From: Eric Biggers <ebiggers@kernel.org>
To: Daniel Rosenberg <drosen@google.com>
Cc: linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>,
kernel-team@android.com
Subject: Re: [PATCH v2 2/3] fscrypt: Don't allow v1 policies with casefolding
Date: Mon, 6 Jan 2020 19:35:02 -0800 [thread overview]
Message-ID: <20200107033502.GC705@sol.localdomain> (raw)
In-Reply-To: <20200107023323.38394-3-drosen@google.com>
On Mon, Jan 06, 2020 at 06:33:22PM -0800, Daniel Rosenberg wrote:
> Casefolding currently requires a derived key for computing the siphash.
> This is available for v2 policies, but not v1, so we disallow it for v1.
>
> Signed-off-by: Daniel Rosenberg <drosen@google.com>
> ---
> fs/crypto/keysetup.c | 7 ++++---
> fs/crypto/policy.c | 39 +++++++++++++++++++++++++++++++++++++++
> fs/inode.c | 7 +++++++
> include/linux/fscrypt.h | 11 +++++++++++
> 4 files changed, 61 insertions(+), 3 deletions(-)
>
> diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
> index c1bd897c9310..7445ab76e0b3 100644
> --- a/fs/crypto/keysetup.c
> +++ b/fs/crypto/keysetup.c
> @@ -224,10 +224,11 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
> FS_KEY_DERIVATION_NONCE_SIZE,
> (u8 *)&ci->ci_hash_key,
> sizeof(ci->ci_hash_key));
> - if (!err)
> - ci->ci_hash_key_initialized = true;
> + if (err)
> + return err;
> + ci->ci_hash_key_initialized = true;
> }
> - return err;
> + return 0;
> }
This part should be folded into patch 1.
>
> /*
> diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> index f1cff83c151a..9e937cfa732c 100644
> --- a/fs/crypto/policy.c
> +++ b/fs/crypto/policy.c
> @@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy,
> policy->filenames_encryption_mode))
> return false;
>
> + if (IS_CASEFOLDED(inode)) {
> + fscrypt_warn(inode,
> + "v1 policy does not support casefolded directories");
> + return false;
> + }
> +
> return true;
> }
>
> @@ -579,3 +585,36 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,
> return preload ? fscrypt_get_encryption_info(child): 0;
> }
> EXPORT_SYMBOL(fscrypt_inherit_context);
> +
> +static int fscrypt_set_casefolding_allowed(struct inode *inode)
> +{
> + union fscrypt_policy policy;
> + int err = fscrypt_get_policy(inode, &policy);
> +
> + if (err)
> + return err;
> +
> + if (policy.version != FSCRYPT_POLICY_V2)
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +int fscrypt_ioc_setflags_prepare(struct inode *inode,
> + unsigned int oldflags,
> + unsigned int flags)
> +{
> + int err;
> +
> + /*
> + * When a directory is encrypted, the CASEFOLD flag can only be turned
> + * on if the fscrypt policy supports it.
> + */
> + if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
> + err = fscrypt_set_casefolding_allowed(inode);
> + if (err)
> + return err;
> + }
> +
> + return 0;
> +}
There's not really any point to the fscrypt_set_casefolding_allowed() function.
It can just be folded into fscrypt_ioc_setflags_prepare():
int fscrypt_ioc_setflags_prepare(struct inode *inode,
unsigned int oldflags,
unsigned int flags)
{
union fscrypt_policy policy;
int err;
/*
* When a directory is encrypted, the CASEFOLD flag can only be turned
* on if the fscrypt policy supports it.
*/
if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) {
err = fscrypt_get_policy(inode, &policy);
if (err)
return err;
if (policy.version != FSCRYPT_POLICY_V2)
return -EINVAL;
}
return 0;
}
> @@ -2242,6 +2243,8 @@ EXPORT_SYMBOL(current_time);
> int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
> unsigned int flags)
> {
> + int err;
> +
> /*
> * The IMMUTABLE and APPEND_ONLY flags can only be changed by
> * the relevant capability.
> @@ -2252,6 +2255,10 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags,
> !capable(CAP_LINUX_IMMUTABLE))
> return -EPERM;
>
> + err = fscrypt_ioc_setflags_prepare(inode, oldflags, flags);
> + if (err)
> + return err;
> +
> return 0;
> }
Can just do 'return fscrypt_ioc_setflags_prepare(inode, oldflags, flags);'
- Eric
next prev parent reply other threads:[~2020-01-07 3:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 2:33 [PATCH v2 0/3] Fscrypt support for casefolded encryption Daniel Rosenberg
2020-01-07 2:33 ` [PATCH v2 1/3] fscrypt: Add siphash and hash key for policy v2 Daniel Rosenberg
2020-01-07 4:02 ` Eric Biggers
2020-01-07 2:33 ` [PATCH v2 2/3] fscrypt: Don't allow v1 policies with casefolding Daniel Rosenberg
2020-01-07 3:35 ` Eric Biggers [this message]
2020-01-07 2:33 ` [PATCH v2 3/3] fscrypt: Change format of no-key token Daniel Rosenberg
2020-01-08 22:07 ` Eric Biggers
2020-01-07 3:26 ` [PATCH v2 0/3] Fscrypt support for casefolded encryption Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200107033502.GC705@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=drosen@google.com \
--cc=kernel-team@android.com \
--cc=krisman@collabora.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).