From: Eric Biggers <ebigg...@google.com>

commit d456a33f041af4b54f3ce495a86d00c246165032 upstream.

Plaintext dentries are always valid, so only set fscrypt_d_ops on
ciphertext dentries.

Besides marginally improved performance, this allows overlayfs to use an
fscrypt-encrypted upperdir, provided that all the following are true:

    (1) The fscrypt encryption key is placed in the keyring before
        mounting overlayfs, and remains while the overlayfs is mounted.

    (2) The overlayfs workdir uses the same encryption policy.

    (3) No dentries for the ciphertext names of subdirectories have been
        created in the upperdir or workdir yet.  (Since otherwise
        d_splice_alias() will reuse the old dentry with ->d_op set.)

One potential use case is using an ephemeral encryption key to encrypt
all files created or changed by a container, so that they can be
securely erased ("crypto-shredded") after the container stops.

Signed-off-by: Eric Biggers <ebigg...@google.com>
Signed-off-by: Theodore Ts'o <ty...@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
 fs/crypto/hooks.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -115,9 +115,8 @@ int __fscrypt_prepare_lookup(struct inod
                spin_lock(&dentry->d_lock);
                dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
                spin_unlock(&dentry->d_lock);
+               d_set_d_op(dentry, &fscrypt_d_ops);
        }
-
-       d_set_d_op(dentry, &fscrypt_d_ops);
        return 0;
 }
 EXPORT_SYMBOL_GPL(__fscrypt_prepare_lookup);


Reply via email to