[PATCH 4/8] ext4 crypto: encrypt tmpfile located in encryption protected directory

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

From: Theodore Ts'o <tytso@mit.edu>
To: Ext4 Developers List <linux-ext4@vger.kernel.org>
Cc: jaegeuk@kernel.org, mhalcrow@google.com, Theodore Ts'o <tytso@mit.edu>
Subject: [PATCH 4/8] ext4 crypto: encrypt tmpfile located in encryption protected directory
Date: Thu, 28 May 2015 19:47:43 -0400	[thread overview]
Message-ID: <1432856867-5710-4-git-send-email-tytso@mit.edu> (raw)
In-Reply-To: <1432856867-5710-1-git-send-email-tytso@mit.edu>

Factor out calls to ext4_inherit_context() and move them to
__ext4_new_inode(); this fixes a problem where ext4_tmpfile() wasn't
calling calling ext4_inherit_context(), so the temporary file wasn't
getting protected.  Since the blocks for the tmpfile could end up on
disk, they really should be protected if the tmpfile is created within
the context of an encrypted directory.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 fs/ext4/ext4.h   |  9 +++++++++
 fs/ext4/ialloc.c | 26 ++++++++++++++++++++------
 fs/ext4/namei.c  | 29 +----------------------------
 3 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 7435ff2..bd8d32d 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -2149,6 +2149,11 @@ static inline int ext4_get_encryption_info(struct inode *inode)
 	return 0;
 }
 
+static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode)
+{
+	return EXT4_I(inode)->i_crypt_info;
+}
+
 #else
 static inline int ext4_has_encryption_key(struct inode *inode)
 {
@@ -2158,6 +2163,10 @@ static inline int ext4_get_encryption_info(struct inode *inode)
 {
 	return 0;
 }
+static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode)
+{
+	return NULL;
+}
 #endif
 
 
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index ddca169..173c1ae 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -726,11 +726,25 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
 	ext4_group_t i;
 	ext4_group_t flex_group;
 	struct ext4_group_info *grp;
+	int encrypt = 0;
 
 	/* Cannot create files in a deleted directory */
 	if (!dir || !dir->i_nlink)
 		return ERR_PTR(-EPERM);
 
+	if ((ext4_encrypted_inode(dir) ||
+	     DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) &&
+	    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) {
+		err = ext4_get_encryption_info(dir);
+		if (err)
+			return ERR_PTR(err);
+		if (ext4_encryption_info(dir) == NULL)
+			return ERR_PTR(-EPERM);
+		if (!handle)
+			nblocks += EXT4_DATA_TRANS_BLOCKS(dir->i_sb);
+		encrypt = 1;
+	}
+
 	sb = dir->i_sb;
 	ngroups = ext4_get_groups_count(sb);
 	trace_ext4_request_inode(dir, mode);
@@ -996,12 +1010,6 @@ got:
 	ei->i_block_group = group;
 	ei->i_last_alloc_group = ~0;
 
-	/* If the directory encrypted, then we should encrypt the inode. */
-	if ((S_ISDIR(mode) || S_ISREG(mode) || S_ISLNK(mode)) &&
-	    (ext4_encrypted_inode(dir) ||
-	     DUMMY_ENCRYPTION_ENABLED(sbi)))
-		ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
-
 	ext4_set_inode_flags(inode);
 	if (IS_DIRSYNC(inode))
 		ext4_handle_sync(handle);
@@ -1063,6 +1071,12 @@ got:
 		ei->i_datasync_tid = handle->h_transaction->t_tid;
 	}
 
