diff for duplicates of <20190726224141.14044-11-ebiggers@kernel.org> diff --git a/a/1.txt b/N1/1.txt index 2a2f333..5327ba0 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -297,7 +297,7 @@ index 92567efec2cd5..1e596cfd085bf 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -551,7 +551,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -597,7 +597,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -673,7 +673,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 + goto out; + } + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -725,7 +725,8 @@ index b3c06322afa3c..67a85415e4b17 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode, "Direct key mode not allowed with different contents and filenames modes"); return -EINVAL; @@ -745,7 +746,7 @@ index b3c06322afa3c..67a85415e4b17 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -785,11 +786,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + const union fscrypt_policy *policy2) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + if (policy1->version != policy2->version) + return false; @@ -886,8 +887,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -900,8 +903,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -945,8 +950,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -958,8 +965,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -992,7 +1001,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -1011,7 +1020,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1082,7 +1091,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; @@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) @@ -1091,15 +1100,15 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1157,7 +1166,8 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1214,11 +1224,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1235,12 +1245,12 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1256,7 +1266,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 int res; @@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N1/content_digest index 309b398..0556146 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020190726224141.14044-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v7 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Fri, 26 Jul 2019 22:41:35 +0000\0" + "Date\0Fri, 26 Jul 2019 15:41:35 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0Satya Tangirala <satyat@google.com>" linux-api@vger.kernel.org @@ -313,7 +313,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -567,7 +567,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -613,7 +613,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -689,7 +689,7 @@ "+\t\tgoto out;\n" "+\t}\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -741,7 +741,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode,\n" " \t\t\t \"Direct key mode not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -761,7 +762,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -801,11 +802,11 @@ "+\t\t\t const union fscrypt_policy *policy2)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tif (policy1->version != policy2->version)\n" "+\t\treturn false;\n" @@ -902,8 +903,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -916,8 +919,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -961,8 +966,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -974,8 +981,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -1008,7 +1017,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1027,7 +1036,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1098,7 +1107,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" "@@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)\n" @@ -1107,15 +1116,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1173,7 +1182,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1230,11 +1240,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1251,12 +1261,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1272,7 +1282,7 @@ " \tint res;\n" " \n" "@@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1423,4 +1433,4 @@ "-- \n" 2.22.0 -c53448821158afe7801f1f604034222a0758343aba1c10695b1a20437df3deca +8c001fa9df35be1c053d4bcbb6f265b5cdba22408d4e64052cf7b29582895562
