diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-08 00:28:04 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-05-08 00:28:04 -0400 |
commit | a9fbcd6728837268784439ad0b02ede2c024c516 (patch) | |
tree | 2a58af9a6f7573617ab482aea0998389d8b956af | |
parent | 5abe37954e9a315c35c9490f78d55f307c3c636b (diff) | |
parent | 2c58d548f5706d085c4b009f6abb945220460632 (diff) |
Merge tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt
Pull fscrypt updates from Ted Ts'o:
"Clean up fscrypt's dcache revalidation support, and other
miscellaneous cleanups"
* tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt:
fscrypt: cache decrypted symlink target in ->i_link
vfs: use READ_ONCE() to access ->i_link
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
fscrypt: only set dentry_operations on ciphertext dentries
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fscrypt: clean up and improve dentry revalidation
fscrypt: use READ_ONCE() to access ->i_crypt_info
fscrypt: remove WARN_ON_ONCE() when decryption fails
fscrypt: drop inode argument from fscrypt_get_ctx()
-rw-r--r-- | fs/crypto/bio.c | 8 | ||||
-rw-r--r-- | fs/crypto/crypto.c | 74 | ||||
-rw-r--r-- | fs/crypto/fname.c | 5 | ||||
-rw-r--r-- | fs/crypto/hooks.c | 68 | ||||
-rw-r--r-- | fs/crypto/keyinfo.c | 25 | ||||
-rw-r--r-- | fs/crypto/policy.c | 6 | ||||
-rw-r--r-- | fs/dcache.c | 2 | ||||
-rw-r--r-- | fs/ext4/ext4.h | 62 | ||||
-rw-r--r-- | fs/ext4/namei.c | 76 | ||||
-rw-r--r-- | fs/ext4/readpage.c | 2 | ||||
-rw-r--r-- | fs/ext4/super.c | 1 | ||||
-rw-r--r-- | fs/f2fs/namei.c | 17 | ||||
-rw-r--r-- | fs/f2fs/super.c | 1 | ||||
-rw-r--r-- | fs/namei.c | 4 | ||||
-rw-r--r-- | fs/ubifs/dir.c | 8 | ||||
-rw-r--r-- | fs/ubifs/super.c | 3 | ||||
-rw-r--r-- | include/linux/dcache.h | 2 | ||||
-rw-r--r-- | include/linux/fscrypt.h | 74 |
18 files changed, 294 insertions, 144 deletions
diff --git a/fs/crypto/bio.c b/fs/crypto/bio.c index 8f3a8bc15d98..b46021ebde85 100644 --- a/fs/crypto/bio.c +++ b/fs/crypto/bio.c | |||
@@ -36,12 +36,10 @@ static void __fscrypt_decrypt_bio(struct bio *bio, bool done) | |||
36 | int ret = fscrypt_decrypt_page(page->mapping->host, page, | 36 | int ret = fscrypt_decrypt_page(page->mapping->host, page, |
37 | PAGE_SIZE, 0, page->index); | 37 | PAGE_SIZE, 0, page->index); |
38 | 38 | ||
39 | if (ret) { | 39 | if (ret) |
40 | WARN_ON_ONCE(1); | ||
41 | SetPageError(page); | 40 | SetPageError(page); |
42 | } else if (done) { | 41 | else if (done) |
43 | SetPageUptodate(page); | 42 | SetPageUptodate(page); |
44 | } | ||
45 | if (done) | 43 | if (done) |
46 | unlock_page(page); | 44 | unlock_page(page); |
47 | } | 45 | } |
@@ -103,7 +101,7 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, | |||
103 | 101 | ||
104 | BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE); | 102 | BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE); |
105 | 103 | ||
106 | ctx = fscrypt_get_ctx(inode, GFP_NOFS); | 104 | ctx = fscrypt_get_ctx(GFP_NOFS); |
107 | if (IS_ERR(ctx)) | 105 | if (IS_ERR(ctx)) |
108 | return PTR_ERR(ctx); | 106 | return PTR_ERR(ctx); |
109 | 107 | ||
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 4dc788e3bc96..68e2ca4c4af6 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c | |||
@@ -87,23 +87,17 @@ EXPORT_SYMBOL(fscrypt_release_ctx); | |||
87 | 87 | ||
88 | /** | 88 | /** |
89 | * fscrypt_get_ctx() - Gets an encryption context | 89 | * fscrypt_get_ctx() - Gets an encryption context |
90 | * @inode: The inode for which we are doing the crypto | ||
91 | * @gfp_flags: The gfp flag for memory allocation | 90 | * @gfp_flags: The gfp flag for memory allocation |
92 | * | 91 | * |
93 | * Allocates and initializes an encryption context. | 92 | * Allocates and initializes an encryption context. |
94 | * | 93 | * |
95 | * Return: An allocated and initialized encryption context on success; error | 94 | * Return: A new encryption context on success; an ERR_PTR() otherwise. |
96 | * value or NULL otherwise. | ||
97 | */ | 95 | */ |
98 | struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode, gfp_t gfp_flags) | 96 | struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags) |
99 | { | 97 | { |
100 | struct fscrypt_ctx *ctx = NULL; | 98 | struct fscrypt_ctx *ctx; |
101 | struct fscrypt_info *ci = inode->i_crypt_info; | ||
102 | unsigned long flags; | 99 | unsigned long flags; |
103 | 100 | ||
104 | if (ci == NULL) | ||
105 | return ERR_PTR(-ENOKEY); | ||
106 | |||
107 | /* | 101 | /* |
108 | * We first try getting the ctx from a free list because in | 102 | * We first try getting the ctx from a free list because in |
109 | * the common case the ctx will have an allocated and | 103 | * the common case the ctx will have an allocated and |
@@ -258,9 +252,9 @@ struct page *fscrypt_encrypt_page(const struct inode *inode, | |||
258 | 252 | ||
259 | BUG_ON(!PageLocked(page)); | 253 | BUG_ON(!PageLocked(page)); |
260 | 254 | ||
261 | ctx = fscrypt_get_ctx(inode, gfp_flags); | 255 | ctx = fscrypt_get_ctx(gfp_flags); |
262 | if (IS_ERR(ctx)) | 256 | if (IS_ERR(ctx)) |
263 | return (struct page *)ctx; | 257 | return ERR_CAST(ctx); |
264 | 258 | ||
265 | /* The encryption operation will require a bounce page. */ | 259 | /* The encryption operation will require a bounce page. */ |
266 | ciphertext_page = fscrypt_alloc_bounce_page(ctx, gfp_flags); | 260 | ciphertext_page = fscrypt_alloc_bounce_page(ctx, gfp_flags); |
@@ -313,45 +307,47 @@ int fscrypt_decrypt_page(const struct inode *inode, struct page *page, | |||
313 | EXPORT_SYMBOL(fscrypt_decrypt_page); | 307 | EXPORT_SYMBOL(fscrypt_decrypt_page); |
314 | 308 | ||
315 | /* | 309 | /* |
316 | * Validate dentries for encrypted directories to make sure we aren't | 310 | * Validate dentries in encrypted directories to make sure we aren't potentially |
317 | * potentially caching stale data after a key has been added or | 311 | * caching stale dentries after a key has been added. |
318 | * removed. | ||
319 | */ | 312 | */ |
320 | static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) | 313 | static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) |
321 | { | 314 | { |
322 | struct dentry *dir; | 315 | struct dentry *dir; |
323 | int dir_has_key, cached_with_key; | 316 | int err; |
317 | int valid; | ||
318 | |||
319 | /* | ||
320 | * Plaintext names are always valid, since fscrypt doesn't support | ||
321 | * reverting to ciphertext names without evicting the directory's inode | ||
322 | * -- which implies eviction of the dentries in the directory. | ||
323 | */ | ||
324 | if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME)) | ||
325 | return 1; | ||
326 | |||
327 | /* | ||
