Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b168e585 authored by Eric Biggers's avatar Eric Biggers Committed by Jaegeuk Kim
Browse files

fscrypt: move fscrypt_d_revalidate() to fname.c 

fscrypt_d_revalidate() and fscrypt_d_ops really belong in fname.c, since
they're specific to filenames encryption.  crypto.c is for contents
encryption and general fs/crypto/ initialization and utilities.

Link: https://lore.kernel.org/r/20191209204359.228544-1-ebiggers@kernel.org


Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent bac335ab

fs/crypto/crypto.c

+0 −50
Original line number Diff line number Diff line
@@ -24,8 +24,6 @@ 
#include <linux/module.h>

#include <linux/scatterlist.h>

#include <linux/ratelimit.h>

#include <linux/dcache.h>

#include <linux/namei.h>

#include <crypto/skcipher.h>

#include "fscrypt_private.h"
@@ -285,54 +283,6 @@ int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, 
}

EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);



/*

 * Validate dentries in encrypted directories to make sure we aren't potentially

 * caching stale dentries after a key has been added.

 */

static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)

{

	struct dentry *dir;

	int err;

	int valid;



	/*

	 * Plaintext names are always valid, since fscrypt doesn't support

	 * reverting to ciphertext names without evicting the directory's inode

	 * -- which implies eviction of the dentries in the directory.

	 */

	if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))

		return 1;



	/*

	 * Ciphertext name; valid if the directory's key is still unavailable.

	 *

	 * Although fscrypt forbids rename() on ciphertext names, we still must

	 * use dget_parent() here rather than use ->d_parent directly.  That's

	 * because a corrupted fs image may contain directory hard links, which

	 * the VFS handles by moving the directory's dentry tree in the dcache

	 * each time ->lookup() finds the directory and it already has a dentry

	 * elsewhere.  Thus ->d_parent can be changing, and we must safely grab

	 * a reference to some ->d_parent to prevent it from being freed.

	 */



	if (flags & LOOKUP_RCU)

		return -ECHILD;



	dir = dget_parent(dentry);

	err = fscrypt_get_encryption_info(d_inode(dir));

	valid = !fscrypt_has_encryption_key(d_inode(dir));

	dput(dir);



	if (err < 0)

		return err;



	return valid;

}



const struct dentry_operations fscrypt_d_ops = {

	.d_revalidate = fscrypt_d_revalidate,

};



/**

 * fscrypt_initialize() - allocate major buffers for fs encryption.

 * @cop_flags:  fscrypt operations flags

fs/crypto/fname.c

+49 −0
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ 
 * This has not yet undergone a rigorous security audit.

 */



#include <linux/namei.h>

#include <linux/scatterlist.h>

#include <crypto/skcipher.h>

#include "fscrypt_private.h"
@@ -400,3 +401,51 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 
	return ret;

}

EXPORT_SYMBOL(fscrypt_setup_filename);



/*

 * Validate dentries in encrypted directories to make sure we aren't potentially

 * caching stale dentries after a key has been added.

 */

static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)

{

	struct dentry *dir;

	int err;

	int valid;



	/*

	 * Plaintext names are always valid, since fscrypt doesn't support

	 * reverting to ciphertext names without evicting the directory's inode

	 * -- which implies eviction of the dentries in the directory.

	 */

	if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))

		return 1;



	/*

	 * Ciphertext name; valid if the directory's key is still unavailable.

	 *

	 * Although fscrypt forbids rename() on ciphertext names, we still must

	 * use dget_parent() here rather than use ->d_parent directly.  That's

	 * because a corrupted fs image may contain directory hard links, which

	 * the VFS handles by moving the directory's dentry tree in the dcache

	 * each time ->lookup() finds the directory and it already has a dentry

	 * elsewhere.  Thus ->d_parent can be changing, and we must safely grab

	 * a reference to some ->d_parent to prevent it from being freed.

	 */



	if (flags & LOOKUP_RCU)

		return -ECHILD;



	dir = dget_parent(dentry);

	err = fscrypt_get_encryption_info(d_inode(dir));

	valid = !fscrypt_has_encryption_key(d_inode(dir));

	dput(dir);



	if (err < 0)

		return err;



	return valid;

}



const struct dentry_operations fscrypt_d_ops = {

	.d_revalidate = fscrypt_d_revalidate,

};

fs/crypto/fscrypt_private.h

+1 −1
Original line number Diff line number Diff line
@@ -233,7 +233,6 @@ extern int fscrypt_crypt_block(const struct inode *inode, 
			       unsigned int len, unsigned int offs,

			       gfp_t gfp_flags);

extern struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);

extern const struct dentry_operations fscrypt_d_ops;



extern void __printf(3, 4) __cold

fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
@@ -265,6 +264,7 @@ extern int fname_encrypt(const struct inode *inode, const struct qstr *iname, 
extern bool fscrypt_fname_encrypted_size(const struct inode *inode,

					 u32 orig_len, u32 max_len,

					 u32 *encrypted_len_ret);

extern const struct dentry_operations fscrypt_d_ops;



/* hkdf.c */