diff options
author | Eric Biggers <ebiggers@google.com> | 2020-11-18 08:56:09 +0100 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2020-11-25 00:10:27 +0100 |
commit | 234f1b7f8daf112655c87f75ae8932564f871225 (patch) | |
tree | 50d6a76def3f3056ab97aa37208b0a95426897e9 | |
parent | ubifs: prevent creating duplicate encrypted filenames (diff) | |
download | linux-234f1b7f8daf112655c87f75ae8932564f871225.tar.xz linux-234f1b7f8daf112655c87f75ae8932564f871225.zip |
fscrypt: remove unnecessary calls to fscrypt_require_key()
In an encrypted directory, a regular dentry (one that doesn't have the
no-key name flag) can only be created if the directory's encryption key
is available.
Therefore the calls to fscrypt_require_key() in __fscrypt_prepare_link()
and __fscrypt_prepare_rename() are unnecessary, as these functions
already check that the dentries they're given aren't no-key names.
Remove these unnecessary calls to fscrypt_require_key().
Link: https://lore.kernel.org/r/20201118075609.120337-6-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
-rw-r--r-- | fs/crypto/hooks.c | 26 | ||||
-rw-r--r-- | include/linux/fscrypt.h | 3 |
2 files changed, 9 insertions, 20 deletions
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 061418be4b08..c582e2ddb39c 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -54,15 +54,12 @@ EXPORT_SYMBOL_GPL(fscrypt_file_open); int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, struct dentry *dentry) { - int err; - - err = fscrypt_require_key(dir); - if (err) - return err; - - /* ... in case we looked up no-key name before key was added */ if (fscrypt_is_nokey_name(dentry)) return -ENOKEY; + /* + * We don't need to separately check that the directory inode's key is + * available, as it's implied by the dentry not being a no-key name. + */ if (!fscrypt_has_permitted_context(dir, inode)) return -EXDEV; @@ -75,20 +72,13 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) { - int err; - - err = fscrypt_require_key(old_dir); - if (err) - return err; - - err = fscrypt_require_key(new_dir); - if (err) - return err; - - /* ... in case we looked up no-key name(s) before key was added */ if (fscrypt_is_nokey_name(old_dentry) || fscrypt_is_nokey_name(new_dentry)) return -ENOKEY; + /* + * We don't need to separately check that the directory inodes' keys are + * available, as it's implied by the dentries not being no-key names. + */ if (old_dir != new_dir) { if (IS_ENCRYPTED(new_dir) && diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 8e1d31c959bf..0c9e64969b73 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -710,8 +710,7 @@ static inline int fscrypt_require_key(struct inode *inode) * * A new link can only be added to an encrypted directory if the directory's * encryption key is available --- since otherwise we'd have no way to encrypt - * the filename. Therefore, we first set up the directory's encryption key (if - * not already done) and return an error if it's unavailable. + * the filename. * * We also verify that the link will not violate the constraint that all files * in an encrypted directory tree use the same encryption policy. |