[PATCH 0/9] Allow deleting files with unsupported encryption policy
Andreas Dilger
adilger at dilger.ca
Wed Dec 2 17:25:25 EST 2020
On Dec 2, 2020, at 2:07 PM, Eric Biggers <ebiggers at kernel.org> wrote:
>
> On Tue, Nov 24, 2020 at 04:23:27PM -0800, Eric Biggers wrote:
>> Currently it's impossible to delete files that use an unsupported
>> encryption policy, as the kernel will just return an error when
>> performing any operation on the top-level encrypted directory, even just
>> a path lookup into the directory or opening the directory for readdir.
>>
>> It's desirable to return errors for most operations on files that use an
>> unsupported encryption policy, but the current behavior is too strict.
>> We need to allow enough to delete files, so that people can't be stuck
>> with undeletable files when downgrading kernel versions. That includes
>> allowing directories to be listed and allowing dentries to be looked up.
>>
>> This series fixes this (on ext4, f2fs, and ubifs) by treating an
>> unsupported encryption policy in the same way as "key unavailable" in
>> the cases that are required for a recursive delete to work.
>>
>> The actual fix is in patch 9, so see that for more details.
>>
>> Patches 1-8 are cleanups that prepare for the actual fix by removing
>> direct use of fscrypt_get_encryption_info() by filesystems.
>>
>> This patchset applies to branch "master" (commit 4a4b8721f1a5) of
>> https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git.
>>
>> Eric Biggers (9):
>> ext4: remove ext4_dir_open()
>> f2fs: remove f2fs_dir_open()
>> ubifs: remove ubifs_dir_open()
>> ext4: don't call fscrypt_get_encryption_info() from dx_show_leaf()
>> fscrypt: introduce fscrypt_prepare_readdir()
>> fscrypt: move body of fscrypt_prepare_setattr() out-of-line
>> fscrypt: move fscrypt_require_key() to fscrypt_private.h
>> fscrypt: unexport fscrypt_get_encryption_info()
>> fscrypt: allow deleting files with unsupported encryption policy
>>
>> fs/crypto/fname.c | 8 +++-
>> fs/crypto/fscrypt_private.h | 28 ++++++++++++++
>> fs/crypto/hooks.c | 16 +++++++-
>> fs/crypto/keysetup.c | 20 ++++++++--
>> fs/crypto/policy.c | 22 +++++++----
>> fs/ext4/dir.c | 16 ++------
>> fs/ext4/namei.c | 10 +----
>> fs/f2fs/dir.c | 10 +----
>> fs/ubifs/dir.c | 11 +-----
>> include/linux/fscrypt.h | 75 +++++++++++++++++++------------------
>> 10 files changed, 126 insertions(+), 90 deletions(-)
>>
>>
>> base-commit: 4a4b8721f1a5e4b01e45b3153c68d5a1014b25de
>
> Any more comments on this patch series?
I think the general idea makes sense. I'll review the ext4 patches in the series.
Cheers, Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.infradead.org/pipermail/linux-mtd/attachments/20201202/097d2150/attachment-0001.sig>
More information about the linux-mtd
mailing list