diff options
| author | Eric Biggers <ebiggers@google.com> | 2018-04-30 18:51:47 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2018-05-20 16:21:05 -0400 |
| commit | 544d08fde258b4da72b6cfbe2d7172c86ce9860d (patch) | |
| tree | 56d013a89974bd62e3ca974e090f495808edc64a /fs/crypto | |
| parent | 11b8818ec09d577567f59fc1b32cfa56c756fe89 (diff) | |
fscrypt: use a common logging function
Use a common function for fscrypt warning and error messages so that all
the messages are consistently ratelimited, include the "fscrypt:"
prefix, and include the filesystem name if applicable.
Also fix up a few of the log messages to be more descriptive.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/crypto')
| -rw-r--r-- | fs/crypto/crypto.c | 28 | ||||
| -rw-r--r-- | fs/crypto/fname.c | 10 | ||||
| -rw-r--r-- | fs/crypto/fscrypt_private.h | 8 | ||||
| -rw-r--r-- | fs/crypto/hooks.c | 5 | ||||
| -rw-r--r-- | fs/crypto/keyinfo.c | 27 |
5 files changed, 57 insertions, 21 deletions
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index f46191b6b3ed..243a269e6c5f 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c | |||
| @@ -174,9 +174,10 @@ int fscrypt_do_page_crypto(const struct inode *inode, fscrypt_direction_t rw, | |||
| 174 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); | 174 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); |
| 175 | skcipher_request_free(req); | 175 | skcipher_request_free(req); |
| 176 | if (res) { | 176 | if (res) { |
| 177 | printk_ratelimited(KERN_ERR | 177 | fscrypt_err(inode->i_sb, |
| 178 | "%s: crypto_skcipher_encrypt() returned %d\n", | 178 | "%scryption failed for inode %lu, block %llu: %d", |
| 179 | __func__, res); | 179 | (rw == FS_DECRYPT ? "de" : "en"), |
| 180 | inode->i_ino, lblk_num, res); | ||
| 180 | return res; | 181 | return res; |
| 181 | } | 182 | } |
| 182 | return 0; | 183 | return 0; |
| @@ -416,6 +417,27 @@ fail: | |||
| 416 | return res; | 417 | return res; |
| 417 | } | 418 | } |
| 418 | 419 | ||
| 420 | void fscrypt_msg(struct super_block *sb, const char *level, | ||
| 421 | const char *fmt, ...) | ||
| 422 | { | ||
| 423 | static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL, | ||
| 424 | DEFAULT_RATELIMIT_BURST); | ||
| 425 | struct va_format vaf; | ||
| 426 | va_list args; | ||
| 427 | |||
| 428 | if (!__ratelimit(&rs)) | ||
| 429 | return; | ||
| 430 | |||
| 431 | va_start(args, fmt); | ||
| 432 | vaf.fmt = fmt; | ||
| 433 | vaf.va = &args; | ||
| 434 | if (sb) | ||
| 435 | printk("%sfscrypt (%s): %pV\n", level, sb->s_id, &vaf); | ||
| 436 | else | ||
| 437 | printk("%sfscrypt: %pV\n", level, &vaf); | ||
| 438 | va_end(args); | ||
| 439 | } | ||
| 440 | |||
| 419 | /** | 441 | /** |
| 420 | * fscrypt_init() - Set up for fs encryption. | 442 | * fscrypt_init() - Set up for fs encryption. |
| 421 | */ | 443 | */ |
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 39091fc31e98..d7a0f682ca12 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c | |||
| @@ -71,8 +71,9 @@ int fname_encrypt(struct inode *inode, const struct qstr *iname, | |||
| 71 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); | 71 | res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); |
| 72 | skcipher_request_free(req); | 72 | skcipher_request_free(req); |
| 73 | if (res < 0) { | 73 | if (res < 0) { |