328 | * Ciphertext name; valid if the directory's key is still unavailable. | ||
329 | * | ||
330 | * Although fscrypt forbids rename() on ciphertext names, we still must | ||
331 | * use dget_parent() here rather than use ->d_parent directly. That's | ||
332 | * because a corrupted fs image may contain directory hard links, which | ||
333 | * the VFS handles by moving the directory's dentry tree in the dcache | ||
334 | * each time ->lookup() finds the directory and it already has a dentry | ||
335 | * elsewhere. Thus ->d_parent can be changing, and we must safely grab | ||
336 | * a reference to some ->d_parent to prevent it from being freed. | ||
337 | */ | ||
324 | 338 | ||
325 | if (flags & LOOKUP_RCU) | 339 | if (flags & LOOKUP_RCU) |
326 | return -ECHILD; | 340 | return -ECHILD; |
327 | 341 | ||
328 | dir = dget_parent(dentry); | 342 | dir = dget_parent(dentry); |
329 | if (!IS_ENCRYPTED(d_inode(dir))) { | 343 | err = fscrypt_get_encryption_info(d_inode(dir)); |
330 | dput(dir); | 344 | valid = !fscrypt_has_encryption_key(d_inode(dir)); |
331 | return 0; | ||
332 | } | ||
333 | |||
334 | spin_lock(&dentry->d_lock); | ||
335 | cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; | ||
336 | spin_unlock(&dentry->d_lock); | ||
337 | dir_has_key = (d_inode(dir)->i_crypt_info != NULL); | ||
338 | dput(dir); | 345 | dput(dir); |
339 | 346 | ||
340 | /* | 347 | if (err < 0) |
341 | * If the dentry was cached without the key, and it is a | 348 | return err; |
342 | * negative dentry, it might be a valid name. We can't check | 349 | |
343 | * if the key has since been made available due to locking | 350 | return valid; |
344 | * reasons, so we fail the validation so ext4_lookup() can do | ||
345 | * this check. | ||
346 | * | ||
347 | * We also fail the validation if the dentry was created with | ||
348 | * the key present, but we no longer have the key, or vice versa. | ||
349 | */ | ||
350 | if ((!cached_with_key && d_is_negative(dentry)) || | ||
351 | (!cached_with_key && dir_has_key) || | ||
352 | (cached_with_key && !dir_has_key)) | ||
353 | return 0; | ||
354 | return 1; | ||
355 | } | 351 | } |
356 | 352 | ||
357 | const struct dentry_operations fscrypt_d_ops = { | 353 | const struct dentry_operations fscrypt_d_ops = { |
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 7ff40a73dbec..eccea3d8f923 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c | |||
@@ -269,7 +269,7 @@ int fscrypt_fname_disk_to_usr(struct inode *inode, | |||
269 | if (iname->len < FS_CRYPTO_BLOCK_SIZE) | 269 | if (iname->len < FS_CRYPTO_BLOCK_SIZE) |
270 | return -EUCLEAN; | 270 | return -EUCLEAN; |
271 | 271 | ||
272 | if (inode->i_crypt_info) | 272 | if (fscrypt_has_encryption_key(inode)) |
273 | return fname_decrypt(inode, iname, oname); | 273 | return fname_decrypt(inode, iname, oname); |
274 | 274 | ||
275 | if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { | 275 | if (iname->len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) { |
@@ -336,7 +336,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, | |||
336 | if (ret) | 336 | if (ret) |
337 | return ret; | 337 | return ret; |
338 | 338 | ||
339 | if (dir->i_crypt_info) { | 339 | if (fscrypt_has_encryption_key(dir)) { |
340 | if (!fscrypt_fname_encrypted_size(dir, iname->len, | 340 | if (!fscrypt_fname_encrypted_size(dir, iname->len, |
341 | dir->i_sb->s_cop->max_namelen, | 341 | dir->i_sb->s_cop->max_namelen, |
342 | &fname->crypto_buf.len)) | 342 | &fname->crypto_buf.len)) |
@@ -356,6 +356,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, | |||
356 | } | 356 | } |
357 | if (!lookup) | 357 | if (!lookup) |
358 | return -ENOKEY; | 358 | return -ENOKEY; |
359 | fname->is_ciphertext_name = true; | ||
359 | 360 | ||
360 | /* | 361 | /* |
361 | * We don't have the key and we are doing a lookup; decode the | 362 | * We don't have the key and we are doing a lookup; decode the |
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 56debb1fcf5e..2dc22549d724 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c | |||
@@ -49,7 +49,8 @@ int fscrypt_file_open(struct inode *inode, struct file *filp) | |||
49 | } | 49 | } |
50 | EXPORT_SYMBOL_GPL(fscrypt_file_open); | 50 | EXPORT_SYMBOL_GPL(fscrypt_file_open); |
51 | 51 | ||
52 | int __fscrypt_prepare_link(struct inode *inode, struct inode *dir) | 52 | int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
53 | struct dentry *dentry) | ||
53 | { | 54 | { |
54 | int err; | 55 | int err; |
55 | 56 | ||
@@ -57,6 +58,10 @@ int __fscrypt_prepare_link(struct inode *inode, struct inode *dir) | |||
57 | if (err) | 58 | if (err) |
58 | return err; | 59 | return err; |
59 | 60 | ||
61 | /* ... in case we looked up ciphertext name before key was added */ | ||
62 | if (dentry->d_flags & DCACHE_ENCRYPTED_NAME) | ||
63 | return -ENOKEY; | ||
64 | |||
60 | if (!fscrypt_has_permitted_context(dir, inode)) | 65 | if (!fscrypt_has_permitted_context(dir, inode)) |
61 | return -EXDEV; | 66 | return -EXDEV; |
62 | 67 | ||
@@ -78,6 +83,11 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
78 | if (err) | 83 | if (err) |
79 | return err; | 84 | return err; |
80 | 85 | ||
86 | /* ... in case we looked up ciphertext name(s) before key was added */ | ||
87 | if ((old_dentry->d_flags | new_dentry->d_flags) & | ||
88 | DCACHE_ENCRYPTED_NAME) | ||
89 | return -ENOKEY; | ||
90 | |||
81 | if (old_dir != new_dir) { | 91 | if (old_dir != new_dir) { |
82 | if (IS_ENCRYPTED(new_dir) && | 92 | if (IS_ENCRYPTED(new_dir) && |
83 | !fscrypt_has_permitted_context(new_dir, | 93 | !fscrypt_has_permitted_context(new_dir, |
@@ -94,21 +104,21 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
94 | } | 104 | } |
95 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename); | 105 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_rename); |
96 | 106 | ||
97 | int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry) | 107 | int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
108 | struct fscrypt_name *fname) | ||
98 | { | 109 | { |
99 | int err = fscrypt_get_encryption_info(dir); | 110 | int err = fscrypt_setup_filename(dir, &dentry->d_name, 1, fname); |
100 | 111 | ||
101 | if (err) | 112 | if (err && err != -ENOENT) |
102 | return err; | 113 | return err; |
103 | 114 | ||
104 | if (fscrypt_has_encryption_key(dir)) { | 115 | if (fname->is_ciphertext_name) { |
105 | spin_lock(&dentry->d_lock); | 116 | spin_lock(&dentry->d_lock); |
106 | dentry->d_flags |= DCACHE_ENCRYPTED_WITH_KEY; | 117 | dentry->d_flags |= DCACHE_ENCRYPTED_NAME; |
107 | spin_unlock(&dentry->d_lock); | 118 | spin_unlock(&dentry->d_lock); |
119 | d_set_d_op(dentry, &fscrypt_d_ops); | ||
