summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-13ubifs: Use FS_CFLG_OWN_PAGESRichard Weinberger
Commit bd7b8290388d ("fscrypt: Cleanup page locking requirements for fscrypt_{decrypt,encrypt}_page()") renamed the flag. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Raise write version to 5Richard Weinberger
Starting with version 5 the following properties change: - UBIFS_FLG_DOUBLE_HASH is mandatory - UBIFS_FLG_ENCRYPTION is optional but depdens on UBIFS_FLG_DOUBLE_HASH - Filesystems with unknown super block flags will be rejected, this allows us in future to add new features without raising the UBIFS write version. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement UBIFS_FLG_ENCRYPTIONRichard Weinberger
This feature flag indicates that the filesystem contains encrypted files. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement UBIFS_FLG_DOUBLE_HASHRichard Weinberger
This feature flag indicates that all directory entry nodes have a 32bit cookie set and therefore UBIFS is allowed to perform lookups by hash. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Use a random number for cookiesRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Add full hash lookup supportRichard Weinberger
UBIFS stores a 32bit hash of every file, for traditional lookups by name this scheme is fine since UBIFS can first try to find the file by the hash of the filename and upon collisions it can walk through all entries with the same hash and do a string compare. When filesnames are encrypted fscrypto will ask the filesystem for a unique cookie, based on this cookie the filesystem has to be able to locate the target file again. With 32bit hashes this is impossible because the chance for collisions is very high. Do deal with that we store a 32bit cookie directly in the UBIFS directory entry node such that we get a 64bit cookie (32bit from filename hash and the dent cookie). For a lookup by hash UBIFS finds the entry by the first 32bit and then compares the dent cookie. If it does not match, it has to do a linear search of the whole directory and compares all dent cookies until the correct entry is found. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Rename tnc_read_node_nmRichard Weinberger
tnc_read_hashed_node() is a better name since we read a node by a given hash, not a name. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Add support for encrypted symlinksRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement encrypted filenamesRichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Make r5 hash binary string awareRichard Weinberger
As of now all filenames known by UBIFS are strings with a NUL terminator. With encrypted filenames a filename can be any binary string and the r5 function cannot search for the NUL terminator. UBIFS always knows how long a filename is, therefore we can change the hash function to iterate over the filename length to work correctly with binary strings. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Relax checks in ubifs_validate_entry()Richard Weinberger
With encrypted filenames we store raw binary data, doing string tests is no longer possible. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement encrypt/decrypt for all IORichard Weinberger
Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted()Richard Weinberger
...and provide a non const variant for fscrypto Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Introduce new data node field, compr_sizeRichard Weinberger
When data of a data node is compressed and encrypted we need to store the size of the compressed data because before encryption we may have to add padding bytes. For the new field we consume the last two padding bytes in struct ubifs_data_node. Two bytes are fine because the data length is at most 4096. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Enforce crypto policy in mmapRichard Weinberger
We need this extra check in mmap because a process could gain an already opened fd. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Massage assert in ubifs_xattr_set() wrt. fscryptoRichard Weinberger
When we're creating a new inode in UBIFS the inode is not yet exposed and fscrypto calls ubifs_xattr_set() without holding the inode mutex. This is okay but ubifs_xattr_set() has to know about this. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Preload crypto context in ->lookup()Richard Weinberger
...and mark the dentry as encrypted. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Enforce crypto policy in ->link and ->renameRichard Weinberger
When a file is moved or linked into another directory its current crypto policy has to be compatible with the target policy. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement file open operationRichard Weinberger
We need ->open() for files to load the crypto key. If the no key is present and the file is encrypted, refuse to open. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Implement directory open operationRichard Weinberger
