fscrypt: don't call no-key names "ciphertext names"

Currently we're using the term "ciphertext name" ambiguously because it
can mean either the actual ciphertext filename, or the encoded filename
that is shown when an encrypted directory is listed without its key.
The latter we're now usually calling the "no-key name"; and while it's
derived from the ciphertext name, it's not the same thing.

To avoid this ambiguity, rename fscrypt_name::is_ciphertext_name to
fscrypt_name::is_nokey_name, and update comments that say "ciphertext
name" (or "encrypted name") to say "no-key name" instead when warranted.

Link: https://lore.kernel.org/r/20200924042624.98439-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers 2020-09-23 21:26:23 -07:00
parent 0c6a113b24
commit 70fb2612aa
4 changed files with 19 additions and 20 deletions

View File

@ -382,9 +382,9 @@ EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);
* directory's encryption key, then @iname is the plaintext, so we encrypt it to * directory's encryption key, then @iname is the plaintext, so we encrypt it to
* get the disk_name. * get the disk_name.
* *
* Else, for keyless @lookup operations, @iname is the presented ciphertext, so * Else, for keyless @lookup operations, @iname should be a no-key name, so we
* we decode it to get the fscrypt_nokey_name. Non-@lookup operations will be * decode it to get the struct fscrypt_nokey_name. Non-@lookup operations will
* impossible in this case, so we fail them with ENOKEY. * be impossible in this case, so we fail them with ENOKEY.
* *
* If successful, fscrypt_free_filename() must be called later to clean up. * If successful, fscrypt_free_filename() must be called later to clean up.
* *
@ -429,7 +429,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
} }
if (!lookup) if (!lookup)
return -ENOKEY; return -ENOKEY;
fname->is_ciphertext_name = true; fname->is_nokey_name = true;
/* /*
* We don't have the key and we are doing a lookup; decode the * We don't have the key and we are doing a lookup; decode the
@ -538,17 +538,17 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
/* /*
* Plaintext names are always valid, since fscrypt doesn't support * Plaintext names are always valid, since fscrypt doesn't support
* reverting to ciphertext names without evicting the directory's inode * reverting to no-key names without evicting the directory's inode
* -- which implies eviction of the dentries in the directory. * -- which implies eviction of the dentries in the directory.
*/ */
if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME)) if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME))
return 1; return 1;
/* /*
* Ciphertext name; valid if the directory's key is still unavailable. * No-key name; valid if the directory's key is still unavailable.
* *
* Although fscrypt forbids rename() on ciphertext names, we still must * Although fscrypt forbids rename() on no-key names, we still must use
* use dget_parent() here rather than use ->d_parent directly. That's * dget_parent() here rather than use ->d_parent directly. That's
* because a corrupted fs image may contain directory hard links, which * because a corrupted fs image may contain directory hard links, which
* the VFS handles by moving the directory's dentry tree in the dcache * the VFS handles by moving the directory's dentry tree in the dcache
* each time ->lookup() finds the directory and it already has a dentry * each time ->lookup() finds the directory and it already has a dentry

View File

@ -60,7 +60,7 @@ int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
if (err) if (err)
return err; return err;
/* ... in case we looked up ciphertext name before key was added */ /* ... in case we looked up no-key name before key was added */
if (dentry->d_flags & DCACHE_ENCRYPTED_NAME) if (dentry->d_flags & DCACHE_ENCRYPTED_NAME)
return -ENOKEY; return -ENOKEY;
@ -85,7 +85,7 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
if (err) if (err)
return err; return err;
/* ... in case we looked up ciphertext name(s) before key was added */ /* ... in case we looked up no-key name(s) before key was added */
if ((old_dentry->d_flags | new_dentry->d_flags) & if ((old_dentry->d_flags | new_dentry->d_flags) &
DCACHE_ENCRYPTED_NAME) DCACHE_ENCRYPTED_NAME)
return -ENOKEY; return -ENOKEY;
@ -114,7 +114,7 @@ int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
if (err && err != -ENOENT) if (err && err != -ENOENT)
return err; return err;
if (fname->is_ciphertext_name) { if (fname->is_nokey_name) {
spin_lock(&dentry->d_lock); spin_lock(&dentry->d_lock);
dentry->d_flags |= DCACHE_ENCRYPTED_NAME; dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
spin_unlock(&dentry->d_lock); spin_unlock(&dentry->d_lock);

View File

@ -111,7 +111,7 @@ static int __f2fs_setup_filename(const struct inode *dir,
#ifdef CONFIG_FS_ENCRYPTION #ifdef CONFIG_FS_ENCRYPTION
fname->crypto_buf = crypt_name->crypto_buf; fname->crypto_buf = crypt_name->crypto_buf;
#endif #endif
if (crypt_name->is_ciphertext_name) { if (crypt_name->is_nokey_name) {
/* hash was decoded from the no-key name */ /* hash was decoded from the no-key name */
fname->hash = cpu_to_le32(crypt_name->hash); fname->hash = cpu_to_le32(crypt_name->hash);
} else { } else {

View File

@ -35,7 +35,7 @@ struct fscrypt_name {
u32 hash; u32 hash;
u32 minor_hash; u32 minor_hash;
struct fscrypt_str crypto_buf; struct fscrypt_str crypto_buf;
bool is_ciphertext_name; bool is_nokey_name;
}; };
#define FSTR_INIT(n, l) { .name = n, .len = l } #define FSTR_INIT(n, l) { .name = n, .len = l }
@ -730,17 +730,16 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
* @fname: (output) the name to use to search the on-disk directory * @fname: (output) the name to use to search the on-disk directory
* *
* Prepare for ->lookup() in a directory which may be encrypted by determining * Prepare for ->lookup() in a directory which may be encrypted by determining
* the name that will actually be used to search the directory on-disk. Lookups * the name that will actually be used to search the directory on-disk. If the
* can be done with or without the directory's encryption key; without the key, * directory's encryption key is available, then the lookup is assumed to be by
* filenames are presented in encrypted form. Therefore, we'll try to set up * plaintext name; otherwise, it is assumed to be by no-key name.
* the directory's encryption key, but even without it the lookup can continue.
* *
* This also installs a custom ->d_revalidate() method which will invalidate the * This also installs a custom ->d_revalidate() method which will invalidate the
* dentry if it was created without the key and the key is later added. * dentry if it was created without the key and the key is later added.
* *
* Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a * Return: 0 on success; -ENOENT if the directory's key is unavailable but the
* correctly formed encoded ciphertext name, so a negative dentry should be * filename isn't a valid no-key name, so a negative dentry should be created;
* created; or another -errno code. * or another -errno code.
*/ */
static inline int fscrypt_prepare_lookup(struct inode *dir, static inline int fscrypt_prepare_lookup(struct inode *dir,
struct dentry *dentry, struct dentry *dentry,