~hc/RK356X_SDK_RELEASE.git

..	..	@@ -9,7 +9,7 @@
9	9	*/
10	10
11	11	#include <crypto/skcipher.h>
12		-#include <linux/key.h>
	12	+#include <linux/random.h>
13	13
14	14	#include "fscrypt_private.h"
15	15
..	..	@@ -18,6 +18,7 @@
18	18	.friendly_name = "AES-256-XTS",
19	19	.cipher_str = "xts(aes)",
20	20	.keysize = 64,
	21	+ .security_strength = 32,
21	22	.ivsize = 16,
22	23	.blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_256_XTS,
23	24	},
..	..	@@ -25,12 +26,14 @@
25	26	.friendly_name = "AES-256-CTS-CBC",
26	27	.cipher_str = "cts(cbc(aes))",
27	28	.keysize = 32,
	29	+ .security_strength = 32,
28	30	.ivsize = 16,
29	31	},
30	32	[FSCRYPT_MODE_AES_128_CBC] = {
31	33	.friendly_name = "AES-128-CBC-ESSIV",
32	34	.cipher_str = "essiv(cbc(aes),sha256)",
33	35	.keysize = 16,
	36	+ .security_strength = 16,
34	37	.ivsize = 16,
35	38	.blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
36	39	},
..	..	@@ -38,12 +41,14 @@
38	41	.friendly_name = "AES-128-CTS-CBC",
39	42	.cipher_str = "cts(cbc(aes))",
40	43	.keysize = 16,
	44	+ .security_strength = 16,
41	45	.ivsize = 16,
42	46	},
43	47	[FSCRYPT_MODE_ADIANTUM] = {
44	48	.friendly_name = "Adiantum",
45	49	.cipher_str = "adiantum(xchacha12,aes)",
46	50	.keysize = 32,
	51	+ .security_strength = 32,
47	52	.ivsize = 32,
48	53	.blk_crypto_mode = BLK_ENCRYPTION_MODE_ADIANTUM,
49	54	},
..	..	@@ -55,6 +60,8 @@
55	60	select_encryption_mode(const union fscrypt_policy *policy,
56	61	const struct inode *inode)
57	62	{
	63	+ BUILD_BUG_ON(ARRAY_SIZE(fscrypt_modes) != FSCRYPT_MODE_MAX + 1);
	64	+
58	65	if (S_ISREG(inode->i_mode))
59	66	return &fscrypt_modes[fscrypt_policy_contents_mode(policy)];
60	67
..	..	@@ -100,7 +107,7 @@
100	107	err = -EINVAL;
101	108	goto err_free_tfm;
102	109	}
103		- crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
	110	+ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
104	111	err = crypto_skcipher_setkey(tfm, raw_key, mode->keysize);
105	112	if (err)
106	113	goto err_free_tfm;
..	..	@@ -148,13 +155,15 @@
148	155	{
149	156	crypto_free_skcipher(prep_key->tfm);
150	157	fscrypt_destroy_inline_crypt_key(prep_key);
	158	+ memzero_explicit(prep_key, sizeof(*prep_key));
151	159	}
152	160
153	161	/* Given a per-file encryption key, set up the file's crypto transform object */
154	162	int fscrypt_set_per_file_enc_key(struct fscrypt_info ci, const u8 raw_key)
155	163	{
156	164	ci->ci_owns_key = true;
157		- return fscrypt_prepare_key(&ci->ci_key, raw_key, ci->ci_mode->keysize,
	165	+ return fscrypt_prepare_key(&ci->ci_enc_key, raw_key,
	166	+ ci->ci_mode->keysize,
158	167	false /is_hw_wrapped/, ci);
159	168	}
160	169
..	..	@@ -173,12 +182,12 @@
173	182	unsigned int hkdf_infolen = 0;
174	183	int err;
175	184
176		- if (WARN_ON(mode_num > __FSCRYPT_MODE_MAX))
	185	+ if (WARN_ON(mode_num > FSCRYPT_MODE_MAX))
177	186	return -EINVAL;
178	187
179	188	prep_key = &keys[mode_num];
180	189	if (fscrypt_is_key_prepared(prep_key, ci)) {
181		- ci->ci_key = *prep_key;
	190	+ ci->ci_enc_key = *prep_key;
182	191	return 0;
183	192	}
184	193
..	..	@@ -196,7 +205,7 @@
196	205	err = -EINVAL;
197	206	goto out_unlock;
198	207	}
199		- for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) {
	208	+ for (i = 0; i <= FSCRYPT_MODE_MAX; i++) {
200	209	if (fscrypt_is_key_prepared(&keys[i], ci)) {
201	210	fscrypt_warn(ci->ci_inode,
202	211	"Each hardware-wrapped key can only be used with one encryption mode");
..	..	@@ -230,12 +239,37 @@
230	239	goto out_unlock;
231	240	}
232	241	done_unlock:
233		- ci->ci_key = *prep_key;
234		-
	242	+ ci->ci_enc_key = *prep_key;
235	243	err = 0;
236	244	out_unlock:
237	245	mutex_unlock(&fscrypt_mode_key_setup_mutex);
238	246	return err;
	247	+}
	248	+
	249	+/*
	250	+ * Derive a SipHash key from the given fscrypt master key and the given
	251	+ * application-specific information string.
