Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp22152960ybl; Mon, 6 Jan 2020 19:36:55 -0800 (PST) X-Google-Smtp-Source: APXvYqwnw+ZNoYxfxp3nQuptelZFbkmi3ywiy9oIIF6PUiVMqn8p4SyzFBoO4s7KHbESrgD3T9xe X-Received: by 2002:a05:6830:3051:: with SMTP id p17mr10286699otr.368.1578368215711; Mon, 06 Jan 2020 19:36:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578368215; cv=none; d=google.com; s=arc-20160816; b=Vsv6ksWhpXNLOb9r7/LrYhhmulnHj6IVeZUNVrt2rh6m6k0RECcAUkq3v501EvAxoE 5i6q8UJPTBrw0Iw/08zGgEo1ob73hYMlY2R8jphrxcep9K/wKn6YoKobXC7BHJjBiV8E i4csp7ml83Ps4d+oaS8rLqHFgLSd3STppq8g239go3ogwriO7eRYJs+n80c6eXtu/kmI TfLj7YbXAzIMS3ISgALdLbhTTYYVSuiaNlXsB22QKaC6cJHJH+x217jTLX7+SB9XFyjE bVbTr9oNC0ij7vcY3FMTQtuI/BYPwT9P+dLXA2mAuiFyeI5gnrFDwVBRmnSbHpOI2isO q2qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=Noa6+qtoJKouapLjwQ1mKJvyRwk9R5KSyMivyJgsU3g=; b=nLCrutqIhXYzFxvJAvjlSIoyrbz39rtBEXjvvtxAyYfKqzQQbYkEGX+UmsrV+B4CNI ffYmSn69IbNNtDE5+PQFqBZf9uQKTc4X4vWih7qHY/YC/NSFsouiqW1ae+2nXS5iqsm8 vySPu9I/mIoJ0YBn/sG/FKpMmKBhyiBVI7xuk8HA/U3FbYEFFrNdqLDc0K3jehA+R6wg XI+A6yufMy0YCylh8nXxlxsMQSzrWPXjTuqpau0T8kVtk9VcemUeiMitpLQG7Blpmx3O qC4p6A/XpZ+koXa9+KNLZLigQVjwmoKgR1S2E02vSwvOFTqvBuCHHBv7XhSrORtLnzVw mZ6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="v/YT298J"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l132si29294569oib.192.2020.01.06.19.36.42; Mon, 06 Jan 2020 19:36:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="v/YT298J"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727518AbgAGDfG (ORCPT + 99 others); Mon, 6 Jan 2020 22:35:06 -0500 Received: from mail.kernel.org ([198.145.29.99]:38076 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727295AbgAGDfF (ORCPT ); Mon, 6 Jan 2020 22:35:05 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 44BD02064C; Tue, 7 Jan 2020 03:35:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578368104; bh=e118KvI5qb2fDQ7LkiIqY/PWfnMIY8wleRWU1qItE80=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=v/YT298JtKLhlmgaYYQkrPwvxIqWw/qoIJvqTiVulWgtsARHsnEPgfQgMHIgGs8vG xiI/sxLjHuJ4kkBdKzR/jjZfeaZK87Mg1FafCVo3xj3+NPRid9ey2FibIroRnR82ST LcyZrrRZJl01rFA78G+AUzrA9ejJJuUV2Qs9wHFM= Date: Mon, 6 Jan 2020 19:35:02 -0800 From: Eric Biggers To: Daniel Rosenberg Cc: linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Gabriel Krisman Bertazi , kernel-team@android.com Subject: Re: [PATCH v2 2/3] fscrypt: Don't allow v1 policies with casefolding Message-ID: <20200107033502.GC705@sol.localdomain> References: <20200107023323.38394-1-drosen@google.com> <20200107023323.38394-3-drosen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200107023323.38394-3-drosen@google.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 06, 2020 at 06:33:22PM -0800, Daniel Rosenberg wrote: > Casefolding currently requires a derived key for computing the siphash. > This is available for v2 policies, but not v1, so we disallow it for v1. > > Signed-off-by: Daniel Rosenberg > --- > fs/crypto/keysetup.c | 7 ++++--- > fs/crypto/policy.c | 39 +++++++++++++++++++++++++++++++++++++++ > fs/inode.c | 7 +++++++ > include/linux/fscrypt.h | 11 +++++++++++ > 4 files changed, 61 insertions(+), 3 deletions(-) > > diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c > index c1bd897c9310..7445ab76e0b3 100644 > --- a/fs/crypto/keysetup.c > +++ b/fs/crypto/keysetup.c > @@ -224,10 +224,11 @@ static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci, > FS_KEY_DERIVATION_NONCE_SIZE, > (u8 *)&ci->ci_hash_key, > sizeof(ci->ci_hash_key)); > - if (!err) > - ci->ci_hash_key_initialized = true; > + if (err) > + return err; > + ci->ci_hash_key_initialized = true; > } > - return err; > + return 0; > } This part should be folded into patch 1. > > /* > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c > index f1cff83c151a..9e937cfa732c 100644 > --- a/fs/crypto/policy.c > +++ b/fs/crypto/policy.c > @@ -124,6 +124,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, > policy->filenames_encryption_mode)) > return false; > > + if (IS_CASEFOLDED(inode)) { > + fscrypt_warn(inode, > + "v1 policy does not support casefolded directories"); > + return false; > + } > + > return true; > } > > @@ -579,3 +585,36 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, > return preload ? fscrypt_get_encryption_info(child): 0; > } > EXPORT_SYMBOL(fscrypt_inherit_context); > + > +static int fscrypt_set_casefolding_allowed(struct inode *inode) > +{ > + union fscrypt_policy policy; > + int err = fscrypt_get_policy(inode, &policy); > + > + if (err) > + return err; > + > + if (policy.version != FSCRYPT_POLICY_V2) > + return -EINVAL; > + > + return 0; > +} > + > +int fscrypt_ioc_setflags_prepare(struct inode *inode, > + unsigned int oldflags, > + unsigned int flags) > +{ > + int err; > + > + /* > + * When a directory is encrypted, the CASEFOLD flag can only be turned > + * on if the fscrypt policy supports it. > + */ > + if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) { > + err = fscrypt_set_casefolding_allowed(inode); > + if (err) > + return err; > + } > + > + return 0; > +} There's not really any point to the fscrypt_set_casefolding_allowed() function. It can just be folded into fscrypt_ioc_setflags_prepare(): int fscrypt_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, unsigned int flags) { union fscrypt_policy policy; int err; /* * When a directory is encrypted, the CASEFOLD flag can only be turned * on if the fscrypt policy supports it. */ if (IS_ENCRYPTED(inode) && (flags & ~oldflags & FS_CASEFOLD_FL)) { err = fscrypt_get_policy(inode, &policy); if (err) return err; if (policy.version != FSCRYPT_POLICY_V2) return -EINVAL; } return 0; } > @@ -2242,6 +2243,8 @@ EXPORT_SYMBOL(current_time); > int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, > unsigned int flags) > { > + int err; > + > /* > * The IMMUTABLE and APPEND_ONLY flags can only be changed by > * the relevant capability. > @@ -2252,6 +2255,10 @@ int vfs_ioc_setflags_prepare(struct inode *inode, unsigned int oldflags, > !capable(CAP_LINUX_IMMUTABLE)) > return -EPERM; > > + err = fscrypt_ioc_setflags_prepare(inode, oldflags, flags); > + if (err) > + return err; > + > return 0; > } Can just do 'return fscrypt_ioc_setflags_prepare(inode, oldflags, flags);' - Eric