We need the ->open() hook to load the crypto context which is needed for all crypto operations within that directory. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Massage ubifs_listxattr() for encryption contextRichard Weinberger
We have to make sure that we don't expose our internal crypto context to userspace. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Add skeleton for fscryptoRichard Weinberger
This is the first building block to provide file level encryption on UBIFS. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Define UBIFS crypto context xattrRichard Weinberger
Like ext4 UBIFS will store the crypto context in a xattr attribute. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Export xattr get and set functionsRichard Weinberger
For fscrypto we need this function outside of xattr.c. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Export ubifs_check_dir_empty()Richard Weinberger
fscrypto will need this function too. Also get struct ubifs_info from the provided inode. Not all callers will have a reference to struct ubifs_info. Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Remove some dead codeChristophe Jaillet
'ubifs_fast_find_freeable()' can not return an error pointer, so this test can be removed. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Use dirty_writeback_interval value for wbuf timerRafał Miłecki
Right now wbuf timer has hardcoded timeouts and there is no place for manual adjustments. Some projects / cases many need that though. Few file systems allow doing that by respecting dirty_writeback_interval that can be set using sysctl (dirty_writeback_centisecs). Lowering dirty_writeback_interval could be some way of dealing with user space apps lacking proper fsyncs. This is definitely *not* a perfect solution but we don't have ideal (user space) world. There were already advanced discussions on this matter, mostly when ext4 was introduced and it wasn't behaving as ext3. Anyway, the final decision was to add some hacks to the ext4, as trying to fix whole user space or adding new API was pointless. We can't (and shouldn't?) just follow ext4. We can't e.g. sync on close as this would cause too many commits and flash wearing. On the other hand we still should allow some trade-off between -o sync and default wbuf timeout. Respecting dirty_writeback_interval should allow some sane cutomizations if used warily. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-12ubifs: Drop softlimit and delta fields from struct ubifs_wbufRafał Miłecki
Values of these fields are set during init and never modified. They are used (read) in a single function only. There isn't really any reason to keep them in a struct. It only makes struct just a bit bigger without any visible gain. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
2016-12-11fscrypt: Rename FS_WRITE_PATH_FL to FS_CTX_HAS_BOUNCE_BUFFER_FLDavid Gstir
... to better explain its purpose after introducing in-place encryption without bounce buffer. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: Delay bounce page pool allocation until neededDavid Gstir
Since fscrypt users can now indicated if fscrypt_encrypt_page() should use a bounce page, we can delay the bounce page pool initialization util it is really needed. That is until fscrypt_operations has no FS_CFLG_OWN_PAGES flag set. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: Cleanup page locking requirements for fscrypt_{decrypt,encrypt}_page()David Gstir
Rename the FS_CFLG_INPLACE_ENCRYPTION flag to FS_CFLG_OWN_PAGES which, when set, indicates that the fs uses pages under its own control as opposed to writeback pages which require locking and a bounce buffer for encryption. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: Cleanup fscrypt_{decrypt,encrypt}_page()David Gstir
- Improve documentation - Add BUG_ON(len == 0) to avoid accidental switch of offs and len parameters - Improve variable names for readability Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: Never allocate fscrypt_ctx on in-place encryptionDavid Gstir
In case of in-place encryption fscrypt_ctx was allocated but never released. Since we don't need it for in-place encryption, we skip allocating it. Fixes: 1c7dcf69eea3 ("fscrypt: Add in-place encryption mode") Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: Use correct index in decrypt path.David Gstir
Actually use the fs-provided index instead of always using page->index which is only set for page-cache pages. Fixes: 9c4bb8a3a9b4 ("fscrypt: Let fs select encryption index/tweak") Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypt: move the policy flags and encryption mode definitions to uapi headerTheodore Ts'o
These constants are part of the UAPI, so they belong in include/uapi/linux/fs.h instead of include/linux/fscrypto.h Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Eric Biggers <ebiggers@google.com>
2016-12-11fscrypt: move non-public structures and constants to fscrypt_private.hTheodore Ts'o
Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Eric Biggers <ebiggers@google.com>
2016-12-11fscrypt: unexport fscrypt_initialize()Theodore Ts'o
The fscrypt_initalize() function isn't used outside fs/crypto, so there's no point making it be an exported symbol. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Eric Biggers <ebiggers@google.com>
2016-12-11fscrypt: rename get_crypt_info() to fscrypt_get_crypt_info()Theodore Ts'o
To avoid namespace collisions, rename get_crypt_info() to fscrypt_get_crypt_info(). The function is only used inside the fs/crypto directory, so declare it in the new header file, fscrypt_private.h. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Eric Biggers <ebiggers@google.com>
2016-12-11fscrypto: move ioctl processing more fully into common codeEric Biggers
Multiple bugs were recently fixed in the "set encryption policy" ioctl. To make it clear that fscrypt_process_policy() and fscrypt_get_policy() implement ioctls and therefore their implementations must take standard security and correctness precautions, rename them to fscrypt_ioctl_set_policy() and fscrypt_ioctl_get_policy(). Make the latter take in a struct file * to make it consistent with the former. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11fscrypto: remove unneeded Kconfig dependenciesEric Biggers
SHA256 and ENCRYPTED_KEYS are not needed. CTR shouldn't be needed either, but I left it for now because it was intentionally added by commit 71dea01ea2ed ("ext4 crypto: require CONFIG_CRYPTO_CTR if ext4 encryption is enabled"). So it sounds like there may be a dependency problem elsewhere, which I have not been able to identify specifically, that must be solved before CTR can be removed. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-11MAINTAINERS: fscrypto: recommend linux-fsdevel for fscrypto patchesEric Biggers
The filesystem level encryption support, currently used by ext4 and f2fs and proposed for ubifs, does not yet have a dedicated mailing list. Since no mailing lists were specified in MAINTAINERS, get_maintainer.pl only recommended to send patches directly to the maintainers and to linux-kernel. This patch adds linux-fsdevel as the preferred mailing list for fscrypto patches for the time being. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypto: don't use on-stack buffer for key derivationEric Biggers
With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. get_crypt_info() was using a stack buffer to hold the output from the encryption operation used to derive the per-file key. Fix it by using a heap buffer. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypto: don't use on-stack buffer for filename encryptionEric Biggers
With the new (in 4.9) option to use a virtually-mapped stack (CONFIG_VMAP_STACK), stack buffers cannot be used as input/output for the scatterlist crypto API because they may not be directly mappable to struct page. For short filenames, fname_encrypt() was encrypting a stack buffer holding the padded filename. Fix it by encrypting the filename in-place in the output buffer, thereby making the temporary buffer unnecessary. This bug could most easily be observed in a CONFIG_DEBUG_SG kernel because this allowed the BUG in sg_set_buf() to be triggered. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypt: Let fs select encryption index/tweakDavid Gstir
Avoid re-use of page index as tweak for AES-XTS when multiple parts of same page are encrypted. This will happen on multiple (partial) calls of fscrypt_encrypt_page on same page. page->index is only valid for writeback pages. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypt: Constify struct inode pointerDavid Gstir
Some filesystems, such as UBIFS, maintain a const pointer for struct inode. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypt: Enable partial page encryptionDavid Gstir
Not all filesystems work on full pages, thus we should allow them to hand partial pages to fscrypt for en/decryption. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypt: Allow fscrypt_decrypt_page() to function with non-writeback pagesDavid Gstir
Some filesystem might pass pages which do not have page->mapping->host set to the encrypted inode. We want the caller to explicitly pass the corresponding inode. Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-13fscrypt: Add in-place encryption modeDavid Gstir
ext4 and f2fs require a bounce page when encrypting pages. However, not all filesystems will need that (eg. UBIFS). This is handled via a flag on fscrypt_operations where a fs implementation can select in-place encryption over using a bounce page (which is the default). Signed-off-by: David Gstir <david@sigma-star.at> Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-11-05Linux 4.9-rc4Linus Torvalds
2016-11-05Merge branch 'i2c/for-current' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fix from Wolfram Sang: "A bugfix for the I2C core fixing a (rare) race condition" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: core: fix NULL pointer dereference under race condition