diff for duplicates of <20190520172552.217253-11-ebiggers@kernel.org> diff --git a/a/1.txt b/N1/1.txt index 66bc678..9eda89c 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -305,7 +305,7 @@ index e2a65189eb578..9591f5fd72b33 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -560,7 +560,7 @@ index 55cb146a8a617..e88524b730ac0 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -606,7 +606,7 @@ index 55cb146a8a617..e88524b730ac0 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -672,7 +672,7 @@ index 55cb146a8a617..e88524b730ac0 100644 + if (res) + goto out; + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -727,7 +727,8 @@ index 407daa0b64d82..1ec420b189f0f 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -747,7 +748,7 @@ index 407daa0b64d82..1ec420b189f0f 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -805,11 +806,11 @@ index 18f1bf300ec44..3643156a511a7 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->version) { + case FSCRYPT_POLICY_V1: { @@ -866,8 +867,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -880,8 +883,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -925,8 +930,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -938,8 +945,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -972,7 +981,7 @@ index 18f1bf300ec44..3643156a511a7 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -991,7 +1000,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1048,7 +1057,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1056,15 +1065,15 @@ index 18f1bf300ec44..3643156a511a7 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1122,7 +1131,8 @@ index 18f1bf300ec44..3643156a511a7 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1179,11 +1189,11 @@ index 18f1bf300ec44..3643156a511a7 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1200,12 +1210,12 @@ index 18f1bf300ec44..3643156a511a7 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1221,7 +1231,7 @@ index 18f1bf300ec44..3643156a511a7 100644 int res; @@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N1/content_digest index 6729b59..4d82e44 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020190520172552.217253-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v6 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Mon, 20 May 2019 17:25:46 +0000\0" + "Date\0Mon, 20 May 2019 10:25:46 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0linux-ext4@vger.kernel.org" linux-api@vger.kernel.org @@ -321,7 +321,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -576,7 +576,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -622,7 +622,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -688,7 +688,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -743,7 +743,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -763,7 +764,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -821,11 +822,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -882,8 +883,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -896,8 +899,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -941,8 +946,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -954,8 +961,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -988,7 +997,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1007,7 +1016,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1064,7 +1073,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1072,15 +1081,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1138,7 +1147,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1195,11 +1205,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1216,12 +1226,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1237,7 +1247,7 @@ " \tint res;\n" " \n" "@@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1388,4 +1398,4 @@ "-- \n" 2.21.0.1020.gf2820cf01a-goog -e617176a64da4517b140a37c0a0735b4fab5ea744abf56fd602f761f36567ebb +f6d37404ce63823b547ddff5edcd6552da59f6e36b7cdb2d744530284ad5d915
diff --git a/a/1.txt b/N2/1.txt index 66bc678..9eda89c 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -305,7 +305,7 @@ index e2a65189eb578..9591f5fd72b33 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -560,7 +560,7 @@ index 55cb146a8a617..e88524b730ac0 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -606,7 +606,7 @@ index 55cb146a8a617..e88524b730ac0 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -672,7 +672,7 @@ index 55cb146a8a617..e88524b730ac0 100644 + if (res) + goto out; + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -727,7 +727,8 @@ index 407daa0b64d82..1ec420b189f0f 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -747,7 +748,7 @@ index 407daa0b64d82..1ec420b189f0f 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -805,11 +806,11 @@ index 18f1bf300ec44..3643156a511a7 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->version) { + case FSCRYPT_POLICY_V1: { @@ -866,8 +867,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -880,8 +883,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -925,8 +930,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -938,8 +945,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -972,7 +981,7 @@ index 18f1bf300ec44..3643156a511a7 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -991,7 +1000,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1048,7 +1057,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1056,15 +1065,15 @@ index 18f1bf300ec44..3643156a511a7 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1122,7 +1131,8 @@ index 18f1bf300ec44..3643156a511a7 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1179,11 +1189,11 @@ index 18f1bf300ec44..3643156a511a7 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1200,12 +1210,12 @@ index 18f1bf300ec44..3643156a511a7 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1221,7 +1231,7 @@ index 18f1bf300ec44..3643156a511a7 100644 int res; @@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N2/content_digest index 6729b59..3bca589 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,16 +1,16 @@ "ref\020190520172552.217253-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v6 