[v5,03/52] fscrypt: add a fscrypt_inode_open helper

Message ID	4a372419c3fe6ad425e1b124c342a054e9d6db23.1706116485.git.josef@toxicpanda.com (mailing list archive)
State	New, archived
Headers	show Received: from mail-yw1-f171.google.com (mail-yw1-f171.google.com [209.85.128.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 042817E79D for <linux-btrfs@vger.kernel.org>; Wed, 24 Jan 2024 17:19:25 +0000 (UTC) From: Josef Bacik <josef@toxicpanda.com> To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 03/52] fscrypt: add a fscrypt_inode_open helper Date: Wed, 24 Jan 2024 12:18:25 -0500 Message-ID: <4a372419c3fe6ad425e1b124c342a054e9d6db23.1706116485.git.josef@toxicpanda.com> In-Reply-To: <cover.1706116485.git.josef@toxicpanda.com> References: <cover.1706116485.git.josef@toxicpanda.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	btrfs: add fscrypt support \| expand [v5,00/52] btrfs: add fscrypt support [v5,01/52] fscrypt: add per-extent encryption support [v5,02/52] fscrypt: allow inline encryption for extent based encryption [v5,03/52] fscrypt: add a fscrypt_inode_open helper [v5,04/52] fscrypt: conditionally don't wipe mk secret until the last active user is done [v5,05/52] blk-crypto: add a process bio callback [v5,06/52] fscrypt: add a process_bio hook to fscrypt_operations [v5,07/52] fscrypt: expose fscrypt_nokey_name [v5,08/52] fscrypt: add documentation about extent encryption [v5,09/52] btrfs: add infrastructure for safe em freeing [v5,10/52] btrfs: disable various operations on encrypted inodes [v5,11/52] btrfs: disable verity on encrypted inodes [v5,12/52] btrfs: start using fscrypt hooks [v5,13/52] btrfs: add inode encryption contexts [v5,14/52] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag [v5,15/52] btrfs: adapt readdir for encrypted and nokey names [v5,16/52] btrfs: handle nokey names. [v5,17/52] btrfs: implement fscrypt ioctls [v5,18/52] btrfs: gate encryption behind BTRFS_DEBUG [v5,19/52] btrfs: select encryption dependencies if FS_ENCRYPTION [v5,20/52] btrfs: add get_devices hook for fscrypt [v5,21/52] btrfs: set file extent encryption excplicitly [v5,22/52] btrfs: add fscrypt_info and encryption_type to extent_map [v5,23/52] btrfs: add fscrypt_info and encryption_type to ordered_extent [v5,24/52] btrfs: plumb through setting the fscrypt_info for ordered extents [v5,25/52] btrfs: plumb the fscrypt extent context through create_io_em [v5,26/52] btrfs: populate the ordered_extent with the fscrypt context [v5,27/52] btrfs: keep track of fscrypt info and orig_start for dio reads [v5,28/52] btrfs: add an optional encryption context to the end of file extents [v5,29/52] btrfs: explicitly track file extent length for replace and drop [v5,30/52] btrfs: pass through fscrypt_extent_info to the file extent helpers [v5,31/52] btrfs: implement the fscrypt extent encryption hooks [v5,32/52] btrfs: setup fscrypt_extent_info for new extents [v5,33/52] btrfs: populate ordered_extent with the orig offset [v5,34/52] btrfs: set the bio fscrypt context when applicable [v5,35/52] btrfs: add a bio argument to btrfs_csum_one_bio [v5,36/52] btrfs: add orig_logical to btrfs_bio [v5,37/52] btrfs: limit encrypted writes to 256 segments [v5,38/52] btrfs: implement process_bio cb for fscrypt [v5,39/52] btrfs: implement read repair for encryption [v5,40/52] btrfs: add test_dummy_encryption support [v5,41/52] btrfs: don't rewrite ret from inode_permission [v5,42/52] btrfs: move inode_to_path higher in backref.c [v5,43/52] btrfs: make btrfs_ref_to_path handle encrypted filenames [v5,44/52] btrfs: don't search back for dir inode item in INO_LOOKUP_USER [v5,45/52] btrfs: deal with encrypted symlinks in send [v5,46/52] btrfs: decrypt file names for send [v5,47/52] btrfs: load the inode context before sending writes [v5,48/52] btrfs: set the appropriate free space settings in reconfigure [v5,49/52] btrfs: support encryption with log replay [v5,50/52] btrfs: disable auto defrag on encrypted files [v5,51/52] btrfs: disable encryption on RAID5/6 [v5,52/52] btrfs: disable send if we have encryption enabled

Message ID

4a372419c3fe6ad425e1b124c342a054e9d6db23.1706116485.git.josef@toxicpanda.com (mailing list archive)

State

New, archived

Headers

From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org,
	kernel-team@fb.com
Subject: [PATCH v5 03/52] fscrypt: add a fscrypt_inode_open helper
Date: Wed, 24 Jan 2024 12:18:25 -0500
Message-ID: 
 <4a372419c3fe6ad425e1b124c342a054e9d6db23.1706116485.git.josef@toxicpanda.com>
In-Reply-To: <cover.1706116485.git.josef@toxicpanda.com>
References: <cover.1706116485.git.josef@toxicpanda.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

btrfs: add fscrypt support | expand

Commit Message

Josef Bacik Jan. 24, 2024, 5:18 p.m. UTC

We have fscrypt_file_open() which is meant to be called on files being
opened so that their key is loaded when we start reading data from them.

However for btrfs send we are opening the inode directly without a filp,
so we need a different helper to make sure we can load the fscrypt
context for the inode before reading its contents.

We need a different helper as opposed to simply using
fscrypt_has_permitted_context() directly because of '-o
test_dummy_encryption', which allows for encrypted files to be created
with !IS_ENCRYPTED set on the directory (the root directory in this
case).  fscrypt_file_open() already does the appropriate check where it
simply doesn't call fscrypt_has_permitted_context() if the parent
directory isn't marked with IS_ENCRYPTED in order to facilitate this
invariant when using '-o test_dummy_encryption'.

Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
 fs/crypto/hooks.c       | 46 +++++++++++++++++++++++++++++++----------
 include/linux/fscrypt.h |  8 +++++++
 2 files changed, 43 insertions(+), 11 deletions(-)

diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c
index 52504dd478d3..6b4291d5eb44 100644
--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -7,6 +7,38 @@ 
 
 #include "fscrypt_private.h"
 
+/**
+ * __fscrypt_file_open() - prepare for filesystem-internal access to a
+ *			   possibly-encrypted regular file
+ * @dir: the inode for the directory via which the file is being accessed
+ * @inode: the inode being "opened"
+ *
+ * This is like fscrypt_file_open(), but instead of taking the 'struct file'
+ * being opened it takes the parent directory explicitly.  This is intended for
+ * use cases such as "send/receive" which involve the filesystem accessing file
+ * contents without setting up a 'struct file'.
+ *
+ * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
+ */
+int __fscrypt_file_open(struct inode *dir, struct inode *inode)
+{
+	int err;
+
+	err = fscrypt_require_key(inode);
+	if (err)
+		return err;
+
+	if (IS_ENCRYPTED(dir) &&
+	    !fscrypt_has_permitted_context(dir, inode)) {
+		fscrypt_warn(inode,
+			     "Inconsistent encryption context (parent directory: %lu)",
+			     dir->i_ino);
+		err = -EPERM;
+	}
+	return err;
+}
+EXPORT_SYMBOL_GPL(__fscrypt_file_open);
+
 /**
  * fscrypt_file_open() - prepare to open a possibly-encrypted regular file
  * @inode: the inode being opened
@@ -32,18 +64,10 @@  int fscrypt_file_open(struct inode *inode, struct file *filp)
 	int err;
 	struct dentry *dir;
 
-	err = fscrypt_require_key(inode);
-	if (err)
-		return err;
-
 	dir = dget_parent(file_dentry(filp));
-	if (IS_ENCRYPTED(d_inode(dir)) &&
-	    !fscrypt_has_permitted_context(d_inode(dir), inode)) {
-		fscrypt_warn(inode,
-			     "Inconsistent encryption context (parent directory: %lu)",
-			     d_inode(dir)->i_ino);
-		err = -EPERM;
-	}
+
+	err = __fscrypt_file_open(d_inode(dir), inode);
+
 	dput(dir);
 	return err;
 }
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 4b3916d76dc7..22211f87e7be 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -393,6 +393,7 @@  int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
 
 /* hooks.c */
 int fscrypt_file_open(struct inode *inode, struct file *filp);
+int __fscrypt_file_open(struct inode *dir, struct inode *inode);
 int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
 			   struct dentry *dentry);
 int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
@@ -737,6 +738,13 @@  static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
 	return 0;
 }
 
+static inline int __fscrypt_file_open(struct inode *dir, struct inode *inode)
+{
+	if (IS_ENCRYPTED(inode))
+		return -EOPNOTSUPP;
+	return 0;
+}
+
 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
 					 struct dentry *dentry)
 {

[v5,03/52] fscrypt: add a fscrypt_inode_open helper

Commit Message

Patch