	252	+ *
	253	+ * Note that the KDF produces a byte array, but the SipHash APIs expect the key
	254	+ * as a pair of 64-bit words. Therefore, on big endian CPUs we have to do an
	255	+ * endianness swap in order to get the same results as on little endian CPUs.
	256	+ */
	257	+static int fscrypt_derive_siphash_key(const struct fscrypt_master_key *mk,
	258	+ u8 context, const u8 *info,
	259	+ unsigned int infolen, siphash_key_t *key)
	260	+{
	261	+ int err;
	262	+
	263	+ err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, context, info, infolen,
	264	+ (u8 )key, sizeof(key));
	265	+ if (err)
	266	+ return err;
	267	+
	268	+ BUILD_BUG_ON(sizeof(*key) != 16);
	269	+ BUILD_BUG_ON(ARRAY_SIZE(key->key) != 2);
	270	+ le64_to_cpus(&key->key[0]);
	271	+ le64_to_cpus(&key->key[1]);
	272	+ return 0;
239	273	}
240	274
241	275	int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
..	..	@@ -243,14 +277,23 @@
243	277	{
244	278	int err;
245	279
246		- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY,
247		- ci->ci_nonce, FS_KEY_DERIVATION_NONCE_SIZE,
248		- (u8 *)&ci->ci_dirhash_key,
249		- sizeof(ci->ci_dirhash_key));
	280	+ err = fscrypt_derive_siphash_key(mk, HKDF_CONTEXT_DIRHASH_KEY,
	281	+ ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
	282	+ &ci->ci_dirhash_key);
250	283	if (err)
251	284	return err;
252	285	ci->ci_dirhash_key_initialized = true;
253	286	return 0;
	287	+}
	288	+
	289	+void fscrypt_hash_inode_number(struct fscrypt_info *ci,
	290	+ const struct fscrypt_master_key *mk)
	291	+{
	292	+ WARN_ON(ci->ci_inode->i_ino == 0);
	293	+ WARN_ON(!mk->mk_ino_hash_key_initialized);
	294	+
	295	+ ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
	296	+ &mk->mk_ino_hash_key);
254	297	}
255	298
256	299	static int fscrypt_setup_iv_ino_lblk_32_key(struct fscrypt_info *ci,
..	..	@@ -271,10 +314,9 @@
271	314	if (mk->mk_ino_hash_key_initialized)
272	315	goto unlock;
273	316
274		- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf,
275		- HKDF_CONTEXT_INODE_HASH_KEY, NULL, 0,
276		- (u8 *)&mk->mk_ino_hash_key,
277		- sizeof(mk->mk_ino_hash_key));
	317	+ err = fscrypt_derive_siphash_key(mk,
	318	+ HKDF_CONTEXT_INODE_HASH_KEY,
	319	+ NULL, 0, &mk->mk_ino_hash_key);
278	320	if (err)
279	321	goto unlock;
280	322	/* pairs with smp_load_acquire() above */
..	..	@@ -285,13 +327,18 @@
285	327	return err;
286	328	}
287	329
288		- ci->ci_hashed_ino = (u32)siphash_1u64(ci->ci_inode->i_ino,
289		- &mk->mk_ino_hash_key);
	330	+ /*
	331	+ * New inodes may not have an inode number assigned yet.
	332	+ * Hashing their inode number is delayed until later.
