From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: linux-btrfs@vger.kernel.org, ebiggers@google.com, kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v2 2/8] btrfs-progs: start tracking extent encryption context info
Date: Tue, 8 Aug 2023 13:22:21 -0400 [thread overview]
Message-ID: <47f04d1db075b2dcc704a59353c64ab368cf9b69.1691520000.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1691520000.git.sweettea-kernel@dorminy.me>
This recapitulates the kernel change named 'btrfs: start tracking extent
encryption context info".
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
kernel-shared/accessors.h | 2 ++
kernel-shared/fscrypt.h | 25 ++++++++++++++++++++++++
kernel-shared/tree-checker.c | 37 ++++++++++++++++++++++++++++--------
3 files changed, 56 insertions(+), 8 deletions(-)
create mode 100644 kernel-shared/fscrypt.h
diff --git a/kernel-shared/accessors.h b/kernel-shared/accessors.h
index 539c20d09..1302ce5e6 100644
--- a/kernel-shared/accessors.h
+++ b/kernel-shared/accessors.h
@@ -949,6 +949,8 @@ BTRFS_SETGET_STACK_FUNCS(stack_file_extent_disk_num_bytes,
struct btrfs_file_extent_item, disk_num_bytes, 64);
BTRFS_SETGET_STACK_FUNCS(stack_file_extent_compression,
struct btrfs_file_extent_item, compression, 8);
+BTRFS_SETGET_STACK_FUNCS(stack_file_extent_encryption,
+ struct btrfs_file_extent_item, encryption, 8);
BTRFS_SETGET_FUNCS(file_extent_type, struct btrfs_file_extent_item, type, 8);
BTRFS_SETGET_FUNCS(file_extent_disk_bytenr, struct btrfs_file_extent_item,
diff --git a/kernel-shared/fscrypt.h b/kernel-shared/fscrypt.h
new file mode 100644
index 000000000..32fda99ca
--- /dev/null
+++ b/kernel-shared/fscrypt.h
@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#ifndef BTRFS_FSCRYPT_H
+#define BTRFS_FSCRYPT_H
+
+static inline u32
+btrfs_file_extent_encryption_ctxsize(const struct extent_buffer *eb,
+ struct btrfs_file_extent_item *e)
+{
+ if (!btrfs_file_extent_encryption(eb, e))
+ return 0;
+
+ return btrfs_get_32(eb, e, offsetof(struct btrfs_file_extent_item,
+ encryption_context));
+}
+
+static inline u8
+btrfs_file_extent_ctxsize_from_item(const struct extent_buffer *leaf,
+ int nr)
+{
+ return (btrfs_item_size(leaf, nr) -
+ sizeof(struct btrfs_file_extent_item));
+}
+
+#endif
diff --git a/kernel-shared/tree-checker.c b/kernel-shared/tree-checker.c
index 107975891..2665b2038 100644
--- a/kernel-shared/tree-checker.c
+++ b/kernel-shared/tree-checker.c
@@ -25,6 +25,7 @@
#include "kernel-shared/ctree.h"
#include "kernel-shared/tree-checker.h"
#include "kernel-shared/disk-io.h"
+#include "kernel-shared/fscrypt.h"
#include "kernel-shared/compression.h"
#include "kernel-shared/volumes.h"
#include "kernel-shared/misc.h"
@@ -229,6 +230,7 @@ static int check_extent_data_item(struct extent_buffer *leaf,
u32 sectorsize = fs_info->sectorsize;
u32 item_size = btrfs_item_size(leaf, slot);
u64 extent_end;
+ u8 policy;
if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) {
file_extent_err(leaf, slot,
@@ -280,10 +282,11 @@ static int check_extent_data_item(struct extent_buffer *leaf,
BTRFS_NR_COMPRESS_TYPES - 1);
return -EUCLEAN;
}
- if (unlikely(btrfs_file_extent_encryption(leaf, fi))) {
+ policy = btrfs_file_extent_encryption(leaf, fi);
+ if (unlikely(policy >= BTRFS_NR_ENCRYPTION_TYPES)) {
file_extent_err(leaf, slot,
- "invalid encryption for file extent, have %u expect 0",
- btrfs_file_extent_encryption(leaf, fi));
+ "invalid encryption for file extent, have %u expect range [0, %u]",
+ policy, BTRFS_NR_ENCRYPTION_TYPES - 1);
return -EUCLEAN;
}
if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) {
@@ -312,12 +315,30 @@ static int check_extent_data_item(struct extent_buffer *leaf,
return 0;
}
- /* Regular or preallocated extent has fixed item size */
- if (unlikely(item_size != sizeof(*fi))) {
- file_extent_err(leaf, slot,
+ if (policy == BTRFS_ENCRYPTION_FSCRYPT) {
+ u8 ctxsize = btrfs_file_extent_encryption_ctxsize(leaf, fi);
+
+ if (unlikely(item_size != sizeof(*fi) + ctxsize)) {
+ file_extent_err(leaf, slot,
+ "invalid item size for encrypted file extent, have %u expect = %zu + context of size %u",
+ item_size, sizeof(*fi), ctxsize);
+ return -EUCLEAN;
+ }
+ /* Only regular extents should be encrypted. */
+ if (btrfs_file_extent_type(leaf, fi) != BTRFS_FILE_EXTENT_REG) {
+ file_extent_err(leaf, slot,
+ "invalid type for encrypted file extent, have %u expect %u",
+ btrfs_file_extent_type(leaf, fi),
+ BTRFS_FILE_EXTENT_REG);
+ return -EUCLEAN;
+ }
+ } else {
+ if (unlikely(item_size != sizeof(*fi))) {
+ file_extent_err(leaf, slot,
"invalid item size for reg/prealloc file extent, have %u expect %zu",
- item_size, sizeof(*fi));
- return -EUCLEAN;
+ item_size, sizeof(*fi));
+ return -EUCLEAN;
+ }
}
if (unlikely(CHECK_FE_ALIGNED(leaf, slot, fi, ram_bytes, sectorsize) ||
CHECK_FE_ALIGNED(leaf, slot, fi, disk_bytenr, sectorsize) ||
--
2.41.0
next prev parent reply other threads:[~2023-08-08 19:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 17:22 [PATCH v2 0/8] btrfs-progs: add encryption support Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 1/8] btrfs-progs: add new FEATURE_INCOMPAT_ENCRYPT flag Sweet Tea Dorminy
2023-08-08 17:22 ` Sweet Tea Dorminy [this message]
2023-08-08 17:22 ` [PATCH v2 3/8] btrfs-progs: add inode encryption contexts Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 4/8] btrfs-progs: save and load fscrypt extent contexts Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 5/8] btrfs-progs: interpret encrypted file extents Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 6/8] btrfs-progs: handle fscrypt context items Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 7/8] btrfs-progs: escape unprintable characters in names Sweet Tea Dorminy
2023-08-08 17:22 ` [PATCH v2 8/8] btrfs-progs: check: update inline extent length checking Sweet Tea Dorminy
2023-08-09 20:41 ` [PATCH v2 0/8] btrfs-progs: add encryption support Josef Bacik
2023-08-10 12:23 ` Neal Gompa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47f04d1db075b2dcc704a59353c64ab368cf9b69.1691520000.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=ebiggers@google.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).