diff options
| author |   Eric Biggers <ebiggers@google.com> | 2020-09-23 21:26:23 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-09-23 21:29:49 -0700 |
| commit | 70fb2612aab62d47e03f82eaa7384a8d30ca175d (patch) | |
| tree | b5bb95edeeedc20ad954dc9c56d9285d6cb717df /fs/crypto | |
| parent | fscrypt: use sha256() instead of open coding (diff) | |
| download | linux-dev-70fb2612aab62d47e03f82eaa7384a8d30ca175d.tar.xz linux-dev-70fb2612aab62d47e03f82eaa7384a8d30ca175d.zip | |
fscrypt: don't call no-key names "ciphertext names"
Currently we're using the term "ciphertext name" ambiguously because it
can mean either the actual ciphertext filename, or the encoded filename
that is shown when an encrypted directory is listed without its key.
The latter we're now usually calling the "no-key name"; and while it's
derived from the ciphertext name, it's not the same thing.
To avoid this ambiguity, rename fscrypt_name::is_ciphertext_name to
fscrypt_name::is_nokey_name, and update comments that say "ciphertext
name" (or "encrypted name") to say "no-key name" instead when warranted.
Link: https://lore.kernel.org/r/20200924042624.98439-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto')
| -rw-r--r-- | fs/crypto/fname.c | 16 | ||||
| -rw-r--r-- | fs/crypto/hooks.c | 6 |
2 files changed, 11 insertions, 11 deletions
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index f47b581d8a94..391acea4bc96 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -382,9 +382,9 @@ EXPORT_SYMBOL(fscrypt_fname_disk_to_usr); * directory's encryption key, then @iname is the plaintext, so we encrypt it to * get the disk_name. * - * Else, for keyless @lookup operations, @iname is the presented ciphertext, so - * we decode it to get the fscrypt_nokey_name. Non-@lookup operations will be - * impossible in this case, so we fail them with ENOKEY. + * Else, for keyless @lookup operations, @iname should be a no-key name, so we + * decode it to get the struct fscrypt_nokey_name. Non-@lookup operations will + * be impossible in this case, so we fail them with ENOKEY. * * If successful, fscrypt_free_filename() must be called later to clean up. * @@ -429,7 +429,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, } if (!lookup) return -ENOKEY; - fname->is_ciphertext_name = true; + fname->is_nokey_name = true; /* * We don't have the key and we are doing a lookup; decode the @@ -538,17 +538,17 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) /* * Plaintext names are always valid, since fscrypt doesn't support - * reverting to ciphertext names without evicting the directory's inode + * reverting to no-key names without evicting the directory's inode * -- which implies eviction of the dentries in the directory. */ if (!(dentry->d_flags & DCACHE_ENCRYPTED_NAME)) return 1; /* - * Ciphertext name; valid if the directory's key is still unavailable. + * No-key name; valid if the directory's key is still unavailable. * - * Although fscrypt forbids rename() on ciphertext names, we still must - * use dget_parent() here rather than use ->d_parent directly. That's + * Although fscrypt forbids rename() on no-key names, we still must use + * dget_parent() here rather than use ->d_parent directly. That's * because a corrupted fs image may contain directory hard links, which * the VFS handles by moving the directory's dentry tree in the dcache * each time ->lookup() finds the directory and it already has a dentry diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 42f5ee9f592d..ca996e1c92d9 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -60,7 +60,7 @@ int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, if (err) return err; - /* ... in case we looked up ciphertext name before key was added */ + /* ... in case we looked up no-key name before key was added */ if (dentry->d_flags & DCACHE_ENCRYPTED_NAME) return -ENOKEY; @@ -85,7 +85,7 @@ int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, if (err) return err; - /* ... in case we looked up ciphertext name(s) before key was added */ + /* ... in case we looked up no-key name(s) before key was added */ if ((old_dentry->d_flags | new_dentry->d_flags) & DCACHE_ENCRYPTED_NAME) return -ENOKEY; @@ -114,7 +114,7 @@ int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, if (err && err != -ENOENT) return err; - if (fname->is_ciphertext_name) { + if (fname->is_nokey_name) { spin_lock(&dentry->d_lock); dentry->d_flags |= DCACHE_ENCRYPTED_NAME; spin_unlock(&dentry->d_lock); |