From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
dedekind1@gmail.com, adrian.hunter@intel.com, tytso@mit.edu,
jaegeuk@kernel.org, david@sigma-star.at, wd@denx.de,
sbabic@denx.de, dengler@linutronix.de, ebiggers@google.com,
mhalcrow@google.com, hch@infradead.org,
Richard Weinberger <richard@nod.at>
Subject: [PATCH 28/29] ubifs: Implement UBIFS_FLG_ENCRYPTION
Date: Sun, 13 Nov 2016 22:21:11 +0100 [thread overview]
Message-ID: <1479072072-6844-29-git-send-email-richard@nod.at> (raw)
In-Reply-To: <1479072072-6844-1-git-send-email-richard@nod.at>
This feature flag indicates that the filesystem contains encrypted
files.
Signed-off-by: Richard Weinberger <richard@nod.at>
---
fs/ubifs/ioctl.c | 5 +++++
fs/ubifs/sb.c | 40 ++++++++++++++++++++++++++++++++++++++++
fs/ubifs/ubifs-media.h | 2 ++
fs/ubifs/ubifs.h | 3 +++
4 files changed, 50 insertions(+)
diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c
index 6bb5b35050de..3d10f5525274 100644
--- a/fs/ubifs/ioctl.c
+++ b/fs/ubifs/ioctl.c
@@ -183,6 +183,7 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
}
case FS_IOC_SET_ENCRYPTION_POLICY: {
#ifdef CONFIG_UBIFS_FS_ENCRYPTION
+ struct ubifs_info *c = inode->i_sb->s_fs_info;
struct fscrypt_policy policy;
if (copy_from_user(&policy,
@@ -190,6 +191,10 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
sizeof(policy)))
return -EFAULT;
+ err = ubifs_enable_encryption(c);
+ if (err)
+ return err;
+
err = fscrypt_process_policy(file, &policy);
return err;
diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c
index 4a2b4c361587..54cef70ea16f 100644
--- a/fs/ubifs/sb.c
+++ b/fs/ubifs/sb.c
@@ -622,6 +622,16 @@ int ubifs_read_superblock(struct ubifs_info *c)
c->big_lpt = !!(sup_flags & UBIFS_FLG_BIGLPT);
c->space_fixup = !!(sup_flags & UBIFS_FLG_SPACE_FIXUP);
c->double_hash = !!(sup_flags & UBIFS_FLG_DOUBLE_HASH);
+ c->encrypted = !!(sup_flags & UBIFS_FLG_ENCRYPTION);
+
+#ifndef CONFIG_UBIFS_FS_ENCRYPTION
+ if (c->encrypted) {
+ ubifs_err(c, "file system contains encrypted files but UBIFS"
+ " was built without crypto support.");
+ err = -EINVAL;
+ goto out;
+ }
+#endif
/* Automatically increase file system size to the maximum size */
c->old_leb_cnt = c->leb_cnt;
@@ -809,3 +819,33 @@ int ubifs_fixup_free_space(struct ubifs_info *c)
ubifs_msg(c, "free space fixup complete");
return err;
}
+
+int ubifs_enable_encryption(struct ubifs_info *c)
+{
+ int err;
+ struct ubifs_sb_node *sup;
+
+ if (c->encrypted)
+ return 0;
+
+ if (c->ro_mount || c->ro_media)
+ return -EROFS;
+
+ if (c->fmt_version < 5) {
+ ubifs_err(c, "on-flash format version 5 is needed for encryption");
+ return -EINVAL;
+ }
+
+ sup = ubifs_read_sb_node(c);
+ if (IS_ERR(sup))
+ return PTR_ERR(sup);
+
+ sup->flags |= cpu_to_le32(UBIFS_FLG_ENCRYPTION);
+
+ err = ubifs_write_sb_node(c, sup);
+ if (!err)
+ c->encrypted = 1;
+ kfree(sup);
+
+ return err;
+}
diff --git a/fs/ubifs/ubifs-media.h b/fs/ubifs/ubifs-media.h
index 0cbdc6b70a00..bdc7935a5e41 100644
--- a/fs/ubifs/ubifs-media.h
+++ b/fs/ubifs/ubifs-media.h
@@ -420,11 +420,13 @@ enum {
* UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed
* UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to
* support 64bit cookies for lookups by hash
+ * UBIFS_FLG_ENCRYPTION: this filesystem contains encrypted files
*/
enum {
UBIFS_FLG_BIGLPT = 0x02,
UBIFS_FLG_SPACE_FIXUP = 0x04,
UBIFS_FLG_DOUBLE_HASH = 0x08,
+ UBIFS_FLG_ENCRYPTION = 0x10,
};
/**
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h
index 55c8e76d9d84..546054cb9d20 100644
--- a/fs/ubifs/ubifs.h
+++ b/fs/ubifs/ubifs.h
@@ -1016,6 +1016,7 @@ struct ubifs_debug_info;
* @big_lpt: flag that LPT is too big to write whole during commit
* @space_fixup: flag indicating that free space in LEBs needs to be cleaned up
* @double_hash: flag indicating that we can do lookups by hash
+ * @encrypted: flag indicating that this file system contains encrypted files
* @no_chk_data_crc: do not check CRCs when reading data nodes (except during
* recovery)
* @bulk_read: enable bulk-reads
@@ -1259,6 +1260,7 @@ struct ubifs_info {
unsigned int big_lpt:1;
unsigned int space_fixup:1;
unsigned int double_hash:1;
+ unsigned int encrypted:1;
unsigned int no_chk_data_crc:1;
unsigned int bulk_read:1;
unsigned int default_compr:2;
