fscrypt updates for 5.8
- Add the IV_INO_LBLK_32 encryption policy flag which modifies the encryption to be optimized for eMMC inline encryption hardware. - Make the test_dummy_encryption mount option for ext4 and f2fs support v2 encryption policies. - Fix kerneldoc warnings and some coding style inconsistencies. There will be merge conflicts with the ext4 and f2fs trees due to the test_dummy_encryption change, but the resolutions are straightforward. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQSacvsUNc7UX4ntmEPzXCl4vpKOKwUCXtScMBQcZWJpZ2dlcnNA Z29vZ2xlLmNvbQAKCRDzXCl4vpKOKxC6AP0eOEkMrc9e10YftdN6xsyRjvqiPyFg oMjuU+SvQ+/sVgEAo0mBFITnl75ZGb8PyqXCNMDAy6uHaxcEjVGufx5q2QE= =dbxy -----END PGP SIGNATURE----- Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt Pull fscrypt updates from Eric Biggers: - Add the IV_INO_LBLK_32 encryption policy flag which modifies the encryption to be optimized for eMMC inline encryption hardware. - Make the test_dummy_encryption mount option for ext4 and f2fs support v2 encryption policies. - Fix kerneldoc warnings and some coding style inconsistencies. * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt: fscrypt: add support for IV_INO_LBLK_32 policies fscrypt: make test_dummy_encryption use v2 by default fscrypt: support test_dummy_encryption=v2 fscrypt: add fscrypt_add_test_dummy_key() linux/parser.h: add include guards fscrypt: remove unnecessary extern keywords fscrypt: name all function parameters fscrypt: fix all kerneldoc warnings
This commit is contained in:
Linus Torvalds
commit
afdb0f2ec5
18 changed files with 735 additions and 300 deletions
|
|
@ -15,12 +15,15 @@
|
|||
|
||||
#include <linux/fs.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/parser.h>
|
||||
#include <linux/slab.h>
|
||||
#include <uapi/linux/fscrypt.h>
|
||||
|
||||
#define FS_CRYPTO_BLOCK_SIZE 16
|
||||
|
||||
union fscrypt_context;
|
||||
struct fscrypt_info;
|
||||
struct seq_file;
|
||||
|
||||
struct fscrypt_str {
|
||||
unsigned char *name;
|
||||
|
|
@ -56,10 +59,12 @@ struct fscrypt_name {
|
|||
struct fscrypt_operations {
|
||||
unsigned int flags;
|
||||
const char *key_prefix;
|
||||
int (*get_context)(struct inode *, void *, size_t);
|
||||
int (*set_context)(struct inode *, const void *, size_t, void *);
|
||||
bool (*dummy_context)(struct inode *);
|
||||
bool (*empty_dir)(struct inode *);
|
||||
int (*get_context)(struct inode *inode, void *ctx, size_t len);
|
||||
int (*set_context)(struct inode *inode, const void *ctx, size_t len,
|
||||
void *fs_data);
|
||||
const union fscrypt_context *(*get_dummy_context)(
|
||||
struct super_block *sb);
|
||||
bool (*empty_dir)(struct inode *inode);
|
||||
unsigned int max_namelen;
|
||||
bool (*has_stable_inodes)(struct super_block *sb);
|
||||
void (*get_ino_and_lblk_bits)(struct super_block *sb,
|
||||
|
|
@ -75,6 +80,7 @@ static inline bool fscrypt_has_encryption_key(const struct inode *inode)
|
|||
/**
|
||||
* fscrypt_needs_contents_encryption() - check whether an inode needs
|
||||
* contents encryption
|
||||
* @inode: the inode to check
|
||||
*
|
||||
* Return: %true iff the inode is an encrypted regular file and the kernel was
|
||||
* built with fscrypt support.
|
||||
|
|
@ -87,10 +93,12 @@ static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
|
|||
return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
|
||||
}
|
||||
|
||||
static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
|
||||
static inline const union fscrypt_context *
|
||||
fscrypt_get_dummy_context(struct super_block *sb)
|
||||
{
|
||||
return inode->i_sb->s_cop->dummy_context &&
|
||||
inode->i_sb->s_cop->dummy_context(inode);
|
||||
if (!sb->s_cop->get_dummy_context)
|
||||
return NULL;
|
||||
return sb->s_cop->get_dummy_context(sb);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -106,22 +114,21 @@ static inline void fscrypt_handle_d_move(struct dentry *dentry)
|
|||
}
|
||||
|
||||
/* crypto.c */
|
||||
extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
|
||||
void fscrypt_enqueue_decrypt_work(struct work_struct *);
|
||||
|
||||
extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
|
||||
unsigned int len,
|
||||
unsigned int offs,
|
||||
gfp_t gfp_flags);
|
||||
extern int fscrypt_encrypt_block_inplace(const struct inode *inode,
|
||||
struct page *page, unsigned int len,
|
||||
unsigned int offs, u64 lblk_num,
|
||||
gfp_t gfp_flags);
|
||||
struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
|
||||
unsigned int len,
|
||||
unsigned int offs,
|
||||
gfp_t gfp_flags);
|
||||
int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
|
||||
unsigned int len, unsigned int offs,
|
||||
u64 lblk_num, gfp_t gfp_flags);
|
||||
|
||||
extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
|
||||
unsigned int offs);
|
||||
extern int fscrypt_decrypt_block_inplace(const struct inode *inode,
|
||||
struct page *page, unsigned int len,
|
||||
unsigned int offs, u64 lblk_num);
|
||||
int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
|
||||
unsigned int offs);
|
||||
int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
|
||||
unsigned int len, unsigned int offs,
|
||||
u64 lblk_num);
|
||||
|
||||
static inline bool fscrypt_is_bounce_page(struct page *page)
|
||||
{
|
||||
|
|
@ -133,78 +140,90 @@ static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
|
|||
return (struct page *)page_private(bounce_page);
|
||||
}
|
||||
|
||||
extern void fscrypt_free_bounce_page(struct page *bounce_page);
|
||||
void fscrypt_free_bounce_page(struct page *bounce_page);
|
||||
|
||||
/* policy.c */
|
||||
extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
|
||||
extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
|
||||
extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
|
||||
extern int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
|
||||
extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
|
||||
extern int fscrypt_inherit_context(struct inode *, struct inode *,
|
||||
void *, bool);
|
||||
int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
|
||||
int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
|
||||
int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
|
||||
int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
|
||||
int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
|
||||
int fscrypt_inherit_context(struct inode *parent, struct inode *child,
|
||||
void *fs_data, bool preload);
|
||||
|
||||
struct fscrypt_dummy_context {
|
||||
const union fscrypt_context *ctx;
|
||||
};
|
||||
|
||||
int fscrypt_set_test_dummy_encryption(struct super_block *sb,
|
||||
const substring_t *arg,
|
||||
struct fscrypt_dummy_context *dummy_ctx);
|
||||
void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
|
||||
struct super_block *sb);
|
||||
static inline void
|
||||
fscrypt_free_dummy_context(struct fscrypt_dummy_context *dummy_ctx)
|
||||
{
|
||||
kfree(dummy_ctx->ctx);
|
||||
dummy_ctx->ctx = NULL;
|
||||
}
|
||||
|
||||
/* keyring.c */
|
||||
extern void fscrypt_sb_free(struct super_block *sb);
|
||||
extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
|
||||
extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
|
||||
extern int fscrypt_ioctl_remove_key_all_users(struct file *filp,
|
||||
void __user *arg);
|
||||
extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
|
||||
void fscrypt_sb_free(struct super_block *sb);
|
||||
int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
|
||||
int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
|
||||
int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
|
||||
int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
|
||||
|
||||
/* keysetup.c */
|
||||
extern int fscrypt_get_encryption_info(struct inode *);
|
||||
extern void fscrypt_put_encryption_info(struct inode *);
|
||||
extern void fscrypt_free_inode(struct inode *);
|
||||
extern int fscrypt_drop_inode(struct inode *inode);
|
||||
int fscrypt_get_encryption_info(struct inode *inode);
|
||||
void fscrypt_put_encryption_info(struct inode *inode);
|
||||
void fscrypt_free_inode(struct inode *inode);
|
||||
int fscrypt_drop_inode(struct inode *inode);
|
||||
|
||||
/* fname.c */
|
||||
extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
|
||||
int lookup, struct fscrypt_name *);
|
||||