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Mon, 20 May 2019 17:25:46 +0000\0" + "Date\0Mon, 20 May 2019 10:25:46 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" - "Cc\0linux-ext4@vger.kernel.org" + "Cc\0Satya Tangirala <satyat@google.com>" linux-api@vger.kernel.org linux-f2fs-devel@lists.sourceforge.net keyrings@vger.kernel.org linux-mtd@lists.infradead.org linux-crypto@vger.kernel.org linux-fsdevel@vger.kernel.org - Satya Tangirala <satyat@google.com> + linux-ext4@vger.kernel.org " Paul Crowley <paulcrowley@google.com>\0" "\00:1\0" "b\0" @@ -321,7 +321,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -576,7 +576,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -622,7 +622,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -688,7 +688,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -743,7 +743,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -763,7 +764,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -821,11 +822,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -882,8 +883,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -896,8 +899,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -941,8 +946,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -954,8 +961,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -988,7 +997,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1007,7 +1016,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1064,7 +1073,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1072,15 +1081,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1138,7 +1147,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1195,11 +1205,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1216,12 +1226,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1237,7 +1247,7 @@ " \tint res;\n" " \n" "@@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1388,4 +1398,4 @@ "-- \n" 2.21.0.1020.gf2820cf01a-goog -e617176a64da4517b140a37c0a0735b4fab5ea744abf56fd602f761f36567ebb +2c575d424233c5fdb5d6048978efe491c9a9ecfb8d2b8811d4b4d5fdebec6b8e
diff --git a/a/1.txt b/N3/1.txt index 66bc678..612e4a5 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -305,7 +305,7 @@ index e2a65189eb578..9591f5fd72b33 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -560,7 +560,7 @@ index 55cb146a8a617..e88524b730ac0 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -606,7 +606,7 @@ index 55cb146a8a617..e88524b730ac0 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -672,7 +672,7 @@ index 55cb146a8a617..e88524b730ac0 100644 + if (res) + goto out; + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -727,7 +727,8 @@ index 407daa0b64d82..1ec420b189f0f 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -747,7 +748,7 @@ index 407daa0b64d82..1ec420b189f0f 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -805,11 +806,11 @@ index 18f1bf300ec44..3643156a511a7 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->version) { + case FSCRYPT_POLICY_V1: { @@ -866,8 +867,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -880,8 +883,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -925,8 +930,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -938,8 +945,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -972,7 +981,7 @@ index 18f1bf300ec44..3643156a511a7 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -991,7 +1000,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1048,7 +1057,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1056,15 +1065,15 @@ index 18f1bf300ec44..3643156a511a7 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1122,7 +1131,8 @@ index 18f1bf300ec44..3643156a511a7 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1179,11 +1189,11 @@ index 18f1bf300ec44..3643156a511a7 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1200,12 +1210,12 @@ index 18f1bf300ec44..3643156a511a7 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1221,7 +1231,7 @@ index 18f1bf300ec44..3643156a511a7 100644 int res; @@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; @@ -1371,3 +1381,10 @@ index 042e70a4ff7ee..26879e669dfa0 100644 #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg) -- 2.21.0.1020.gf2820cf01a-goog + + + +_______________________________________________ +Linux-f2fs-devel mailing list +Linux-f2fs-devel@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel diff --git a/a/content_digest b/N3/content_digest index 6729b59..29c275e 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -1,7 +1,7 @@ "ref\020190520172552.217253-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" - "Subject\0[PATCH v6 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Mon, 20 May 2019 17:25:46 +0000\0" + "Subject\0[f2fs-dev] [PATCH v6 10/16] fscrypt: v2 encryption policy support\0" + "Date\0Mon, 20 May 2019 10:25:46 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0linux-ext4@vger.kernel.org" linux-api@vger.kernel.org @@ -321,7 +321,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -576,7 +576,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -622,7 +622,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -688,7 +688,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -743,7 +743,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -763,7 +764,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -821,11 +822,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -882,8 +883,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -896,8 +899,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -941,8 +946,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -954,8 +961,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -988,7 +997,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1007,7 +1016,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1064,7 +1073,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1072,15 +1081,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1138,7 +1147,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1195,11 +1205,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1216,12 +1226,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1237,7 +1247,7 @@ " \tint res;\n" " \n" "@@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1386,6 +1396,13 @@ " #define FS_IOC_REMOVE_ENCRYPTION_KEY\t _IOW('f', 24, struct fscrypt_remove_key_arg)\n" " #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg)\n" "-- \n" - 2.21.0.1020.gf2820cf01a-goog + "2.21.0.1020.gf2820cf01a-goog\n" + "\n" + "\n" + "\n" + "_______________________________________________\n" + "Linux-f2fs-devel mailing list\n" + "Linux-f2fs-devel@lists.sourceforge.net\n" + https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel -e617176a64da4517b140a37c0a0735b4fab5ea744abf56fd602f761f36567ebb +694afacc80a6b9b5224a6d98e77ccacb7bbfaddc89e7d39edb4c569d933f6bc6
