From patchwork Thu Mar 14 17:15:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 10853341 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6D72314DE for ; Thu, 14 Mar 2019 17:23:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 521602A534 for ; Thu, 14 Mar 2019 17:23:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 461072A548; Thu, 14 Mar 2019 17:23:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D9DDB2A545 for ; Thu, 14 Mar 2019 17:23:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727103AbfCNRXO (ORCPT ); Thu, 14 Mar 2019 13:23:14 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:53164 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726157AbfCNRXN (ORCPT ); Thu, 14 Mar 2019 13:23:13 -0400 X-Greylist: delayed 418 seconds by postgrey-1.27 at vger.kernel.org; Thu, 14 Mar 2019 13:23:12 EDT Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id A4EC818013763; Thu, 14 Mar 2019 18:16:20 +0100 (CET) From: Richard Weinberger To: linux-mtd@lists.infradead.org Cc: linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com, Richard Weinberger Subject: [PATCH 1/4] fscrypt: Implement FS_CFLG_OWN_D_OPS Date: Thu, 14 Mar 2019 18:15:56 +0100 Message-Id: <20190314171559.27584-2-richard@nod.at> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190314171559.27584-1-richard@nod.at> References: <20190314171559.27584-1-richard@nod.at> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If a filesystem sets FS_CFLG_OWN_D_OPS it manages dentry operations itself and fscrypt is not allowed to set them. Signed-off-by: Richard Weinberger --- fs/crypto/hooks.c | 4 +++- include/linux/fscrypt.h | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 56debb1fcf5e..3ec925405fbe 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -107,7 +107,9 @@ int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry) spin_unlock(&dentry->d_lock); } - d_set_d_op(dentry, &fscrypt_d_ops); + if ((dir->i_sb->s_cop->flags & FS_CFLG_OWN_D_OPS) == 0) + d_set_d_op(dentry, &fscrypt_d_ops); + return 0; } EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index e5194fc3983e..7139a110ac4f 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -48,6 +48,7 @@ struct fscrypt_name { * fscrypt superblock flags */ #define FS_CFLG_OWN_PAGES (1U << 1) +#define FS_CFLG_OWN_D_OPS (1U << 2) /* * crypto operations for filesystems From patchwork Thu Mar 14 17:15:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 10853343 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0920E15AC for ; Thu, 14 Mar 2019 17:23:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD6B52A534 for ; Thu, 14 Mar 2019 17:23:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF01D2A548; Thu, 14 Mar 2019 17:23:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C9182A534 for ; Thu, 14 Mar 2019 17:23:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727593AbfCNRXT (ORCPT ); Thu, 14 Mar 2019 13:23:19 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:53170 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726867AbfCNRXO (ORCPT ); Thu, 14 Mar 2019 13:23:14 -0400 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 175C21802DF74; Thu, 14 Mar 2019 18:16:16 +0100 (CET) From: Richard Weinberger To: linux-mtd@lists.infradead.org Cc: linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com, Richard Weinberger Subject: [PATCH 2/4] fscrypt: Export fscrypt_d_ops Date: Thu, 14 Mar 2019 18:15:57 +0100 Message-Id: <20190314171559.27584-3-richard@nod.at> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190314171559.27584-1-richard@nod.at> References: <20190314171559.27584-1-richard@nod.at> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If a filesystem manages dentry operations itself it might want to re-use fscrypt_d_ops. Signed-off-by: Richard Weinberger --- fs/crypto/crypto.c | 1 + fs/crypto/fscrypt_private.h | 1 - include/linux/fscrypt.h | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 4dc788e3bc96..8018f8bba50d 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -357,6 +357,7 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) const struct dentry_operations fscrypt_d_ops = { .d_revalidate = fscrypt_d_revalidate, }; +EXPORT_SYMBOL(fscrypt_d_ops); void fscrypt_restore_control_page(struct page *page) { diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 7da276159593..bced1ee4fd64 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -125,7 +125,6 @@ extern int fscrypt_do_page_crypto(const struct inode *inode, gfp_t gfp_flags); extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx, gfp_t gfp_flags); -extern const struct dentry_operations fscrypt_d_ops; extern void __printf(3, 