mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 13:22:57 +00:00
Code Issues Releases Wiki Activity
linux-stable/fs/crypto
History
Eric Biggers 15baf55481 fscrypt: track master key presence separately from secret 
Master keys can be in one of three states: present, incompletely
removed, and absent (as per FSCRYPT_KEY_STATUS_* used in the UAPI).
Currently, the way that "present" is distinguished from "incompletely
removed" internally is by whether ->mk_secret exists or not.

With extent-based encryption, it will be necessary to allow per-extent
keys to be derived while the master key is incompletely removed, so that
I/O on open files will reliably continue working after removal of the
key has been initiated.  (We could allow I/O to sometimes fail in that
case, but that seems problematic for reasons such as writes getting
silently thrown away and diverging from the existing fscrypt semantics.)
Therefore, when the filesystem is using extent-based encryption,
->mk_secret can't be wiped when the key becomes incompletely removed.

As a prerequisite for doing that, this patch makes the "present" state
be tracked using a new field, ->mk_present.  No behavior is changed yet.

The basic idea here is borrowed from Josef Bacik's patch
"fscrypt: use a flag to indicate that the master key is being evicted"
(https://lore.kernel.org/r/e86c16dddc049ff065f877d793ad773e4c6bfad9.1696970227.git.josef@toxicpanda.com).
I reimplemented it using a "present" bool instead of an "evicted" flag,
fixed a couple bugs, and tried to update everything to be consistent.

Note: I considered adding a ->mk_status field instead, holding one of
FSCRYPT_KEY_STATUS_*.  At first that seemed nice, but it ended up being
more complex (despite simplifying FS_IOC_GET_ENCRYPTION_KEY_STATUS),
since it would have introduced redundancy and had weird locking rules.

Reviewed-by: Neal Gompa <neal@gompa.dev>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20231015061055.62673-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-10-16 21:23:45 -07:00
..
bio.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00
crypto.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00
fname.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00
fscrypt_private.h fscrypt: track master key presence separately from secret 2023-10-16 21:23:45 -07:00
hkdf.c fscrypt: use WARN_ON_ONCE instead of WARN_ON 2023-03-27 21:15:50 -07:00
hooks.c fscrypt: track master key presence separately from secret 2023-10-16 21:23:45 -07:00
inline_crypt.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00
Kconfig fscrypt: relax Kconfig dependencies for crypto API algorithms 2021-04-22 17:31:32 +10:00
keyring.c fscrypt: track master key presence separately from secret 2023-10-16 21:23:45 -07:00
keysetup.c fscrypt: track master key presence separately from secret 2023-10-16 21:23:45 -07:00
keysetup_v1.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00
Makefile fscrypt: add inline encryption support 2020-07-08 10:29:30 -07:00
policy.c fscrypt: rename fscrypt_info => fscrypt_inode_info 2023-10-08 20:44:26 -07:00