diff for duplicates of <20190220065249.32099-13-ebiggers@kernel.org> diff --git a/a/1.txt b/N1/1.txt index d6cd364..458c305 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -298,7 +298,7 @@ index e2a65189eb57..20792a145b60 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -553,7 +553,7 @@ index fb600cac8ee4..2675e1e337c7 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -599,7 +599,7 @@ index fb600cac8ee4..2675e1e337c7 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -665,7 +665,7 @@ index fb600cac8ee4..2675e1e337c7 100644 + if (res) + goto out; + -+ if (ctx.v1.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.v1.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -720,7 +720,8 @@ index 585d7e31e8f4..8b105ee2d717 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -740,7 +741,7 @@ index 585d7e31e8f4..8b105ee2d717 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -798,11 +799,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->v1.version) { + case FSCRYPT_POLICY_V1: { @@ -859,8 +860,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -873,8 +876,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -918,8 +923,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -931,8 +938,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -963,7 +972,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -982,7 +991,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->v1.version = FSCRYPT_POLICY_V1) { ++ if (policy->v1.version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1039,7 +1048,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1047,15 +1056,15 @@ index 1e0563cea1a5..07fec2f7fc72 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1113,7 +1122,8 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + int err; + + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy)); -+ BUILD_BUG_ON(sizeof(arg.policy_size) !+ offsetof(struct fscrypt_get_policy_ex_arg, policy)); ++ BUILD_BUG_ON(sizeof(arg.policy_size) != ++ offsetof(struct fscrypt_get_policy_ex_arg, policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); + if (err) @@ -1168,11 +1178,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1189,12 +1199,12 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1210,7 +1220,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 int res; @@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N1/content_digest index c89771d..c74a3a4 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020190220065249.32099-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[RFC PATCH v3 12/18] fscrypt: v2 encryption policy support\0" - "Date\0Wed, 20 Feb 2019 06:52:43 +0000\0" + "Date\0Tue, 19 Feb 2019 22:52:43 -0800\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0linux-ext4@vger.kernel.org" linux-api@vger.kernel.org @@ -314,7 +314,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -569,7 +569,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -615,7 +615,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -681,7 +681,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.v1.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.v1.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -736,7 +736,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -756,7 +757,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -814,11 +815,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->v1.version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -875,8 +876,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -889,8 +892,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -934,8 +939,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -947,8 +954,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -979,7 +988,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -998,7 +1007,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1055,7 +1064,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1063,15 +1072,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1129,7 +1138,8 @@ "+\tint err;\n" "+\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy));\n" - "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" + "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !=\n" + "+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" "+\tif (err)\n" @@ -1184,11 +1194,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1205,12 +1215,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1226,7 +1236,7 @@ " \tint res;\n" " \n" "@@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1377,4 +1387,4 @@ "-- \n" 2.20.1 -03a13fba7cd556a64c9ba6de9db285233525eb7d4c9af2036976209e16686e78 +da7a7dca6362ecd955adf27e7d966daac9fd3dc8c6d4229c078cf412e76bb028
diff --git a/a/1.txt b/N2/1.txt index d6cd364..458c305 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -298,7 +298,7 @@ index e2a65189eb57..20792a145b60 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -553,7 +553,7 @@ index fb600cac8ee4..2675e1e337c7 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -599,7 +599,7 @@ index fb600cac8ee4..2675e1e337c7 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -665,7 +665,7 @@ index fb600cac8ee4..2675e1e337c7 100644 + if (res) + goto out; + -+ if (ctx.v1.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.v1.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -720,7 +720,8 @@ index 585d7e31e8f4..8b105ee2d717 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -740,7 +741,7 @@ index 585d7e31e8f4..8b105ee2d717 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -798,11 +799,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->v1.version) { + case FSCRYPT_POLICY_V1: { @@ -859,8 +860,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -873,8 +876,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -918,8 +923,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -931,8 +938,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -963,7 +972,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -982,7 +991,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->v1.version = FSCRYPT_POLICY_V1) { ++ if (policy->v1.version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1039,7 +1048,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1047,15 +1056,15 @@ index 1e0563cea1a5..07fec2f7fc72 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1113,7 +1122,8 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + int err; + + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy)); -+ BUILD_BUG_ON(sizeof(arg.policy_size) !+ offsetof(struct fscrypt_get_policy_ex_arg, policy)); ++ BUILD_BUG_ON(sizeof(arg.policy_size) != ++ offsetof(struct fscrypt_get_policy_ex_arg, policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); + if (err) @@ -1168,11 +1178,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1189,12 +1199,12 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1210,7 +1220,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 int res; @@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N2/content_digest index c89771d..620f8a6 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,16 +1,16 @@ "ref\020190220065249.32099-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[RFC PATCH v3 12/18] fscrypt: v2 encryption policy support\0" - "Date\0Wed, 20 Feb 2019 06:52:43 +0000\0" + "Date\0Tue, 19 Feb 2019 22:52:43 -0800\0" "To\0linux-fscrypt@vger.kernel.org\0" - "Cc\0linux-ext4@vger.kernel.org" + "Cc\0Satya Tangirala <satyat@google.com>" linux-api@vger.kernel.org linux-f2fs-devel@lists.sourceforge.net keyrings@vger.kernel.org linux-mtd@lists.infradead.org linux-crypto@vger.kernel.org linux-fsdevel@vger.kernel.org - Satya Tangirala <satyat@google.com> + linux-ext4@vger.kernel.org " Paul Crowley <paulcrowley@google.com>\0" "\00:1\0" "b\0" @@ -314,7 +314,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -569,7 +569,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -615,7 +615,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -681,7 +681,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.v1.