	333	+ */
	334	+ if (ci->ci_inode->i_ino)
	335	+ fscrypt_hash_inode_number(ci, mk);
290	336	return 0;
291	337	}
292	338
293	339	static int fscrypt_setup_v2_file_key(struct fscrypt_info *ci,
294		- struct fscrypt_master_key *mk)
	340	+ struct fscrypt_master_key *mk,
	341	+ bool need_dirhash_key)
295	342	{
296	343	int err;
297	344
..	..	@@ -333,8 +380,7 @@
333	380
334	381	err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf,
335	382	HKDF_CONTEXT_PER_FILE_ENC_KEY,
336		- ci->ci_nonce,
337		- FS_KEY_DERIVATION_NONCE_SIZE,
	383	+ ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
338	384	derived_key, ci->ci_mode->keysize);
339	385	if (err)
340	386	return err;
..	..	@@ -346,7 +392,7 @@
346	392	return err;
347	393
348	394	/* Derive a secret dirhash key for directories that need it. */
349		- if (S_ISDIR(ci->ci_inode->i_mode) && IS_CASEFOLDED(ci->ci_inode)) {
	395	+ if (need_dirhash_key) {
350	396	err = fscrypt_derive_dirhash_key(ci, mk);
351	397	if (err)
352	398	return err;
..	..	@@ -356,21 +402,59 @@
356	402	}
357	403
358	404	/*
	405	+ * Check whether the size of the given master key (@mk) is appropriate for the
	406	+ * encryption settings which a particular file will use (@ci).
	407	+ *
	408	+ * If the file uses a v1 encryption policy, then the master key must be at least
	409	+ * as long as the derived key, as this is a requirement of the v1 KDF.
	410	+ *
	411	+ * Otherwise, the KDF can accept any size key, so we enforce a slightly looser
	412	+ * requirement: we require that the size of the master key be at least the
	413	+ * maximum security strength of any algorithm whose key will be derived from it
	414	+ * (but in practice we only need to consider @ci->ci_mode, since any other
	415	+ * possible subkeys such as DIRHASH and INODE_HASH will never increase the
	416	+ * required key size over @ci->ci_mode). This allows AES-256-XTS keys to be
	417	+ * derived from a 256-bit master key, which is cryptographically sufficient,
	418	+ * rather than requiring a 512-bit master key which is unnecessarily long. (We
	419	+ * still allow 512-bit master keys if the user chooses to use them, though.)
	420	+ */
	421	+static bool fscrypt_valid_master_key_size(const struct fscrypt_master_key *mk,
	422	+ const struct fscrypt_info *ci)
	423	+{
	424	+ unsigned int min_keysize;
	425	+
	426	+ if (ci->ci_policy.version == FSCRYPT_POLICY_V1)
	427	+ min_keysize = ci->ci_mode->keysize;
	428	+ else
	429	+ min_keysize = ci->ci_mode->security_strength;
	430	+
	431	+ if (mk->mk_secret.size < min_keysize) {
	432	+ fscrypt_warn(NULL,
	433	+ "key with %s %*phN is too short (got %u bytes, need %u+ bytes)",
	434	+ master_key_spec_type(&mk->mk_spec),
	435	+ master_key_spec_len(&mk->mk_spec),
	436	+ (u8 *)&mk->mk_spec.u,
	437	+ mk->mk_secret.size, min_keysize);
	438	+ return false;
	439	+ }
	440	+ return true;
	441	+}
	442	+
	443	+/*
359	444	* Find the master key, then set up the inode's actual encryption key.
360	445	*
361		- * If the master key is found in the filesystem-level keyring, then the
362		- * corresponding 'struct key' is returned in *master_key_ret with
363		- * ->mk_secret_sem read-locked. This is needed to ensure that only one task
364		- * links the fscrypt_info into ->mk_decrypted_inodes (as multiple tasks may race
365		- * to create an fscrypt_info for the same inode), and to synchronize the master
366		- * key being removed with a new inode starting to use it.
	446	+ * If the master key is found in the filesystem-level keyring, then it is
	447	+ * returned in *mk_ret with its semaphore read-locked. This is needed to ensure
	448	+ * that only one task links the fscrypt_info into ->mk_decrypted_inodes (as
	449	+ * multiple tasks may race to create an fscrypt_info for the same inode), and to
	450	+ * synchronize the master key being removed with a new inode starting to use it.
