From patchwork Thu Sep 17 04:11:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292020 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B303C433E2 for ; Thu, 17 Sep 2020 04:21:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0875A2074B for ; Thu, 17 Sep 2020 04:21:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316476; bh=nVSMprpeSosbO3HIVvYvcbOcUNBMzSOQM0td1dFGCwI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ZZy3Cw5TuEvhZwdHIRVSo9BIq2r+aT5qQp5we78SpWqt8sv3aLtWd6p/oZv6mEkam ZfAhSmqXx7kOm8wwWjeciEVRLOEgKyL2FzsTStjCAxxKIc1sDp/QHUFmF6CqMYU9xl IZgVBW00Dv22wXyvWnSgTxuMTxi5vxnFFh2auSq4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726217AbgIQEUu (ORCPT ); Thu, 17 Sep 2020 00:20:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:33836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726149AbgIQEUl (ORCPT ); Thu, 17 Sep 2020 00:20:41 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 781BF208DB; Thu, 17 Sep 2020 04:13:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315988; bh=nVSMprpeSosbO3HIVvYvcbOcUNBMzSOQM0td1dFGCwI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W0urzfH3q0MMsp14SUg7JlcaqllmX1jfO7tG13brvInJk91ZUIyf37gd3H1t3Y6N0 X0w81XrZ7k0TGIMcy31iKgejPGB3hYwc5PTdSPxQXvlIgL3VPhFS1Ha+S29TQy0A4D oYAc2dvgQn7bST0BPVAK/JGpQb9y9zNOGy8Yxr/Y= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 02/13] ext4: factor out ext4_xattr_credits_for_new_inode() Date: Wed, 16 Sep 2020 21:11:25 -0700 Message-Id: <20200917041136.178600-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers To compute a new inode's xattr credits, we need to know whether the inode will be encrypted or not. When we switch to use the new helper function fscrypt_prepare_new_inode(), we won't find out whether the inode will be encrypted until slightly later than is currently the case. That will require moving the code block that computes the xattr credits. To make this easier and reduce the length of __ext4_new_inode(), move this code block into a new function ext4_xattr_credits_for_new_inode(). Signed-off-by: Eric Biggers --- fs/ext4/ialloc.c | 90 +++++++++++++++++++++++++++--------------------- 1 file changed, 51 insertions(+), 39 deletions(-) diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index df25d38d65393..0cc576005a923 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -742,6 +742,53 @@ static int find_inode_bit(struct super_block *sb, ext4_group_t group, return 1; } +static int ext4_xattr_credits_for_new_inode(struct inode *dir, mode_t mode, + bool encrypt) +{ + struct super_block *sb = dir->i_sb; + int nblocks = 0; +#ifdef CONFIG_EXT4_FS_POSIX_ACL + struct posix_acl *p = get_acl(dir, ACL_TYPE_DEFAULT); + + if (IS_ERR(p)) + return PTR_ERR(p); + if (p) { + int acl_size = p->a_count * sizeof(ext4_acl_entry); + + nblocks += (S_ISDIR(mode) ? 2 : 1) * + __ext4_xattr_set_credits(sb, NULL /* inode */, + NULL /* block_bh */, acl_size, + true /* is_create */); + posix_acl_release(p); + } +#endif + +#ifdef CONFIG_SECURITY + { + int num_security_xattrs = 1; + +#ifdef CONFIG_INTEGRITY + num_security_xattrs++; +#endif + /* + * We assume that security xattrs are never more than 1k. + * In practice they are under 128 bytes. + */ + nblocks += num_security_xattrs * + __ext4_xattr_set_credits(sb, NULL /* inode */, + NULL /* block_bh */, 1024, + true /* is_create */); + } +#endif + if (encrypt) + nblocks += __ext4_xattr_set_credits(sb, + NULL /* inode */, + NULL /* block_bh */, + FSCRYPT_SET_CONTEXT_MAX_SIZE, + true /* is_create */); + return nblocks; +} + /* * There are two policies for allocating an inode. If the new inode is * a directory, then a forward search is made for a block group with both @@ -796,45 +843,10 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir, } if (!handle && sbi->s_journal && !(i_flags & EXT4_EA_INODE_FL)) { -#ifdef CONFIG_EXT4_FS_POSIX_ACL - struct posix_acl *p = get_acl(dir, ACL_TYPE_DEFAULT); - - if (IS_ERR(p)) - return ERR_CAST(p); - if (p) { - int acl_size = p->a_count * sizeof(ext4_acl_entry); - - nblocks += (S_ISDIR(mode) ? 2 : 1) * - __ext4_xattr_set_credits(sb, NULL /* inode */, - NULL /* block_bh */, acl_size, - true /* is_create */); - posix_acl_release(p); - } -#endif - -#ifdef CONFIG_SECURITY - { - int num_security_xattrs = 1; - -#ifdef CONFIG_INTEGRITY - num_security_xattrs++; -#endif - /* - * We assume that security xattrs are never - * more than 1k. In practice they are under - * 128 bytes. - */ - nblocks += num_security_xattrs * - __ext4_xattr_set_credits(sb, NULL /* inode */, - NULL /* block_bh */, 1024, - true /* is_create */); - } -#endif - if (encrypt) - nblocks += __ext4_xattr_set_credits(sb, - NULL /* inode */, NULL /* block_bh */, - FSCRYPT_SET_CONTEXT_MAX_SIZE, - true /* is_create */); + ret2 = ext4_xattr_credits_for_new_inode(dir, mode, encrypt); + if (ret2 < 0) + return ERR_PTR(ret2); + nblocks += ret2; } ngroups = ext4_get_groups_count(sb); From patchwork Thu Sep 17 04:11:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34EFAC35266 for ; Thu, 17 Sep 2020 04:21:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DAEE7206A2 for ; Thu, 17 Sep 2020 04:21:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316472; bh=kONvZL9ec2SBbE4EAel9mci0YCQN1pZc7hmFt/F6qwY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=hRwG6FcvjZd9UD7ed//nAlYQaudAzPz3DHapMEn/bccXWRoAJYieuXrDhrNapLhQ0 bRJT9ifsTB9kbRkXam4nDXoFzpWDmRauUuB3aUKrmNehjupGcyRyFmzUthxT/lJCZU Kp2dJxpT7LTyOZRBrzg9Ur2TENc8hUnks1XKTwuo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726304AbgIQEVG (ORCPT ); Thu, 17 Sep 2020 00:21:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:33838 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726154AbgIQEUv (ORCPT ); Thu, 17 Sep 2020 00:20:51 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 53BB021D1B; Thu, 17 Sep 2020 04:13:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315989; bh=kONvZL9ec2SBbE4EAel9mci0YCQN1pZc7hmFt/F6qwY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UV/WrbzmMh/m1GcJfVh/IfrXQYzbYI++xzjHNF1UVeIGheoZk8x4jPK18g8sIGotG CbC5PHYju1c79ieBLnAf26mkx6hB5TXPaWBq2uxvQ+NKofgZXvuUg5y5OThKsE4CBu fosUQqDRp3/xsmxSqVSrTDuIO8vQ3CRlBZZ7H3ws= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 05/13] ubifs: use fscrypt_prepare_new_inode() and fscrypt_set_context() Date: Wed, 16 Sep 2020 21:11:28 -0700 Message-Id: <20200917041136.178600-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers Convert ubifs to use the new functions fscrypt_prepare_new_inode() and fscrypt_set_context(). Unlike ext4 and f2fs, this doesn't appear to fix any deadlock bug. But it does shorten the code slightly and get all filesystems using the same helper functions, so that fscrypt_inherit_context() can be removed. It also fixes an incorrect error code where ubifs returned EPERM instead of the expected ENOKEY. Signed-off-by: Eric Biggers --- fs/ubifs/dir.c | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index a9c1f5a9c9bdd..155521e51ac57 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -81,19 +81,6 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, struct ubifs_inode *ui; bool encrypted = false; - if (IS_ENCRYPTED(dir)) { - err = fscrypt_get_encryption_info(dir); - if (err) { - ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err); - return ERR_PTR(err); - } - - if (!fscrypt_has_encryption_key(dir)) - return ERR_PTR(-EPERM); - - encrypted = true; - } - inode = new_inode(c->vfs_sb); ui = ubifs_inode(inode); if (!inode) @@ -112,6 +99,12 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, current_time(inode); inode->i_mapping->nrpages = 0; + err = fscrypt_prepare_new_inode(dir, inode, &encrypted); + if (err) { + ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err); + goto