fscrypt: require that fscrypt_encrypt_symlink() already has key

Now that all filesystems have been converted to use fscrypt_prepare_new_inode(), the encryption key for new symlink inodes is now already set up whenever we try to encrypt the symlink target. Enforce this rather than try to set up the key again when it may be too late to do so safely. Acked-by: Jeff Layton <jlayton@kernel.org> Link: https://lore.kernel.org/r/20200917041136.178600-9-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
author: Eric Biggers <ebiggers@google.com> 2020-09-16 21:11:31 -0700
committer: Eric Biggers <ebiggers@google.com> 2020-09-22 06:48:41 -0700
commit: 4cc1a3e7e8520226c62019553b18f1c12388a99d (patch)
tree: f759499aef2d5cc8ba7902328e72d828fc47880e /fs/crypto/hooks.c
parent: e9d5e31d2fe39825b0fc276b14f2a322faf3c77b (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c
index 491b252843eb..7748db509240 100644
--- a/fs/crypto/hooks.c
+++ b/fs/crypto/hooks.c
@@ -217,9 +217,13 @@ int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
 	struct fscrypt_symlink_data *sd;
 	unsigned int ciphertext_len;
 
-	err = fscrypt_require_key(inode);
-	if (err)
-		return err;
+	/*
+	 * fscrypt_prepare_new_inode() should have already set up the new
+	 * symlink inode's encryption key.  We don't wait until now to do it,
+	 * since we may be in a filesystem transaction now.
+	 */
+	if (WARN_ON_ONCE(!fscrypt_has_encryption_key(inode)))
+		return -ENOKEY;
 
 	if (disk_link->name) {
 		/* filesystem-provided buffer */
author	Eric Biggers <ebiggers@google.com>	2020-09-16 21:11:31 -0700
committer	Eric Biggers <ebiggers@google.com>	2020-09-22 06:48:41 -0700
commit	4cc1a3e7e8520226c62019553b18f1c12388a99d (patch)
tree	f759499aef2d5cc8ba7902328e72d828fc47880e /fs/crypto/hooks.c
parent	e9d5e31d2fe39825b0fc276b14f2a322faf3c77b (diff)