diff --git a/a/1.txt b/N2/1.txt index 2a2f333..5327ba0 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -297,7 +297,7 @@ index 92567efec2cd5..1e596cfd085bf 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -551,7 +551,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -597,7 +597,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -673,7 +673,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 + goto out; + } + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -725,7 +725,8 @@ index b3c06322afa3c..67a85415e4b17 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode, "Direct key mode not allowed with different contents and filenames modes"); return -EINVAL; @@ -745,7 +746,7 @@ index b3c06322afa3c..67a85415e4b17 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -785,11 +786,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + const union fscrypt_policy *policy2) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + if (policy1->version != policy2->version) + return false; @@ -886,8 +887,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -900,8 +903,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -945,8 +950,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -958,8 +965,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -992,7 +1001,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -1011,7 +1020,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1082,7 +1091,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; @@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) @@ -1091,15 +1100,15 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1157,7 +1166,8 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1214,11 +1224,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1235,12 +1245,12 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1256,7 +1266,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 int res; @@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; diff --git a/a/content_digest b/N2/content_digest index 309b398..19ea8fa 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,17 +1,17 @@ "ref\020190726224141.14044-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v7 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Fri, 26 Jul 2019 22:41:35 +0000\0" + "Date\0Fri, 26 Jul 2019 15:41:35 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" - "Cc\0Satya Tangirala <satyat@google.com>" - linux-api@vger.kernel.org + "Cc\0linux-fsdevel@vger.kernel.org" + linux-ext4@vger.kernel.org linux-f2fs-devel@lists.sourceforge.net - keyrings@vger.kernel.org linux-mtd@lists.infradead.org + linux-api@vger.kernel.org linux-crypto@vger.kernel.org - linux-fsdevel@vger.kernel.org - linux-ext4@vger.kernel.org - " Paul Crowley <paulcrowley@google.com>\0" + keyrings@vger.kernel.org + Paul Crowley <paulcrowley@google.com> + " Satya Tangirala <satyat@google.com>\0" "\00:1\0" "b\0" "From: Eric Biggers <ebiggers@google.com>\n" @@ -313,7 +313,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -567,7 +567,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -613,7 +613,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -689,7 +689,7 @@ "+\t\tgoto out;\n" "+\t}\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -741,7 +741,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode,\n" " \t\t\t \"Direct key mode not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -761,7 +762,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -801,11 +802,11 @@ "+\t\t\t const union fscrypt_policy *policy2)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tif (policy1->version != policy2->version)\n" "+\t\treturn false;\n" @@ -902,8 +903,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -916,8 +919,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -961,8 +966,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -974,8 +981,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -1008,7 +1017,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1027,7 +1036,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1098,7 +1107,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" "@@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)\n" @@ -1107,15 +1116,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1173,7 +1182,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1230,11 +1240,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1251,12 +1261,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1272,7 +1282,7 @@ " \tint res;\n" " \n" "@@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1423,4 +1433,4 @@ "-- \n" 2.22.0 -c53448821158afe7801f1f604034222a0758343aba1c10695b1a20437df3deca +de33e416e8f173d87b91df2178550da5a2e526f7e6dea1df4ff77ac8884a1098
