Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2193657iof; Tue, 7 Jun 2022 22:47:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJznDLfQl+88X8zRg2VUV21A75f4/84CgpZTHZGGd4uXQ2Rrl1+Wmn7BAVt4vpDi25J3ul10 X-Received: by 2002:a05:6a00:2444:b0:4fd:db81:cbdd with SMTP id d4-20020a056a00244400b004fddb81cbddmr33128294pfj.32.1654667262959; Tue, 07 Jun 2022 22:47:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654667262; cv=none; d=google.com; s=arc-20160816; b=ZZ6sjKlHmN2eeHFRiZXp3OwzCsG1S/oZVathVaLwzV9ygIQeS+nHAptSZWQAuUk1gJ wwgJsXz23ChBLt9K15LQcuRE+eP3xn2WPNBEwjZ59spjavvgLpkzHEvxhDK/8gLkLd6y fIsCcSPj3/FtZ3/pYDN9R47l0gREQ5o/naCCYTB1AAAmUIlT/jklyty0rSUsmmSWMuT/ nPcuKdR+pdwh3KyFjMuxreEbwd4iPsHdnLFEeDus3D4rnTW2Ofv8DPzVsAxEU7/NdArd J828W2hlRzI1VuUxgDJFL/f6XQChImdb99eC6ZPv15vI+zc8jQT6b4rnsOOtidfMYxOb 5Jdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=G/+jgT/kUt23q7GhVxQDcyGT3Dhb8xt3ZIOAQEMpx/M=; b=K422SMPF4njHURK2wAYMwcxIEPEBOTfnQsytOMjm6t0FG8o28Yc+puNLx+r+2rt3il bC/aJ0Qt4nCsHFAz3M7Y1DujMR29AHs2BiKUsJuGA2xU7pSCjSjD9qcshbMBGhJB4/h4 aLpw07WKqVBFP9mq1hyULAfq8RvdpJL7req7Stv5wcd7n4uZw78biji90YogZsn6gnaV sKFq4Bl9xbPafvL40lh5ZUVHgCV6BhX5KxCqOayufF/fkz+hAdxXaSfShbnyNXfOKgko v4Rvi5RO0YdlNhZQ3DRoy1PRa6EXPcDvAr20HlcO1x4F3pVch+BkpixrgItvUJknN23X bYYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hUwXKg62; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id h6-20020a63e146000000b003c5e4be54bbsi26048441pgk.240.2022.06.07.22.47.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 22:47:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hUwXKg62; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9016A2A279; Tue, 7 Jun 2022 22:12:22 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1387983AbiFHAbN (ORCPT + 99 others); Tue, 7 Jun 2022 20:31:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1382045AbiFGWcf (ORCPT ); Tue, 7 Jun 2022 18:32:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8B3426567; Tue, 7 Jun 2022 12:25:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 84872609D0; Tue, 7 Jun 2022 19:25:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93AD6C385A2; Tue, 7 Jun 2022 19:25:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654629937; bh=IIshUkAxO1CZOJEIgBTJRZiO8byvDzZcrFFUf+BgTwo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hUwXKg62Adlc3jLS3JUGWKjpUzxTbsNtX4u0xHEedl/m5WhMALjauFc3FdBpub6EH olX7zkwuY++SYYLeub4QSXj+w85v0JS3v+wH4uDUISCh0J83B4H4vK7pxdX6YhkQbR Nv81fbvDuSwT0pIi+JdgDn5RhdEArAxXguG/KAtQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Gabriel Krisman Bertazi , Theodore Tso Subject: [PATCH 5.18 871/879] ext4: only allow test_dummy_encryption when supported Date: Tue, 7 Jun 2022 19:06:29 +0200 Message-Id: <20220607165028.136774549@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220607165002.659942637@linuxfoundation.org> References: <20220607165002.659942637@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers commit 5f41fdaea63ddf96d921ab36b2af4a90ccdb5744 upstream. Make the test_dummy_encryption mount option require that the encrypt feature flag be already enabled on the filesystem, rather than automatically enabling it. Practically, this means that "-O encrypt" will need to be included in MKFS_OPTIONS when running xfstests with the test_dummy_encryption mount option. (ext4/053 also needs an update.) Moreover, as long as the preconditions for test_dummy_encryption are being tightened anyway, take the opportunity to start rejecting it when !CONFIG_FS_ENCRYPTION rather than ignoring it. The motivation for requiring the encrypt feature flag is that: - Having the filesystem auto-enable feature flags is problematic, as it bypasses the usual sanity checks. The specific issue which came up recently is that in kernel versions where ext4 supports casefold but not encrypt+casefold (v5.1 through v5.10), the kernel will happily add the encrypt flag to a filesystem that has the casefold flag, making it unmountable -- but only for subsequent mounts, not the initial one. This confused the casefold support detection in xfstests, causing