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.v1.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -736,7 +736,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -756,7 +757,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -814,11 +815,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->v1.version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -875,8 +876,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -889,8 +892,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -934,8 +939,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -947,8 +954,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -979,7 +988,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -998,7 +1007,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1055,7 +1064,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1063,15 +1072,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1129,7 +1138,8 @@ "+\tint err;\n" "+\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy));\n" - "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" + "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !=\n" + "+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" "+\tif (err)\n" @@ -1184,11 +1194,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1205,12 +1215,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1226,7 +1236,7 @@ " \tint res;\n" " \n" "@@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1377,4 +1387,4 @@ "-- \n" 2.20.1 -03a13fba7cd556a64c9ba6de9db285233525eb7d4c9af2036976209e16686e78 +18dfd565e3688930b44f1865ba385a08eb2893488cd478d63311f256a8c7ba80
diff --git a/a/1.txt b/N3/1.txt index d6cd364..8e6f39d 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -298,7 +298,7 @@ index e2a65189eb57..20792a145b60 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -553,7 +553,7 @@ index fb600cac8ee4..2675e1e337c7 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -599,7 +599,7 @@ index fb600cac8ee4..2675e1e337c7 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -665,7 +665,7 @@ index fb600cac8ee4..2675e1e337c7 100644 + if (res) + goto out; + -+ if (ctx.v1.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.v1.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -720,7 +720,8 @@ index 585d7e31e8f4..8b105ee2d717 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -740,7 +741,7 @@ index 585d7e31e8f4..8b105ee2d717 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -798,11 +799,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->v1.version) { + case FSCRYPT_POLICY_V1: { @@ -859,8 +860,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -873,8 +876,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -918,8 +923,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -931,8 +938,10 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -963,7 +972,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -982,7 +991,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->v1.version = FSCRYPT_POLICY_V1) { ++ if (policy->v1.version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1039,7 +1048,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1047,15 +1056,15 @@ index 1e0563cea1a5..07fec2f7fc72 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1113,7 +1122,8 @@ index 1e0563cea1a5..07fec2f7fc72 100644 + int err; + + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy)); -+ BUILD_BUG_ON(sizeof(arg.policy_size) !+ offsetof(struct fscrypt_get_policy_ex_arg, policy)); ++ BUILD_BUG_ON(sizeof(arg.policy_size) != ++ offsetof(struct fscrypt_get_policy_ex_arg, policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); + if (err) @@ -1168,11 +1178,11 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1189,12 +1199,12 @@ index 1e0563cea1a5..07fec2f7fc72 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1210,7 +1220,7 @@ index 1e0563cea1a5..07fec2f7fc72 100644 int res; @@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; @@ -1360,3 +1370,8 @@ index 042e70a4ff7e..26879e669dfa 100644 #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg) -- 2.20.1 + + +______________________________________________________ +Linux MTD discussion mailing list +http://lists.infradead.org/mailman/listinfo/linux-mtd/ diff --git a/a/content_digest b/N3/content_digest index c89771d..317a339 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -1,7 +1,7 @@ "ref\020190220065249.32099-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[RFC PATCH v3 12/18] fscrypt: v2 encryption policy support\0" - "Date\0Wed, 20 Feb 2019 06:52:43 +0000\0" + "Date\0Tue, 19 Feb 2019 22:52:43 -0800\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0linux-ext4@vger.kernel.org" linux-api@vger.kernel.org @@ -314,7 +314,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -569,7 +569,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -615,7 +615,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.v1.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.v1.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -681,7 +681,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.v1.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.v1.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -736,7 +736,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -756,7 +757,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -814,11 +815,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->v1.version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -875,8 +876,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -889,8 +892,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -934,8 +939,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -947,8 +954,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -979,7 +988,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -998,7 +1007,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->v1.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->v1.version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1055,7 +1064,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1063,15 +1072,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1129,7 +1138,8 @@ "+\tint err;\n" "+\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(union fscrypt_policy));\n" - "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" + "+\tBUILD_BUG_ON(sizeof(arg.policy_size) !=\n" + "+\t\t offsetof(struct fscrypt_get_policy_ex_arg, policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" "+\tif (err)\n" @@ -1184,11 +1194,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1205,12 +1215,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1226,7 +1236,7 @@ " \tint res;\n" " \n" "@@ -250,16 +428,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1375,6 +1385,11 @@ " #define FS_IOC_REMOVE_ENCRYPTION_KEY\t _IOW('f', 24, struct fscrypt_remove_key_arg)\n" " #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg)\n" "-- \n" - 2.20.1 + "2.20.1\n" + "\n" + "\n" + "______________________________________________________\n" + "Linux MTD discussion mailing list\n" + http://lists.infradead.org/mailman/listinfo/linux-mtd/ -03a13fba7cd556a64c9ba6de9db285233525eb7d4c9af2036976209e16686e78 +11ec068eca6bc5bb5fe3a7d074a446cabc3d13bac61620fb0c578316f94d1d7b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.