diff --git a/a/1.txt b/N4/1.txt index 66bc678..9fec136 100644 --- a/a/1.txt +++ b/N4/1.txt @@ -305,7 +305,7 @@ index e2a65189eb578..9591f5fd72b33 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -560,7 +560,7 @@ index 55cb146a8a617..e88524b730ac0 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -606,7 +606,7 @@ index 55cb146a8a617..e88524b730ac0 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -672,7 +672,7 @@ index 55cb146a8a617..e88524b730ac0 100644 + if (res) + goto out; + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -727,7 +727,8 @@ index 407daa0b64d82..1ec420b189f0f 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode->i_sb, "direct key flag not allowed with different contents and filenames modes"); return -EINVAL; @@ -747,7 +748,7 @@ index 407daa0b64d82..1ec420b189f0f 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -805,11 +806,11 @@ index 18f1bf300ec44..3643156a511a7 100644 +bool fscrypt_supported_policy(const union fscrypt_policy *policy_u) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + switch (policy_u->version) { + case FSCRYPT_POLICY_V1: { @@ -866,8 +867,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -880,8 +883,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -925,8 +930,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -938,8 +945,10 @@ index 18f1bf300ec44..3643156a511a7 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -972,7 +981,7 @@ index 18f1bf300ec44..3643156a511a7 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -991,7 +1000,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1048,7 +1057,7 @@ index 18f1bf300ec44..3643156a511a7 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; else if (!inode->i_sb->s_cop->empty_dir(inode)) @@ -1056,15 +1065,15 @@ index 18f1bf300ec44..3643156a511a7 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1122,7 +1131,8 @@ index 18f1bf300ec44..3643156a511a7 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1179,11 +1189,11 @@ index 18f1bf300ec44..3643156a511a7 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1200,12 +1210,12 @@ index 18f1bf300ec44..3643156a511a7 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1221,7 +1231,7 @@ index 18f1bf300ec44..3643156a511a7 100644 int res; @@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; @@ -1371,3 +1381,8 @@ index 042e70a4ff7ee..26879e669dfa0 100644 #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg) -- 2.21.0.1020.gf2820cf01a-goog + + +______________________________________________________ +Linux MTD discussion mailing list +http://lists.infradead.org/mailman/listinfo/linux-mtd/ diff --git a/a/content_digest b/N4/content_digest index 6729b59..c3967d2 100644 --- a/a/content_digest +++ b/N4/content_digest @@ -1,7 +1,7 @@ "ref\020190520172552.217253-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v6 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Mon, 20 May 2019 17:25:46 +0000\0" + "Date\0Mon, 20 May 2019 10:25:46 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0linux-ext4@vger.kernel.org" linux-api@vger.kernel.org @@ -321,7 +321,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -576,7 +576,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -622,7 +622,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -688,7 +688,7 @@ "+\tif (res)\n" "+\t\tgoto out;\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -743,7 +743,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode->i_sb,\n" " \t\t\t \"direct key flag not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -763,7 +764,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -821,11 +822,11 @@ "+bool fscrypt_supported_policy(const union fscrypt_policy *policy_u)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tswitch (policy_u->version) {\n" "+\tcase FSCRYPT_POLICY_V1: {\n" @@ -882,8 +883,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -896,8 +899,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -941,8 +946,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -954,8 +961,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -988,7 +997,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1007,7 +1016,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1064,7 +1073,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" " \t\telse if (!inode->i_sb->s_cop->empty_dir(inode))\n" @@ -1072,15 +1081,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1138,7 +1147,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1195,11 +1205,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1216,12 +1226,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1237,7 +1247,7 @@ " \tint res;\n" " \n" "@@ -250,16 +432,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1386,6 +1396,11 @@ " #define FS_IOC_REMOVE_ENCRYPTION_KEY\t _IOW('f', 24, struct fscrypt_remove_key_arg)\n" " #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg)\n" "-- \n" - 2.21.0.1020.gf2820cf01a-goog + "2.21.0.1020.gf2820cf01a-goog\n" + "\n" + "\n" + "______________________________________________________\n" + "Linux MTD discussion mailing list\n" + http://lists.infradead.org/mailman/listinfo/linux-mtd/ -e617176a64da4517b140a37c0a0735b4fab5ea744abf56fd602f761f36567ebb +73f9fdcbc40b5e7f674bd897fca193b520c5b5503c5e4764dea0646b0797d6ef
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.