108 | } | 120 | } |
109 | 121 | return err; | |
110 | d_set_d_op(dentry, &fscrypt_d_ops); | ||
111 | return 0; | ||
112 | } | 122 | } |
113 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); | 123 | EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); |
114 | 124 | ||
@@ -179,11 +189,9 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, | |||
179 | sd->len = cpu_to_le16(ciphertext_len); | 189 | sd->len = cpu_to_le16(ciphertext_len); |
180 | 190 | ||
181 | err = fname_encrypt(inode, &iname, sd->encrypted_path, ciphertext_len); | 191 | err = fname_encrypt(inode, &iname, sd->encrypted_path, ciphertext_len); |
182 | if (err) { | 192 | if (err) |
183 | if (!disk_link->name) | 193 | goto err_free_sd; |
184 | kfree(sd); | 194 | |
185 | return err; | ||
186 | } | ||
187 | /* | 195 | /* |
188 | * Null-terminating the ciphertext doesn't make sense, but we still | 196 | * Null-terminating the ciphertext doesn't make sense, but we still |
189 | * count the null terminator in the length, so we might as well | 197 | * count the null terminator in the length, so we might as well |
@@ -191,9 +199,20 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, | |||
191 | */ | 199 | */ |
192 | sd->encrypted_path[ciphertext_len] = '\0'; | 200 | sd->encrypted_path[ciphertext_len] = '\0'; |
193 | 201 | ||
202 | /* Cache the plaintext symlink target for later use by get_link() */ | ||
203 | err = -ENOMEM; | ||
204 | inode->i_link = kmemdup(target, len + 1, GFP_NOFS); | ||
205 | if (!inode->i_link) | ||
206 | goto err_free_sd; | ||
207 | |||
194 | if (!disk_link->name) | 208 | if (!disk_link->name) |
195 | disk_link->name = (unsigned char *)sd; | 209 | disk_link->name = (unsigned char *)sd; |
196 | return 0; | 210 | return 0; |
211 | |||
212 | err_free_sd: | ||
213 | if (!disk_link->name) | ||
214 | kfree(sd); | ||
215 | return err; | ||
197 | } | 216 | } |
198 | EXPORT_SYMBOL_GPL(__fscrypt_encrypt_symlink); | 217 | EXPORT_SYMBOL_GPL(__fscrypt_encrypt_symlink); |
199 | 218 | ||
@@ -202,7 +221,7 @@ EXPORT_SYMBOL_GPL(__fscrypt_encrypt_symlink); | |||
202 | * @inode: the symlink inode | 221 | * @inode: the symlink inode |
203 | * @caddr: the on-disk contents of the symlink | 222 | * @caddr: the on-disk contents of the symlink |
204 | * @max_size: size of @caddr buffer | 223 | * @max_size: size of @caddr buffer |
205 | * @done: if successful, will be set up to free the returned target | 224 | * @done: if successful, will be set up to free the returned target if needed |
206 | * | 225 | * |
207 | * If the symlink's encryption key is available, we decrypt its target. | 226 | * If the symlink's encryption key is available, we decrypt its target. |
208 | * Otherwise, we encode its target for presentation. | 227 | * Otherwise, we encode its target for presentation. |
@@ -217,12 +236,18 @@ const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |||
217 | { | 236 | { |
218 | const struct fscrypt_symlink_data *sd; | 237 | const struct fscrypt_symlink_data *sd; |
219 | struct fscrypt_str cstr, pstr; | 238 | struct fscrypt_str cstr, pstr; |
239 | bool has_key; | ||
220 | int err; | 240 | int err; |
221 | 241 | ||
222 | /* This is for encrypted symlinks only */ | 242 | /* This is for encrypted symlinks only */ |
223 | if (WARN_ON(!IS_ENCRYPTED(inode))) | 243 | if (WARN_ON(!IS_ENCRYPTED(inode))) |
224 | return ERR_PTR(-EINVAL); | 244 | return ERR_PTR(-EINVAL); |
225 | 245 | ||
246 | /* If the decrypted target is already cached, just return it. */ | ||
247 | pstr.name = READ_ONCE(inode->i_link); | ||
248 | if (pstr.name) | ||
249 | return pstr.name; | ||
250 | |||
226 | /* | 251 | /* |
227 | * Try to set up the symlink's encryption key, but we can continue | 252 | * Try to set up the symlink's encryption key, but we can continue |
228 | * regardless of whether the key is available or not. | 253 | * regardless of whether the key is available or not. |
@@ -230,6 +255,7 @@ const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |||
230 | err = fscrypt_get_encryption_info(inode); | 255 | err = fscrypt_get_encryption_info(inode); |
231 | if (err) | 256 | if (err) |
232 | return ERR_PTR(err); | 257 | return ERR_PTR(err); |
258 | has_key = fscrypt_has_encryption_key(inode); | ||
233 | 259 | ||
234 | /* | 260 | /* |
235 | * For historical reasons, encrypted symlink targets are prefixed with | 261 | * For historical reasons, encrypted symlink targets are prefixed with |
@@ -261,7 +287,17 @@ const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, | |||
261 | goto err_kfree; | 287 | goto err_kfree; |
262 | 288 | ||
263 | pstr.name[pstr.len] = '\0'; | 289 | pstr.name[pstr.len] = '\0'; |
264 | set_delayed_call(done, kfree_link, pstr.name); | 290 | |
291 | /* | ||
292 | * Cache decrypted symlink targets in i_link for later use. Don't cache | ||
293 | * symlink targets encoded without the key, since those become outdated | ||
294 | * once the key is added. This pairs with the READ_ONCE() above and in | ||
295 | * the VFS path lookup code. | ||
296 | */ | ||
297 | if (!has_key || | ||
298 | cmpxchg_release(&inode->i_link, NULL, pstr.name) != NULL) | ||
299 | set_delayed_call(done, kfree_link, pstr.name); | ||
300 | |||
265 | return pstr.name; | 301 | return pstr.name; |
266 | 302 | ||
267 | err_kfree: | 303 | err_kfree: |
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 2cb4956f8511..dcd91a3fbe49 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c | |||
@@ -508,7 +508,7 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
508 | u8 *raw_key = NULL; | 508 | u8 *raw_key = NULL; |
509 | int res; | 509 | int res; |
510 | 510 | ||
511 | if (inode->i_crypt_info) | 511 | if (fscrypt_has_encryption_key(inode)) |
512 | return 0; | 512 | return 0; |
513 | 513 | ||
514 | res = fscrypt_initialize(inode->i_sb->s_cop->flags); | 514 | res = fscrypt_initialize(inode->i_sb->s_cop->flags); |
@@ -572,7 +572,7 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
572 | if (res) | 572 | if (res) |
573 | goto out; | 573 | goto out; |
574 | 574 | ||
575 | if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL) | 575 | if (cmpxchg_release(&inode->i_crypt_info, NULL, crypt_info) == NULL) |
576 | crypt_info = NULL; | 576 | crypt_info = NULL; |
577 | out: | 577 | out: |
578 | if (res == -ENOKEY) | 578 | if (res == -ENOKEY) |
@@ -583,9 +583,30 @@ out: | |||
583 | } | 583 | } |
584 | EXPORT_SYMBOL(fscrypt_get_encryption_info); | 584 | EXPORT_SYMBOL(fscrypt_get_encryption_info); |
585 | 585 | ||
586 | /** | ||
587 | * fscrypt_put_encryption_info - free most of an inode's fscrypt data | ||
588 | * | ||
589 | * Free the inode's fscrypt_info. Filesystems must call this when the inode is | ||
590 | * being evicted. An RCU grace period need not have elapsed yet. | ||
591 | */ | ||
586 | void fscrypt_put_encryption_info(struct inode *inode) | 592 | void fscrypt_put_encryption_info(struct inode *inode) |
587 | { | 593 | { |
588 | put_crypt_info(inode->i_crypt_info); | 594 | put_crypt_info(inode->i_crypt_info); |
589 | inode->i_crypt_info = NULL; | 595 | inode->i_crypt_info = NULL; |
590 | } | 596 | } |
591 | EXPORT_SYMBOL(fscrypt_put_encryption_info); | 597 | EXPORT_SYMBOL(fscrypt_put_encryption_info); |
598 | |||
599 | /** | ||
600 | * fscrypt_free_inode - free an inode's fscrypt data requiring RCU delay | ||
601 | * | ||
602 | * Free the inode's cached decrypted symlink target, if any. Filesystems must | ||
603 | * call this after an RCU grace period, just before they free the inode. | ||
604 | */ | ||
605 | void fscrypt_free_inode(struct inode *inode) | ||
606 | { | ||
607 | if (IS_ENCRYPTED(inode) && S_ISLNK(inode->i_mode)) { | ||
608 | kfree(inode->i_link); | ||
609 | inode->i_link = NULL; | ||
610 | } | ||
611 | } | ||
612 | EXPORT_SYMBOL(fscrypt_free_inode); | ||
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index bd7eaf9b3f00..d536889ac31b 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c | |||
@@ -194,8 +194,8 @@ int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) | |||
194 | res = fscrypt_get_encryption_info(child); | 194 | res = fscrypt_get_encryption_info(child); |
195 | if (res) | 195 | if (res) |
196 | return 0; | 196 | return 0; |
197 | parent_ci = parent->i_crypt_info; | 197 | parent_ci = READ_ONCE(parent->i_crypt_info); |
198 | child_ci = child->i_crypt_info; | 198 | child_ci = READ_ONCE(child->i_crypt_info); |
199 | 199 | ||
200 | if (parent_ci && child_ci) { | 200 | if (parent_ci && child_ci) { |
201 | return memcmp(parent_ci->ci_master_key_descriptor, | 201 | return memcmp(parent_ci->ci_master_key_descriptor, |
@@ -246,7 +246,7 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, | |||
246 | if (res < 0) | 246 | if (res < 0) |
247 | return res; | 247 | return res; |
248 | 248 | ||
249 | ci = parent->i_crypt_info; | 249 | ci = READ_ONCE(parent->i_crypt_info); |
250 | if (ci == NULL) | 250 | if (ci == NULL) |
251 | return -ENOKEY; | 251 | return -ENOKEY; |
252 | 252 | ||
diff --git a/fs/dcache.c b/fs/dcache.c index 982d97bbb72c..8136bda27a1f 100644 --- a/fs/dcache.c +++ b/fs/dcache.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/string.h> | 18 | #include <linux/string.h> |
19 | #include <linux/mm.h> | 19 | #include <linux/mm.h> |
20 | #include <linux/fs.h> | 20 | #include <linux/fs.h> |
21 | #include <linux/fscrypt.h> | ||
21 | #include <linux/fsnotify.h> | 22 | #include <linux/fsnotify.h> |
22 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
23 | #include <linux/init.h> | 24 | #include <linux/init.h> |
@@ -2797,6 +2798,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target, | |||
2797 | list_move(&dentry->d_child, &dentry->d_parent->d_subdirs); | 2798 | list_move(&dentry->d_child, &dentry->d_parent->d_subdirs); |
2798 | __d_rehash(dentry); | 2799 | __d_rehash(dentry); |
2799 | fsnotify_update_flags(dentry); | 2800 | fsnotify_update_flags(dentry); |
2801 | fscrypt_handle_d_move(dentry); | ||
2800 | 2802 | ||
2801 | write_seqcount_end(&target->d_seq); | 2803 | write_seqcount_end(&target->d_seq); |
2802 | write_seqcount_end(&dentry->d_seq); | 2804 | write_seqcount_end(&dentry->d_seq); |
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index ef755e5f6f2f..1cb67859e051 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h | |||
@@ -2303,23 +2303,47 @@ extern unsigned ext4_free_clusters_after_init(struct super_block *sb, | |||
2303 | ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); | 2303 | ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); |
2304 | 2304 | ||
2305 | #ifdef CONFIG_FS_ENCRYPTION | 2305 | #ifdef CONFIG_FS_ENCRYPTION |
2306 | static inline void ext4_fname_from_fscrypt_name(struct ext4_filename *dst, | ||
2307 | const struct fscrypt_name *src) | ||
2308 | { | ||
2309 | memset(dst, 0, sizeof(*dst)); | ||
2310 | |||
2311 | dst->usr_fname = src->usr_fname; | ||
2312 | dst->disk_name = src->disk_name; | ||
2313 | dst->hinfo.hash = src->hash; | ||
2314 | dst->hinfo.minor_hash = src->minor_hash; | ||
2315 | dst->crypto_buf = src->crypto_buf; | ||
2316 | } | ||
2317 | |||
2306 | static inline int ext4_fname_setup_filename(struct inode *dir, | 2318 | static inline int ext4_fname_setup_filename(struct inode *dir, |
2307 | const struct qstr *iname, | 2319 | const struct qstr *iname, |
2308 | int lookup, struct ext4_filename *fname) | 2320 | int lookup, |
2321 | struct ext4_filename *fname) | ||
2309 | { | 2322 | { |
2310 | struct fscrypt_name name; | 2323 | struct fscrypt_name name; |
2311 | int err; | 2324 | int err; |
2312 | 2325 | ||
2313 | memset(fname, 0, sizeof(struct ext4_filename)); | ||
2314 | |||
2315 | err = fscrypt_setup_filename(dir, iname, lookup, &name); | 2326 | err = fscrypt_setup_filename(dir, iname, lookup, &name); |
2327 | if (err) | ||
2328 | return err; | ||
2316 | 2329 | ||
2317 | fname->usr_fname = name.usr_fname; | 2330 | ext4_fname_from_fscrypt_name(fname, &name); |
2318 | fname->disk_name = name.disk_name; | 2331 | return 0; |
2319 | fname->hinfo.hash = name.hash; | 2332 | } |
2320 | fname->hinfo.minor_hash = name.minor_hash; | 2333 | |
2321 | fname->crypto_buf = name.crypto_buf; | 2334 | static inline int ext4_fname_prepare_lookup(struct inode *dir, |
2322 | return err; | 2335 | struct dentry *dentry, |
2336 | struct ext4_filename *fname) | ||
2337 | { | ||
2338 | struct fscrypt_name name; | ||
2339 | int err; | ||
2340 | |||
2341 | err = fscrypt_prepare_lookup(dir, dentry, &name); | ||
2342 | if (err) | ||
2343 | return err; | ||
2344 | |||
2345 | ext4_fname_from_fscrypt_name(fname, &name); | ||
2346 | return 0; | ||
2323 | } | 2347 | } |
2324 | 2348 | ||
2325 | static inline void ext4_fname_free_filename(struct ext4_filename *fname) | 2349 | static inline void ext4_fname_free_filename(struct ext4_filename *fname) |
@@ -2333,19 +2357,27 @@ static inline void ext4_fname_free_filename(struct ext4_filename *fname) | |||
2333 | fname->usr_fname = NULL; | 2357 | fname->usr_fname = NULL; |
2334 | fname->disk_name.name = NULL; | 2358 | fname->disk_name.name = NULL; |
2335 | } | 2359 | } |
2336 | #else | 2360 | #else /* !CONFIG_FS_ENCRYPTION */ |
2337 | static inline int ext4_fname_setup_filename(struct inode *dir, | 2361 | static inline int ext4_fname_setup_filename(struct inode *dir, |
2338 | const struct qstr *iname, | 2362 | const struct qstr *iname, |
2339 | int lookup, struct ext4_filename *fname) | 2363 | int lookup, |
2364 | struct ext4_filename *fname) | ||
2340 | { | 2365 | { |
2341 | fname->usr_fname = iname; | 2366 | fname->usr_fname = iname; |
2342 | fname->disk_name.name = (unsigned char *) iname->name; | 2367 | fname->disk_name.name = (unsigned char *) iname->name; |
2343 | fname->disk_name.len = iname->len; | 2368 | fname->disk_name.len = iname->len; |
2344 | return 0; | 2369 | return 0; |
2345 | } | 2370 | } |
2346 | static inline void ext4_fname_free_filename(struct ext4_filename *fname) { } | ||
2347 | 2371 | ||
2348 | #endif | 2372 | static inline int ext4_fname_prepare_lookup(struct inode *dir, |
2373 | struct dentry *dentry, | ||
2374 | struct ext4_filename *fname) | ||
2375 | { | ||
2376 | return ext4_fname_setup_filename(dir, &dentry->d_name, 1, fname); | ||
2377 | } | ||
2378 | |||
2379 | static inline void ext4_fname_free_filename(struct ext4_filename *fname) { } | ||
2380 | #endif /* !CONFIG_FS_ENCRYPTION */ | ||
2349 | 2381 | ||
2350 | /* dir.c */ | 2382 | /* dir.c */ |
2351 | extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *, | 2383 | extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *, |
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index e917830eae84..6d50f53b7a15 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c | |||
@@ -1371,7 +1371,7 @@ static int is_dx_internal_node(struct inode *dir, ext4_lblk_t block, | |||
1371 | } | 1371 | } |
1372 | 1372 | ||
1373 | /* | 1373 | /* |
1374 | * ext4_find_entry() | 1374 | * __ext4_find_entry() |
1375 | * | 1375 | * |
1376 | * finds an entry in the specified directory with the wanted name. It | 1376 | * finds an entry in the specified directory with the wanted name. It |
1377 | * returns the cache buffer in which the entry was found, and the entry | 1377 | * returns the cache buffer in which the entry was found, and the entry |
@@ -1381,39 +1381,32 @@ static int is_dx_internal_node(struct inode *dir, ext4_lblk_t block, | |||
1381 | * The returned buffer_head has ->b_count elevated. The caller is expected | 1381 | * The returned buffer_head has ->b_count elevated. The caller is expected |
1382 | * to brelse() it when appropriate. | 1382 | * to brelse() it when appropriate. |
1383 | */ | 1383 | */ |
1384 | static struct buffer_head * ext4_find_entry (struct inode *dir, | 1384 | static struct buffer_head *__ext4_find_entry(struct inode *dir, |
1385 | const struct qstr *d_name, | 1385 | struct ext4_filename *fname, |
1386 | struct ext4_dir_entry_2 **res_dir, | 1386 | struct ext4_dir_entry_2 **res_dir, |
1387 | int *inlined) | 1387 | int *inlined) |
1388 | { | 1388 | { |
1389 | struct super_block *sb; | 1389 | struct super_block *sb; |
1390 | struct buffer_head *bh_use[NAMEI_RA_SIZE]; | 1390 | struct buffer_head *bh_use[NAMEI_RA_SIZE]; |
1391 | struct buffer_head *bh, *ret = NULL; | 1391 | struct buffer_head *bh, *ret = NULL; |
1392 | ext4_lblk_t start, block; | 1392 | ext4_lblk_t start, block; |
1393 | const u8 *name = d_name->name; | 1393 | const u8 *name = fname->usr_fname->name; |
1394 | size_t ra_max = 0; /* Number of bh's in the readahead | 1394 | size_t ra_max = 0; /* Number of bh's in the readahead |
1395 | buffer, bh_use[] */ | 1395 | buffer, bh_use[] */ |
1396 | size_t ra_ptr = 0; /* Current index into readahead | 1396 | size_t ra_ptr = 0; /* Current index into readahead |
1397 | buffer */ | 1397 | buffer */ |
1398 | ext4_lblk_t nblocks; | 1398 | ext4_lblk_t nblocks; |
1399 | int i, namelen, retval; | 1399 | int i, namelen, retval; |
1400 | struct ext4_filename fname; | ||
1401 | 1400 | ||
1402 | *res_dir = NULL; | 1401 | *res_dir = NULL; |
1403 | sb = dir->i_sb; | 1402 | sb = dir->i_sb; |
1404 | namelen = d_name->len; | 1403 | namelen = fname->usr_fname->len; |
1405 | if (namelen > EXT4_NAME_LEN) | 1404 | if (namelen > EXT4_NAME_LEN) |
1406 | return NULL; | 1405 | return NULL; |
1407 | 1406 | ||
1408 | retval = ext4_fname_setup_filename(dir, d_name, 1, &fname); | ||
1409 | if (retval == -ENOENT) | ||
1410 | return NULL; | ||
1411 | if (retval) | ||
1412 | return ERR_PTR(retval); | ||
1413 | |||
1414 | if (ext4_has_inline_data(dir)) { | 1407 | if (ext4_has_inline_data(dir)) { |
1415 | int has_inline_data = 1; | 1408 | int has_inline_data = 1; |
1416 | ret = ext4_find_inline_entry(dir, &fname, res_dir, | 1409 | ret = ext4_find_inline_entry(dir, fname, res_dir, |
1417 | &has_inline_data); | 1410 | &has_inline_data); |
1418 | if (has_inline_data) { | 1411 | if (has_inline_data) { |
1419 | if (inlined) | 1412 | if (inlined) |
@@ -1433,7 +1426,7 @@ static struct buffer_head * ext4_find_entry (struct inode *dir, | |||
1433 | goto restart; | 1426 | goto restart; |
1434 | } | 1427 | } |
1435 | if (is_dx(dir)) { | 1428 | if (is_dx(dir)) { |
1436 | ret = ext4_dx_find_entry(dir, &fname, res_dir); | 1429 | ret = ext4_dx_find_entry(dir, fname, res_dir); |
1437 | /* | 1430 | /* |
1438 | * On success, or if the error was file not found, | 1431 | * On success, or if the error was file not found, |
1439 | * return. Otherwise, fall back to doing a search the | 1432 | * return. Otherwise, fall back to doing a search the |
@@ -1497,7 +1490,7 @@ restart: | |||
1497 | goto cleanup_and_exit; | 1490 | goto cleanup_and_exit; |
1498 | } | 1491 | } |
1499 | set_buffer_verified(bh); | 1492 | set_buffer_verified(bh); |
1500 | i = search_dirblock(bh, dir, &fname, | 1493 | i = search_dirblock(bh, dir, fname, |
1501 | block << EXT4_BLOCK_SIZE_BITS(sb), res_dir); | 1494 | block << EXT4_BLOCK_SIZE_BITS(sb), res_dir); |
1502 | if (i == 1) { | 1495 | if (i == 1) { |
1503 | EXT4_I(dir)->i_dir_start_lookup = block; | 1496 | EXT4_I(dir)->i_dir_start_lookup = block; |
@@ -1528,10 +1521,50 @@ cleanup_and_exit: | |||
1528 | /* Clean up the read-ahead blocks */ | 1521 | /* Clean up the read-ahead blocks */ |
1529 | for (; ra_ptr < ra_max; ra_ptr++) | 1522 | for (; ra_ptr < ra_max; ra_ptr++) |
1530 | brelse(bh_use[ra_ptr]); | 1523 | brelse(bh_use[ra_ptr]); |
1531 | ext4_fname_free_filename(&fname); | ||
1532 | return ret; | 1524 | return ret; |
1533 | } | 1525 | } |
1534 | 1526 | ||
1527 | static struct buffer_head *ext4_find_entry(struct inode *dir, | ||
1528 | const struct qstr *d_name, | ||
1529 | struct ext4_dir_entry_2 **res_dir, | ||
1530 | int *inlined) | ||
1531 | { | ||
1532 | int err; | ||
1533 | struct ext4_filename fname; | ||
1534 | struct buffer_head *bh; | ||
1535 | |||
1536 | err = ext4_fname_setup_filename(dir, d_name, 1, &fname); | ||
1537 | if (err == -ENOENT) | ||
1538 | return NULL; | ||
1539 | if (err) | ||
1540 | return ERR_PTR(err); | ||
1541 | |||
1542 | bh = __ext4_find_entry(dir, &fname, res_dir, inlined); | ||
1543 | |||
1544 | ext4_fname_free_filename(&fname); | ||
1545 | return bh; | ||
1546 | } | ||
1547 | |||
1548 | static struct buffer_head *ext4_lookup_entry(struct inode *dir, | ||
1549 | struct dentry *dentry, | ||
1550 | struct ext4_dir_entry_2 **res_dir) | ||
1551 | { | ||
1552 | int err; | ||
1553 | struct ext4_filename fname; | ||
1554 | struct buffer_head *bh; | ||
1555 | |||
1556 | err = ext4_fname_prepare_lookup(dir, dentry, &fname); | ||
1557 | if (err == -ENOENT) | ||
1558 | return NULL; | ||
1559 | if (err) | ||
1560 | return ERR_PTR(err); | ||
1561 | |||
1562 | bh = __ext4_find_entry(dir, &fname, res_dir, NULL); | ||
1563 | |||
1564 | ext4_fname_free_filename(&fname); | ||
1565 | return bh; | ||
1566 | } | ||
1567 | |||
1535 | static struct buffer_head * ext4_dx_find_entry(struct inode *dir, | 1568 | static struct buffer_head * ext4_dx_find_entry(struct inode *dir, |
1536 | struct ext4_filename *fname, | 1569 | struct ext4_filename *fname, |
1537 | struct ext4_dir_entry_2 **res_dir) | 1570 | struct ext4_dir_entry_2 **res_dir) |
@@ -1590,16 +1623,11 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi | |||
1590 | struct inode *inode; | 1623 | struct inode *inode; |
1591 | struct ext4_dir_entry_2 *de; | 1624 | struct ext4_dir_entry_2 *de; |
1592 | struct buffer_head *bh; | 1625 | struct buffer_head *bh; |
1593 | int err; | ||
1594 | |||
1595 | err = fscrypt_prepare_lookup(dir, dentry, flags); | ||
1596 | if (err) | ||
1597 | return ERR_PTR(err); | ||
1598 | 1626 | ||
1599 | if (dentry->d_name.len > EXT4_NAME_LEN) | 1627 | if (dentry->d_name.len > EXT4_NAME_LEN) |
1600 | return ERR_PTR(-ENAMETOOLONG); | 1628 | return ERR_PTR(-ENAMETOOLONG); |
1601 | 1629 | ||
1602 | bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL); | 1630 | bh = ext4_lookup_entry(dir, dentry, &de); |
1603 | if (IS_ERR(bh)) | 1631 | if (IS_ERR(bh)) |
1604 | return ERR_CAST(bh); | 1632 | return ERR_CAST(bh); |
1605 | inode = NULL; | 1633 | inode = NULL; |
diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c index 2a39c7cb1441..c916017db334 100644 --- a/fs/ext4/readpage.c +++ b/fs/ext4/readpage.c | |||
@@ -244,7 +244,7 @@ int ext4_mpage_readpages(struct address_space *mapping, | |||
244 | struct fscrypt_ctx *ctx = NULL; | 244 | struct fscrypt_ctx *ctx = NULL; |
245 | 245 | ||
246 | if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) { | 246 | if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) { |
247 | ctx = fscrypt_get_ctx(inode, GFP_NOFS); | 247 | ctx = fscrypt_get_ctx(GFP_NOFS); |
248 | if (IS_ERR(ctx)) | 248 | if (IS_ERR(ctx)) |
249 | goto set_error_page; | 249 | goto set_error_page; |
250 | } | 250 | } |
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 3681cb737e9d..f71b5254a990 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c | |||
@@ -1113,6 +1113,7 @@ static int ext4_drop_inode(struct inode *inode) | |||
1113 | 1113 | ||
1114 | static void ext4_free_in_core_inode(struct inode *inode) | 1114 | static void ext4_free_in_core_inode(struct inode *inode) |
1115 | { | 1115 | { |
1116 | fscrypt_free_inode(inode); | ||
1116 | kmem_cache_free(ext4_inode_cachep, EXT4_I(inode)); | 1117 | kmem_cache_free(ext4_inode_cachep, EXT4_I(inode)); |
1117 | } | 1118 | } |
1118 | 1119 | ||
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index f5e34e467003..c3e8a901d47a 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c | |||
@@ -436,19 +436,23 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, | |||
436 | nid_t ino = -1; | 436 | nid_t ino = -1; |
437 | int err = 0; | 437 | int err = 0; |
438 | unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir)); | 438 | unsigned int root_ino = F2FS_ROOT_INO(F2FS_I_SB(dir)); |
439 | struct fscrypt_name fname; | ||
439 | 440 | ||
440 | trace_f2fs_lookup_start(dir, dentry, flags); | 441 | trace_f2fs_lookup_start(dir, dentry, flags); |
441 | 442 | ||
442 | err = fscrypt_prepare_lookup(dir, dentry, flags); | ||
443 | if (err) | ||
444 | goto out; | ||
445 | |||
446 | if (dentry->d_name.len > F2FS_NAME_LEN) { | 443 | if (dentry->d_name.len > F2FS_NAME_LEN) { |
447 | err = -ENAMETOOLONG; | 444 | err = -ENAMETOOLONG; |
448 | goto out; | 445 | goto out; |
449 | } | 446 | } |
450 | 447 | ||
451 | de = f2fs_find_entry(dir, &dentry->d_name, &page); | 448 | err = fscrypt_prepare_lookup(dir, dentry, &fname); |
449 | if (err == -ENOENT) | ||
450 | goto out_splice; | ||
451 | if (err) | ||
452 | goto out; | ||
453 | de = __f2fs_find_entry(dir, &fname, &page); | ||
454 | fscrypt_free_filename(&fname); | ||
455 | |||
452 | if (!de) { | 456 | if (!de) { |
453 | if (IS_ERR(page)) { | 457 | if (IS_ERR(page)) { |
454 | err = PTR_ERR(page); | 458 | err = PTR_ERR(page); |
@@ -488,8 +492,7 @@ static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry, | |||
488 | } | 492 | } |
489 | out_splice: | 493 | out_splice: |
490 | new = d_splice_alias(inode, dentry); | 494 | new = d_splice_alias(inode, dentry); |
491 | if (IS_ERR(new)) | 495 | err = PTR_ERR_OR_ZERO(new); |
492 | err = PTR_ERR(new); | ||
493 | trace_f2fs_lookup_end(dir, dentry, ino, err); | 496 | trace_f2fs_lookup_end(dir, dentry, ino, err); |
494 | return new; | 497 | return new; |
495 | out_iput: | 498 | out_iput: |
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9924eac76254..4c55d2ea9df3 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c | |||
@@ -1002,6 +1002,7 @@ static void f2fs_dirty_inode(struct inode *inode, int flags) | |||
1002 | 1002 | ||
1003 | static void f2fs_free_inode(struct inode *inode) | 1003 | static void f2fs_free_inode(struct inode *inode) |
1004 | { | 1004 | { |
1005 | fscrypt_free_inode(inode); | ||
1005 | kmem_cache_free(f2fs_inode_cachep, F2FS_I(inode)); | 1006 | kmem_cache_free(f2fs_inode_cachep, F2FS_I(inode)); |
1006 | } | 1007 | } |
1007 | 1008 | ||
diff --git a/fs/namei.c b/fs/namei.c index 5ebd64b21970..20831c2fbb34 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1066,7 +1066,7 @@ const char *get_link(struct nameidata *nd) | |||
1066 | return ERR_PTR(error); | 1066 | return ERR_PTR(error); |
1067 | 1067 | ||
1068 | nd->last_type = LAST_BIND; | 1068 | nd->last_type = LAST_BIND; |
1069 | res = inode->i_link; | 1069 | res = READ_ONCE(inode->i_link); |
1070 | if (!res) { | 1070 | if (!res) { |
1071 | const char * (*get)(struct dentry *, struct inode *, | 1071 | const char * (*get)(struct dentry *, struct inode *, |
1072 | struct delayed_call *); | 1072 | struct delayed_call *); |
@@ -4729,7 +4729,7 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen) | |||
4729 | spin_unlock(&inode->i_lock); | 4729 | spin_unlock(&inode->i_lock); |
4730 | } | 4730 | } |
4731 | 4731 | ||
4732 | link = inode->i_link; | 4732 | link = READ_ONCE(inode->i_link); |
4733 | if (!link) { | 4733 | if (!link) { |
4734 | link = inode->i_op->get_link(dentry, inode, &done); | 4734 | link = inode->i_op->get_link(dentry, inode, &done); |
4735 | if (IS_ERR(link)) | 4735 | if (IS_ERR(link)) |
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 5767b373a8ff..b73de6d04fa3 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c | |||
@@ -220,11 +220,9 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, | |||
220 | 220 | ||
221 | dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino); | 221 | dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino); |
222 | 222 | ||
223 | err = fscrypt_prepare_lookup(dir, dentry, flags); | 223 | err = fscrypt_prepare_lookup(dir, dentry, &nm); |
224 | if (err) | 224 | if (err == -ENOENT) |
225 | return ERR_PTR(err); | 225 | return d_splice_alias(NULL, dentry); |
226 | |||
227 | err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); | ||
228 | if (err) | 226 | if (err) |
229 | return ERR_PTR(err); | 227 | return ERR_PTR(err); |
230 | 228 | ||
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index c2307c423638..632f02d4d660 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c | |||
@@ -275,7 +275,10 @@ static struct inode *ubifs_alloc_inode(struct super_block *sb) | |||
275 | static void ubifs_free_inode(struct inode *inode) | 275 | static void ubifs_free_inode(struct inode *inode) |
276 | { | 276 | { |
277 | struct ubifs_inode *ui = ubifs_inode(inode); | 277 | struct ubifs_inode *ui = ubifs_inode(inode); |
278 | |||
278 | kfree(ui->data); | 279 | kfree(ui->data); |
280 | fscrypt_free_inode(inode); | ||
281 | |||
279 | kmem_cache_free(ubifs_inode_slab, ui); | 282 | kmem_cache_free(ubifs_inode_slab, ui); |
280 | } | 283 | } |
281 | 284 | ||
diff --git a/include/linux/dcache.h b/include/linux/dcache.h index 73c3a8f90580..f14e587c5d5d 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h | |||
@@ -211,7 +211,7 @@ struct dentry_operations { | |||
211 | 211 | ||
212 | #define DCACHE_MAY_FREE 0x00800000 | 212 | #define DCACHE_MAY_FREE 0x00800000 |
213 | #define DCACHE_FALLTHRU 0x01000000 /* Fall through to lower layer */ | 213 | #define DCACHE_FALLTHRU 0x01000000 /* Fall through to lower layer */ |
214 | #define DCACHE_ENCRYPTED_WITH_KEY 0x02000000 /* dir is encrypted with a valid key */ | 214 | #define DCACHE_ENCRYPTED_NAME 0x02000000 /* Encrypted name (dir key was unavailable) */ |
215 | #define DCACHE_OP_REAL 0x04000000 | 215 | #define DCACHE_OP_REAL 0x04000000 |
216 | 216 | ||
217 | #define DCACHE_PAR_LOOKUP 0x10000000 /* being looked up (with parent locked shared) */ | 217 | #define DCACHE_PAR_LOOKUP 0x10000000 /* being looked up (with parent locked shared) */ |
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index e5194fc3983e..28c74e0a7231 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h | |||
@@ -33,6 +33,7 @@ struct fscrypt_name { | |||
33 | u32 hash; | 33 | u32 hash; |
34 | u32 minor_hash; | 34 | u32 minor_hash; |
35 | struct fscrypt_str crypto_buf; | 35 | struct fscrypt_str crypto_buf; |
36 | bool is_ciphertext_name; | ||
36 | }; | 37 | }; |
37 | 38 | ||
38 | #define FSTR_INIT(n, l) { .name = n, .len = l } | 39 | #define FSTR_INIT(n, l) { .name = n, .len = l } |
@@ -79,7 +80,8 @@ struct fscrypt_ctx { | |||
79 | 80 | ||
80 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) | 81 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) |
81 | { | 82 | { |
82 | return (inode->i_crypt_info != NULL); | 83 | /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */ |
84 | return READ_ONCE(inode->i_crypt_info) != NULL; | ||
83 | } | 85 | } |
84 | 86 | ||
85 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | 87 | static inline bool fscrypt_dummy_context_enabled(struct inode *inode) |
@@ -88,9 +90,21 @@ static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |||
88 | inode->i_sb->s_cop->dummy_context(inode); | 90 | inode->i_sb->s_cop->dummy_context(inode); |
89 | } | 91 | } |
90 | 92 | ||
93 | /* | ||
94 | * When d_splice_alias() moves a directory's encrypted alias to its decrypted | ||
95 | * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME | ||
96 | * must be cleared. Note that we don't have to support arbitrary moves of this | ||
97 | * flag because fscrypt doesn't allow encrypted aliases to be the source or | ||
98 | * target of a rename(). | ||
99 | */ | ||
100 | static inline void fscrypt_handle_d_move(struct dentry *dentry) | ||
101 | { | ||
102 | dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; | ||
103 | } | ||
104 | |||
91 | /* crypto.c */ | 105 | /* crypto.c */ |
92 | extern void fscrypt_enqueue_decrypt_work(struct work_struct *); | 106 | extern void fscrypt_enqueue_decrypt_work(struct work_struct *); |
93 | extern struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *, gfp_t); | 107 | extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t); |
94 | extern void fscrypt_release_ctx(struct fscrypt_ctx *); | 108 | extern void fscrypt_release_ctx(struct fscrypt_ctx *); |
95 | extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *, | 109 | extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *, |
96 | unsigned int, unsigned int, | 110 | unsigned int, unsigned int, |
@@ -114,6 +128,7 @@ extern int fscrypt_inherit_context(struct inode *, struct inode *, | |||
114 | /* keyinfo.c */ | 128 | /* keyinfo.c */ |
115 | extern int fscrypt_get_encryption_info(struct inode *); | 129 | extern int fscrypt_get_encryption_info(struct inode *); |
116 | extern void fscrypt_put_encryption_info(struct inode *); | 130 | extern void fscrypt_put_encryption_info(struct inode *); |
131 | extern void fscrypt_free_inode(struct inode *); | ||
117 | 132 | ||
118 | /* fname.c */ | 133 | /* fname.c */ |
119 | extern int fscrypt_setup_filename(struct inode *, const struct qstr *, | 134 | extern int fscrypt_setup_filename(struct inode *, const struct qstr *, |
@@ -214,13 +229,15 @@ extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, | |||
214 | 229 | ||
215 | /* hooks.c */ | 230 | /* hooks.c */ |
216 | extern int fscrypt_file_open(struct inode *inode, struct file *filp); | 231 | extern int fscrypt_file_open(struct inode *inode, struct file *filp); |
217 | extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir); | 232 | extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
233 | struct dentry *dentry); | ||
218 | extern int __fscrypt_prepare_rename(struct inode *old_dir, | 234 | extern int __fscrypt_prepare_rename(struct inode *old_dir, |
219 | struct dentry *old_dentry, | 235 | struct dentry *old_dentry, |
220 | struct inode *new_dir, | 236 | struct inode *new_dir, |
221 | struct dentry *new_dentry, | 237 | struct dentry *new_dentry, |
222 | unsigned int flags); | 238 | unsigned int flags); |