out_iput; + } + switch (mode & S_IFMT) { case S_IFREG: inode->i_mapping->a_ops = &ubifs_file_address_operations; @@ -131,7 +124,6 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, case S_IFBLK: case S_IFCHR: inode->i_op = &ubifs_file_inode_operations; - encrypted = false; break; default: BUG(); @@ -151,9 +143,8 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, if (c->highest_inum >= INUM_WATERMARK) { spin_unlock(&c->cnt_lock); ubifs_err(c, "out of inode numbers"); - make_bad_inode(inode); - iput(inode); - return ERR_PTR(-EINVAL); + err = -EINVAL; + goto out_iput; } ubifs_warn(c, "running out of inode numbers (current %lu, max %u)", (unsigned long)c->highest_inum, INUM_WATERMARK); @@ -171,16 +162,19 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, spin_unlock(&c->cnt_lock); if (encrypted) { - err = fscrypt_inherit_context(dir, inode, &encrypted, true); + err = fscrypt_set_context(inode, NULL); if (err) { - ubifs_err(c, "fscrypt_inherit_context failed: %i", err); - make_bad_inode(inode); - iput(inode); - return ERR_PTR(err); + ubifs_err(c, "fscrypt_set_context failed: %i", err); + goto out_iput; } } return inode; + +out_iput: + make_bad_inode(inode); + iput(inode); + return ERR_PTR(err); } static int dbg_check_name(const struct ubifs_info *c, From patchwork Thu Sep 17 04:11:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292022 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F9F3C35266 for ; Thu, 17 Sep 2020 04:20:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 30858206A2 for ; Thu, 17 Sep 2020 04:20:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316451; bh=QcAYVOOtDATZpIRqzv/LkDypHnDI6SB1ZfPpGvjEMKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=za4x+NNFLr3V5TUc1Bj3Bijp9R6feFvTlmVLA0Jlwji5MjquQFWYyD8ye9XfsZHvZ 2W49/F/yW4Lis9Akmbm9pj+tcEHGgSXw/UNAJVc4fA5HLJsM4n2aBK0Lo9z1SbP7mL LaO+/Wuw+q+5AuoHkFxgU7Q4TJdRkI2SzQLlspX0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726245AbgIQEUr (ORCPT ); Thu, 17 Sep 2020 00:20:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:33834 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726002AbgIQEUi (ORCPT ); Thu, 17 Sep 2020 00:20:38 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DAB0C20936; Thu, 17 Sep 2020 04:13:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315990; bh=QcAYVOOtDATZpIRqzv/LkDypHnDI6SB1ZfPpGvjEMKo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BfLDyBtZIA6dbS4WI8gOFoGjP4ZUYR59vTK2E7LdB1wCRtglLFegAhg13d7WrRR9o 8Ys5ip1c5F08U7xvb76wBxtsbzm8q3aXfewKKqaPsdQgeNXCjii7WFkUGCLInWi8HH VMYEVSRCetkEfZiyGIurCKAbJjCx+uLtkhs7hREw= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 07/13] fscrypt: remove fscrypt_inherit_context() Date: Wed, 16 Sep 2020 21:11:30 -0700 Message-Id: <20200917041136.178600-8-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers Now that all filesystems have been converted to use fscrypt_prepare_new_inode() and fscrypt_set_context(), fscrypt_inherit_context() is no longer used. Remove it. Signed-off-by: Eric Biggers --- fs/crypto/policy.c | 37 ------------------------------------- include/linux/fscrypt.h | 9 --------- 2 files changed, 46 deletions(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 7e96953d385ec..4ff893f7b030a 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -628,43 +628,6 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) } EXPORT_SYMBOL(fscrypt_has_permitted_context); -/** - * fscrypt_inherit_context() - Sets a child context from its parent - * @parent: Parent inode from which the context is inherited. - * @child: Child inode that inherits the context from @parent. - * @fs_data: private data given by FS. - * @preload: preload child i_crypt_info if true - * - * Return: 0 on success, -errno on failure - */ -int fscrypt_inherit_context(struct inode *parent, struct inode *child, - void *fs_data, bool preload) -{ - u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; - union fscrypt_context ctx; - int ctxsize; - struct fscrypt_info *ci; - int res; - - res = fscrypt_get_encryption_info(parent); - if (res < 0) - return res; - - ci = fscrypt_get_info(parent); - if (ci == NULL) - return -ENOKEY; - - get_random_bytes(nonce, FSCRYPT_FILE_NONCE_SIZE); - ctxsize = fscrypt_new_context(&ctx, &ci->ci_policy, nonce); - - BUILD_BUG_ON(sizeof(ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE); - res = parent->i_sb->s_cop->set_context(child, &ctx, ctxsize, fs_data); - if (res) - return res; - return preload ? fscrypt_get_encryption_info(child): 0; -} -EXPORT_SYMBOL(fscrypt_inherit_context); - /** * fscrypt_set_context() - Set the fscrypt context of a new inode * @inode: a new inode diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 9cf7ca90f3abb..81d6ded243288 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -156,8 +156,6 @@ int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); -int fscrypt_inherit_context(struct inode *parent, struct inode *child, - void *fs_data, bool preload); int fscrypt_set_context(struct inode *inode, void *fs_data); struct fscrypt_dummy_context { @@ -343,13 +341,6 @@ static inline int fscrypt_has_permitted_context(struct inode *parent, return 0; } -static inline int fscrypt_inherit_context(struct inode *parent, - struct inode *child, - void *fs_data, bool preload) -{ - return -EOPNOTSUPP; -} - static inline int fscrypt_set_context(struct inode *inode, void *fs_data) { return -EOPNOTSUPP; From patchwork Thu Sep 17 04:11:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFABDC35267 for ; Thu, 17 Sep 2020 04:20:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7747C2067C for ; Thu, 17 Sep 2020 04:20:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316437; bh=ZzMv1pUhY0NvnbJHjrS2ra7ESt6vtXPBJHTWIdsGFCY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=AADbMKqh1kfL1RuiG4RvimUqy1jLYUDvf0q/9TDq5erqr1xFpqLvKzPV3MZPn0Wv2 +0QrJ28fxYkSrA6NJSNrK/7o9KCF6HVMhO2QlPxB1JoOJ4WMiqmCqGib8aJ0MTz6a4 46QcWmIGu/cgTm8/+miqEwqdOVwaG15jMYlgEId0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726183AbgIQEUf (ORCPT ); Thu, 17 Sep 2020 00:20:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:33822 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726142AbgIQEUd (ORCPT ); Thu, 17 Sep 2020 00:20:33 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 29B3521D7F; Thu, 17 Sep 2020 04:13:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315990; bh=ZzMv1pUhY0NvnbJHjrS2ra7ESt6vtXPBJHTWIdsGFCY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rBiN5rdstflHX1It/vJX6MDn0Ra/3t+jyzeqs5yBDq9mOlzDoS5YBNrAfmfXthztF I7/1sT0nuq74DNCTvjM6CzObqwT702hidEHtOiXnpFWbZ0K0C5eA4q7LTCh4pikwvV 0QSOSfG7cfsP3i34K7E+BadmEiPvsm9a882Jz/NE= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 08/13] fscrypt: require that fscrypt_encrypt_symlink() already has key Date: Wed, 16 Sep 2020 21:11:31 -0700 Message-Id: <20200917041136.178600-9-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers Now that all filesystems have been converted to use fscrypt_prepare_new_inode(), the encryption key for new symlink inodes is now already set up whenever we try to encrypt the symlink target. Enforce this rather than try to set up the key again when it may be too late to do so safely. Signed-off-by: Eric Biggers --- fs/crypto/hooks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 491b252843eb9..7748db5092409 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -217,9 +217,13 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, struct fscrypt_symlink_data *sd; unsigned int ciphertext_len; - err = fscrypt_require_key(inode); - if (err) - return err; + /* + * fscrypt_prepare_new_inode() should have already set up the new + * symlink inode's encryption key. We don't wait until now to do it, + * since we may be in a filesystem transaction now. + */ + if (WARN_ON_ONCE(!fscrypt_has_encryption_key(inode))) + return -ENOKEY; if (disk_link->name) { /* filesystem-provided buffer */ From patchwork Thu Sep 17 04:11:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 919A4C35267 for ; Thu, 17 Sep 2020 04:20:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4EF2A2074B for ; Thu, 17 Sep 2020 04:20:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316441; bh=Zv8MicOcvA0+y63kXTTqywuXMtLNvAnTX16qi88FxYc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=vSu6WnzeYm7kPAstTgkD3SHIxRN7WQgJ8hXZbcTr9/X2hYWACLaOBSg+v3M72f5XL O+co9KeS4jvtajG9jdLT+UDFWFW2LJf8n8t6MTU5nmrNjXLNjExI0AK3qbVxvYLOLd dw9EXgvLYn7wWrLkHwWMHRgpON57vcv2LJoB8CTg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726216AbgIQEUi (ORCPT ); Thu, 17 Sep 2020 00:20:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:33820 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726109AbgIQEUd (ORCPT ); Thu, 17 Sep 2020 00:20:33 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6C80B21D90; Thu, 17 Sep 2020 04:13:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315990; bh=Zv8MicOcvA0+y63kXTTqywuXMtLNvAnTX16qi88FxYc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PZc7GCUjYD5h/bNMeNcrWQz+gvVcL2w+pv6xfU6b2En26SS8LBtAXV8xXjjRzBpIj YJcuPpLETgZpzhrpZa0X4b5L+Q/8ZidJ4CmeEnoZoW/zona/QfTOXhtHoWHt3+/BqT VhxyefdisJOSDSop/xr7WQru8BqpBRIbiwngobaQ= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 09/13] fscrypt: stop pretending that key setup is nofs-safe Date: Wed, 16 Sep 2020 21:11:32 -0700 Message-Id: <20200917041136.178600-10-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers fscrypt_get_encryption_info() has never actually been safe to call in a context that needs GFP_NOFS, since it calls crypto_alloc_skcipher(). crypto_alloc_skcipher() isn't GFP_NOFS-safe, even if called under memalloc_nofs_save(). This is because it may load kernel modules, and also because it internally takes crypto_alg_sem. Other tasks can do GFP_KERNEL allocations while holding crypto_alg_sem for write. The use of fscrypt_init_mutex isn't GFP_NOFS-safe either. So, stop pretending that fscrypt_get_encryption_info() is nofs-safe. I.e., when it allocates memory, just use GFP_KERNEL instead of GFP_NOFS. Note, another reason to do this is that GFP_NOFS is deprecated in favor of using memalloc_nofs_save() in the proper places. Signed-off-by: Eric Biggers --- fs/crypto/inline_crypt.c | 7 ++----- fs/crypto/keysetup.c | 2 +- fs/crypto/keysetup_v1.c | 8 ++++---- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index faa25541ccb68..89bffa82ed74a 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -106,7 +106,7 @@ int fscrypt_select_encryption_impl(struct fscrypt_info *ci) crypto_cfg.data_unit_size = sb->s_blocksize; crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci); num_devs = fscrypt_get_num_devices(sb); - devs = kmalloc_array(num_devs, sizeof(*devs), GFP_NOFS); + devs = kmalloc_array(num_devs, sizeof(*devs), GFP_KERNEL); if (!devs) return -ENOMEM; fscrypt_get_devices(sb, num_devs, devs); @@ -135,9 +135,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key, struct fscrypt_blk_crypto_key *blk_key; int err; int i; - unsigned int flags; - blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_NOFS); + blk_key = kzalloc(struct_size(blk_key, devs, num_devs), GFP_KERNEL); if (!blk_key) return -ENOMEM; @@ -166,10 +165,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key, } queue_refs++; - flags = memalloc_nofs_save(); err = blk_crypto_start_using_key(&blk_key->base, blk_key->devs[i]); - memalloc_nofs_restore(flags); if (err) { fscrypt_err(inode, "error %d starting to use blk-crypto", err); diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 6159168972146..47f19061ba10e 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -488,7 +488,7 @@ fscrypt_setup_encryption_info(struct inode *inode, if (res) return res; - crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_NOFS); + crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_KERNEL); if (!crypt_info) return -ENOMEM; diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c index a3cb52572b05c..2762c53504323 100644 --- a/fs/crypto/keysetup_v1.c +++ b/fs/crypto/keysetup_v1.c @@ -60,7 +60,7 @@ static int derive_key_aes(const u8 *master_key, goto out; } crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); - req = skcipher_request_alloc(tfm, GFP_NOFS); + req = skcipher_request_alloc(tfm, GFP_KERNEL); if (!req) { res = -ENOMEM; goto out; @@ -99,7 +99,7 @@ find_and_lock_process_key(const char *prefix, const struct user_key_payload *ukp; const struct fscrypt_key *payload; - description = kasprintf(GFP_NOFS, "%s%*phN", prefix, + description = kasprintf(GFP_KERNEL, "%s%*phN", prefix, FSCRYPT_KEY_DESCRIPTOR_SIZE, descriptor); if (!description) return ERR_PTR(-ENOMEM); @@ -228,7 +228,7 @@ fscrypt_get_direct_key(const struct fscrypt_info *ci, const u8 *raw_key) return dk; /* Nope, allocate one. */ - dk = kzalloc(sizeof(*dk), GFP_NOFS); + dk = kzalloc(sizeof(*dk), GFP_KERNEL); if (!dk) return ERR_PTR(-ENOMEM); refcount_set(&dk->dk_refcount, 1); @@ -272,7 +272,7 @@ static int setup_v1_file_key_derived(struct fscrypt_info *ci, * This cannot be a stack buffer because it will be passed to the * scatterlist crypto API during derive_key_aes(). */ - derived_key = kmalloc(ci->ci_mode->keysize, GFP_NOFS); + derived_key = kmalloc(ci->ci_mode->keysize, GFP_KERNEL); if (!derived_key) return -ENOMEM; From patchwork Thu Sep 17 04:11:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 292019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF317C433E2 for ; Thu, 17 Sep 2020 04:21:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD3DE2074B for ; Thu, 17 Sep 2020 04:21:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600316483; bh=MedRkQM4S6L0pv+MPP4bqqDFZVyFMtpnCXSEEWcRDY0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=b3lDylaXxM3aBtY57UTLtKydYCjZJT+W0xrntkw0HJK881rVAbRJM+WaTCpINEj6j DoEITB5ZbFRin4T6LmLtFl2qL0n88NyvZdav5K/J7pKDEtpfGHKPXuTtx/OJaFxDF7 UayeP43N2zbVXDD9f6xMY1EACoJ/pmmk2wIYi+lk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726312AbgIQEVT (ORCPT ); Thu, 17 Sep 2020 00:21:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:33850 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726171AbgIQEUw (ORCPT ); Thu, 17 Sep 2020 00:20:52 -0400 Received: from sol.attlocal.net (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8E959221EE; Thu, 17 Sep 2020 04:13:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600315991; bh=MedRkQM4S6L0pv+MPP4bqqDFZVyFMtpnCXSEEWcRDY0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lr++qrX77fU11azDYwRHdjmB89MkN+vJsWsCYTA4dAjbWyUJg+qh44OEDffyMmHSK Hnhok4h3gzgLNqlK3jugfTl1CZwhbMvPUQUKwjILjTUICYKTC4k6+ieMEZQOTrJsJN xR//al7xCw7MtWVJ6WYy1tbCrzwXX7nbyDYv6HPg= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, ceph-devel@vger.kernel.org, Jeff Layton , Daniel Rosenberg Subject: [PATCH v3 13/13] fscrypt: make fscrypt_set_test_dummy_encryption() take a 'const char *' Date: Wed, 16 Sep 2020 21:11:36 -0700 Message-Id: <20200917041136.178600-14-ebiggers@kernel.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200917041136.178600-1-ebiggers@kernel.org> References: <20200917041136.178600-1-ebiggers@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org From: Eric Biggers fscrypt_set_test_dummy_encryption() requires that the optional argument to the test_dummy_encryption mount option be specified as a substring_t. That doesn't work well with filesystems that use the new mount API, since the new way of parsing mount options doesn't use substring_t. Make it take the argument as a 'const char *' instead. Instead of moving the match_strdup() into the callers in ext4 and f2fs, make them just use arg->from directly. Since the pattern is "test_dummy_encryption=%s", the argument will be null-terminated. Signed-off-by: Eric Biggers --- fs/crypto/policy.c | 20 ++++++-------------- fs/ext4/super.c | 2 +- fs/f2fs/super.c | 2 +- include/linux/fscrypt.h | 5 +---- 4 files changed, 9 insertions(+), 20 deletions(-) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 97cf07543651f..4441d9944b9ef 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -697,8 +697,7 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); /** * fscrypt_set_test_dummy_encryption() - handle '-o test_dummy_encryption' * @sb: the filesystem on which test_dummy_encryption is being specified - * @arg: the argument to the test_dummy_encryption option. - * If no argument was specified, then @arg->from == NULL. + * @arg: the argument to the test_dummy_encryption option. May be NULL. * @dummy_policy: the filesystem's current dummy policy (input/output, see * below) * @@ -712,29 +711,23 @@ EXPORT_SYMBOL_GPL(fscrypt_set_context); * -EEXIST if a different dummy policy is already set; * or another -errno value. */ -int fscrypt_set_test_dummy_encryption(struct super_block *sb, - const substring_t *arg, +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, struct fscrypt_dummy_policy *dummy_policy) { - const char *argstr = "v2"; - const char *argstr_to_free = NULL; struct fscrypt_key_specifier key_spec = { 0 }; int version; union fscrypt_policy *policy = NULL; int err; - if (arg->from) { - argstr = argstr_to_free = match_strdup(arg); - if (!argstr) - return -ENOMEM; - } + if (!arg) + arg = "v2"; - if (!strcmp(argstr, "v1")) { + if (!strcmp(arg, "v1")) { version = FSCRYPT_POLICY_V1; key_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; memset(key_spec.u.descriptor, 0x42, FSCRYPT_KEY_DESCRIPTOR_SIZE); - } else if (!strcmp(argstr, "v2")) { + } else if (!strcmp(arg, "v2")) { version = FSCRYPT_POLICY_V2; key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; /* key_spec.u.identifier gets filled in when adding the key */ @@ -785,7 +778,6 @@ int fscrypt_set_test_dummy_encryption(struct super_block *sb, err = 0; out: kfree(policy); - kfree(argstr_to_free); return err; } EXPORT_SYMBOL_GPL(fscrypt_set_test_dummy_encryption); diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 7e77722406e2f..ed5624285a475 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1893,7 +1893,7 @@ static int ext4_set_test_dummy_encryption(struct super_block *sb, "Can't set test_dummy_encryption on remount"); return -1; } - err = fscrypt_set_test_dummy_encryption(sb, arg, + err = fscrypt_set_test_dummy_encryption(sb, arg->from, &sbi->s_dummy_enc_policy); if (err) { if (err == -EEXIST) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index f2b3d1a279fb7..c72d22c0c52e7 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -438,7 +438,7 @@ static int f2fs_set_test_dummy_encryption(struct super_block *sb, return -EINVAL; } err = fscrypt_set_test_dummy_encryption( - sb, arg, &F2FS_OPTION(sbi).dummy_enc_policy); + sb, arg->from, &F2FS_OPTION(sbi).dummy_enc_policy); if (err) { if (err == -EEXIST) f2fs_warn(sbi, diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index b3b0c5675c6b1..fc67c4cbaa968 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -15,7 +15,6 @@ #include #include -#include #include #include @@ -153,9 +152,7 @@ struct fscrypt_dummy_policy { const union fscrypt_policy *policy; }; -int fscrypt_set_test_dummy_encryption( - struct super_block *sb, - const substring_t *arg, +int fscrypt_set_test_dummy_encryption(struct super_block *sb, const char *arg, struct fscrypt_dummy_policy *dummy_policy); void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, struct super_block *sb);