Commit 63f668f0 authored by Eric Biggers's avatar Eric Biggers

fscrypt: improve warning messages for unsupported encryption contexts

When fs/crypto/ encounters an inode with an invalid encryption context,
currently it prints a warning if the pair of encryption modes are
unrecognized, but it's silent if there are other problems such as
unsupported context size, format, or flags.  To help people debug such
situations, add more warning messages.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent 886da8b3
...@@ -510,8 +510,12 @@ int fscrypt_get_encryption_info(struct inode *inode) ...@@ -510,8 +510,12 @@ int fscrypt_get_encryption_info(struct inode *inode)
res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
if (res < 0) { if (res < 0) {
if (!fscrypt_dummy_context_enabled(inode) || if (!fscrypt_dummy_context_enabled(inode) ||
IS_ENCRYPTED(inode)) IS_ENCRYPTED(inode)) {
fscrypt_warn(inode,
"Error %d getting encryption context",
res);
return res; return res;
}
/* Fake up a context for an unencrypted directory */ /* Fake up a context for an unencrypted directory */
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;
...@@ -519,14 +523,22 @@ int fscrypt_get_encryption_info(struct inode *inode) ...@@ -519,14 +523,22 @@ int fscrypt_get_encryption_info(struct inode *inode)
ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE);
} else if (res != sizeof(ctx)) { } else if (res != sizeof(ctx)) {
fscrypt_warn(inode,
"Unknown encryption context size (%d bytes)", res);
return -EINVAL; return -EINVAL;
} }
if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) {
fscrypt_warn(inode, "Unknown encryption context version (%d)",
ctx.format);
return -EINVAL; return -EINVAL;
}
if (ctx.flags & ~FS_POLICY_FLAGS_VALID) if (ctx.flags & ~FS_POLICY_FLAGS_VALID) {
fscrypt_warn(inode, "Unknown encryption context flags (0x%02x)",
ctx.flags);
return -EINVAL; return -EINVAL;
}
crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_NOFS); crypt_info = kmem_cache_zalloc(fscrypt_info_cachep, GFP_NOFS);
if (!crypt_info) if (!crypt_info)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment