On Dec 2, 2020, at 2:07 PM, Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > On Tue, Nov 24, 2020 at 04:23:27PM -0800, Eric Biggers wrote: >> Currently it's impossible to delete files that use an unsupported >> encryption policy, as the kernel will just return an error when >> performing any operation on the top-level encrypted directory, even just >> a path lookup into the directory or opening the directory for readdir. >> >> It's desirable to return errors for most operations on files that use an >> unsupported encryption policy, but the current behavior is too strict. >> We need to allow enough to delete files, so that people can't be stuck >> with undeletable files when downgrading kernel versions. That includes >> allowing directories to be listed and allowing dentries to be looked up. >> >> This series fixes this (on ext4, f2fs, and ubifs) by treating an >> unsupported encryption policy in the same way as "key unavailable" in >> the cases that are required for a recursive delete to work. >> >> The actual fix is in patch 9, so see that for more details. >> >> Patches 1-8 are cleanups that prepare for the actual fix by removing >> direct use of fscrypt_get_encryption_info() by filesystems. >> >> This patchset applies to branch "master" (commit 4a4b8721f1a5) of >> https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git. >> >> Eric Biggers (9): >> ext4: remove ext4_dir_open() >> f2fs: remove f2fs_dir_open() >> ubifs: remove ubifs_dir_open() >> ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf() >> fscrypt: introduce fscrypt_prepare_readdir() >> fscrypt: move body of fscrypt_prepare_setattr() out-of-line >> fscrypt: move fscrypt_require_key() to fscrypt_private.h >> fscrypt: unexport fscrypt_get_encryption_info() >> fscrypt: allow deleting files with unsupported encryption policy >> >> fs/crypto/fname.c | 8 +++- >> fs/crypto/fscrypt_private.h | 28 ++++++++++++++ >> fs/crypto/hooks.c | 16 +++++++- >> fs/crypto/keysetup.c | 20 ++++++++-- >> fs/crypto/policy.c | 22 +++++++---- >> fs/ext4/dir.c | 16 ++------ >> fs/ext4/namei.c | 10 +---- >> fs/f2fs/dir.c | 10 +---- >> fs/ubifs/dir.c | 11 +----- >> include/linux/fscrypt.h | 75 +++++++++++++++++++------------------ >> 10 files changed, 126 insertions(+), 90 deletions(-) >> >> >> base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de > > Any more comments on this patch series? I think the general idea makes sense. I'll review the ext4 patches in the series. Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP