]> Git Repo - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: 42595ce 861261f)
Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt
authorLinus Torvalds <[email protected]>
Tue, 31 Mar 2020 19:58:36 +0000 (12:58 -0700)
committerLinus Torvalds <[email protected]>
Tue, 31 Mar 2020 19:58:36 +0000 (12:58 -0700)
Pull fscrypt updates from Eric Biggers:
 "Add an ioctl FS_IOC_GET_ENCRYPTION_NONCE which retrieves a file's
  encryption nonce.

  This makes it easier to write automated tests which verify that
  fscrypt is doing the encryption correctly"

* tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt:
  ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE
  f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE
  ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE
  fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl

1  2 
fs/crypto/keysetup.c patch | diff1 | diff2 | blob | history

diff --combined fs/crypto/keysetup.c
index 08c9f216a54dda778edd44152cfabe0385539ef5,cb2803844726dac9a0ed3b064d3bf37426cccc0b..302375e9f719ebbd7a1488390997687527707a57
--- 1/fs/crypto/keysetup.c
--- 2/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@@ -425,20 -425,8 +425,8 @@@ int fscrypt_get_encryption_info(struct 
                goto out;
        }
  
-       switch (ctx.version) {
-       case FSCRYPT_CONTEXT_V1:
-               memcpy(crypt_info->ci_nonce, ctx.v1.nonce,
-                      FS_KEY_DERIVATION_NONCE_SIZE);
-               break;
-       case FSCRYPT_CONTEXT_V2:
-               memcpy(crypt_info->ci_nonce, ctx.v2.nonce,
-                      FS_KEY_DERIVATION_NONCE_SIZE);
-               break;
-       default:
-               WARN_ON(1);
-               res = -EINVAL;
-               goto out;
-       }
+       memcpy(crypt_info->ci_nonce, fscrypt_context_nonce(&ctx),
+              FS_KEY_DERIVATION_NONCE_SIZE);
  
        if (!fscrypt_supported_policy(&crypt_info->ci_policy, inode)) {
                res = -EINVAL;
@@@ -538,15 -526,6 +526,15 @@@ int fscrypt_drop_inode(struct inode *in
                return 0;
        mk = ci->ci_master_key->payload.data[0];
  
 +      /*
 +       * With proper, non-racy use of FS_IOC_REMOVE_ENCRYPTION_KEY, all inodes
 +       * protected by the key were cleaned by sync_filesystem().  But if
 +       * userspace is still using the files, inodes can be dirtied between
 +       * then and now.  We mustn't lose any writes, so skip dirty inodes here.
 +       */
 +      if (inode->i_state & I_DIRTY_ALL)
 +              return 0;
 +
        /*
         * Note: since we aren't holding ->mk_secret_sem, the result here can
         * immediately become outdated.  But there's no correctness problem with
Empty description
This page took 0.077675 seconds and 4 git commands to generate.