223 | extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry); | 239 | extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
240 | struct fscrypt_name *fname); | ||
224 | extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, | 241 | extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, |
225 | unsigned int max_len, | 242 | unsigned int max_len, |
226 | struct fscrypt_str *disk_link); | 243 | struct fscrypt_str *disk_link); |
@@ -242,13 +259,16 @@ static inline bool fscrypt_dummy_context_enabled(struct inode *inode) | |||
242 | return false; | 259 | return false; |
243 | } | 260 | } |
244 | 261 | ||
262 | static inline void fscrypt_handle_d_move(struct dentry *dentry) | ||
263 | { | ||
264 | } | ||
265 | |||
245 | /* crypto.c */ | 266 | /* crypto.c */ |
246 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) | 267 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) |
247 | { | 268 | { |
248 | } | 269 | } |
249 | 270 | ||
250 | static inline struct fscrypt_ctx *fscrypt_get_ctx(const struct inode *inode, | 271 | static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags) |
251 | gfp_t gfp_flags) | ||
252 | { | 272 | { |
253 | return ERR_PTR(-EOPNOTSUPP); | 273 | return ERR_PTR(-EOPNOTSUPP); |
254 | } | 274 | } |
@@ -322,6 +342,10 @@ static inline void fscrypt_put_encryption_info(struct inode *inode) | |||
322 | return; | 342 | return; |
323 | } | 343 | } |
324 | 344 | ||
345 | static inline void fscrypt_free_inode(struct inode *inode) | ||
346 | { | ||
347 | } | ||
348 | |||
325 | /* fname.c */ | 349 | /* fname.c */ |
326 | static inline int fscrypt_setup_filename(struct inode *dir, | 350 | static inline int fscrypt_setup_filename(struct inode *dir, |
327 | const struct qstr *iname, | 351 | const struct qstr *iname, |
@@ -330,7 +354,7 @@ static inline int fscrypt_setup_filename(struct inode *dir, | |||
330 | if (IS_ENCRYPTED(dir)) | 354 | if (IS_ENCRYPTED(dir)) |
331 | return -EOPNOTSUPP; | 355 | return -EOPNOTSUPP; |
332 | 356 | ||
333 | memset(fname, 0, sizeof(struct fscrypt_name)); | 357 | memset(fname, 0, sizeof(*fname)); |
334 | fname->usr_fname = iname; | 358 | fname->usr_fname = iname; |
335 | fname->disk_name.name = (unsigned char *)iname->name; | 359 | fname->disk_name.name = (unsigned char *)iname->name; |
336 | fname->disk_name.len = iname->len; | 360 | fname->disk_name.len = iname->len; |
@@ -401,8 +425,8 @@ static inline int fscrypt_file_open(struct inode *inode, struct file *filp) | |||
401 | return 0; | 425 | return 0; |
402 | } | 426 | } |
403 | 427 | ||
404 | static inline int __fscrypt_prepare_link(struct inode *inode, | 428 | static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
405 | struct inode *dir) | 429 | struct dentry *dentry) |
406 | { | 430 | { |
407 | return -EOPNOTSUPP; | 431 | return -EOPNOTSUPP; |
408 | } | 432 | } |
@@ -417,7 +441,8 @@ static inline int __fscrypt_prepare_rename(struct inode *old_dir, | |||
417 | } | 441 | } |
418 | 442 | ||
419 | static inline int __fscrypt_prepare_lookup(struct inode *dir, | 443 | static inline int __fscrypt_prepare_lookup(struct inode *dir, |
420 | struct dentry *dentry) | 444 | struct dentry *dentry, |
445 | struct fscrypt_name *fname) | ||
421 | { | 446 | { |
422 | return -EOPNOTSUPP; | 447 | return -EOPNOTSUPP; |
423 | } | 448 | } |
@@ -497,7 +522,7 @@ static inline int fscrypt_prepare_link(struct dentry *old_dentry, | |||
497 | struct dentry *dentry) | 522 | struct dentry *dentry) |
498 | { | 523 | { |
499 | if (IS_ENCRYPTED(dir)) | 524 | if (IS_ENCRYPTED(dir)) |
500 | return __fscrypt_prepare_link(d_inode(old_dentry), dir); | 525 | return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry); |
501 | return 0; | 526 | return 0; |
502 | } | 527 | } |
503 | 528 | ||
@@ -538,27 +563,32 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir, | |||
538 | * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory | 563 | * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory |
539 | * @dir: directory being searched | 564 | * @dir: directory being searched |
540 | * @dentry: filename being looked up | 565 | * @dentry: filename being looked up |
541 | * @flags: lookup flags | 566 | * @fname: (output) the name to use to search the on-disk directory |
542 | * | 567 | * |
543 | * Prepare for ->lookup() in a directory which may be encrypted. Lookups can be | 568 | * Prepare for ->lookup() in a directory which may be encrypted by determining |
544 | * done with or without the directory's encryption key; without the key, | 569 | * the name that will actually be used to search the directory on-disk. Lookups |
570 | * can be done with or without the directory's encryption key; without the key, | ||
545 | * filenames are presented in encrypted form. Therefore, we'll try to set up | 571 | * filenames are presented in encrypted form. Therefore, we'll try to set up |
546 | * the directory's encryption key, but even without it the lookup can continue. | 572 | * the directory's encryption key, but even without it the lookup can continue. |
547 | * | 573 | * |
548 | * To allow invalidating stale dentries if the directory's encryption key is | 574 | * This also installs a custom ->d_revalidate() method which will invalidate the |
549 | * added later, we also install a custom ->d_revalidate() method and use the | 575 | * dentry if it was created without the key and the key is later added. |
550 | * DCACHE_ENCRYPTED_WITH_KEY flag to indicate whether a given dentry is a | ||
551 | * plaintext name (flag set) or a ciphertext name (flag cleared). | ||
552 | * | 576 | * |
553 | * Return: 0 on success, -errno if a problem occurred while setting up the | 577 | * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a |
554 | * encryption key | 578 | * correctly formed encoded ciphertext name, so a negative dentry should be |
579 | * created; or another -errno code. | ||
555 | */ | 580 | */ |
556 | static inline int fscrypt_prepare_lookup(struct inode *dir, | 581 | static inline int fscrypt_prepare_lookup(struct inode *dir, |
557 | struct dentry *dentry, | 582 | struct dentry *dentry, |
558 | unsigned int flags) | 583 | struct fscrypt_name *fname) |
559 | { | 584 | { |
560 | if (IS_ENCRYPTED(dir)) | 585 | if (IS_ENCRYPTED(dir)) |
561 | return __fscrypt_prepare_lookup(dir, dentry); | 586 | return __fscrypt_prepare_lookup(dir, dentry, fname); |
587 | |||
588 | memset(fname, 0, sizeof(*fname)); | ||
589 | fname->usr_fname = &dentry->d_name; | ||
590 | fname->disk_name.name = (unsigned char *)dentry->d_name.name; | ||
591 | fname->disk_name.len = dentry->d_name.len; | ||
562 | return 0; | 592 | return 0; |
563 | } | 593 | } |
564 | 594 | ||