summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2017-10-09 12:15:44 -0700
committerTheodore Ts'o <tytso@mit.edu>2017-10-18 19:52:39 -0400
commit815dac33b27da9efce0f6008272e69f2a1ba1a33 (patch)
tree608a6a2032f1d36b5332ace1f0f8644986dca2a3 /include
parent32c3cf028e747d1e9cf0679b16dcbe3794fe4853 (diff)
downloadlwn-815dac33b27da9efce0f6008272e69f2a1ba1a33.tar.gz
lwn-815dac33b27da9efce0f6008272e69f2a1ba1a33.zip
fscrypt: new helper function - fscrypt_prepare_setattr()
Introduce a helper function for filesystems to call when processing ->setattr() on a possibly-encrypted inode. It handles enforcing that an encrypted file can only be truncated if its encryption key is available. Acked-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'include')
-rw-r--r--include/linux/fscrypt.h25
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 2327859c8cd2..53437bfdfcbc 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -265,4 +265,29 @@ static inline int fscrypt_prepare_lookup(struct inode *dir,
return 0;
}
+/**
+ * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
+ * @dentry: dentry through which the inode is being changed
+ * @attr: attributes to change
+ *
+ * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
+ * most attribute changes are allowed even without the encryption key. However,
+ * without the encryption key we do have to forbid truncates. This is needed
+ * because the size being truncated to may not be a multiple of the filesystem
+ * block size, and in that case we'd have to decrypt the final block, zero the
+ * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
+ * filesystem block boundary, but it's simpler to just forbid all truncates ---
+ * and we already forbid all other contents modifications without the key.)
+ *
+ * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
+ * if a problem occurred while setting up the encryption key.
+ */
+static inline int fscrypt_prepare_setattr(struct dentry *dentry,
+ struct iattr *attr)
+{
+ if (attr->ia_valid & ATTR_SIZE)
+ return fscrypt_require_key(d_inode(dentry));
+ return 0;
+}
+
#endif /* _LINUX_FSCRYPT_H */