367	451	*/
368	452	static int setup_file_encryption_key(struct fscrypt_info *ci,
369		- struct key **master_key_ret)
	453	+ bool need_dirhash_key,
	454	+ struct fscrypt_master_key **mk_ret)
370	455	{
371		- struct key *key;
372		- struct fscrypt_master_key *mk = NULL;
373	456	struct fscrypt_key_specifier mk_spec;
	457	+ struct fscrypt_master_key *mk;
374	458	int err;
375	459
376	460	switch (ci->ci_policy.version) {
..	..	@@ -391,11 +475,10 @@
391	475	return -EINVAL;
392	476	}
393	477
394		- key = fscrypt_find_master_key(ci->ci_inode->i_sb, &mk_spec);
395		- if (IS_ERR(key)) {
396		- if (key != ERR_PTR(-ENOKEY) \|\|
397		- ci->ci_policy.version != FSCRYPT_POLICY_V1)
398		- return PTR_ERR(key);
	478	+ mk = fscrypt_find_master_key(ci->ci_inode->i_sb, &mk_spec);
	479	+ if (!mk) {
	480	+ if (ci->ci_policy.version != FSCRYPT_POLICY_V1)
	481	+ return -ENOKEY;
399	482
400	483	err = fscrypt_select_encryption_impl(ci, false);
401	484	if (err)
..	..	@@ -409,9 +492,7 @@
409	492	*/
410	493	return fscrypt_setup_v1_file_key_via_subscribed_keyrings(ci);
411	494	}
412		-
413		- mk = key->payload.data[0];
414		- down_read(&mk->mk_secret_sem);
	495	+ down_read(&mk->mk_sem);
415	496
416	497	/* Has the secret been removed (via FS_IOC_REMOVE_ENCRYPTION_KEY)? */
417	498	if (!is_master_key_secret_present(&mk->mk_secret)) {
..	..	@@ -419,18 +500,7 @@
419	500	goto out_release_key;
420	501	}
421	502
422		- /*
423		- * Require that the master key be at least as long as the derived key.
424		- * Otherwise, the derived key cannot possibly contain as much entropy as
425		- * that required by the encryption mode it will be used for. For v1
426		- * policies it's also required for the KDF to work at all.
427		- */
428		- if (mk->mk_secret.size < ci->ci_mode->keysize) {
429		- fscrypt_warn(NULL,
430		- "key with %s %*phN is too short (got %u bytes, need %u+ bytes)",
431		- master_key_spec_type(&mk_spec),
432		- master_key_spec_len(&mk_spec), (u8 *)&mk_spec.u,
433		- mk->mk_secret.size, ci->ci_mode->keysize);
	503	+ if (!fscrypt_valid_master_key_size(mk, ci)) {
434	504	err = -ENOKEY;
435	505	goto out_release_key;
436	506	}
..	..	@@ -444,7 +514,7 @@
444	514	err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);
445	515	break;
446	516	case FSCRYPT_POLICY_V2:
447		- err = fscrypt_setup_v2_file_key(ci, mk);
	517	+ err = fscrypt_setup_v2_file_key(ci, mk, need_dirhash_key);
448	518	break;
449	519	default:
450	520	WARN_ON(1);
..	..	@@ -454,18 +524,18 @@
454	524	if (err)
455	525	goto out_release_key;
456	526
457		- *master_key_ret = key;
	527	+ *mk_ret = mk;
458	528	return 0;
459	529
460	530	out_release_key:
461		- up_read(&mk->mk_secret_sem);
462		- key_put(key);
	531	+ up_read(&mk->mk_sem);
	532	+ fscrypt_put_master_key(mk);
463	533	return err;
464	534	}
465	535
466	536	static void put_crypt_info(struct fscrypt_info *ci)
467	537	{
468		- struct key *key;
	538	+ struct fscrypt_master_key *mk;
469	539
470	540	if (!ci)
471	541	return;
..	..	@@ -473,82 +543,47 @@
473	543	if (ci->ci_direct_key)
474	544	fscrypt_put_direct_key(ci->ci_direct_key);
475	545	else if (ci->ci_owns_key)
476		- fscrypt_destroy_prepared_key(&ci->ci_key);
	546	+ fscrypt_destroy_prepared_key(&ci->ci_enc_key);
477	547
478		- key = ci->ci_master_key;
479		- if (key) {
480		- struct fscrypt_master_key *mk = key->payload.data[0];
481		-
	548	+ mk = ci->ci_master_key;
	549	+ if (mk) {
482	550	/*
483	551	* Remove this inode from the list of inodes that were unlocked
484		- * with the master key.