4) __cold fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 7139a110ac4f..2b9577e4707f 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -231,6 +231,7 @@ extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, unsigned int max_size, struct delayed_call *done); +extern const struct dentry_operations fscrypt_d_ops; #else /* !CONFIG_FS_ENCRYPTION */ static inline bool fscrypt_has_encryption_key(const struct inode *inode) From patchwork Thu Mar 14 17:15:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 10853347 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3767B14DE for ; Thu, 14 Mar 2019 17:23:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 15F972A534 for ; Thu, 14 Mar 2019 17:23:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0A6DF2A545; Thu, 14 Mar 2019 17:23:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ABE762A534 for ; Thu, 14 Mar 2019 17:23:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727263AbfCNRXO (ORCPT ); Thu, 14 Mar 2019 13:23:14 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:53174 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727012AbfCNRXO (ORCPT ); Thu, 14 Mar 2019 13:23:14 -0400 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id 06E4C1802DF6C; Thu, 14 Mar 2019 18:16:18 +0100 (CET) From: Richard Weinberger To: linux-mtd@lists.infradead.org Cc: linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com, Richard Weinberger Subject: [PATCH 3/4] ubifs: Simplify fscrypt_get_encryption_info() error handling Date: Thu, 14 Mar 2019 18:15:58 +0100 Message-Id: <20190314171559.27584-4-richard@nod.at> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190314171559.27584-1-richard@nod.at> References: <20190314171559.27584-1-richard@nod.at> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP fscrypt_get_encryption_info() does not return -ENOKEY, there is no need to handle this case. Signed-off-by: Richard Weinberger --- fs/ubifs/dir.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 5767b373a8ff..b0cb913697c5 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -526,7 +526,7 @@ static int ubifs_readdir(struct file *file, struct dir_context *ctx) if (encrypted) { err = fscrypt_get_encryption_info(dir); - if (err && err != -ENOKEY) + if (err) return err; err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr); @@ -794,7 +794,7 @@ static int ubifs_unlink(struct inode *dir, struct dentry *dentry) if (ubifs_crypt_is_encrypted(dir)) { err = fscrypt_get_encryption_info(dir); - if (err && err != -ENOKEY) + if (err) return err; } @@ -904,7 +904,7 @@ static int ubifs_rmdir(struct inode *dir, struct dentry *dentry) if (ubifs_crypt_is_encrypted(dir)) { err = fscrypt_get_encryption_info(dir); - if (err && err != -ENOKEY) + if (err) return err; } From patchwork Thu Mar 14 17:15:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 10853355 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6681F15AC for ; Thu, 14 Mar 2019 17:28:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4B7E3298AE for ; Thu, 14 Mar 2019 17:28:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F51A29A18; Thu, 14 Mar 2019 17:28:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC9AB298AE for ; Thu, 14 Mar 2019 17:28:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726485AbfCNR2R (ORCPT ); Thu, 14 Mar 2019 13:28:17 -0400 Received: from lilium.sigma-star.at ([109.75.188.150]:53350 "EHLO lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfCNR2P (ORCPT ); Thu, 14 Mar 2019 13:28:15 -0400 Received: from localhost (localhost [127.0.0.1]) by lilium.sigma-star.at (Postfix) with ESMTP id B9F0218013770; Thu, 14 Mar 2019 18:16:22 +0100 (CET) From: Richard Weinberger To: linux-mtd@lists.infradead.org Cc: linux-fscrypt@vger.kernel.org, jaegeuk@kernel.org, tytso@mit.edu, linux-unionfs@vger.kernel.org, miklos@szeredi.hu, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, paullawrence@google.com, Richard Weinberger Subject: [PATCH 4/4] ubifs: Implement new mount option, fscrypt_key_required Date: Thu, 14 Mar 2019 18:15:59 +0100 Message-Id: <20190314171559.27584-5-richard@nod.at> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190314171559.27584-1-richard@nod.at> References: <20190314171559.27584-1-richard@nod.at> MIME-Version: 1.0 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Usually fscrypt allows limited access to encrypted files even if no key is available. Encrypted filenames are shown and based on this names users can unlink and move files. This is not always what people expect. The fscrypt_key_required mount option disables this feature. If no key is present all access is denied with the -ENOKEY