@@ -1658,6 +1660,7 @@ int ubifs_read_superblock(struct ubifs_info *c);
struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c);
int ubifs_write_sb_node(struct ubifs_info *c, struct ubifs_sb_node *sup);
int ubifs_fixup_free_space(struct ubifs_info *c);
+int ubifs_enable_encryption(struct ubifs_info *c);
/* replay.c */
int ubifs_validate_entry(struct ubifs_info *c,
--
2.7.3
next prev parent reply other threads:[~2016-11-13 21:22 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-13 21:20 [PATCH 00/29] UBIFS File Encryption v1 Richard Weinberger
2016-11-13 21:20 ` [PATCH 01/29] fscrypt: Add in-place encryption mode Richard Weinberger
2016-11-15 18:14 ` Eric Biggers
2016-11-25 12:09 ` David Gstir
2016-11-27 6:49 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 02/29] fscrypt: Allow fscrypt_decrypt_page() to function with non-writeback pages Richard Weinberger
2016-11-15 18:19 ` Eric Biggers
2016-11-24 17:43 ` David Gstir
2016-11-13 21:20 ` [PATCH 03/29] fscrypt: Enable partial page encryption Richard Weinberger
2016-11-15 18:31 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 04/29] fscrypt: Constify struct inode pointer Richard Weinberger
2016-11-13 21:20 ` [PATCH 05/29] fscrypt: Let fs select encryption index/tweak Richard Weinberger
2016-11-15 18:43 ` Eric Biggers
[not found] ` <98AAB80A-A0BE-4408-A514-DC3B8D19C5F7@sigma-star.at>
2016-11-27 7:00 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 06/29] ubifs: Export ubifs_check_dir_empty() Richard Weinberger
2016-11-13 21:20 ` [PATCH 07/29] ubifs: Export xattr get and set functions Richard Weinberger
2016-11-13 21:20 ` [PATCH 08/29] ubifs: Define UBIFS crypto context xattr Richard Weinberger
2016-11-13 21:20 ` [PATCH 09/29] ubifs: Add skeleton for fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 10/29] ubifs: Massage ubifs_listxattr() for encryption context Richard Weinberger
2016-11-13 21:20 ` [PATCH 11/29] ubifs: Implement directory open operation Richard Weinberger
2016-11-13 21:20 ` [PATCH 12/29] ubifs: Implement file " Richard Weinberger
2016-11-13 21:20 ` [PATCH 13/29] ubifs: Enforce crypto policy in ->link and ->rename Richard Weinberger
2016-11-13 21:20 ` [PATCH 14/29] ubifs: Preload crypto context in ->lookup() Richard Weinberger
2016-11-13 21:20 ` [PATCH 15/29] ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 16/29] ubifs: Enforce crypto policy in mmap Richard Weinberger
2016-11-13 21:21 ` [PATCH 17/29] ubifs: Introduce new data node field, compr_size Richard Weinberger
2016-11-13 21:21 ` [PATCH 18/29] ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() Richard Weinberger
2016-11-13 21:21 ` [PATCH 19/29] ubifs: Implement encrypt/decrypt for all IO Richard Weinberger
2016-11-13 23:03 ` kbuild test robot
2016-11-13 21:21 ` [PATCH 20/29] ubifs: Relax checks in ubifs_validate_entry() Richard Weinberger
2016-11-13 21:21 ` [PATCH 21/29] ubifs: Make r5 hash binary string aware Richard Weinberger
2016-11-13 21:21 ` [PATCH 22/29] ubifs: Implement encrypted filenames Richard Weinberger
2016-11-13 21:21 ` [PATCH 23/29] ubifs: Add support for encrypted symlinks Richard Weinberger
2016-11-13 21:21 ` [PATCH 24/29] ubifs: Rename tnc_read_node_nm Richard Weinberger
2016-11-13 21:21 ` [PATCH 25/29] ubifs: Add full hash lookup support Richard Weinberger
2016-11-13 21:21 ` [PATCH 26/29] ubifs: Use a random number for cookies Richard Weinberger
2016-11-13 21:21 ` [PATCH 27/29] ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2016-11-13 21:21 ` Richard Weinberger [this message]
2016-11-13 21:21 ` [PATCH 29/29] ubifs: Raise write version to 5 Richard Weinberger
2016-11-14 3:05 ` [PATCH 00/29] UBIFS File Encryption v1 Theodore Ts'o
2016-11-14 12:01 ` Richard Weinberger
2016-11-25 8:18 ` Richard Weinberger
2016-11-27 17:52 ` Theodore Ts'o
2016-11-27 22:21 ` Richard Weinberger
2016-11-28 0:43 ` Theodore Ts'o
2016-11-28 1:27 ` Eric Biggers
2016-11-29 2:27 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479072072-6844-29-git-send-email-richard@nod.at \
--to=richard@nod.at \
--cc=adrian.hunter@intel.com \
--cc=david@sigma-star.at \
--cc=dedekind1@gmail.com \
--cc=dengler@linutronix.de \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=sbabic@denx.de \
--cc=tytso@mit.edu \
--cc=wd@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).