485		- *
486		- * In addition, if we're removing the last inode from a key that
487		- * already had its secret removed, invalidate the key so that it
488		- * gets removed from ->s_master_keys.
	552	+ * with the master key. In addition, if we're removing the last
	553	+ * inode from a master key struct that already had its secret
	554	+ * removed, then complete the full removal of the struct.
489	555	*/
490	556	spin_lock(&mk->mk_decrypted_inodes_lock);
491	557	list_del(&ci->ci_master_key_link);
492	558	spin_unlock(&mk->mk_decrypted_inodes_lock);
493		- if (refcount_dec_and_test(&mk->mk_refcount))
494		- key_invalidate(key);
495		- key_put(key);
	559	+ fscrypt_put_master_key_activeref(mk);
496	560	}
497	561	memzero_explicit(ci, sizeof(*ci));
498	562	kmem_cache_free(fscrypt_info_cachep, ci);
499	563	}
500	564
501		-int fscrypt_get_encryption_info(struct inode *inode)
	565	+static int
	566	+fscrypt_setup_encryption_info(struct inode *inode,
	567	+ const union fscrypt_policy *policy,
	568	+ const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],
	569	+ bool need_dirhash_key)
502	570	{
503	571	struct fscrypt_info *crypt_info;
504		- union fscrypt_context ctx;
505	572	struct fscrypt_mode *mode;
506		- struct key *master_key = NULL;
	573	+ struct fscrypt_master_key *mk = NULL;
507	574	int res;
508		-
509		- if (fscrypt_has_encryption_key(inode))
510		- return 0;
511	575
512	576	res = fscrypt_initialize(inode->i_sb->s_cop->flags);
513	577	if (res)
514	578	return res;
515	579
516		- res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
517		- if (res < 0) {
518		- const union fscrypt_context *dummy_ctx =
519		- fscrypt_get_dummy_context(inode->i_sb);
520		-
521		- if (IS_ENCRYPTED(inode) \|\| !dummy_ctx) {
522		- fscrypt_warn(inode,
523		- "Error %d getting encryption context",
524		- res);
525		- return res;
526		- }
527		- /* Fake up a context for an unencrypted directory */
528		- res = fscrypt_context_size(dummy_ctx);
529		- memcpy(&ctx, dummy_ctx, res);
530		- }
531		-
532		- crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_NOFS);
	580	+ crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_KERNEL);
533	581	if (!crypt_info)
534	582	return -ENOMEM;
535	583
536	584	crypt_info->ci_inode = inode;
537		-
538		- res = fscrypt_policy_from_context(&crypt_info->ci_policy, &ctx, res);
539		- if (res) {
540		- fscrypt_warn(inode,
541		- "Unrecognized or corrupt encryption context");
542		- goto out;
543		- }
544		-
545		- memcpy(crypt_info->ci_nonce, fscrypt_context_nonce(&ctx),
546		- FS_KEY_DERIVATION_NONCE_SIZE);
547		-
548		- if (!fscrypt_supported_policy(&crypt_info->ci_policy, inode)) {
549		- res = -EINVAL;
550		- goto out;
551		- }
	585	+ crypt_info->ci_policy = *policy;
	586	+ memcpy(crypt_info->ci_nonce, nonce, FSCRYPT_FILE_NONCE_SIZE);
552	587
553	588	mode = select_encryption_mode(&crypt_info->ci_policy, inode);
554	589	if (IS_ERR(mode)) {
..	..	@@ -558,17 +593,24 @@
558	593	WARN_ON(mode->ivsize > FSCRYPT_MAX_IV_SIZE);
559	594	crypt_info->ci_mode = mode;
560	595
561		- res = setup_file_encryption_key(crypt_info, &master_key);
	596	+ res = setup_file_encryption_key(crypt_info, need_dirhash_key, &mk);
562	597	if (res)
563	598	goto out;
564	599
	600	+ /*
	601	+ * For existing inodes, multiple tasks may race to set ->i_crypt_info.
	602	+ * So use cmpxchg_release(). This pairs with the smp_load_acquire() in
	603	+ * fscrypt_get_info(). I.e., here we publish ->i_crypt_info with a
	604	+ * RELEASE barrier so that other tasks can ACQUIRE it.