int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
|
||||
int lookup, struct fscrypt_name *fname);
|
||||
|
||||
static inline void fscrypt_free_filename(struct fscrypt_name *fname)
|
||||
{
|
||||
kfree(fname->crypto_buf.name);
|
||||
}
|
||||
|
||||
extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
|
||||
struct fscrypt_str *);
|
||||
extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
|
||||
extern int fscrypt_fname_disk_to_usr(const struct inode *inode,
|
||||
u32 hash, u32 minor_hash,
|
||||
const struct fscrypt_str *iname,
|
||||
struct fscrypt_str *oname);
|
||||
extern bool fscrypt_match_name(const struct fscrypt_name *fname,
|
||||
const u8 *de_name, u32 de_name_len);
|
||||
extern u64 fscrypt_fname_siphash(const struct inode *dir,
|
||||
const struct qstr *name);
|
||||
int fscrypt_fname_alloc_buffer(const struct inode *inode, u32 max_encrypted_len,
|
||||
struct fscrypt_str *crypto_str);
|
||||
void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
|
||||
int fscrypt_fname_disk_to_usr(const struct inode *inode,
|
||||
u32 hash, u32 minor_hash,
|
||||
const struct fscrypt_str *iname,
|
||||
struct fscrypt_str *oname);
|
||||
bool fscrypt_match_name(const struct fscrypt_name *fname,
|
||||
const u8 *de_name, u32 de_name_len);
|
||||
u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
|
||||
|
||||
/* bio.c */
|
||||
extern void fscrypt_decrypt_bio(struct bio *);
|
||||
extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
|
||||
unsigned int);
|
||||
void fscrypt_decrypt_bio(struct bio *bio);
|
||||
int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
|
||||
sector_t pblk, unsigned int len);
|
||||
|
||||
/* hooks.c */
|
||||
extern int fscrypt_file_open(struct inode *inode, struct file *filp);
|
||||
extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
|
||||
struct dentry *dentry);
|
||||
extern int __fscrypt_prepare_rename(struct inode *old_dir,
|
||||
struct dentry *old_dentry,
|
||||
struct inode *new_dir,
|
||||
struct dentry *new_dentry,
|
||||
unsigned int flags);
|
||||
extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
|
||||
struct fscrypt_name *fname);
|
||||
extern int fscrypt_prepare_setflags(struct inode *inode,
|
||||
unsigned int oldflags, unsigned int flags);
|
||||
extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
|
||||
unsigned int max_len,
|
||||
struct fscrypt_str *disk_link);
|
||||
extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
|
||||
unsigned int len,
|
||||
struct fscrypt_str *disk_link);
|
||||
extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
|
||||
unsigned int max_size,
|
||||
struct delayed_call *done);
|
||||
int fscrypt_file_open(struct inode *inode, struct file *filp);
|
||||
int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
|
||||
struct dentry *dentry);
|
||||
int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
|
||||
struct inode *new_dir, struct dentry *new_dentry,
|
||||
unsigned int flags);
|
||||
int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
|
||||
struct fscrypt_name *fname);
|
||||
int fscrypt_prepare_setflags(struct inode *inode,
|
||||
unsigned int oldflags, unsigned int flags);
|
||||
int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
|
||||
unsigned int max_len,
|
||||
struct fscrypt_str *disk_link);
|
||||
int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
|
||||
unsigned int len, struct fscrypt_str *disk_link);
|
||||
const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
|
||||
unsigned int max_size,
|
||||
struct delayed_call *done);
|
||||
static inline void fscrypt_set_ops(struct super_block *sb,
|
||||
const struct fscrypt_operations *s_cop)
|
||||
{
|
||||
|
|
@ -222,9 +241,10 @@ static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
|
|||
return false;
|
||||
}
|
||||
|
||||
static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
|
||||
static inline const union fscrypt_context *
|
||||
fscrypt_get_dummy_context(struct super_block *sb)
|
||||
{
|
||||
return false;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline void fscrypt_handle_d_move(struct dentry *dentry)
|
||||
|
|
@ -319,6 +339,20 @@ static inline int fscrypt_inherit_context(struct inode *parent,
|
|||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
struct fscrypt_dummy_context {
|
||||
};
|
||||
|
||||
static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
|
||||
char sep,
|
||||
struct super_block *sb)
|
||||
{
|
||||
}
|
||||
|
||||
static inline void
|
||||
fscrypt_free_dummy_context(struct fscrypt_dummy_context *dummy_ctx)
|
||||
{
|
||||
}
|
||||
|
||||
/* keyring.c */
|
||||
static inline void fscrypt_sb_free(struct super_block *sb)
|
||||
{
|
||||
|
|
@ -504,7 +538,7 @@ static inline void fscrypt_set_ops(struct super_block *sb,
|
|||
#endif /* !CONFIG_FS_ENCRYPTION */
|
||||
|
||||
/**
|
||||
* fscrypt_require_key - require an inode's encryption key
|
||||
* fscrypt_require_key() - require an inode's encryption key
|
||||
* @inode: the inode we need the key for
|
||||
*
|
||||
* If the inode is encrypted, set up its encryption key if not already done.
