From: Eric Biggers <ebiggers@kernel.org>
To: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org, kernel-team@meta.com
Subject: Re: [PATCH v2 02/11] fscrypt: split and rename setup_file_encryption_key()
Date: Mon, 10 Apr 2023 20:24:28 -0700 [thread overview]
Message-ID: <20230411032428.GB47625@sol.localdomain> (raw)
In-Reply-To: <81adddca05362d0f4401dbc114f6ac7ad1f56645.1681155143.git.sweettea-kernel@dorminy.me>
On Mon, Apr 10, 2023 at 03:39:55PM -0400, Sweet Tea Dorminy wrote:
> /*
> - * Find the master key, then set up the inode's actual encryption key.
> + * Find and lock the master key.
> *
> * If the master key is found in the filesystem-level keyring, then it is
> * returned in *mk_ret with its semaphore read-locked. This is needed to ensure
> @@ -434,9 +471,8 @@ static bool fscrypt_valid_master_key_size(const struct fscrypt_master_key *mk,
> * multiple tasks may race to create an fscrypt_info for the same inode), and to
> * synchronize the master key being removed with a new inode starting to use it.
> */
> -static int setup_file_encryption_key(struct fscrypt_info *ci,
> - bool need_dirhash_key,
> - struct fscrypt_master_key **mk_ret)
> +static int find_and_lock_master_key(const struct fscrypt_info *ci,
> + struct fscrypt_master_key **mk_ret)
> {
> struct super_block *sb = ci->ci_inode->i_sb;
> struct fscrypt_key_specifier mk_spec;
> @@ -466,17 +502,13 @@ static int setup_file_encryption_key(struct fscrypt_info *ci,
> mk = fscrypt_find_master_key(sb, &mk_spec);
> }
> }
> +
> if (unlikely(!mk)) {
> if (ci->ci_policy.version != FSCRYPT_POLICY_V1)
> return -ENOKEY;
>
> - /*
> - * As a legacy fallback for v1 policies, search for the key in
> - * the current task's subscribed keyrings too. Don't move this
> - * to before the search of ->s_master_keys, since users
> - * shouldn't be able to override filesystem-level keys.
> - */
> - return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci);
> + *mk_ret = NULL;
> + return 0;
While this change may be a benefit overall, it does split the code that handles
the legacy case of "v1 policy using process-subscribed keyrings" into two
places. That makes it a little more difficult to understand. I think a comment
would be helpful here, at least?
- Eric
next prev parent reply other threads:[~2023-04-11 3:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-10 19:39 [PATCH v2 00/11] fscrypt: rearrangements preliminary to extent encryption Sweet Tea Dorminy
2023-04-10 19:39 ` [PATCH v2 01/11] fscrypt: move inline crypt decision to info setup Sweet Tea Dorminy
2023-04-10 19:39 ` [PATCH v2 02/11] fscrypt: split and rename setup_file_encryption_key() Sweet Tea Dorminy
2023-04-11 3:24 ` Eric Biggers [this message]
2023-04-10 19:39 ` [PATCH v2 03/11] fscrypt: split and rename setup_per_mode_enc_key() Sweet Tea Dorminy
2023-04-11 3:29 ` Eric Biggers
2023-04-10 19:39 ` [PATCH v2 04/11] fscrypt: move dirhash key setup away from IO key setup Sweet Tea Dorminy
2023-04-11 3:35 ` Eric Biggers
2023-04-10 19:39 ` [PATCH v2 05/11] fscrypt: reduce special-casing of IV_INO_LBLK_32 Sweet Tea Dorminy
2023-04-11 3:38 ` Eric Biggers
2023-04-10 19:39 ` [PATCH v2 06/11] fscrypt: make infos have a pointer to prepared keys Sweet Tea Dorminy
2023-04-11 3:44 ` Eric Biggers
2023-04-11 16:26 ` Sweet Tea Dorminy
2023-04-10 19:40 ` [PATCH v2 07/11] fscrypt: move all the shared mode key setup deeper Sweet Tea Dorminy
2023-04-11 3:56 ` Eric Biggers
2023-04-10 19:40 ` [PATCH v2 08/11] fscrypt: make ci->ci_direct_key a bool not a pointer Sweet Tea Dorminy
2023-04-11 3:57 ` Eric Biggers
2023-04-10 19:40 ` [PATCH v2 09/11] fscrypt: make prepared keys record their type Sweet Tea Dorminy
2023-04-10 19:40 ` [PATCH v2 10/11] fscrypt: explicitly track prepared parts of key Sweet Tea Dorminy
2023-04-11 4:05 ` Eric Biggers
2023-04-11 16:45 ` Sweet Tea Dorminy
2023-04-11 21:21 ` Eric Biggers
2023-04-10 19:40 ` [PATCH v2 11/11] fscrypt: split key alloc and preparation Sweet Tea Dorminy
2023-04-11 3:18 ` [PATCH v2 00/11] fscrypt: rearrangements preliminary to extent encryption Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230411032428.GB47625@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=kernel-team@meta.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox