Re: [PATCH] ext4 crypto: handle ENOKEY correctly

linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Theodore Ts'o <tytso@mit.edu>
To: Dmitry Monakhov <dmonakhov@openvz.org>, G@thunk.org
Cc: linux-ext4@vger.kernel.org
Subject: Re: [PATCH] ext4 crypto: handle ENOKEY correctly
Date: Fri, 29 May 2015 16:44:29 -0400	[thread overview]
Message-ID: <20150529204429.GH18540@thunk.org> (raw)
In-Reply-To: <1432917543-26495-1-git-send-email-dmonakhov@openvz.org>

On Fri, May 29, 2015 at 08:39:03PM +0400, Dmitry Monakhov wrote:
> Currently we try to hide ENOKEY inside ext4_get_encryption_info(), but
> it is not always correct. There are two class of callers ext4_get_encryption_info()
> 1) The one where we can ignore ENOKEY
>     - ext4_setup_fname_crypto()
>     - ext4_is_child_context_consistent_with_parent()
> 2) The one do care about any error because expect that ei->i_crypt_info will
>    be initalized after ext4_get_encryption_info() succeed
>    - ext4_file_mmap
>    - ext4_file_open
>    - ext4_inherit_context (key may becomes obsoleted, revoked, dead any time)
> 
> So let's return ENOKEY from ext4_get_encryption_info() if necessery and let caller
> handle it correctly.

I don't think that's the right way to go.  We should add checks to
ext4_file_open, sure.  But the problem is that i_crypt_info can get
set to NULL after the file is succesfully opened.  So we need to
handle i_crypt_info being NULL everywhere.  So the BUG_ON() in
ext4_get_crypto_ctx() needs to be replaced with:

	if (ci == NULL)
		return ERR_PTR(-ENOKEY);

I'll also add documentation making it clear that having
ext4_get_encryption_info() returning with i_crypt_info set to NULL is
considered a successful return, and that callers like
ext4_file_mmap(), ext4_file_open(), ext4_inherit_context(),
needs to check if i_crypt_info is NULL instead.

      	       	  	       	       - Ted

next prev parent reply	other threads:[~2015-05-29 20:44 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-29 16:39 [PATCH] ext4 crypto: handle ENOKEY correctly Dmitry Monakhov
2015-05-29 20:44 ` Theodore Ts'o [this message]
2015-05-31 15:03   ` Theodore Ts'o
2015-06-01  9:59     ` Dmitry Monakhov
2015-06-08 15:55       ` Theodore Ts'o

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150529204429.GH18540@thunk.org \
    --to=tytso@mit.edu \
    --cc=G@thunk.org \
    --cc=dmonakhov@openvz.org \
    --cc=linux-ext4@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).