From patchwork Tue Sep 5 00:58:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 13374320 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 568F1C88CB2 for ; Tue, 5 Sep 2023 01:04:44 +0000 (UTC) Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qdKUk-0007md-Uq; Tue, 05 Sep 2023 01:04:42 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qdKUj-0007mW-IC for linux-f2fs-devel@lists.sourceforge.net; Tue, 05 Sep 2023 01:04:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3ykvKU1k8qypmHH9TxBAUEEjkIioZglDc9klgySNv2w=; b=got22zW1kO4i8zbXZhOs0+1i8K JieZ+b1IfjrNQLtT7GfGmWdG3OCxHyk1QoClsBG4SKDonDTkz6/2S+kBkk7woz5J8+UGLzbkY0Mi6 JGofLp6PREe7aVuJ6m9JPVDn8supuVg4CMaigaFduB7Pbs1XuHXlPifHFKebhbvyi17k=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3ykvKU1k8qypmHH9TxBAUEEjkIioZglDc9klgySNv2w=; b=YbFryTnv1Q5RCdbWP3xksUR+Fx rPGqgVVrwOThBvlJ8cs7ObnYxfbC/NyMQ5Lqp5rjy0L2lL6o5wu36ssd9HhrgUqE3sUGAxZCOGymz QJ4TW5htoilE/zKylydp1jkefjdECn9qluQDfl6HtbJX+RWjuAWDxT9rvL+7qv4y+KM0=; Received: from ams.source.kernel.org ([145.40.68.75]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1qdKUe-009llZ-EG for linux-f2fs-devel@lists.sourceforge.net; Tue, 05 Sep 2023 01:04:39 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C4A95B80E3C for ; Tue, 5 Sep 2023 01:04:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63FBEC433CA; Tue, 5 Sep 2023 01:04:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1693875866; bh=G/v2LTjl9mO7BgSolxUEpe0QgWSe5wHmD/t2lQSPLFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eAaa1vgqTwUBhkcf3bq5obFu3WlI0xHPpHTAW5xZp/ieUWxjrUb+G05lbBkU/21DZ vOnDduL44PNOgPH2hryqSPdljyAIAMxxDkQL0bZHXTePAgOKQydVyn6ssf83/Gv680 fV8gHX6wLtXhDQ0bcIzAErmNy/CR69OHK+4WCbvDSYCxyCVMPmbhAGH50lSejpSxQA 3njqXdS1nnLX0JlfvpA0b7R/x1DUqh80GnNfLFotCoMYdqRzJxSJkWJQS6gSR5n8Bj h4uyuWJETlxxYGANT2OtR2oNEWie7Ht2luUv3KhYRubleqbhPvdkRTiMD+q/A8YuFg cFuoP2ZcO3Qmg== From: Eric Biggers To: linux-fscrypt@vger.kernel.org Date: Mon, 4 Sep 2023 17:58:26 -0700 Message-ID: <20230905005830.365985-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230905005830.365985-1-ebiggers@kernel.org> References: <20230905005830.365985-1-ebiggers@kernel.org> MIME-Version: 1.0 X-Headers-End: 1qdKUe-009llZ-EG Subject: [f2fs-dev] [PATCH 1/5] fscrypt: make it extra clear that key_prefix is deprecated X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net From: Eric Biggers fscrypt_operations::key_prefix should not be set by any filesystems that aren't setting it already. This is already documented, but apparently it's not sufficiently clear, as both ceph and btrfs have tried to set it. Rename the field to 'legacy_key_prefix_for_backcompat' and improve the documentation to hopefully make it clearer. Signed-off-by: Eric Biggers --- fs/crypto/keysetup_v1.c | 5 +++-- fs/ext4/crypto.c | 2 +- fs/f2fs/super.c | 2 +- fs/ubifs/crypto.c | 2 +- include/linux/fscrypt.h | 14 +++++++++----- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c index 75dabd9b27f9b..df44d0d2d44ea 100644 --- a/fs/crypto/keysetup_v1.c +++ b/fs/crypto/keysetup_v1.c @@ -299,6 +299,7 @@ int fscrypt_setup_v1_file_key(struct fscrypt_info *ci, const u8 *raw_master_key) int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci) { + const struct super_block *sb = ci->ci_inode->i_sb; struct key *key; const struct fscrypt_key *payload; int err; @@ -306,8 +307,8 @@ int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci) key = find_and_lock_process_key(FSCRYPT_KEY_DESC_PREFIX, ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { - key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, + if (key == ERR_PTR(-ENOKEY) && sb->s_cop->legacy_key_prefix_for_backcompat) { + key = find_and_lock_process_key(sb->s_cop->legacy_key_prefix_for_backcompat, ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); } diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c index 453d4da5de520..8cdb7bbc655b0 100644 --- a/fs/ext4/crypto.c +++ b/fs/ext4/crypto.c @@ -240,7 +240,7 @@ static void ext4_get_ino_and_lblk_bits(struct super_block *sb, } const struct fscrypt_operations ext4_cryptops = { - .key_prefix = "ext4:", + .legacy_key_prefix_for_backcompat = "ext4:", .get_context = ext4_get_context, .set_context = ext4_set_context, .get_dummy_policy = ext4_get_dummy_policy, diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index a8c8232852bb1..8de799a8bad04 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -3231,7 +3231,7 @@ static struct block_device **f2fs_get_devices(struct super_block *sb, } static const struct fscrypt_operations f2fs_cryptops = { - .key_prefix = "f2fs:", + .legacy_key_prefix_for_backcompat = "f2fs:", .get_context = f2fs_get_context, .set_context = f2fs_set_context, .get_dummy_policy = f2fs_get_dummy_policy, diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c index 3125e76376ee6..fab90f9a8eaff 100644 --- a/fs/ubifs/crypto.c +++ b/fs/ubifs/crypto.c @@ -89,7 +89,7 @@ int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn, const struct fscrypt_operations ubifs_crypt_operations = { .flags = FS_CFLG_OWN_PAGES, - .key_prefix = "ubifs:", + .legacy_key_prefix_for_backcompat = "ubifs:", .get_context = ubifs_crypt_get_context, .set_context = ubifs_crypt_set_context, .empty_dir = ubifs_crypt_empty_dir, diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index c895b12737a19..85574282c7e52 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -73,12 +73,16 @@ struct fscrypt_operations { unsigned int flags; /* - * If set, this is a filesystem-specific key description prefix that - * will be accepted for "logon" keys for v1 fscrypt policies, in - * addition to the generic prefix "fscrypt:". This functionality is - * deprecated, so new filesystems shouldn't set this field. + * This field exists only for backwards compatibility reasons and should + * only be set by the filesystems that are setting it already. It + * contains the filesystem-specific key description prefix that is + * accepted for "logon" keys for v1 fscrypt policies, in addition to the + * generic prefix "fscrypt:". This functionality is deprecated in favor + * of "fscrypt:", which itself is deprecated in favor of the filesystem + * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that + * are newly adding fscrypt support should not set this field. */ - const char *key_prefix; + const char *legacy_key_prefix_for_backcompat; /* * Get the fscrypt context of the given inode.