|
||||
|
|
@ -530,7 +564,8 @@ static inline int fscrypt_require_key(struct inode *inode)
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
|
||||
* fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
|
||||
* directory
|
||||
* @old_dentry: an existing dentry for the inode being linked
|
||||
* @dir: the target directory
|
||||
* @dentry: negative dentry for the target filename
|
||||
|
|
@ -557,7 +592,8 @@ static inline int fscrypt_prepare_link(struct dentry *old_dentry,
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
|
||||
* fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
|
||||
* directories
|
||||
* @old_dir: source directory
|
||||
* @old_dentry: dentry for source file
|
||||
* @new_dir: target directory
|
||||
|
|
@ -590,7 +626,8 @@ static inline int fscrypt_prepare_rename(struct inode *old_dir,
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
|
||||
* fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
|
||||
* directory
|
||||
* @dir: directory being searched
|
||||
* @dentry: filename being looked up
|
||||
* @fname: (output) the name to use to search the on-disk directory
|
||||
|
|
@ -623,7 +660,8 @@ static inline int fscrypt_prepare_lookup(struct inode *dir,
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
|
||||
* fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
|
||||
* attributes
|
||||
* @dentry: dentry through which the inode is being changed
|
||||
* @attr: attributes to change
|
||||
*
|
||||
|
|
@ -648,7 +686,7 @@ static inline int fscrypt_prepare_setattr(struct dentry *dentry,
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
|
||||
* fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink
|
||||
* @dir: directory in which the symlink is being created
|
||||
* @target: plaintext symlink target
|
||||
* @len: length of @target excluding null terminator
|
||||
|
|
@ -676,7 +714,7 @@ static inline int fscrypt_prepare_symlink(struct inode *dir,
|
|||
unsigned int max_len,
|
||||
struct fscrypt_str *disk_link)
|
||||
{
|
||||
if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
|
||||
if (IS_ENCRYPTED(dir) || fscrypt_get_dummy_context(dir->i_sb) != NULL)
|
||||
return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
|
||||
|
||||
disk_link->name = (unsigned char *)target;
|
||||
|
|
@ -687,7 +725,7 @@ static inline int fscrypt_prepare_symlink(struct inode *dir,
|
|||
}
|
||||
|
||||
/**
|
||||
* fscrypt_encrypt_symlink - encrypt the symlink target if needed
|
||||
* fscrypt_encrypt_symlink() - encrypt the symlink target if needed
|
||||
* @inode: symlink inode
|
||||
* @target: plaintext symlink target
|
||||
* @len: length of @target excluding null terminator
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@
|
|||
* but could potentially be used anywhere else that simple option=arg
|
||||
* parsing is required.
|
||||
*/
|
||||
|
||||
#ifndef _LINUX_PARSER_H
|
||||
#define _LINUX_PARSER_H
|
||||
|
||||
/* associates an integer enumerator with a pattern string. */
|
||||
struct match_token {
|
||||
|
|
@ -34,3 +35,5 @@ int match_hex(substring_t *, int *result);
|
|||
bool match_wildcard(const char *pattern, const char *str);
|
||||
size_t match_strlcpy(char *, const substring_t *, size_t);
|
||||
char *match_strdup(const substring_t *);
|
||||
|
||||
#endif /* _LINUX_PARSER_H */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue