diff options
| author | Richard Weinberger <richard@nod.at> | 2016-10-19 17:24:47 -0400 |
|---|---|---|
| committer | Richard Weinberger <richard@nod.at> | 2016-12-12 17:07:38 -0500 |
| commit | e021986ee4119e487febb9a5f077ec77dff85865 (patch) | |
| tree | afce15fde0bd515e82f2463c74fffbe63f54dd5d /fs/ubifs | |
| parent | d63d61c16972c667d770f713c21aa04e2c0489d2 (diff) | |
ubifs: Implement UBIFS_FLG_ENCRYPTION
This feature flag indicates that the filesystem contains encrypted
files.
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs')
| -rw-r--r-- | fs/ubifs/ioctl.c | 5 | ||||
| -rw-r--r-- | fs/ubifs/sb.c | 40 | ||||
| -rw-r--r-- | fs/ubifs/ubifs-media.h | 2 | ||||
| -rw-r--r-- | fs/ubifs/ubifs.h | 3 |
4 files changed, 50 insertions, 0 deletions
diff --git a/fs/ubifs/ioctl.c b/fs/ubifs/ioctl.c index 6bb5b35050de..3d10f5525274 100644 --- a/fs/ubifs/ioctl.c +++ b/fs/ubifs/ioctl.c | |||
| @@ -183,6 +183,7 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 183 | } | 183 | } |
| 184 | case FS_IOC_SET_ENCRYPTION_POLICY: { | 184 | case FS_IOC_SET_ENCRYPTION_POLICY: { |
| 185 | #ifdef CONFIG_UBIFS_FS_ENCRYPTION | 185 | #ifdef CONFIG_UBIFS_FS_ENCRYPTION |
| 186 | struct ubifs_info *c = inode->i_sb->s_fs_info; | ||
| 186 | struct fscrypt_policy policy; | 187 | struct fscrypt_policy policy; |
| 187 | 188 | ||
| 188 | if (copy_from_user(&policy, | 189 | if (copy_from_user(&policy, |
| @@ -190,6 +191,10 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 190 | sizeof(policy))) | 191 | sizeof(policy))) |
| 191 | return -EFAULT; | 192 | return -EFAULT; |
| 192 | 193 | ||
| 194 | err = ubifs_enable_encryption(c); | ||
| 195 | if (err) | ||
| 196 | return err; | ||
| 197 | |||
| 193 | err = fscrypt_process_policy(file, &policy); | 198 | err = fscrypt_process_policy(file, &policy); |
| 194 | 199 | ||
| 195 | return err; | 200 | return err; |
diff --git a/fs/ubifs/sb.c b/fs/ubifs/sb.c index 4a2b4c361587..54cef70ea16f 100644 --- a/fs/ubifs/sb.c +++ b/fs/ubifs/sb.c | |||
| @@ -622,6 +622,16 @@ int ubifs_read_superblock(struct ubifs_info *c) | |||
| 622 | c->big_lpt = !!(sup_flags & UBIFS_FLG_BIGLPT); | 622 | c->big_lpt = !!(sup_flags & UBIFS_FLG_BIGLPT); |
| 623 | c->space_fixup = !!(sup_flags & UBIFS_FLG_SPACE_FIXUP); | 623 | c->space_fixup = !!(sup_flags & UBIFS_FLG_SPACE_FIXUP); |
| 624 | c->double_hash = !!(sup_flags & UBIFS_FLG_DOUBLE_HASH); | 624 | c->double_hash = !!(sup_flags & UBIFS_FLG_DOUBLE_HASH); |
| 625 | c->encrypted = !!(sup_flags & UBIFS_FLG_ENCRYPTION); | ||
| 626 | |||
| 627 | #ifndef CONFIG_UBIFS_FS_ENCRYPTION | ||
| 628 | if (c->encrypted) { | ||
| 629 | ubifs_err(c, "file system contains encrypted files but UBIFS" | ||
| 630 | " was built without crypto support."); | ||
| 631 | err = -EINVAL; | ||
| 632 | goto out; | ||
| 633 | } | ||
| 634 | #endif | ||
| 625 | 635 | ||
| 626 | /* Automatically increase file system size to the maximum size */ | 636 | /* Automatically increase file system size to the maximum size */ |
| 627 | c->old_leb_cnt = c->leb_cnt; | 637 | c->old_leb_cnt = c->leb_cnt; |
| @@ -809,3 +819,33 @@ int ubifs_fixup_free_space(struct ubifs_info *c) | |||
| 809 | ubifs_msg(c, "free space fixup complete"); | 819 | ubifs_msg(c, "free space fixup complete"); |
| 810 | return err; | 820 | return err; |
| 811 | } | 821 | } |
| 822 | |||
| 823 | int ubifs_enable_encryption(struct ubifs_info *c) | ||
| 824 | { | ||
| 825 | int err; | ||
| 826 | struct ubifs_sb_node *sup; | ||
| 827 | |||
| 828 | if (c->encrypted) | ||
| 829 | return 0; | ||
| 830 | |||
| 831 | if (c->ro_mount || c->ro_media) | ||
| 832 | return -EROFS; | ||
| 833 | |||
| 834 | if (c->fmt_version < 5) { | ||
| 835 | ubifs_err(c, "on-flash format version 5 is needed for encryption"); | ||
| 836 | return -EINVAL; | ||
| 837 | } | ||
| 838 | |||
| 839 | sup = ubifs_read_sb_node(c); | ||
| 840 | if (IS_ERR(sup)) | ||
| 841 | return PTR_ERR(sup); | ||
| 842 | |||
| 843 | sup->flags |= cpu_to_le32(UBIFS_FLG_ENCRYPTION); | ||
| 844 | |||
| 845 | err = ubifs_write_sb_node(c, sup); | ||
| 846 | if (!err) | ||
| 847 | c->encrypted = 1; | ||
| 848 | kfree(sup); | ||
| 849 | |||
| 850 | return err; | ||
| 851 | } | ||
diff --git a/fs/ubifs/ubifs-media.h b/fs/ubifs/ubifs-media.h index 0cbdc6b70a00..bdc7935a5e41 100644 --- a/fs/ubifs/ubifs-media.h +++ b/fs/ubifs/ubifs-media.h | |||
| @@ -420,11 +420,13 @@ enum { | |||
| 420 | * UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed | 420 | * UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed |
| 421 | * UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to | 421 | * UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to |
| 422 | * support 64bit cookies for lookups by hash | 422 | * support 64bit cookies for lookups by hash |
| 423 | * UBIFS_FLG_ENCRYPTION: this filesystem contains encrypted files | ||
| 423 | */ | 424 | */ |
| 424 | enum { | 425 | enum { |
| 425 | UBIFS_FLG_BIGLPT = 0x02, | 426 | UBIFS_FLG_BIGLPT = 0x02, |
| 426 | UBIFS_FLG_SPACE_FIXUP = 0x04, | 427 | UBIFS_FLG_SPACE_FIXUP = 0x04, |
| 427 | UBIFS_FLG_DOUBLE_HASH = 0x08, | 428 | UBIFS_FLG_DOUBLE_HASH = 0x08, |
| 429 | UBIFS_FLG_ENCRYPTION = 0x10, | ||
| 428 | }; | 430 | }; |
| 429 | 431 | ||
| 430 | /** | 432 | /** |
diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index 5089663c0d1b..8d0e4818e3ea 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h | |||
| @@ -1007,6 +1007,7 @@ struct ubifs_debug_info; | |||
| 1007 | * @big_lpt: flag that LPT is too big to write whole during commit | 1007 | * @big_lpt: flag that LPT is too big to write whole during commit |
| 1008 | * @space_fixup: flag indicating that free space in LEBs needs to be cleaned up | 1008 | * @space_fixup: flag indicating that free space in LEBs needs to be cleaned up |
| 1009 | * @double_hash: flag indicating that we can do lookups by hash | 1009 | * @double_hash: flag indicating that we can do lookups by hash |
| 1010 | * @encrypted: flag indicating that this file system contains encrypted files | ||
| 1010 | * @no_chk_data_crc: do not check CRCs when reading data nodes (except during | 1011 | * @no_chk_data_crc: do not check CRCs when reading data nodes (except during |
| 1011 | * recovery) | 1012 | * recovery) |
| 1012 | * @bulk_read: enable bulk-reads | 1013 | * @bulk_read: enable bulk-reads |
| @@ -1250,6 +1251,7 @@ struct ubifs_info { | |||
| 1250 | unsigned int big_lpt:1; | 1251 | unsigned int big_lpt:1; |
| 1251 | unsigned int space_fixup:1; | 1252 | unsigned int space_fixup:1; |
| 1252 | unsigned int double_hash:1; | 1253 | unsigned int double_hash:1; |
| 1254 | unsigned int encrypted:1; | ||
| 1253 | unsigned int no_chk_data_crc:1; | 1255 | unsigned int no_chk_data_crc:1; |
| 1254 | unsigned int bulk_read:1; | 1256 | unsigned int bulk_read:1; |
| 1255 | unsigned int default_compr:2; | 1257 | unsigned int default_compr:2; |
| @@ -1649,6 +1651,7 @@ int ubifs_read_superblock(struct ubifs_info *c); | |||
| 1649 | struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c); | 1651 | struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c); |
| 1650 | int ubifs_write_sb_node(struct ubifs_info *c, struct ubifs_sb_node *sup); | 1652 | int ubifs_write_sb_node(struct ubifs_info *c, struct ubifs_sb_node *sup); |
| 1651 | int ubifs_fixup_free_space(struct ubifs_info *c); | 1653 | int ubifs_fixup_free_space(struct ubifs_info *c); |
| 1654 | int ubifs_enable_encryption(struct ubifs_info *c); | ||
| 1652 | 1655 | ||
| 1653 | /* replay.c */ | 1656 | /* replay.c */ |
| 1654 | int ubifs_validate_entry(struct ubifs_info *c, | 1657 | int ubifs_validate_entry(struct ubifs_info *c, |