From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Chandan Rajendra <chandan@linux.vnet.ibm.com>,
linux-fscrypt@vger.kernel.org
Subject: Re: [v4 PATCH] fscrypt: Allow modular crypto algorithms
Date: Fri, 3 Jan 2020 09:04:54 -0800 [thread overview]
Message-ID: <20200103170454.GM19521@gmail.com> (raw)
In-Reply-To: <20191227024700.7vrzuux32uyfdgum@gondor.apana.org.au>
On Fri, Dec 27, 2019 at 10:47:00AM +0800, Herbert Xu wrote:
> On Tue, Dec 24, 2019 at 04:38:52PM -0600, Eric Biggers wrote:
> >
> > This needs to be under EXT4_FS, not EXT3_FS. That should address the kbuild
> > test robot error.
>
> Yes indeed.
>
> ---8<---
> The commit 643fa9612bf1 ("fscrypt: remove filesystem specific
> build config option") removed modular support for fs/crypto. This
> causes the Crypto API to be built-in whenever fscrypt is enabled.
> This makes it very difficult for me to test modular builds of
> the Crypto API without disabling fscrypt which is a pain.
>
> As fscrypt is still evolving and it's developing new ties with the
> fs layer, it's hard to build it as a module for now.
>
> However, the actual algorithms are not required until a filesystem
> is mounted. Therefore we can allow them to be built as modules.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
> index ff5a1746cbae..02df95b44331 100644
> --- a/fs/crypto/Kconfig
> +++ b/fs/crypto/Kconfig
> @@ -2,13 +2,8 @@
> config FS_ENCRYPTION
> bool "FS Encryption (Per-file encryption)"
> select CRYPTO
> - select CRYPTO_AES
> - select CRYPTO_CBC
> - select CRYPTO_ECB
> - select CRYPTO_XTS
> - select CRYPTO_CTS
> - select CRYPTO_SHA512
> - select CRYPTO_HMAC
> + select CRYPTO_HASH
> + select CRYPTO_SKCIPHER
> select KEYS
> help
> Enable encryption of files and directories. This
> @@ -16,3 +11,15 @@ config FS_ENCRYPTION
> efficient since it avoids caching the encrypted and
> decrypted pages in the page cache. Currently Ext4,
> F2FS and UBIFS make use of this feature.
> +
> +# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
> +# allows the algorithms to be built as modules when all the filesystems are.
> +config FS_ENCRYPTION_ALGS
> + tristate
> + select CRYPTO_AES
> + select CRYPTO_CBC
> + select CRYPTO_CTS
> + select CRYPTO_ECB
> + select CRYPTO_HMAC
> + select CRYPTO_SHA512
> + select CRYPTO_XTS
> diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
> index ef42ab040905..db9bfa08d3e0 100644
> --- a/fs/ext4/Kconfig
> +++ b/fs/ext4/Kconfig
> @@ -39,6 +39,7 @@ config EXT4_FS
> select CRYPTO
> select CRYPTO_CRC32C
> select FS_IOMAP
> + select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
> help
> This is the next generation of the ext3 filesystem.
>
> diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
> index 652fd2e2b23d..599fb9194c6a 100644
> --- a/fs/f2fs/Kconfig
> +++ b/fs/f2fs/Kconfig
> @@ -6,6 +6,7 @@ config F2FS_FS
> select CRYPTO
> select CRYPTO_CRC32
> select F2FS_FS_XATTR if FS_ENCRYPTION
> + select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
> help
> F2FS is based on Log-structured File System (LFS), which supports
> versatile "flash-friendly" features. The design has been focused on
> diff --git a/fs/ubifs/Kconfig b/fs/ubifs/Kconfig
> index 69932bcfa920..45d3d207fb99 100644
> --- a/fs/ubifs/Kconfig
> +++ b/fs/ubifs/Kconfig
> @@ -12,6 +12,7 @@ config UBIFS_FS
> select CRYPTO_ZSTD if UBIFS_FS_ZSTD
> select CRYPTO_HASH_INFO
> select UBIFS_FS_XATTR if FS_ENCRYPTION
> + select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
> depends on MTD_UBI
> help
> UBIFS is a file system for flash devices which works on top of UBI.
>
Applied to fscrypt.git#master for 5.6.
- Eric
next prev parent reply other threads:[~2020-01-03 17:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-21 14:30 [PATCH] fscrypt: Restore modular support Herbert Xu
2019-12-21 23:44 ` Eric Biggers
2019-12-22 8:41 ` [v2 PATCH] fscrypt: Allow modular crypto algorithms Herbert Xu
2019-12-22 16:45 ` Eric Biggers
2019-12-23 7:46 ` [v3 " Herbert Xu
2019-12-24 22:38 ` Eric Biggers
2019-12-27 2:47 ` [v4 " Herbert Xu
2020-01-03 17:04 ` Eric Biggers [this message]
2019-12-24 11:44 ` [PATCH] fscrypt: Restore modular support kbuild test robot
2019-12-24 11:44 ` kbuild test robot
2019-12-24 11:58 ` kbuild test robot
2019-12-24 11:58 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200103170454.GM19521@gmail.com \
--to=ebiggers@kernel.org \
--cc=chandan@linux.vnet.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=jaegeuk@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.