| 74 | printk_ratelimited(KERN_ERR | 74 | fscrypt_err(inode->i_sb, |
| 75 | "%s: Error (error code %d)\n", __func__, res); | 75 | "Filename encryption failed for inode %lu: %d", |
| 76 | inode->i_ino, res); | ||
| 76 | return res; | 77 | return res; |
| 77 | } | 78 | } |
| 78 | 79 | ||
| @@ -115,8 +116,9 @@ static int fname_decrypt(struct inode *inode, | |||
| 115 | res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait); | 116 | res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait); |
| 116 | skcipher_request_free(req); | 117 | skcipher_request_free(req); |
| 117 | if (res < 0) { | 118 | if (res < 0) { |
| 118 | printk_ratelimited(KERN_ERR | 119 | fscrypt_err(inode->i_sb, |
| 119 | "%s: Error (error code %d)\n", __func__, res); | 120 | "Filename decryption failed for inode %lu: %d", |
| 121 | inode->i_ino, res); | ||
| 120 | return res; | 122 | return res; |
| 121 | } | 123 | } |
| 122 | 124 | ||
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 8358610d6558..09d6c72635b6 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h | |||
| @@ -100,6 +100,14 @@ extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx, | |||
| 100 | gfp_t gfp_flags); | 100 | gfp_t gfp_flags); |
| 101 | extern const struct dentry_operations fscrypt_d_ops; | 101 | extern const struct dentry_operations fscrypt_d_ops; |
| 102 | 102 | ||
| 103 | extern void __printf(3, 4) __cold | ||
| 104 | fscrypt_msg(struct super_block *sb, const char *level, const char *fmt, ...); | ||
| 105 | |||
| 106 | #define fscrypt_warn(sb, fmt, ...) \ | ||
| 107 | fscrypt_msg(sb, KERN_WARNING, fmt, ##__VA_ARGS__) | ||
| 108 | #define fscrypt_err(sb, fmt, ...) \ | ||
| 109 | fscrypt_msg(sb, KERN_ERR, fmt, ##__VA_ARGS__) | ||
| 110 | |||
| 103 | /* fname.c */ | 111 | /* fname.c */ |
| 104 | extern int fname_encrypt(struct inode *inode, const struct qstr *iname, | 112 | extern int fname_encrypt(struct inode *inode, const struct qstr *iname, |
| 105 | u8 *out, unsigned int olen); | 113 | u8 *out, unsigned int olen); |
diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index bec06490fb13..926e5df20ec3 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c | |||
| @@ -39,8 +39,9 @@ int fscrypt_file_open(struct inode *inode, struct file *filp) | |||
| 39 | dir = dget_parent(file_dentry(filp)); | 39 | dir = dget_parent(file_dentry(filp)); |
| 40 | if (IS_ENCRYPTED(d_inode(dir)) && | 40 | if (IS_ENCRYPTED(d_inode(dir)) && |
| 41 | !fscrypt_has_permitted_context(d_inode(dir), inode)) { | 41 | !fscrypt_has_permitted_context(d_inode(dir), inode)) { |
| 42 | pr_warn_ratelimited("fscrypt: inconsistent encryption contexts: %lu/%lu", | 42 | fscrypt_warn(inode->i_sb, |
| 43 | d_inode(dir)->i_ino, inode->i_ino); | 43 | "inconsistent encryption contexts: %lu/%lu", |
| 44 | d_inode(dir)->i_ino, inode->i_ino); | ||
| 44 | err = -EPERM; | 45 | err = -EPERM; |
| 45 | } | 46 | } |
| 46 | dput(dir); | 47 | dput(dir); |
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index f6d6acd37b97..f63bfd6dffd6 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c | |||
| @@ -103,9 +103,8 @@ static int validate_user_key(struct fscrypt_info *crypt_info, | |||
| 103 | 103 | ||
| 104 | if (master_key->size < min_keysize || master_key->size > FS_MAX_KEY_SIZE | 104 | if (master_key->size < min_keysize || master_key->size > FS_MAX_KEY_SIZE |