diff --git a/a/1.txt b/N3/1.txt index 2a2f333..6da8210 100644 --- a/a/1.txt +++ b/N3/1.txt @@ -297,7 +297,7 @@ index 92567efec2cd5..1e596cfd085bf 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -551,7 +551,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -597,7 +597,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -673,7 +673,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 + goto out; + } + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -725,7 +725,8 @@ index b3c06322afa3c..67a85415e4b17 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode, "Direct key mode not allowed with different contents and filenames modes"); return -EINVAL; @@ -745,7 +746,7 @@ index b3c06322afa3c..67a85415e4b17 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -785,11 +786,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + const union fscrypt_policy *policy2) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + if (policy1->version != policy2->version) + return false; @@ -886,8 +887,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -900,8 +903,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -945,8 +950,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -958,8 +965,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -992,7 +1001,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -1011,7 +1020,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1082,7 +1091,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; @@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) @@ -1091,15 +1100,15 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1157,7 +1166,8 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1214,11 +1224,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1235,12 +1245,12 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1256,7 +1266,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 int res; @@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; @@ -1406,3 +1416,10 @@ index 4f507f8d12261..78811564c95f1 100644 #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg) -- 2.22.0 + + + +_______________________________________________ +Linux-f2fs-devel mailing list +Linux-f2fs-devel@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel diff --git a/a/content_digest b/N3/content_digest index 309b398..fa6fe95 100644 --- a/a/content_digest +++ b/N3/content_digest @@ -1,7 +1,7 @@ "ref\020190726224141.14044-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" - "Subject\0[PATCH v7 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Fri, 26 Jul 2019 22:41:35 +0000\0" + "Subject\0[f2fs-dev] [PATCH v7 10/16] fscrypt: v2 encryption policy support\0" + "Date\0Fri, 26 Jul 2019 15:41:35 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0Satya Tangirala <satyat@google.com>" linux-api@vger.kernel.org @@ -313,7 +313,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -567,7 +567,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -613,7 +613,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -689,7 +689,7 @@ "+\t\tgoto out;\n" "+\t}\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -741,7 +741,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode,\n" " \t\t\t \"Direct key mode not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -761,7 +762,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -801,11 +802,11 @@ "+\t\t\t const union fscrypt_policy *policy2)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tif (policy1->version != policy2->version)\n" "+\t\treturn false;\n" @@ -902,8 +903,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -916,8 +919,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -961,8 +966,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -974,8 +981,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -1008,7 +1017,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1027,7 +1036,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1098,7 +1107,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" "@@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)\n" @@ -1107,15 +1116,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1173,7 +1182,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1230,11 +1240,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1251,12 +1261,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1272,7 +1282,7 @@ " \tint res;\n" " \n" "@@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1421,6 +1431,13 @@ " #define FS_IOC_REMOVE_ENCRYPTION_KEY\t _IOW('f', 24, struct fscrypt_remove_key_arg)\n" " #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg)\n" "-- \n" - 2.22.0 + "2.22.0\n" + "\n" + "\n" + "\n" + "_______________________________________________\n" + "Linux-f2fs-devel mailing list\n" + "Linux-f2fs-devel@lists.sourceforge.net\n" + https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel -c53448821158afe7801f1f604034222a0758343aba1c10695b1a20437df3deca +c382a23dfdb9924bc17ce6eb435456c6ccab050175442f2d1381714f98b1a9a6
