fscrypt: remove broken support for detecting keyring key revocation (1b53cf98) · Commits · 戴 / test

fs/crypto/crypto.c

+1 −9

Original line number	Diff line number	Diff line
		@@ -327,7 +327,6 @@ EXPORT_SYMBOL(fscrypt_decrypt_page);
		static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
		{
		struct dentry *dir;
		struct fscrypt_info *ci;
		int dir_has_key, cached_with_key;

		if (flags & LOOKUP_RCU)
		@@ -339,18 +338,11 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
		return 0;
		}

		ci = d_inode(dir)->i_crypt_info;
		if (ci && ci->ci_keyring_key &&
		(ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) \|
		(1 << KEY_FLAG_REVOKED) \|
		(1 << KEY_FLAG_DEAD))))
		ci = NULL;

		/* this should eventually be an flag in d_flags */
		spin_lock(&dentry->d_lock);
		cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
		spin_unlock(&dentry->d_lock);
		dir_has_key = (ci != NULL);
		dir_has_key = (d_inode(dir)->i_crypt_info != NULL);
		dput(dir);

		/*

fs/crypto/fname.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -350,7 +350,7 @@ int fscrypt_setup_filename(struct inode dir, const struct qstr iname,
		fname->disk_name.len = iname->len;
		return 0;
		}
		ret = fscrypt_get_crypt_info(dir);
		ret = fscrypt_get_encryption_info(dir);
		if (ret && ret != -EOPNOTSUPP)
		return ret;

fs/crypto/fscrypt_private.h

+0 −4

Original line number	Diff line number	Diff line
		@@ -67,7 +67,6 @@ struct fscrypt_info {
		u8 ci_filename_mode;
		u8 ci_flags;
		struct crypto_skcipher *ci_ctfm;
		struct key *ci_keyring_key;
		u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
		};

		@@ -101,7 +100,4 @@ extern int fscrypt_do_page_crypto(const struct inode *inode,
		extern struct page fscrypt_alloc_bounce_page(struct fscrypt_ctx ctx,
		gfp_t gfp_flags);

		/* keyinfo.c */
		extern int fscrypt_get_crypt_info(struct inode *);

		#endif /* _FSCRYPT_PRIVATE_H */

fs/crypto/keyinfo.c

+9 −43

Original line number	Diff line number	Diff line
		@@ -95,6 +95,7 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
		kfree(description);
		if (IS_ERR(keyring_key))
		return PTR_ERR(keyring_key);
		down_read(&keyring_key->sem);

		if (keyring_key->type != &key_type_logon) {
		printk_once(KERN_WARNING
		@@ -102,11 +103,9 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
		res = -ENOKEY;
		goto out;
		}
		down_read(&keyring_key->sem);
		ukp = user_key_payload(keyring_key);
		if (ukp->datalen != sizeof(struct fscrypt_key)) {
		res = -EINVAL;
		up_read(&keyring_key->sem);
		goto out;
		}
		master_key = (struct fscrypt_key *)ukp->data;
		@@ -117,17 +116,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
		"%s: key size incorrect: %d\n",
		__func__, master_key->size);
		res = -ENOKEY;
		up_read(&keyring_key->sem);
		goto out;
		}
		res = derive_key_aes(ctx->nonce, master_key->raw, raw_key);
		up_read(&keyring_key->sem);
		if (res)
		goto out;

		crypt_info->ci_keyring_key = keyring_key;
		return 0;
		out:
		up_read(&keyring_key->sem);
		key_put(keyring_key);
		return res;
		}
		@@ -169,12 +162,11 @@ static void put_crypt_info(struct fscrypt_info *ci)
		if (!ci)
		return;

		key_put(ci->ci_keyring_key);
		crypto_free_skcipher(ci->ci_ctfm);
		kmem_cache_free(fscrypt_info_cachep, ci);
		}

		int fscrypt_get_crypt_info(struct inode *inode)
		int fscrypt_get_encryption_info(struct inode *inode)
		{
		struct fscrypt_info *crypt_info;
		struct fscrypt_context ctx;
		@@ -184,21 +176,15 @@ int fscrypt_get_crypt_info(struct inode *inode)
		u8 *raw_key = NULL;
		int res;

		if (inode->i_crypt_info)
		return 0;

		res = fscrypt_initialize(inode->i_sb->s_cop->flags);
		if (res)
		return res;

		if (!inode->i_sb->s_cop->get_context)
		return -EOPNOTSUPP;
		retry:
		crypt_info = ACCESS_ONCE(inode->i_crypt_info);
		if (crypt_info) {
		if (!crypt_info->ci_keyring_key \|\|
		key_validate(crypt_info->ci_keyring_key) == 0)
		return 0;
		fscrypt_put_encryption_info(inode, crypt_info);
		goto retry;
		}

		res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
		if (res < 0) {
		@@ -229,7 +215,6 @@ retry:
		crypt_info->ci_data_mode = ctx.contents_encryption_mode;
		crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
		crypt_info->ci_ctfm = NULL;
		crypt_info->ci_keyring_key = NULL;
		memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
		sizeof(crypt_info->ci_master_key));

		@@ -273,14 +258,8 @@ retry:
		if (res)
		goto out;

		kzfree(raw_key);
		raw_key = NULL;
		if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) {
		put_crypt_info(crypt_info);
		goto retry;
		}
		return 0;

		if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL)
		crypt_info = NULL;
		out:
		if (res == -ENOKEY)
		res = 0;
		@@ -288,6 +267,7 @@ out:
		kzfree(raw_key);
		return res;
		}
		EXPORT_SYMBOL(fscrypt_get_encryption_info);

		void fscrypt_put_encryption_info(struct inode inode, struct fscrypt_info ci)
		{
		@@ -305,17 +285,3 @@ void fscrypt_put_encryption_info(struct inode inode, struct fscrypt_info ci)
		put_crypt_info(ci);
		}
		EXPORT_SYMBOL(fscrypt_put_encryption_info);

		int fscrypt_get_encryption_info(struct inode *inode)
		{
		struct fscrypt_info *ci = inode->i_crypt_info;

		if (!ci \|\|
		(ci->ci_keyring_key &&
		(ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) \|
		(1 << KEY_FLAG_REVOKED) \|
		(1 << KEY_FLAG_DEAD)))))
		return fscrypt_get_crypt_info(inode);
		return 0;
		}
		EXPORT_SYMBOL(fscrypt_get_encryption_info);

Admin message