|
@@ -265,4 +265,29 @@ static inline int fscrypt_prepare_lookup(struct inode *dir,
|
|
|
return 0;
|
|
return 0;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+/**
|
|
|
|
|
+ * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
|
|
|
|
|
+ * @dentry: dentry through which the inode is being changed
|
|
|
|
|
+ * @attr: attributes to change
|
|
|
|
|
+ *
|
|
|
|
|
+ * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
|
|
|
|
|
+ * most attribute changes are allowed even without the encryption key. However,
|
|
|
|
|
+ * without the encryption key we do have to forbid truncates. This is needed
|
|
|
|
|
+ * because the size being truncated to may not be a multiple of the filesystem
|
|
|
|
|
+ * block size, and in that case we'd have to decrypt the final block, zero the
|
|
|
|
|
+ * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
|
|
|
|
|
+ * filesystem block boundary, but it's simpler to just forbid all truncates ---
|
|
|
|
|
+ * and we already forbid all other contents modifications without the key.)
|
|
|
|
|
+ *
|
|
|
|
|
+ * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
|
|
|
|
|
+ * if a problem occurred while setting up the encryption key.
|
|
|
|
|
+ */
|
|
|
|
|
+static inline int fscrypt_prepare_setattr(struct dentry *dentry,
|
|
|
|
|
+ struct iattr *attr)
|
|
|
|
|
+{
|
|
|
|
|
+ if (attr->ia_valid & ATTR_SIZE)
|
|
|
|
|
+ return fscrypt_require_key(d_inode(dentry));
|
|
|
|
|
+ return 0;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
#endif /* _LINUX_FSCRYPT_H */
|
|
#endif /* _LINUX_FSCRYPT_H */
|
Eric Biggers