diff --git a/a/1.txt b/N4/1.txt index 2a2f333..554b889 100644 --- a/a/1.txt +++ b/N4/1.txt @@ -297,7 +297,7 @@ index 92567efec2cd5..1e596cfd085bf 100644 - /* Size of the raw key in bytes */ + /* + * For v2 policy keys: HKDF context keyed by this master key. -+ * For v1 policy keys: not set (hkdf.hmac_tfm = NULL). ++ * For v1 policy keys: not set (hkdf.hmac_tfm == NULL). + */ + struct fscrypt_hkdf hkdf; + @@ -551,7 +551,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 - mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; - memcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor, - FSCRYPT_KEY_DESCRIPTOR_SIZE); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) { ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) { + mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR; + memcpy(mk_spec.u.descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -597,7 +597,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 } - err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); -+ if (ci->ci_policy.version = FSCRYPT_POLICY_V1) ++ if (ci->ci_policy.version == FSCRYPT_POLICY_V1) + err = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw); + else + err = fscrypt_setup_v2_file_key(ci, mk); @@ -673,7 +673,7 @@ index 6b35c550e87a4..358883cde0c9e 100644 + goto out; + } + -+ if (ctx.version = FSCRYPT_CONTEXT_V1) ++ if (ctx.version == FSCRYPT_CONTEXT_V1) + memcpy(crypt_info->ci_nonce, ctx.v1.nonce, + FS_KEY_DERIVATION_NONCE_SIZE); + else @@ -725,7 +725,8 @@ index b3c06322afa3c..67a85415e4b17 100644 } - if (ci->ci_data_mode != ci->ci_filename_mode) { -+ if (ci->ci_policy.v1.contents_encryption_mode !+ ci->ci_policy.v1.filenames_encryption_mode) { ++ if (ci->ci_policy.v1.contents_encryption_mode != ++ ci->ci_policy.v1.filenames_encryption_mode) { fscrypt_warn(ci->ci_inode, "Direct key mode not allowed with different contents and filenames modes"); return -EINVAL; @@ -745,7 +746,7 @@ index b3c06322afa3c..67a85415e4b17 100644 - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, ci->ci_mode->keysize, &payload); - if (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { + if (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) { key = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix, - ci->ci_master_key_descriptor, + ci->ci_policy.v1.master_key_descriptor, @@ -785,11 +786,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + const union fscrypt_policy *policy2) { - return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (ctx->flags = policy->flags) && -- (ctx->contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (ctx->flags == policy->flags) && +- (ctx->contents_encryption_mode == - policy->contents_encryption_mode) && -- (ctx->filenames_encryption_mode = +- (ctx->filenames_encryption_mode == - policy->filenames_encryption_mode); + if (policy1->version != policy2->version) + return false; @@ -886,8 +887,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v1 *ctx = &ctx_u->v1; + + ctx->version = FSCRYPT_CONTEXT_V1; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_descriptor, + policy->master_key_descriptor, @@ -900,8 +903,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_context_v2 *ctx = &ctx_u->v2; + + ctx->version = FSCRYPT_CONTEXT_V2; -+ ctx->contents_encryption_mode + policy->contents_encryption_mode; -+ ctx->filenames_encryption_mode + policy->filenames_encryption_mode; ++ ctx->contents_encryption_mode = ++ policy->contents_encryption_mode; ++ ctx->filenames_encryption_mode = ++ policy->filenames_encryption_mode; + ctx->flags = policy->flags; + memcpy(ctx->master_key_identifier, + policy->master_key_identifier, @@ -945,8 +950,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v1 *policy = &policy_u->v1; + + policy->version = FSCRYPT_POLICY_V1; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->master_key_descriptor, + ctx->master_key_descriptor, @@ -958,8 +965,10 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + struct fscrypt_policy_v2 *policy = &policy_u->v2; + + policy->version = FSCRYPT_POLICY_V2; -+ policy->contents_encryption_mode + ctx->contents_encryption_mode; -+ policy->filenames_encryption_mode + ctx->filenames_encryption_mode; ++ policy->contents_encryption_mode = ++ ctx->contents_encryption_mode; ++ policy->filenames_encryption_mode = ++ ctx->filenames_encryption_mode; + policy->flags = ctx->flags; + memcpy(policy->__reserved, ctx->__reserved, + sizeof(policy->__reserved)); @@ -992,7 +1001,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + if (ret < 0) -+ return (ret = -ERANGE) ? -EINVAL : ret; ++ return (ret == -ERANGE) ? -EINVAL : ret; + + return fscrypt_policy_from_context(policy, &ctx, ret); +} @@ -1011,7 +1020,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ctx.flags = policy->flags; - BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); - get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); -+ if (policy->version = FSCRYPT_POLICY_V1) { ++ if (policy->version == FSCRYPT_POLICY_V1) { + /* + * The original encryption policy version provided no way of + * verifying that the correct master key was supplied, which was @@ -1082,7 +1091,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); + ret = fscrypt_get_policy(inode, &existing_policy); - if (ret = -ENODATA) { + if (ret == -ENODATA) { if (!S_ISDIR(inode->i_mode)) ret = -ENOTDIR; @@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) @@ -1091,15 +1100,15 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 else - ret = create_encryption_context_from_policy(inode, - &policy); -- } else if (ret = sizeof(ctx) && +- } else if (ret == sizeof(ctx) && - is_encryption_context_consistent_with_policy(&ctx, - &policy)) { - /* The file already uses the same encryption policy. */ - ret = 0; -- } else if (ret >= 0 || ret = -ERANGE) { +- } else if (ret >= 0 || ret == -ERANGE) { + ret = set_encryption_policy(inode, &policy); -+ } else if (ret = -EINVAL || -+ (ret = 0 && !fscrypt_policies_equal(&policy, ++ } else if (ret == -EINVAL || ++ (ret == 0 && !fscrypt_policies_equal(&policy, + &existing_policy))) { /* The file already uses a different encryption policy. */ ret = -EEXIST; @@ -1157,7 +1166,8 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 + + /* arg is policy_size, then policy */ + BUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0); -+ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+ offsetof(typeof(arg), policy)); ++ BUILD_BUG_ON(offsetofend(typeof(arg), policy_size) != ++ offsetof(typeof(arg), policy)); + BUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy)); + + err = fscrypt_get_policy(file_inode(filp), policy); @@ -1214,11 +1224,11 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - if (parent_ci && child_ci) { - return memcmp(parent_ci->ci_master_key_descriptor, - child_ci->ci_master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ci->ci_data_mode = child_ci->ci_data_mode) && -- (parent_ci->ci_filename_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ci->ci_data_mode == child_ci->ci_data_mode) && +- (parent_ci->ci_filename_mode == - child_ci->ci_filename_mode) && -- (parent_ci->ci_flags = child_ci->ci_flags); +- (parent_ci->ci_flags == child_ci->ci_flags); - } - res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); @@ -1235,12 +1245,12 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 - return memcmp(parent_ctx.master_key_descriptor, - child_ctx.master_key_descriptor, -- FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 && -- (parent_ctx.contents_encryption_mode = +- FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && +- (parent_ctx.contents_encryption_mode == - child_ctx.contents_encryption_mode) && -- (parent_ctx.filenames_encryption_mode = +- (parent_ctx.filenames_encryption_mode == - child_ctx.filenames_encryption_mode) && -- (parent_ctx.flags = child_ctx.flags); +- (parent_ctx.flags == child_ctx.flags); + return fscrypt_policies_equal(&parent_policy, &child_policy); } EXPORT_SYMBOL(fscrypt_has_permitted_context); @@ -1256,7 +1266,7 @@ index da7ae9c8b4ad0..0141d338c1fdb 100644 int res; @@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child, - if (ci = NULL) + if (ci == NULL) return -ENOKEY; - ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; @@ -1406,3 +1416,8 @@ index 4f507f8d12261..78811564c95f1 100644 #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg) -- 2.22.0 + + +______________________________________________________ +Linux MTD discussion mailing list +http://lists.infradead.org/mailman/listinfo/linux-mtd/ diff --git a/a/content_digest b/N4/content_digest index 309b398..ed5d872 100644 --- a/a/content_digest +++ b/N4/content_digest @@ -1,7 +1,7 @@ "ref\020190726224141.14044-1-ebiggers@kernel.org\0" "From\0Eric Biggers <ebiggers@kernel.org>\0" "Subject\0[PATCH v7 10/16] fscrypt: v2 encryption policy support\0" - "Date\0Fri, 26 Jul 2019 22:41:35 +0000\0" + "Date\0Fri, 26 Jul 2019 15:41:35 -0700\0" "To\0linux-fscrypt@vger.kernel.org\0" "Cc\0Satya Tangirala <satyat@google.com>" linux-api@vger.kernel.org @@ -313,7 +313,7 @@ "-\t/* Size of the raw key in bytes */\n" "+\t/*\n" "+\t * For v2 policy keys: HKDF context keyed by this master key.\n" - "+\t * For v1 policy keys: not set (hkdf.hmac_tfm = NULL).\n" + "+\t * For v1 policy keys: not set (hkdf.hmac_tfm == NULL).\n" "+\t */\n" "+\tstruct fscrypt_hkdf\thkdf;\n" "+\n" @@ -567,7 +567,7 @@ "-\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "-\tmemcpy(mk_spec.u.descriptor, ci->ci_master_key_descriptor,\n" "-\t FSCRYPT_KEY_DESCRIPTOR_SIZE);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1) {\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1) {\n" "+\t\tmk_spec.type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;\n" "+\t\tmemcpy(mk_spec.u.descriptor,\n" "+\t\t ci->ci_policy.v1.master_key_descriptor,\n" @@ -613,7 +613,7 @@ " \t}\n" " \n" "-\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" - "+\tif (ci->ci_policy.version = FSCRYPT_POLICY_V1)\n" + "+\tif (ci->ci_policy.version == FSCRYPT_POLICY_V1)\n" "+\t\terr = fscrypt_setup_v1_file_key(ci, mk->mk_secret.raw);\n" "+\telse\n" "+\t\terr = fscrypt_setup_v2_file_key(ci, mk);\n" @@ -689,7 +689,7 @@ "+\t\tgoto out;\n" "+\t}\n" "+\n" - "+\tif (ctx.version = FSCRYPT_CONTEXT_V1)\n" + "+\tif (ctx.version == FSCRYPT_CONTEXT_V1)\n" "+\t\tmemcpy(crypt_info->ci_nonce, ctx.v1.nonce,\n" "+\t\t FS_KEY_DERIVATION_NONCE_SIZE);\n" "+\telse\n" @@ -741,7 +741,8 @@ " \t}\n" " \n" "-\tif (ci->ci_data_mode != ci->ci_filename_mode) {\n" - "+\tif (ci->ci_policy.v1.contents_encryption_mode !+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" + "+\tif (ci->ci_policy.v1.contents_encryption_mode !=\n" + "+\t ci->ci_policy.v1.filenames_encryption_mode) {\n" " \t\tfscrypt_warn(ci->ci_inode,\n" " \t\t\t \"Direct key mode not allowed with different contents and filenames modes\");\n" " \t\treturn -EINVAL;\n" @@ -761,7 +762,7 @@ "-\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" " \t\t\t\t\tci->ci_mode->keysize, &payload);\n" - " \tif (key = ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" + " \tif (key == ERR_PTR(-ENOKEY) && ci->ci_inode->i_sb->s_cop->key_prefix) {\n" " \t\tkey = find_and_lock_process_key(ci->ci_inode->i_sb->s_cop->key_prefix,\n" "-\t\t\t\t\t\tci->ci_master_key_descriptor,\n" "+\t\t\t\t\t\tci->ci_policy.v1.master_key_descriptor,\n" @@ -801,11 +802,11 @@ "+\t\t\t const union fscrypt_policy *policy2)\n" " {\n" "-\treturn memcmp(ctx->master_key_descriptor, policy->master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(ctx->flags = policy->flags) &&\n" - "-\t\t(ctx->contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(ctx->flags == policy->flags) &&\n" + "-\t\t(ctx->contents_encryption_mode ==\n" "-\t\t policy->contents_encryption_mode) &&\n" - "-\t\t(ctx->filenames_encryption_mode =\n" + "-\t\t(ctx->filenames_encryption_mode ==\n" "-\t\t policy->filenames_encryption_mode);\n" "+\tif (policy1->version != policy2->version)\n" "+\t\treturn false;\n" @@ -902,8 +903,10 @@ "+\t\tstruct fscrypt_context_v1 *ctx = &ctx_u->v1;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V1;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_descriptor,\n" "+\t\t policy->master_key_descriptor,\n" @@ -916,8 +919,10 @@ "+\t\tstruct fscrypt_context_v2 *ctx = &ctx_u->v2;\n" "+\n" "+\t\tctx->version = FSCRYPT_CONTEXT_V2;\n" - "+\t\tctx->contents_encryption_mode +\t\t\tpolicy->contents_encryption_mode;\n" - "+\t\tctx->filenames_encryption_mode +\t\t\tpolicy->filenames_encryption_mode;\n" + "+\t\tctx->contents_encryption_mode =\n" + "+\t\t\tpolicy->contents_encryption_mode;\n" + "+\t\tctx->filenames_encryption_mode =\n" + "+\t\t\tpolicy->filenames_encryption_mode;\n" "+\t\tctx->flags = policy->flags;\n" "+\t\tmemcpy(ctx->master_key_identifier,\n" "+\t\t policy->master_key_identifier,\n" @@ -961,8 +966,10 @@ "+\t\tstruct fscrypt_policy_v1 *policy = &policy_u->v1;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V1;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->master_key_descriptor,\n" "+\t\t ctx->master_key_descriptor,\n" @@ -974,8 +981,10 @@ "+\t\tstruct fscrypt_policy_v2 *policy = &policy_u->v2;\n" "+\n" "+\t\tpolicy->version = FSCRYPT_POLICY_V2;\n" - "+\t\tpolicy->contents_encryption_mode +\t\t\tctx->contents_encryption_mode;\n" - "+\t\tpolicy->filenames_encryption_mode +\t\t\tctx->filenames_encryption_mode;\n" + "+\t\tpolicy->contents_encryption_mode =\n" + "+\t\t\tctx->contents_encryption_mode;\n" + "+\t\tpolicy->filenames_encryption_mode =\n" + "+\t\t\tctx->filenames_encryption_mode;\n" "+\t\tpolicy->flags = ctx->flags;\n" "+\t\tmemcpy(policy->__reserved, ctx->__reserved,\n" "+\t\t sizeof(policy->__reserved));\n" @@ -1008,7 +1017,7 @@ "+\n" "+\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tif (ret < 0)\n" - "+\t\treturn (ret = -ERANGE) ? -EINVAL : ret;\n" + "+\t\treturn (ret == -ERANGE) ? -EINVAL : ret;\n" "+\n" "+\treturn