Re: [RFC PATCH v2 04/18] fscrypt: add fscrypt_new_context_from_inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2020-09-07 at 20:48 -0700, Eric Biggers wrote:
> On Fri, Sep 04, 2020 at 12:05:23PM -0400, Jeff Layton wrote:
> > CephFS will need to be able to generate a context for a new "prepared"
> > inode. Add a new routine for getting the context out of an in-core
> > inode.
> > 
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> >  fs/crypto/policy.c      | 20 ++++++++++++++++++++
> >  include/linux/fscrypt.h |  1 +
> >  2 files changed, 21 insertions(+)
> > 
> > diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
> > index c56ad886f7d7..10eddd113a21 100644
> > --- a/fs/crypto/policy.c
> > +++ b/fs/crypto/policy.c
> > @@ -670,6 +670,26 @@ int fscrypt_set_context(struct inode *inode, void *fs_data)
> >  }
> >  EXPORT_SYMBOL_GPL(fscrypt_set_context);
> >  
> > +/**
> > + * fscrypt_context_from_inode() - fetch the encryption context out of in-core inode
> 
> Comment doesn't match the function name.
> 
> Also, the name isn't very clear.  How about calling this
> fscrypt_context_for_new_inode()?
> 
> BTW, I might rename fscrypt_new_context_from_policy() to
> fscrypt_context_from_policy() in my patchset.  Since it now makes the caller
> provide the nonce, technically it's no longer limited to "new" contexts.
> 
> > + * @ctx: where context should be written
> > + * @inode: inode from which to fetch context
> > + *
> > + * Given an in-core prepared, but not-necessarily fully-instantiated inode,
> > + * generate an encryption context from its policy and write it to ctx.
> 
> Clarify what is meant by "prepared" (fscrypt_prepare_new_inode() was called)
> vs. "instantiated".
> 
> > + *
> > + * Returns size of the context.
> > + */
> > +int fscrypt_new_context_from_inode(union fscrypt_context *ctx, struct inode *inode)
> > +{
> > +	struct fscrypt_info *ci = inode->i_crypt_info;
> > +
> > +	BUILD_BUG_ON(sizeof(*ctx) != FSCRYPT_SET_CONTEXT_MAX_SIZE);
> > +
> > +	return fscrypt_new_context_from_policy(ctx, &ci->ci_policy, ci->ci_nonce);
> > +}
> > +EXPORT_SYMBOL_GPL(fscrypt_new_context_from_inode);
> 
> fscrypt_set_context() should be changed to call this, instead of duplicating the
> same logic.  As part of that, the WARN_ON_ONCE(!ci) that's currently in
> fscrypt_set_context() should go in here instead.
> 

Note that we can't just move that WARN_ON_ONCE. If we do that, then
fscrypt_set_context will dereference ci before that check can occur, so
we'd be trading a warning and -ENOKEY for a NULL pointer dereference. I
think we'll have to duplicate that in both functions.

-- 
Jeff Layton <jlayton@xxxxxxxxxx>




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux