summaryrefslogtreecommitdiff
path: root/fs/crypto
diff options
context:
space:
mode:
authorDavid Gstir <david@sigma-star.at>2016-11-13 22:20:48 +0100
committerTheodore Ts'o <tytso@mit.edu>2016-11-13 20:18:16 -0500
commit9c4bb8a3a9b4de21753053d667310c2b7cb39916 (patch)
treef384bbd76dfc293f2cc66c770c5ccfdbc42c43c8 /fs/crypto
parent0b93e1b94b86f826d18a2aaf219a53e271274d49 (diff)
fscrypt: Let fs select encryption index/tweak
Avoid re-use of page index as tweak for AES-XTS when multiple parts of same page are encrypted. This will happen on multiple (partial) calls of fscrypt_encrypt_page on same page. page->index is only valid for writeback pages. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/crypto')
-rw-r--r--fs/crypto/crypto.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index f5c5e84ea9db..b6029785714c 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -218,6 +218,8 @@ static struct page *alloc_bounce_page(struct fscrypt_ctx *ctx, gfp_t gfp_flags)
* @plaintext_page: The page to encrypt. Must be locked.
* @plaintext_len: Length of plaintext within page
* @plaintext_offset: Offset of plaintext within page
+ * @index: Index for encryption. This is mainly the page index, but
+ * but might be different for multiple calls on same page.
* @gfp_flags: The gfp flag for memory allocation
*
* Encrypts plaintext_page using the ctx encryption context. If
@@ -235,7 +237,7 @@ struct page *fscrypt_encrypt_page(const struct inode *inode,
struct page *plaintext_page,
unsigned int plaintext_len,
unsigned int plaintext_offset,
- gfp_t gfp_flags)
+ pgoff_t index, gfp_t gfp_flags)
{
struct fscrypt_ctx *ctx;
@@ -256,7 +258,7 @@ struct page *fscrypt_encrypt_page(const struct inode *inode,
}
ctx->w.control_page = plaintext_page;
- err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
+ err = do_page_crypto(inode, FS_ENCRYPT, index,
plaintext_page, ciphertext_page,
plaintext_len, plaintext_offset,
gfp_flags);
@@ -283,6 +285,7 @@ EXPORT_SYMBOL(fscrypt_encrypt_page);
* @page: The page to decrypt. Must be locked.
* @len: Number of bytes in @page to be decrypted.
* @offs: Start of data in @page.
+ * @index: Index for encryption.
*
* Decrypts page in-place using the ctx encryption context.
*
@@ -291,7 +294,7 @@ EXPORT_SYMBOL(fscrypt_encrypt_page);
* Return: Zero on success, non-zero otherwise.
*/
int fscrypt_decrypt_page(const struct inode *inode, struct page *page,
- unsigned int len, unsigned int offs)
+ unsigned int len, unsigned int offs, pgoff_t index)
{
return do_page_crypto(inode, FS_DECRYPT, page->index, page, page, len, offs,
GFP_NOFS);
@@ -430,7 +433,7 @@ static void completion_pages(struct work_struct *work)
bio_for_each_segment_all(bv, bio, i) {
struct page *page = bv->bv_page;
int ret = fscrypt_decrypt_page(page->mapping->host, page,
- PAGE_SIZE, 0);
+ PAGE_SIZE, 0, page->index);
if (ret) {
WARN_ON_ONCE(1);