fscrypt_policy_from_context(policy, &ctx, ret);\n" "+}\n" @@ -1027,7 +1036,7 @@ "-\tctx.flags = policy->flags;\n" "-\tBUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE);\n" "-\tget_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE);\n" - "+\tif (policy->version = FSCRYPT_POLICY_V1) {\n" + "+\tif (policy->version == FSCRYPT_POLICY_V1) {\n" "+\t\t/*\n" "+\t\t * The original encryption policy version provided no way of\n" "+\t\t * verifying that the correct master key was supplied, which was\n" @@ -1098,7 +1107,7 @@ " \n" "-\tret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));\n" "+\tret = fscrypt_get_policy(inode, &existing_policy);\n" - " \tif (ret = -ENODATA) {\n" + " \tif (ret == -ENODATA) {\n" " \t\tif (!S_ISDIR(inode->i_mode))\n" " \t\t\tret = -ENOTDIR;\n" "@@ -86,14 +308,10 @@ int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg)\n" @@ -1107,15 +1116,15 @@ " \t\telse\n" "-\t\t\tret = create_encryption_context_from_policy(inode,\n" "-\t\t\t\t\t\t\t\t &policy);\n" - "-\t} else if (ret = sizeof(ctx) &&\n" + "-\t} else if (ret == sizeof(ctx) &&\n" "-\t\t is_encryption_context_consistent_with_policy(&ctx,\n" "-\t\t\t\t\t\t\t\t&policy)) {\n" "-\t\t/* The file already uses the same encryption policy. */\n" "-\t\tret = 0;\n" - "-\t} else if (ret >= 0 || ret = -ERANGE) {\n" + "-\t} else if (ret >= 0 || ret == -ERANGE) {\n" "+\t\t\tret = set_encryption_policy(inode, &policy);\n" - "+\t} else if (ret = -EINVAL ||\n" - "+\t\t (ret = 0 && !fscrypt_policies_equal(&policy,\n" + "+\t} else if (ret == -EINVAL ||\n" + "+\t\t (ret == 0 && !fscrypt_policies_equal(&policy,\n" "+\t\t\t\t\t\t\t&existing_policy))) {\n" " \t\t/* The file already uses a different encryption policy. */\n" " \t\tret = -EEXIST;\n" @@ -1173,7 +1182,8 @@ "+\n" "+\t/* arg is policy_size, then policy */\n" "+\tBUILD_BUG_ON(offsetof(typeof(arg), policy_size) != 0);\n" - "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !+\t\t offsetof(typeof(arg), policy));\n" + "+\tBUILD_BUG_ON(offsetofend(typeof(arg), policy_size) !=\n" + "+\t\t offsetof(typeof(arg), policy));\n" "+\tBUILD_BUG_ON(sizeof(arg.policy) != sizeof(*policy));\n" "+\n" "+\terr = fscrypt_get_policy(file_inode(filp), policy);\n" @@ -1230,11 +1240,11 @@ "-\tif (parent_ci && child_ci) {\n" "-\t\treturn memcmp(parent_ci->ci_master_key_descriptor,\n" "-\t\t\t child_ci->ci_master_key_descriptor,\n" - "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t\t(parent_ci->ci_data_mode = child_ci->ci_data_mode) &&\n" - "-\t\t\t(parent_ci->ci_filename_mode =\n" + "-\t\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t\t(parent_ci->ci_data_mode == child_ci->ci_data_mode) &&\n" + "-\t\t\t(parent_ci->ci_filename_mode ==\n" "-\t\t\t child_ci->ci_filename_mode) &&\n" - "-\t\t\t(parent_ci->ci_flags = child_ci->ci_flags);\n" + "-\t\t\t(parent_ci->ci_flags == child_ci->ci_flags);\n" "-\t}\n" " \n" "-\tres = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx));\n" @@ -1251,12 +1261,12 @@ " \n" "-\treturn memcmp(parent_ctx.master_key_descriptor,\n" "-\t\t child_ctx.master_key_descriptor,\n" - "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) = 0 &&\n" - "-\t\t(parent_ctx.contents_encryption_mode =\n" + "-\t\t FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&\n" + "-\t\t(parent_ctx.contents_encryption_mode ==\n" "-\t\t child_ctx.contents_encryption_mode) &&\n" - "-\t\t(parent_ctx.filenames_encryption_mode =\n" + "-\t\t(parent_ctx.filenames_encryption_mode ==\n" "-\t\t child_ctx.filenames_encryption_mode) &&\n" - "-\t\t(parent_ctx.flags = child_ctx.flags);\n" + "-\t\t(parent_ctx.flags == child_ctx.flags);\n" "+\treturn fscrypt_policies_equal(&parent_policy, &child_policy);\n" " }\n" " EXPORT_SYMBOL(fscrypt_has_permitted_context);\n" @@ -1272,7 +1282,7 @@ " \tint res;\n" " \n" "@@ -252,16 +470,10 @@ int fscrypt_inherit_context(struct inode *parent, struct inode *child,\n" - " \tif (ci = NULL)\n" + " \tif (ci == NULL)\n" " \t\treturn -ENOKEY;\n" " \n" "-\tctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1;\n" @@ -1421,6 +1431,11 @@ " #define FS_IOC_REMOVE_ENCRYPTION_KEY\t _IOW('f', 24, struct fscrypt_remove_key_arg)\n" " #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 25, struct fscrypt_get_key_status_arg)\n" "-- \n" - 2.22.0 + "2.22.0\n" + "\n" + "\n" + "______________________________________________________\n" + "Linux MTD discussion mailing list\n" + http://lists.infradead.org/mailman/listinfo/linux-mtd/ -c53448821158afe7801f1f604034222a0758343aba1c10695b1a20437df3deca +03c0ac67fe4319075017241182fe96ee236ff03b14afe391f5d1ffd7f71419a4
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.