fscrypt: make it clearer that key_prefix is deprecated

fscrypt_operations::key_prefix should not be set by any filesystems that
aren't setting it already.  This is already documented, but apparently
it's not sufficiently clear, as both ceph and btrfs have tried to set
it.  Rename the field to legacy_key_prefix and improve the documentation
to hopefully make it clearer.

Link: https://lore.kernel.org/r/20230925055451.59499-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>

diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 75dabd9b27f9b6ce6c8f78d49e46ae76c22337c9..86b48a2b47d1b3f6215123ec22b0c356a6363fc1 100644 (file)
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -299,6 +299,7 @@ int fscrypt_setup_v1_file_key(struct fscrypt_info *ci, const u8 *raw_master_key)
 
 int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci)
 {
+       const struct super_block *sb = ci->ci_inode->i_sb;
        struct key *key;
        const struct fscrypt_key *payload;
        int err;
@@ -306,8 +307,8 @@ int fscrypt_setup_v1_file_key_via_subscribed_keyrings(struct fscrypt_info *ci)
        key = find_and_lock_process_key(FSCRYPT_KEY_DESC_PREFIX,
                                        ci->ci_policy.v1.master_key_descriptor,
                                        ci->ci_mode->keysize, &payload);
-       if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {
-               key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,
+       if (key == ERR_PTR(-ENOKEY) && sb->s_cop->legacy_key_prefix) {
+               key = find_and_lock_process_key(sb->s_cop->legacy_key_prefix,
                                                ci->ci_policy.v1.master_key_descriptor,
                                                ci->ci_mode->keysize, &payload);
        }

diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
index 453d4da5de5207ff3a2c19a74b5311f5ec54add8..99a4769a53f633fbf3bf3f7e2623b93d45242e33 100644 (file)
--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -240,7 +240,7 @@ static void ext4_get_ino_and_lblk_bits(struct super_block *sb,
 }
 
 const struct fscrypt_operations ext4_cryptops = {
-       .key_prefix             = "ext4:",
+       .legacy_key_prefix      = "ext4:",
        .get_context            = ext4_get_context,
        .set_context            = ext4_set_context,
        .get_dummy_policy       = ext4_get_dummy_policy,

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index a8c8232852bb18749f8a60238c15dfab7f55e0e7..f60062b558fd1957c5e80f495e0cc2f70a492feb 100644 (file)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3231,7 +3231,7 @@ static struct block_device **f2fs_get_devices(struct super_block *sb,
 }
 
 static const struct fscrypt_operations f2fs_cryptops = {
-       .key_prefix             = "f2fs:",
+       .legacy_key_prefix      = "f2fs:",
        .get_context            = f2fs_get_context,
        .set_context            = f2fs_set_context,
        .get_dummy_policy       = f2fs_get_dummy_policy,

diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c
index 3125e76376ee63428fc68ab38181b9e1d86dae19..1be3e11da3b3e6f219fca56877081dbd19cd61a0 100644 (file)
--- a/fs/ubifs/crypto.c
+++ b/fs/ubifs/crypto.c
@@ -89,7 +89,7 @@ int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn,
 
 const struct fscrypt_operations ubifs_crypt_operations = {
        .flags                  = FS_CFLG_OWN_PAGES,
-       .key_prefix             = "ubifs:",
+       .legacy_key_prefix      = "ubifs:",
        .get_context            = ubifs_crypt_get_context,
        .set_context            = ubifs_crypt_set_context,
        .empty_dir              = ubifs_crypt_empty_dir,

diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index c895b12737a19395193b9c0419c7753b1411b340..b0037566ce308dfe925f0fd7e00717b9b7893ec7 100644 (file)
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -73,12 +73,16 @@ struct fscrypt_operations {
        unsigned int flags;
 
        /*
-        * If set, this is a filesystem-specific key description prefix that
-        * will be accepted for "logon" keys for v1 fscrypt policies, in
-        * addition to the generic prefix "fscrypt:".  This functionality is
-        * deprecated, so new filesystems shouldn't set this field.
+        * This field exists only for backwards compatibility reasons and should
+        * only be set by the filesystems that are setting it already.  It
+        * contains the filesystem-specific key description prefix that is
+        * accepted for "logon" keys for v1 fscrypt policies.  This
+        * functionality is deprecated in favor of the generic prefix
+        * "fscrypt:", which itself is deprecated in favor of the filesystem
+        * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY.  Filesystems that
+        * are newly adding fscrypt support should not set this field.
         */
-       const char *key_prefix;
+       const char *legacy_key_prefix;
 
        /*
         * Get the fscrypt context of the given inode.