Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt

Pull fscrypt updates from Ted Ts'o: "Lots of cleanups, mostly courtesy by Eric Biggers" * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: lock mutex before checking for bounce page pool fscrypt: add a documentation file for filesystem-level encryption ext4: switch to fscrypt_prepare_setattr() ext4: switch to fscrypt_prepare_lookup() ext4: switch to fscrypt_prepare_rename() ext4: switch to fscrypt_prepare_link() ext4: switch to fscrypt_file_open() fscrypt: new helper function - fscrypt_prepare_setattr() fscrypt: new helper function - fscrypt_prepare_lookup() fscrypt: new helper function - fscrypt_prepare_rename() fscrypt: new helper function - fscrypt_prepare_link() fscrypt: new helper function - fscrypt_file_open() fscrypt: new helper function - fscrypt_require_key() fscrypt: remove unneeded empty fscrypt_operations structs fscrypt: remove ->is_encrypted() fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED() fs, fscrypt: add an S_ENCRYPTED inode flag fscrypt: clean up include file mess
author: Linus Torvalds <torvalds@linux-foundation.org> 2017-11-14 14:35:15 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-11-14 14:35:15 -0500
commit: 32190f0afbf4f1c0a9142e5a886a078ee0b794fd (patch)
tree: 865f5cd7effacf40c02e7cda5c31fef8a0624c89 /fs/ext4/namei.c
parent: 37dc79565c4b7e735f190eaa6ed5bb6eb3d3968a (diff)
parent: a0b3bc855374c50b5ea85273553485af48caf2f7 (diff)
1 files changed, 17 insertions, 45 deletions
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index bd48a8d83961..798b3ac680db 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1539,24 +1539,14 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi
        struct inode *inode;
        struct ext4_dir_entry_2 *de;
        struct buffer_head *bh;
+        int err;
-        if (ext4_encrypted_inode(dir)) {
+        err = fscrypt_prepare_lookup(dir, dentry, flags);
-                int res = fscrypt_get_encryption_info(dir);
+        if (err)
+                return ERR_PTR(err);
-                /*
-                 * DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
-                 * created while the directory was encrypted and we
-                 * have access to the key.
-                 */
-                if (fscrypt_has_encryption_key(dir))
-                        fscrypt_set_encrypted_dentry(dentry);
-                fscrypt_set_d_op(dentry);
-                if (res && res != -ENOKEY)
-                        return ERR_PTR(res);
-        }
-       if (dentry->d_name.len > EXT4_NAME_LEN)
+        if (dentry->d_name.len > EXT4_NAME_LEN)
-               return ERR_PTR(-ENAMETOOLONG);
+                return ERR_PTR(-ENAMETOOLONG);
        bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL);
        if (IS_ERR(bh))
@@ -3222,9 +3212,10 @@ static int ext4_link(struct dentry *old_dentry,
        if (inode->i_nlink >= EXT4_LINK_MAX)
                return -EMLINK;
-        if (ext4_encrypted_inode(dir) &&
-                        !fscrypt_has_permitted_context(dir, inode))
+        err = fscrypt_prepare_link(old_dentry, dir, dentry);
-                return -EPERM;
+        if (err)
+                return err;
       if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
           (!projid_eq(EXT4_I(dir)->i_projid,
@@ -3516,12 +3507,6 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
                        EXT4_I(old_dentry->d_inode)->i_projid)))
                return -EXDEV;
-        if ((ext4_encrypted_inode(old_dir) &&
-             !fscrypt_has_encryption_key(old_dir)) ||
-            (ext4_encrypted_inode(new_dir) &&
-             !fscrypt_has_encryption_key(new_dir)))
-                return -ENOKEY;
        retval = dquot_initialize(old.dir);
        if (retval)
                return retval;
@@ -3550,13 +3535,6 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
        if (!old.bh || le32_to_cpu(old.de->inode) != old.inode->i_ino)
                goto end_rename;
-        if ((old.dir != new.dir) &&
-            ext4_encrypted_inode(new.dir) &&
-            !fscrypt_has_permitted_context(new.dir, old.inode)) {
-                retval = -EPERM;
-                goto end_rename;
-        }
        new.bh = ext4_find_entry(new.dir, &new.dentry->d_name,
                                 &new.de, &new.inlined);
        if (IS_ERR(new.bh)) {
@@ -3722,19 +3700,6 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
        int retval;
        struct timespec ctime;
-        if ((ext4_encrypted_inode(old_dir) &&
-             !fscrypt_has_encryption_key(old_dir)) ||
-            (ext4_encrypted_inode(new_dir) &&
-             !fscrypt_has_encryption_key(new_dir)))
-                return -ENOKEY;
-        if ((ext4_encrypted_inode(old_dir) ||
-             ext4_encrypted_inode(new_dir)) &&
-            (old_dir != new_dir) &&
-            (!fscrypt_has_permitted_context(new_dir, old.inode) ||
-             !fscrypt_has_permitted_context(old_dir, new.inode)))
-                return -EPERM;
        if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) &&
             !projid_eq(EXT4_I(new_dir)->i_projid,
                        EXT4_I(old_dentry->d_inode)->i_projid)) ||
@@ -3861,12 +3826,19 @@ static int ext4_rename2(struct inode *old_dir, struct dentry *old_dentry,
                        struct inode *new_dir, struct dentry *new_dentry,
                        unsigned int flags)
 {
+        int err;
        if (unlikely(ext4_forced_shutdown(EXT4_SB(old_dir->i_sb))))
                return -EIO;
        if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
                return -EINVAL;
+        err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
+                                     flags);
+        if (err)
+                return err;
        if (flags & RENAME_EXCHANGE) {
                return ext4_cross_rename(old_dir, old_dentry,
                                         new_dir, new_dentry);
author	Linus Torvalds <torvalds@linux-foundation.org>	2017-11-14 14:35:15 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-11-14 14:35:15 -0500
commit	32190f0afbf4f1c0a9142e5a886a078ee0b794fd (patch)
tree	865f5cd7effacf40c02e7cda5c31fef8a0624c89 /fs/ext4/namei.c
parent	37dc79565c4b7e735f190eaa6ed5bb6eb3d3968a (diff)
parent	a0b3bc855374c50b5ea85273553485af48caf2f7 (diff)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index bd48a8d83961..798b3ac680db 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c
@@ -1539,24 +1539,14 @@ static struct dentry ext4_lookup(struct inode dir, struct dentry *dentry, unsi
1539	struct inode *inode;	1539	struct inode *inode;
1540	struct ext4_dir_entry_2 *de;	1540	struct ext4_dir_entry_2 *de;
1541	struct buffer_head *bh;	1541	struct buffer_head *bh;
		1542	int err;
1542		1543
1543	if (ext4_encrypted_inode(dir)) {	1544	err = fscrypt_prepare_lookup(dir, dentry, flags);
1544	int res = fscrypt_get_encryption_info(dir);	1545	if (err)
1545		1546	return ERR_PTR(err);
1546	/*
1547	* DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
1548	* created while the directory was encrypted and we
1549	* have access to the key.
1550	*/
1551	if (fscrypt_has_encryption_key(dir))
1552	fscrypt_set_encrypted_dentry(dentry);
1553	fscrypt_set_d_op(dentry);
1554	if (res && res != -ENOKEY)
1555	return ERR_PTR(res);
1556	}
1557		1547
1558	if (dentry->d_name.len > EXT4_NAME_LEN)	1548	if (dentry->d_name.len > EXT4_NAME_LEN)
1559	return ERR_PTR(-ENAMETOOLONG);	1549	return ERR_PTR(-ENAMETOOLONG);
1560		1550
1561	bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL);	1551	bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL);
1562	if (IS_ERR(bh))	1552	if (IS_ERR(bh))
@@ -3222,9 +3212,10 @@ static int ext4_link(struct dentry *old_dentry,
3222		3212
3223	if (inode->i_nlink >= EXT4_LINK_MAX)	3213	if (inode->i_nlink >= EXT4_LINK_MAX)
3224	return -EMLINK;	3214	return -EMLINK;
3225	if (ext4_encrypted_inode(dir) &&	3215
3226	!fscrypt_has_permitted_context(dir, inode))	3216	err = fscrypt_prepare_link(old_dentry, dir, dentry);
3227	return -EPERM;	3217	if (err)
		3218	return err;
3228		3219
3229	if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&	3220	if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
3230	(!projid_eq(EXT4_I(dir)->i_projid,	3221	(!projid_eq(EXT4_I(dir)->i_projid,
@@ -3516,12 +3507,6 @@ static int ext4_rename(struct inode old_dir, struct dentry old_dentry,
3516	EXT4_I(old_dentry->d_inode)->i_projid)))	3507	EXT4_I(old_dentry->d_inode)->i_projid)))
3517	return -EXDEV;	3508	return -EXDEV;
3518		3509
3519	if ((ext4_encrypted_inode(old_dir) &&
3520	!fscrypt_has_encryption_key(old_dir)) \|\|
3521	(ext4_encrypted_inode(new_dir) &&
3522	!fscrypt_has_encryption_key(new_dir)))
3523	return -ENOKEY;
3524
3525	retval = dquot_initialize(old.dir);	3510	retval = dquot_initialize(old.dir);
3526	if (retval)	3511	if (retval)
3527	return retval;	3512	return retval;
@@ -3550,13 +3535,6 @@ static int ext4_rename(struct inode old_dir, struct dentry old_dentry,
3550	if (!old.bh \|\| le32_to_cpu(old.de->inode) != old.inode->i_ino)	3535	if (!old.bh \|\| le32_to_cpu(old.de->inode) != old.inode->i_ino)
3551	goto end_rename;	3536	goto end_rename;
3552		3537
3553	if ((old.dir != new.dir) &&
3554	ext4_encrypted_inode(new.dir) &&
3555	!fscrypt_has_permitted_context(new.dir, old.inode)) {
3556	retval = -EPERM;
3557	goto end_rename;
3558	}
3559
3560	new.bh = ext4_find_entry(new.dir, &new.dentry->d_name,	3538	new.bh = ext4_find_entry(new.dir, &new.dentry->d_name,
3561	&new.de, &new.inlined);	3539	&new.de, &new.inlined);
3562	if (IS_ERR(new.bh)) {	3540	if (IS_ERR(new.bh)) {
@@ -3722,19 +3700,6 @@ static int ext4_cross_rename(struct inode old_dir, struct dentry old_dentry,
3722	int retval;	3700	int retval;
3723	struct timespec ctime;	3701	struct timespec ctime;
3724		3702
3725	if ((ext4_encrypted_inode(old_dir) &&
3726	!fscrypt_has_encryption_key(old_dir)) \|\|
3727	(ext4_encrypted_inode(new_dir) &&
3728	!fscrypt_has_encryption_key(new_dir)))
3729	return -ENOKEY;
3730
3731	if ((ext4_encrypted_inode(old_dir) \|\|
3732	ext4_encrypted_inode(new_dir)) &&
3733	(old_dir != new_dir) &&
3734	(!fscrypt_has_permitted_context(new_dir, old.inode) \|\|
3735	!fscrypt_has_permitted_context(old_dir, new.inode)))
3736	return -EPERM;
3737
3738	if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) &&	3703	if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) &&
3739	!projid_eq(EXT4_I(new_dir)->i_projid,	3704	!projid_eq(EXT4_I(new_dir)->i_projid,
3740	EXT4_I(old_dentry->d_inode)->i_projid)) \|\|	3705	EXT4_I(old_dentry->d_inode)->i_projid)) \|\|
@@ -3861,12 +3826,19 @@ static int ext4_rename2(struct inode old_dir, struct dentry old_dentry,
3861	struct inode new_dir, struct dentry new_dentry,	3826	struct inode new_dir, struct dentry new_dentry,
3862	unsigned int flags)	3827	unsigned int flags)
3863	{	3828	{
		3829	int err;
		3830
3864	if (unlikely(ext4_forced_shutdown(EXT4_SB(old_dir->i_sb))))	3831	if (unlikely(ext4_forced_shutdown(EXT4_SB(old_dir->i_sb))))
3865	return -EIO;	3832	return -EIO;
3866		3833
3867	if (flags & ~(RENAME_NOREPLACE \| RENAME_EXCHANGE \| RENAME_WHITEOUT))	3834	if (flags & ~(RENAME_NOREPLACE \| RENAME_EXCHANGE \| RENAME_WHITEOUT))
3868	return -EINVAL;	3835	return -EINVAL;
3869		3836
		3837	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
		3838	flags);
		3839	if (err)
		3840	return err;
		3841
3870	if (flags & RENAME_EXCHANGE) {	3842	if (flags & RENAME_EXCHANGE) {
3871	return ext4_cross_rename(old_dir, old_dentry,	3843	return ext4_cross_rename(old_dir, old_dentry,
3872	new_dir, new_dentry);	3844	new_dir, new_dentry);