generic/556 to fail rather than be skipped. - The xfstests-bld test runners (kvm-xfstests et al.) already use the required mkfs flag, so they will not be affected by this change. Only users of test_dummy_encryption alone will be affected. But, this option has always been for testing only, so it should be fine to require that the few users of this option update their test scripts. - f2fs already requires it (for its equivalent feature flag). Signed-off-by: Eric Biggers Reviewed-by: Gabriel Krisman Bertazi Link: https://lore.kernel.org/r/20220519204437.61645-1-ebiggers@kernel.org Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/ext4.h | 6 ----- fs/ext4/super.c | 60 +++++++++++++++++++++++++++++++++++--------------------- 2 files changed, 38 insertions(+), 28 deletions(-) --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1440,12 +1440,6 @@ struct ext4_super_block { #ifdef __KERNEL__ -#ifdef CONFIG_FS_ENCRYPTION -#define DUMMY_ENCRYPTION_ENABLED(sbi) ((sbi)->s_dummy_enc_policy.policy != NULL) -#else -#define DUMMY_ENCRYPTION_ENABLED(sbi) (0) -#endif - /* Number of quota types we support */ #define EXT4_MAXQUOTAS 3 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2428,11 +2428,12 @@ static int ext4_parse_param(struct fs_co ctx->spec |= EXT4_SPEC_DUMMY_ENCRYPTION; ctx->test_dummy_enc_arg = kmemdup_nul(param->string, param->size, GFP_KERNEL); + return 0; #else ext4_msg(NULL, KERN_WARNING, - "Test dummy encryption mount option ignored"); + "test_dummy_encryption option not supported"); + return -EINVAL; #endif - return 0; case Opt_dax: case Opt_dax_type: #ifdef CONFIG_FS_DAX @@ -2789,12 +2790,44 @@ err_jquota_specified: #endif } +static int ext4_check_test_dummy_encryption(const struct fs_context *fc, + struct super_block *sb) +{ +#ifdef CONFIG_FS_ENCRYPTION + const struct ext4_fs_context *ctx = fc->fs_private; + const struct ext4_sb_info *sbi = EXT4_SB(sb); + + if (!(ctx->spec & EXT4_SPEC_DUMMY_ENCRYPTION)) + return 0; + + if (!ext4_has_feature_encrypt(sb)) { + ext4_msg(NULL, KERN_WARNING, + "test_dummy_encryption requires encrypt feature"); + return -EINVAL; + } + /* + * This mount option is just for testing, and it's not worthwhile to + * implement the extra complexity (e.g. RCU protection) that would be + * needed to allow it to be set or changed during remount. We do allow + * it to be specified during remount, but only if there is no change. + */ + if (fc->purpose == FS_CONTEXT_FOR_RECONFIGURE && + !sbi->s_dummy_enc_policy.policy) { + ext4_msg(NULL, KERN_WARNING, + "Can't set test_dummy_encryption on remount"); + return -EINVAL; + } +#endif /* CONFIG_FS_ENCRYPTION */ + return 0; +} + static int ext4_check_opt_consistency(struct fs_context *fc, struct super_block *sb) { struct ext4_fs_context *ctx = fc->fs_private; struct ext4_sb_info *sbi = fc->s_fs_info; int is_remount = fc->purpose == FS_CONTEXT_FOR_RECONFIGURE; + int err; if ((ctx->opt_flags & MOPT_NO_EXT2) && IS_EXT2_SB(sb)) { ext4_msg(NULL, KERN_ERR, @@ -2824,20 +2857,9 @@ static int ext4_check_opt_consistency(st "for blocksize < PAGE_SIZE"); } -#ifdef CONFIG_FS_ENCRYPTION - /* - * This mount option is just for testing, and it's not worthwhile to - * implement the extra complexity (e.g. RCU protection) that would be - * needed to allow it to be set or changed during remount. We do allow - * it to be specified during remount, but only if there is no change. - */ - if ((ctx->spec & EXT4_SPEC_DUMMY_ENCRYPTION) && - is_remount && !sbi->s_dummy_enc_policy.policy) { - ext4_msg(NULL, KERN_WARNING, - "Can't set test_dummy_encryption on remount"); - return -1; - } -#endif + err = ext4_check_test_dummy_encryption(fc, sb); + if (err) + return err; if ((ctx->spec & EXT4_SPEC_DATAJ) && is_remount) { if (!sbi->s_journal) { @@ -5283,12 +5305,6 @@ no_journal: goto failed_mount_wq; } - if (DUMMY_ENCRYPTION_ENABLED(sbi) && !sb_rdonly(sb) && - !ext4_has_feature_encrypt(sb)) { - ext4_set_feature_encrypt(sb); - ext4_commit_super(sb); - } - /* * Get the # of file system overhead blocks from the * superblock if present.