-12-02 22:52 ` Andreas Dilger
2020-12-02 22:52 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 6/9] fscrypt: move body of fscrypt_prepare_setattr() out-of-line Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:53 ` Andreas Dilger
2020-12-02 22:53 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 7/9] fscrypt: move fscrypt_require_key() to fscrypt_private.h Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:54 ` Andreas Dilger
2020-12-02 22:54 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 8/9] fscrypt: unexport fscrypt_get_encryption_info() Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:55 ` Andreas Dilger
2020-12-02 22:55 ` Andreas Dilger
2020-11-25 0:23 ` [PATCH 9/9] fscrypt: allow deleting files with unsupported encryption policy Eric Biggers
2020-11-25 0:23 ` Eric Biggers
2020-11-25 0:23 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:57 ` Andreas Dilger
2020-12-02 22:57 ` Andreas Dilger
2020-12-02 21:07 ` Eric Biggers [this message]
2020-12-02 21:07 ` [PATCH 0/9] Allow " Eric Biggers
2020-12-02 21:07 ` [f2fs-dev] " Eric Biggers
2020-12-02 22:25 ` Andreas Dilger
2020-12-02 22:25 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X8gCKTx96rXUMh0i@gmail.com \
--to=ebiggers@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.