+	if (encrypt) {
+		err = ext4_inherit_context(dir, inode);
+		if (err)
+			goto fail_free_drop;
+	}
+
 	err = ext4_mark_inode_dirty(handle, inode);
 	if (err) {
 		ext4_std_error(sb, err);
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 6ab50f8..1e7d65d 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2437,20 +2437,7 @@ retry:
 		inode->i_op = &ext4_file_inode_operations;
 		inode->i_fop = &ext4_file_operations;
 		ext4_set_aops(inode);
-		err = 0;
-#ifdef CONFIG_EXT4_FS_ENCRYPTION
-		if (!err && (ext4_encrypted_inode(dir) ||
-			     DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb)))) {
-			err = ext4_inherit_context(dir, inode);
-			if (err) {
-				clear_nlink(inode);
-				unlock_new_inode(inode);
-				iput(inode);
-			}
-		}
-#endif
-		if (!err)
-			err = ext4_add_nondir(handle, dentry, inode);
+		err = ext4_add_nondir(handle, dentry, inode);
 		if (!err && IS_DIRSYNC(dir))
 			ext4_handle_sync(handle);
 	}
@@ -2631,14 +2618,6 @@ retry:
 	err = ext4_init_new_dir(handle, dir, inode);
 	if (err)
 		goto out_clear_inode;
-#ifdef CONFIG_EXT4_FS_ENCRYPTION
-	if (ext4_encrypted_inode(dir) ||
-	    DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) {
-		err = ext4_inherit_context(dir, inode);
-		if (err)
-			goto out_clear_inode;
-	}
-#endif
 	err = ext4_mark_inode_dirty(handle, inode);
 	if (!err)
 		err = ext4_add_entry(handle, dentry, inode);
@@ -3106,12 +3085,6 @@ static int ext4_symlink(struct inode *dir,
 			err = -ENOMEM;
 			goto err_drop_inode;
 		}
-		err = ext4_inherit_context(dir, inode);
-		if (err)
-			goto err_drop_inode;
-		err = ext4_get_encryption_info(inode);
-		if (err)
-			goto err_drop_inode;
 		istr.name = (const unsigned char *) symname;
 		istr.len = len;
 		ostr.name = sd->encrypted_path;
-- 
2.3.0

next prev parent reply	other threads:[~2015-05-28 23:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-28 23:47 [PATCH 1/8] ext4 crypto: fix memory leaks in ext4_encrypted_zeroout Theodore Ts'o
2015-05-28 23:47 ` [PATCH 2/8] ext4 crypto: set up encryption info for new inodes in ext4_inherit_context() Theodore Ts'o
2015-05-28 23:47 ` [PATCH 3/8] ext4 crypto: make sure the encryption info is initialized on opendir(2) Theodore Ts'o
2015-05-28 23:47 ` Theodore Ts'o [this message]
2015-05-29 11:09   ` [PATCH 4/8] ext4 crypto: encrypt tmpfile located in encryption protected directory Albino Biasutti Neto
2015-05-29 16:33     ` Theodore Ts'o
2015-05-30 10:45       ` Albino Biasutti Neto
2015-05-28 23:47 ` [PATCH 5/8] ext4 crypto: enforce crypto policy restrictions on cross-renames Theodore Ts'o
2015-05-28 23:47 ` [PATCH 6/8] ext4 crypto: policies may only be set on directories Theodore Ts'o
2015-05-28 23:47 ` [PATCH 7/8] ext4 crypto: clean up error handling in ext4_fname_setup_filename Theodore Ts'o
2015-05-28 23:47 ` [PATCH 8/8] ext4 crypto: allocate the right amount of memory for the on-disk symlink Theodore Ts'o
2015-05-29 18:08 ` [PATCH 1/8] ext4 crypto: fix memory leaks in ext4_encrypted_zeroout Jaegeuk Kim
2015-05-31 14:26   ` Theodore Ts'o
2015-06-01 21:56     ` Jaegeuk Kim

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7435ff2 dfblob:bd8d32d dfblob:ddca169 dfblob:173c1ae
dfblob:6ab50f8 dfblob:1e7d65d )
 OR (
bs:"[PATCH 4/8] ext4 crypto: encrypt tmpfile located in encryption protected directory" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1432856867-5710-4-git-send-email-tytso@mit.edu \
    --to=tytso@mit.edu \
    --cc=jaegeuk@kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=mhalcrow@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox