Message ID | 20201125002336.274045-8-ebiggers@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Allow deleting files with unsupported encryption policy | expand |
> On Nov 24, 2020, at 5:23 PM, Eric Biggers <ebiggers@kernel.org> wrote: > > From: Eric Biggers <ebiggers@google.com> > > fscrypt_require_key() is now only used by files in fs/crypto/. So > reduce its visibility to fscrypt_private.h. This is also a prerequsite > for unexporting fscrypt_get_encryption_info(). > > Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> > --- > fs/crypto/fscrypt_private.h | 26 ++++++++++++++++++++++++++ > include/linux/fscrypt.h | 26 -------------------------- > 2 files changed, 26 insertions(+), 26 deletions(-) > > diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h > index a61d4dbf0a0b..16dd55080127 100644 > --- a/fs/crypto/fscrypt_private.h > +++ b/fs/crypto/fscrypt_private.h > @@ -571,6 +571,32 @@ int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, > void fscrypt_hash_inode_number(struct fscrypt_info *ci, > const struct fscrypt_master_key *mk); > > +/** > + * fscrypt_require_key() - require an inode's encryption key > + * @inode: the inode we need the key for > + * > + * If the inode is encrypted, set up its encryption key if not already done. > + * Then require that the key be present and return -ENOKEY otherwise. > + * > + * No locks are needed, and the key will live as long as the struct inode --- so > + * it won't go away from under you. > + * > + * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code > + * if a problem occurred while setting up the encryption key. > + */ > +static inline int fscrypt_require_key(struct inode *inode) > +{ > + if (IS_ENCRYPTED(inode)) { > + int err = fscrypt_get_encryption_info(inode); > + > + if (err) > + return err; > + if (!fscrypt_has_encryption_key(inode)) > + return -ENOKEY; > + } > + return 0; > +} > + > /* keysetup_v1.c */ > > void fscrypt_put_direct_key(struct fscrypt_direct_key *dk); > diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h > index b20900bb829f..a07610f27926 100644 > --- a/include/linux/fscrypt.h > +++ b/include/linux/fscrypt.h > @@ -688,32 +688,6 @@ static inline bool fscrypt_has_encryption_key(const struct inode *inode) > return fscrypt_get_info(inode) != NULL; > } > > -/** > - * fscrypt_require_key() - require an inode's encryption key > - * @inode: the inode we need the key for > - * > - * If the inode is encrypted, set up its encryption key if not already done. > - * Then require that the key be present and return -ENOKEY otherwise. > - * > - * No locks are needed, and the key will live as long as the struct inode --- so > - * it won't go away from under you. > - * > - * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code > - * if a problem occurred while setting up the encryption key. > - */ > -static inline int fscrypt_require_key(struct inode *inode) > -{ > - if (IS_ENCRYPTED(inode)) { > - int err = fscrypt_get_encryption_info(inode); > - > - if (err) > - return err; > - if (!fscrypt_has_encryption_key(inode)) > - return -ENOKEY; > - } > - return 0; > -} > - > /** > * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted > * directory > -- > 2.29.2 > Cheers, Andreas
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index a61d4dbf0a0b..16dd55080127 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -571,6 +571,32 @@ int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, void fscrypt_hash_inode_number(struct fscrypt_info *ci, const struct fscrypt_master_key *mk); +/** + * fscrypt_require_key() - require an inode's encryption key + * @inode: the inode we need the key for + * + * If the inode is encrypted, set up its encryption key if not already done. + * Then require that the key be present and return -ENOKEY otherwise. + * + * No locks are needed, and the key will live as long as the struct inode --- so + * it won't go away from under you. + * + * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code + * if a problem occurred while setting up the encryption key. + */ +static inline int fscrypt_require_key(struct inode *inode) +{ + if (IS_ENCRYPTED(inode)) { + int err = fscrypt_get_encryption_info(inode); + + if (err) + return err; + if (!fscrypt_has_encryption_key(inode)) + return -ENOKEY; + } + return 0; +} + /* keysetup_v1.c */ void fscrypt_put_direct_key(struct fscrypt_direct_key *dk); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index b20900bb829f..a07610f27926 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -688,32 +688,6 @@ static inline bool fscrypt_has_encryption_key(const struct inode *inode) return fscrypt_get_info(inode) != NULL; } -/** - * fscrypt_require_key() - require an inode's encryption key - * @inode: the inode we need the key for - * - * If the inode is encrypted, set up its encryption key if not already done. - * Then require that the key be present and return -ENOKEY otherwise. - * - * No locks are needed, and the key will live as long as the struct inode --- so - * it won't go away from under you. - * - * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code - * if a problem occurred while setting up the encryption key. - */ -static inline int fscrypt_require_key(struct inode *inode) -{ - if (IS_ENCRYPTED(inode)) { - int err = fscrypt_get_encryption_info(inode); - - if (err) - return err; - if (!fscrypt_has_encryption_key(inode)) - return -ENOKEY; - } - return 0; -} - /** * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted * directory