| 105 | || master_key->size % AES_BLOCK_SIZE != 0) { | 105 | || master_key->size % AES_BLOCK_SIZE != 0) { |
| 106 | printk_once(KERN_WARNING | 106 | fscrypt_warn(NULL, "key size incorrect: %u", |
| 107 | "%s: key size incorrect: %d\n", | 107 | master_key->size); |
| 108 | __func__, master_key->size); | ||
| 109 | res = -ENOKEY; | 108 | res = -ENOKEY; |
| 110 | goto out; | 109 | goto out; |
| 111 | } | 110 | } |
| @@ -132,9 +131,10 @@ static int determine_cipher_type(struct fscrypt_info *ci, struct inode *inode, | |||
| 132 | u32 mode; | 131 | u32 mode; |
| 133 | 132 | ||
| 134 | if (!fscrypt_valid_enc_modes(ci->ci_data_mode, ci->ci_filename_mode)) { | 133 | if (!fscrypt_valid_enc_modes(ci->ci_data_mode, ci->ci_filename_mode)) { |
| 135 | pr_warn_ratelimited("fscrypt: inode %lu uses unsupported encryption modes (contents mode %d, filenames mode %d)\n", | 134 | fscrypt_warn(inode->i_sb, |
| 136 | inode->i_ino, | 135 | "inode %lu uses unsupported encryption modes (contents mode %d, filenames mode %d)", |
| 137 | ci->ci_data_mode, ci->ci_filename_mode); | 136 | inode->i_ino, ci->ci_data_mode, |
| 137 | ci->ci_filename_mode); | ||
| 138 | return -EINVAL; | 138 | return -EINVAL; |
| 139 | } | 139 | } |
| 140 | 140 | ||
| @@ -173,8 +173,9 @@ static int derive_essiv_salt(const u8 *key, int keysize, u8 *salt) | |||
| 173 | 173 | ||
| 174 | tfm = crypto_alloc_shash("sha256", 0, 0); | 174 | tfm = crypto_alloc_shash("sha256", 0, 0); |
| 175 | if (IS_ERR(tfm)) { | 175 | if (IS_ERR(tfm)) { |
| 176 | pr_warn_ratelimited("fscrypt: error allocating SHA-256 transform: %ld\n", | 176 | fscrypt_warn(NULL, |
| 177 | PTR_ERR(tfm)); | 177 | "error allocating SHA-256 transform: %ld", |
| 178 | PTR_ERR(tfm)); | ||
| 178 | return PTR_ERR(tfm); | 179 | return PTR_ERR(tfm); |
| 179 | } | 180 | } |
| 180 | prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm); | 181 | prev_tfm = cmpxchg(&essiv_hash_tfm, NULL, tfm); |
| @@ -309,8 +310,9 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
| 309 | ctfm = crypto_alloc_skcipher(cipher_str, 0, 0); | 310 | ctfm = crypto_alloc_skcipher(cipher_str, 0, 0); |
| 310 | if (IS_ERR(ctfm)) { | 311 | if (IS_ERR(ctfm)) { |
| 311 | res = PTR_ERR(ctfm); | 312 | res = PTR_ERR(ctfm); |
| 312 | pr_debug("%s: error %d (inode %lu) allocating crypto tfm\n", | 313 | fscrypt_warn(inode->i_sb, |
| 313 | __func__, res, inode->i_ino); | 314 | "error allocating '%s' transform for inode %lu: %d", |
| 315 | cipher_str, inode->i_ino, res); | ||
| 314 | goto out; | 316 | goto out; |
| 315 | } | 317 | } |
| 316 | crypt_info->ci_ctfm = ctfm; | 318 | crypt_info->ci_ctfm = ctfm; |
| @@ -327,8 +329,9 @@ int fscrypt_get_encryption_info(struct inode *inode) | |||
| 327 | crypt_info->ci_data_mode == FS_ENCRYPTION_MODE_AES_128_CBC) { | 329 | crypt_info->ci_data_mode == FS_ENCRYPTION_MODE_AES_128_CBC) { |
| 328 | res = init_essiv_generator(crypt_info, raw_key, keysize); | 330 | res = init_essiv_generator(crypt_info, raw_key, keysize); |
| 329 | if (res) { | 331 | if (res) { |
| 330 | pr_debug("%s: error %d (inode %lu) allocating essiv tfm\n", | 332 | fscrypt_warn(inode->i_sb, |
| 331 | __func__, res, inode->i_ino); | 333 | "error initializing ESSIV generator for inode %lu: %d", |
| 334 | inode->i_ino, res); | ||
| 332 | goto out; | 335 | goto out; |
| 333 | } | 336 | } |
| 334 | } | 337 | } |