Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp720571rwb; Thu, 10 Nov 2022 06:39:14 -0800 (PST) X-Google-Smtp-Source: AMsMyM7iNOdOEuGrpECb62MgOhv6GBibBY7yyw6VuH8y9bQWMMmwZKXAjCNSVvg4nL/yNdDnXSrN X-Received: by 2002:a17:907:2bd9:b0:7ad:c301:a799 with SMTP id gv25-20020a1709072bd900b007adc301a799mr55202180ejc.713.1668091153727; Thu, 10 Nov 2022 06:39:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668091153; cv=none; d=google.com; s=arc-20160816; b=nfhAhaNMV4iH12DAYTUHBG13aIuz9+9Bn2Aoq6EPGVu/6QwsqW8/OJYuOE8dMovWwe aRnbVLhYNyoO7peWNYoep1kFyyGtIPejmffFeiSz4NTxS3v6Jblw1wpmNtAqngj79mCE D7ZECDOVLvI2YcxFEf4j5DSIbGT4g8FjO3t5GdWgk13xE8uBXngR/AgTJrNIKAg3NxSA 9YKOdWs5mhHljtPR5rLCcVF/gKJ9UcFrG6/ONpZf8YKjAt0XnGLjGuz8x9bI+/eyjZQj sR0kBAnvNuZ5IGz1mJKOBozjtlMR0Db3p7YmRHFUw5f08qbishYMe8uIryXlkaOnRvfx Vlww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7mBXMF4B6CEl+n3vdku7YjkCRNE2TryZTPl46Y2nSdE=; b=K5HGaMg1Wdqs3zueIDr8LI3v2QP9g1iwb2qynRtsYVkwS0dAPli514fjrXY3VX71+3 Z0WRTIYunVinQ0OaSsSety1MEXLAF1eDXZ4k3AwvMCUnw3L/05aL3Y4HDb+Whie1HUvy z/Mbh5Dc9mc23yes+sXzYrx81EUgl9E6eyTPLZ4KDvOoH7Vf9RI5GdZtcUHcJItbLzZf ZHFFZ5tJ0rySPKOE5/hfdoFsMvRrNm1y3Twl+g4AoS1maNWbQDbDkVlUkhFnh/tF9s6P DoaozN4N3BAQ0opbJR8amEJHhmqoZXKbeT+YG07Xg8HW60c4w/TqNuoacJu5cbmHbpjF wfTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aAIMblh0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c9-20020a056402120900b004627b98ab6fsi16226492edw.69.2022.11.10.06.38.45; Thu, 10 Nov 2022 06:39:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aAIMblh0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229656AbiKJON6 (ORCPT + 92 others); Thu, 10 Nov 2022 09:13:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230347AbiKJONq (ORCPT ); Thu, 10 Nov 2022 09:13:46 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B43E56DCD0 for ; Thu, 10 Nov 2022 06:12:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668089566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7mBXMF4B6CEl+n3vdku7YjkCRNE2TryZTPl46Y2nSdE=; b=aAIMblh0n7827gvU35xvYyzfblmIBdDzVKECxlABX3Eoz7dnRWhom6iJRYEZFQZPQgr7wR j1rv8cDPE9j/heD0/U1IrYvvolQEAEYagOvI88D6KVPvYxBbW1ZYeMPARFJzLinljd+5gs WP/DUnjarbZts7cXqtNbIs2QvU8gfK4= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-20-ijXj1jSpOyO2ErL4-Ht8OQ-1; Thu, 10 Nov 2022 09:12:43 -0500 X-MC-Unique: ijXj1jSpOyO2ErL4-Ht8OQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 545582999B4A; Thu, 10 Nov 2022 14:12:43 +0000 (UTC) Received: from localhost (unknown [10.39.208.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EB351492B0F; Thu, 10 Nov 2022 14:12:42 +0000 (UTC) From: Niels de Vos To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Xiubo Li , Marcel Lauhoff , Niels de Vos Subject: [RFC 3/4] fs: make fscrypt support a f2fs config option Date: Thu, 10 Nov 2022 15:12:24 +0100 Message-Id: <20221110141225.2308856-4-ndevos@redhat.com> In-Reply-To: <20221110141225.2308856-1-ndevos@redhat.com> References: <20221110141225.2308856-1-ndevos@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add CONFIG_F2FS_FS_ENCRYPTION as a config option, which depends on the global CONFIG_FS_ENCRYPTION setting. This makes it possible to opt-out of fscrypt for f2fs, while enabling it for others. Signed-off-by: Niels de Vos --- fs/crypto/Kconfig | 1 + fs/f2fs/Kconfig | 15 +++++++++++++-- fs/f2fs/data.c | 2 +- fs/f2fs/dir.c | 6 +++--- fs/f2fs/f2fs.h | 6 +++--- fs/f2fs/super.c | 6 +++--- fs/f2fs/sysfs.c | 8 ++++---- 7 files changed, 28 insertions(+), 16 deletions(-) diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index 7e1267deee51..a809847e820d 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -7,6 +7,7 @@ config FS_ENCRYPTION select CRYPTO_LIB_SHA256 select KEYS imply EXT4_FS_ENCRYPTION + imply F2FS_FS_ENCRYPTION help Enable encryption of files and directories. This feature is similar to ecryptfs, but it is more memory diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig index 03ef087537c7..801ade82d5c6 100644 --- a/fs/f2fs/Kconfig +++ b/fs/f2fs/Kconfig @@ -5,8 +5,6 @@ config F2FS_FS select NLS select CRYPTO select CRYPTO_CRC32 - select F2FS_FS_XATTR if FS_ENCRYPTION - select FS_ENCRYPTION_ALGS if FS_ENCRYPTION select FS_IOMAP select LZ4_COMPRESS if F2FS_FS_LZ4 select LZ4_DECOMPRESS if F2FS_FS_LZ4 @@ -76,6 +74,19 @@ config F2FS_FS_SECURITY If you are not using a security module, say N. +config F2FS_FS_ENCRYPTION + bool "F2FS with support for filesystem encryption" + depends on F2FS_FS + depends on FS_ENCRYPTION + select F2FS_FS_XATTR + select FS_ENCRYPTION_ALGS if FS_ENCRYPTION + help + Enable encryption of files and directories. This feature is similar + to ecryptfs, but it is more memory efficient since it avoids caching + the encrypted and decrypted pages in the page cache. + + If unsure, say N. + config F2FS_CHECK_FS bool "F2FS consistency checking feature" depends on F2FS_FS diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index a71e818cd67b..446d2eba964e 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -94,7 +94,7 @@ static enum count_type __read_io_type(struct page *page) /* postprocessing steps for read bios */ enum bio_post_read_step { -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION STEP_DECRYPT = 1 << 0, #else STEP_DECRYPT = 0, /* compile out the decryption-related code */ diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index 21960a899b6a..206580b312fb 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -114,7 +114,7 @@ static int __f2fs_setup_filename(const struct inode *dir, fname->usr_fname = crypt_name->usr_fname; fname->disk_name = crypt_name->disk_name; -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION fname->crypto_buf = crypt_name->crypto_buf; #endif if (crypt_name->is_nokey_name) { @@ -171,7 +171,7 @@ int f2fs_prepare_lookup(struct inode *dir, struct dentry *dentry, void f2fs_free_filename(struct f2fs_filename *fname) { -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION kfree(fname->crypto_buf.name); fname->crypto_buf.name = NULL; #endif @@ -276,7 +276,7 @@ static inline int f2fs_match_name(const struct inode *dir, #endif f.usr_fname = fname->usr_fname; f.disk_name = fname->disk_name; -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION f.crypto_buf = fname->crypto_buf; #endif return fscrypt_match_name(&f, de_name, de_name_len); diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 194844029633..fd0da8ce6108 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -26,7 +26,7 @@ #include #include -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION #define USE_FS_ENCRYPTION #endif #include @@ -507,7 +507,7 @@ struct f2fs_filename { /* The dirhash of this filename */ f2fs_hash_t hash; -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION /* * For lookups in encrypted directories: either the buffer backing * disk_name, or a buffer that holds the decoded no-key name. @@ -4194,7 +4194,7 @@ static inline bool f2fs_encrypted_file(struct inode *inode) static inline void f2fs_set_encrypted_inode(struct inode *inode) { -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION file_set_encrypt(inode); f2fs_set_inode_flags(inode); #endif diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 3834ead04620..224f80bb7eed 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -503,7 +503,7 @@ static int f2fs_set_test_dummy_encryption(struct super_block *sb, &F2FS_OPTION(sbi).dummy_enc_policy; int err; - if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) { + if (!IS_ENABLED(CONFIG_F2FS_FS_ENCRYPTION)) { f2fs_warn(sbi, "test_dummy_encryption option not supported"); return -EINVAL; } @@ -2997,7 +2997,7 @@ static const struct super_operations f2fs_sops = { .remount_fs = f2fs_remount, }; -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION static int f2fs_get_context(struct inode *inode, void *ctx, size_t len) { return f2fs_getxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION, @@ -4157,7 +4157,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent) #endif sb->s_op = &f2fs_sops; -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION sb->s_cop = &f2fs_cryptops; #endif #ifdef CONFIG_FS_VERITY diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c index df27afd71ef4..65e135a84d57 100644 --- a/fs/f2fs/sysfs.c +++ b/fs/f2fs/sysfs.c @@ -848,13 +848,13 @@ F2FS_GENERAL_RO_ATTR(moved_blocks_foreground); F2FS_GENERAL_RO_ATTR(avg_vblocks); #endif -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION F2FS_FEATURE_RO_ATTR(encryption); F2FS_FEATURE_RO_ATTR(test_dummy_encryption_v2); #if IS_ENABLED(CONFIG_UNICODE) F2FS_FEATURE_RO_ATTR(encrypted_casefold); #endif -#endif /* CONFIG_FS_ENCRYPTION */ +#endif /* CONFIG_F2FS_FS_ENCRYPTION */ #ifdef CONFIG_BLK_DEV_ZONED F2FS_FEATURE_RO_ATTR(block_zoned); F2FS_RO_ATTR(F2FS_SBI, f2fs_sb_info, unusable_blocks_per_sec, @@ -1000,13 +1000,13 @@ static struct attribute *f2fs_attrs[] = { ATTRIBUTE_GROUPS(f2fs); static struct attribute *f2fs_feat_attrs[] = { -#ifdef CONFIG_FS_ENCRYPTION +#ifdef CONFIG_F2FS_FS_ENCRYPTION ATTR_LIST(encryption), ATTR_LIST(test_dummy_encryption_v2), #if IS_ENABLED(CONFIG_UNICODE) ATTR_LIST(encrypted_casefold), #endif -#endif /* CONFIG_FS_ENCRYPTION */ +#endif /* CONFIG_F2FS_FS_ENCRYPTION */ #ifdef CONFIG_BLK_DEV_ZONED ATTR_LIST(block_zoned), #endif -- 2.37.3