	605	+ */
565	606	if (cmpxchg_release(&inode->i_crypt_info, NULL, crypt_info) == NULL) {
566		- if (master_key) {
567		- struct fscrypt_master_key *mk =
568		- master_key->payload.data[0];
569		-
570		- refcount_inc(&mk->mk_refcount);
571		- crypt_info->ci_master_key = key_get(master_key);
	607	+ /*
	608	+ * We won the race and set ->i_crypt_info to our crypt_info.
	609	+ * Now link it into the master key's inode list.
	610	+ */
	611	+ if (mk) {
	612	+ crypt_info->ci_master_key = mk;
	613	+ refcount_inc(&mk->mk_active_refs);
572	614	spin_lock(&mk->mk_decrypted_inodes_lock);
573	615	list_add(&crypt_info->ci_master_key_link,
574	616	&mk->mk_decrypted_inodes);
..	..	@@ -578,18 +620,129 @@
578	620	}
579	621	res = 0;
580	622	out:
581		- if (master_key) {
582		- struct fscrypt_master_key *mk = master_key->payload.data[0];
583		-
584		- up_read(&mk->mk_secret_sem);
585		- key_put(master_key);
	623	+ if (mk) {
	624	+ up_read(&mk->mk_sem);
	625	+ fscrypt_put_master_key(mk);
586	626	}
587		- if (res == -ENOKEY)
588		- res = 0;
589	627	put_crypt_info(crypt_info);
590	628	return res;
591	629	}
592		-EXPORT_SYMBOL(fscrypt_get_encryption_info);
	630	+
	631	+/**
	632	+ * fscrypt_get_encryption_info() - set up an inode's encryption key
	633	+ * @inode: the inode to set up the key for. Must be encrypted.
	634	+ * @allow_unsupported: if %true, treat an unsupported encryption policy (or
	635	+ * unrecognized encryption context) the same way as the key
	636	+ * being unavailable, instead of returning an error. Use
	637	+ * %false unless the operation being performed is needed in
	638	+ * order for files (or directories) to be deleted.
	639	+ *
	640	+ * Set up ->i_crypt_info, if it hasn't already been done.
	641	+ *
	642	+ * Note: unless ->i_crypt_info is already set, this isn't %GFP_NOFS-safe. So
	643	+ * generally this shouldn't be called from within a filesystem transaction.
	644	+ *
	645	+ * Return: 0 if ->i_crypt_info was set or was already set, or if the
	646	+ * encryption key is unavailable. (Use fscrypt_has_encryption_key() to
	647	+ * distinguish these cases.) Also can return another -errno code.
	648	+ */
	649	+int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported)
	650	+{
	651	+ int res;
	652	+ union fscrypt_context ctx;
	653	+ union fscrypt_policy policy;
	654	+
	655	+ if (fscrypt_has_encryption_key(inode))
	656	+ return 0;
	657	+
	658	+ res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	659	+ if (res < 0) {
	660	+ if (res == -ERANGE && allow_unsupported)
	661	+ return 0;
	662	+ fscrypt_warn(inode, "Error %d getting encryption context", res);
	663	+ return res;
	664	+ }
	665	+
	666	+ res = fscrypt_policy_from_context(&policy, &ctx, res);
	667	+ if (res) {
	668	+ if (allow_unsupported)
	669	+ return 0;
	670	+ fscrypt_warn(inode,
	671	+ "Unrecognized or corrupt encryption context");
	672	+ return res;
	673	+ }
	674	+
	675	+ if (!fscrypt_supported_policy(&policy, inode)) {
	676	+ if (allow_unsupported)
	677	+ return 0;
	678	+ return -EINVAL;
	679	+ }
	680	+
	681	+ res = fscrypt_setup_encryption_info(inode, &policy,
	682	+ fscrypt_context_nonce(&ctx),
	683	+ IS_CASEFOLDED(inode) &&
	684	+ S_ISDIR(inode->i_mode));
	685	+
	686	+ if (res == -ENOPKG && allow_unsupported) /* Algorithm unavailable? */
	687	+ res = 0;
	688	+ if (res == -ENOKEY)
	689	+ res = 0;
	690	+ return res;
	691	+}
	692	+
	693	+/**
	694	+ * fscrypt_prepare_new_inode() - prepare to create a new inode in a directory
	695	+ * @dir: a possibly-encrypted directory
	696	+ * @inode: the new inode. ->i_mode must be set already.
	697	+ * ->i_ino doesn't need to be set yet.
	698	+ * @encrypt_ret: (output) set to %true if the new inode will be encrypted
	699	+ *
	700	+ * If the directory is encrypted, set up its ->i_crypt_info in preparation for
	701	+ * encrypting the name of the new file. Also, if the new inode will be
	702	+ * encrypted, set up its ->i_crypt_info and set *encrypt_ret=true.
	703	+ *
	704	+ * This isn't %GFP_NOFS-safe, and therefore it should be called before starting
	705	+ * any filesystem transaction to create the inode. For this reason, ->i_ino
	706	+ * isn't required to be set yet, as the filesystem may not have set it yet.
	707	+ *
	708	+ * This doesn't persist the new inode's encryption context. That still needs to
	709	+ * be done later by calling fscrypt_set_context().
	710	+ *
	711	+ * Return: 0 on success, -ENOKEY if the encryption key is missing, or another
	712	+ * -errno code
	713	+ */
	714	+int fscrypt_prepare_new_inode(struct inode dir, struct inode inode,
	715	+ bool *encrypt_ret)
	716	+{
	717	+ const union fscrypt_policy *policy;
	718	+ u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
	719	+
	720	+ policy = fscrypt_policy_to_inherit(dir);
	721	+ if (policy == NULL)
	722	+ return 0;
	723	+ if (IS_ERR(policy))
	724	+ return PTR_ERR(policy);
	725	+
	726	+ if (WARN_ON_ONCE(inode->i_mode == 0))
	727	+ return -EINVAL;
	728	+
	729	+ /*
	730	+ * Only regular files, directories, and symlinks are encrypted.
	731	+ * Special files like device nodes and named pipes aren't.
	732	+ */
	733	+ if (!S_ISREG(inode->i_mode) &&
	734	+ !S_ISDIR(inode->i_mode) &&
	735	+ !S_ISLNK(inode->i_mode))
	736	+ return 0;
	737	+
	738	+ *encrypt_ret = true;
	739	+
	740	+ get_random_bytes(nonce, FSCRYPT_FILE_NONCE_SIZE);
	741	+ return fscrypt_setup_encryption_info(inode, policy, nonce,
	742	+ IS_CASEFOLDED(dir) &&
	743	+ S_ISDIR(inode->i_mode));
	744	+}
	745	+EXPORT_SYMBOL_GPL(fscrypt_prepare_new_inode);
593	746
594	747	/**
595	748	* fscrypt_put_encryption_info() - free most of an inode's fscrypt data
..	..	@@ -633,8 +786,7 @@
633	786	*/
634	787	int fscrypt_drop_inode(struct inode *inode)
635	788	{
636		- const struct fscrypt_info *ci = READ_ONCE(inode->i_crypt_info);
637		- const struct fscrypt_master_key *mk;
	789	+ const struct fscrypt_info *ci = fscrypt_get_info(inode);
638	790
639	791	/*
640	792	* If ci is NULL, then the inode doesn't have an encryption key set up
..	..	@@ -644,7 +796,6 @@
644	796	*/
645	797	if (!ci \|\| !ci->ci_master_key)
646	798	return 0;
647		- mk = ci->ci_master_key->payload.data[0];
648	799
649	800	/*
650	801	* With proper, non-racy use of FS_IOC_REMOVE_ENCRYPTION_KEY, all inodes
..	..	@@ -656,13 +807,13 @@
656	807	return 0;
657	808
658	809	/*
659		- * Note: since we aren't holding ->mk_secret_sem, the result here can
	810	+ * Note: since we aren't holding the key semaphore, the result here can
660	811	* immediately become outdated. But there's no correctness problem with
661	812	* unnecessarily evicting. Nor is there a correctness problem with not
662	813	* evicting while iput() is racing with the key being removed, since
663	814	* then the thread removing the key will either evict the inode itself
664	815	* or will correctly detect that it wasn't evicted due to the race.
665	816	*/
666		- return !is_master_key_secret_present(&mk->mk_secret);
	817	+ return !is_master_key_secret_present(&ci->ci_master_key->mk_secret);
667	818	}
668	819	EXPORT_SYMBOL_GPL(fscrypt_drop_inode);