error code. The side benefit of this is that we don't need ->d_revalidate(). Not having ->d_revalidate() makes an encrypted ubifs usable as overlayfs upper directory. Signed-off-by: Richard Weinberger --- fs/ubifs/crypto.c | 2 +- fs/ubifs/dir.c | 29 ++++++++++++++++++++++++++--- fs/ubifs/super.c | 15 +++++++++++++++ fs/ubifs/ubifs.h | 1 + 4 files changed, 43 insertions(+), 4 deletions(-) diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c index 4aaedf2d7f44..a6a48c5dc058 100644 --- a/fs/ubifs/crypto.c +++ b/fs/ubifs/crypto.c @@ -76,7 +76,7 @@ int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn, } const struct fscrypt_operations ubifs_crypt_operations = { - .flags = FS_CFLG_OWN_PAGES, + .flags = FS_CFLG_OWN_PAGES | FS_CFLG_OWN_D_OPS, .key_prefix = "ubifs:", .get_context = ubifs_crypt_get_context, .set_context = ubifs_crypt_set_context, diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index b0cb913697c5..4d029f08b80d 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -208,6 +208,16 @@ static int dbg_check_name(const struct ubifs_info *c, return 0; } +static void ubifs_set_dentry_ops(struct inode *dir, struct dentry *dentry) +{ +#ifdef CONFIG_FS_ENCRYPTION + struct ubifs_info *c = dir->i_sb->s_fs_info; + + if (IS_ENCRYPTED(dir) && !c->fscrypt_key_required) + d_set_d_op(dentry, &fscrypt_d_ops); +#endif +} + static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) { @@ -224,7 +234,10 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, if (err) return ERR_PTR(err); - err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); + ubifs_set_dentry_ops(dir, dentry); + + err = fscrypt_setup_filename(dir, &dentry->d_name, + !c->fscrypt_key_required, &nm); if (err) return ERR_PTR(err); @@ -240,6 +253,11 @@ static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, } if (nm.hash) { + if (c->fscrypt_key_required) { + inode = ERR_PTR(-ENOKEY); + goto done; + } + ubifs_assert(c, fname_len(&nm) == 0); ubifs_assert(c, fname_name(&nm) == NULL); dent_key_init_hash(c, &key, dir->i_ino, nm.hash); @@ -529,6 +547,9 @@ static int ubifs_readdir(struct file *file, struct dir_context *ctx) if (err) return err; + if (c->fscrypt_key_required && !dir->i_crypt_info) + return -ENOKEY; + err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr); if (err) return err; @@ -798,7 +819,8 @@ static int ubifs_unlink(struct inode *dir, struct dentry *dentry) return err; } - err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); + err = fscrypt_setup_filename(dir, &dentry->d_name, !c->fscrypt_key_required, + &nm); if (err) return err; @@ -908,7 +930,8 @@ static int ubifs_rmdir(struct inode *dir, struct dentry *dentry) return err; } - err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); + err = fscrypt_setup_filename(dir, &dentry->d_name, + !c->fscrypt_key_required, &nm); if (err) return err; diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index 8dc2818fdd84..e081b00236b6 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -445,6 +445,9 @@ static int ubifs_show_options(struct seq_file *s, struct dentry *root) ubifs_compr_name(c, c->mount_opts.compr_type)); } + if (c->fscrypt_key_required) + seq_puts(s, ",fscrypt_key_required"); + seq_printf(s, ",assert=%s", ubifs_assert_action_name(c)); seq_printf(s, ",ubi=%d,vol=%d", c->vi.ubi_num, c->vi.vol_id); @@ -952,6 +955,7 @@ enum { Opt_assert, Opt_auth_key, Opt_auth_hash_name, + Opt_fscrypt_key_required, Opt_ignore, Opt_err, }; @@ -969,6 +973,7 @@ static const match_table_t tokens = { {Opt_ignore, "ubi=%s"}, {Opt_ignore, "vol=%s"}, {Opt_assert, "assert=%s"}, + {Opt_fscrypt_key_required, "fscrypt_key_required"}, {Opt_err, NULL}, }; @@ -1008,6 +1013,7 @@ static int ubifs_parse_options(struct ubifs_info *c, char *options, { char *p; substring_t args[MAX_OPT_ARGS]; + unsigned int old_fscrypt_key_required = c->fscrypt_key_required; if (!options) return 0; @@ -1099,6 +1105,15 @@ static int ubifs_parse_options(struct ubifs_info *c, char *options, if (!c->auth_hash_name) return -ENOMEM; break; + case Opt_fscrypt_key_required: + c->fscrypt_key_required = 1; + + if (is_remount && (old_fscrypt_key_required != c->fscrypt_key_required)) { + ubifs_err(c, "fscrypt_key_required cannot changed by remount"); + return -EINVAL; + } + + break; case Opt_ignore: break; default: diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 1ae12900e01d..71b03a6798ae 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1304,6 +1304,7 @@ struct ubifs_info { unsigned int rw_incompat:1; unsigned int assert_action:2; unsigned int authenticated:1; + unsigned int fscrypt_key_required:1; struct mutex tnc_mutex; struct ubifs_zbranch zroot;