aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS7
-rw-r--r--fs/ext2/balloc.c21
-rw-r--r--fs/ext2/ext2.h3
-rw-r--r--fs/ext2/inode.c10
-rw-r--r--fs/ext2/xattr.c9
-rw-r--r--fs/ext4/Kconfig12
-rw-r--r--fs/ext4/Makefile2
-rw-r--r--fs/ext4/balloc.c7
-rw-r--r--fs/ext4/crypto.c537
-rw-r--r--fs/ext4/crypto_fname.c468
-rw-r--r--fs/ext4/crypto_key.c274
-rw-r--r--fs/ext4/crypto_policy.c229
-rw-r--r--fs/ext4/dir.c26
-rw-r--r--fs/ext4/ext4.h209
-rw-r--r--fs/ext4/ext4_crypto.h159
-rw-r--r--fs/ext4/ext4_jbd2.h10
-rw-r--r--fs/ext4/extents.c12
-rw-r--r--fs/ext4/file.c10
-rw-r--r--fs/ext4/fsync.c5
-rw-r--r--fs/ext4/ialloc.c7
-rw-r--r--fs/ext4/inline.c14
-rw-r--r--fs/ext4/inode.c81
-rw-r--r--fs/ext4/ioctl.c38
-rw-r--r--fs/ext4/mballoc.c29
-rw-r--r--fs/ext4/namei.c144
-rw-r--r--fs/ext4/page-io.c13
-rw-r--r--fs/ext4/readpage.c48
-rw-r--r--fs/ext4/super.c162
-rw-r--r--fs/ext4/symlink.c35
-rw-r--r--fs/ext4/xattr.c13
-rw-r--r--fs/jbd2/commit.c2
-rw-r--r--fs/jbd2/journal.c5
-rw-r--r--fs/jbd2/transaction.c17
-rw-r--r--include/linux/jbd2.h23
34 files changed, 538 insertions, 2103 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 3eaa4a06bcc1..1cf1beb4b366 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4942,6 +4942,13 @@ F: Documentation/filesystems/caching/
4942F: fs/fscache/ 4942F: fs/fscache/
4943F: include/linux/fscache*.h 4943F: include/linux/fscache*.h
4944 4944
4945FS-CRYPTO: FILE SYSTEM LEVEL ENCRYPTION SUPPORT
4946M: Theodore Y. Ts'o <tytso@mit.edu>
4947M: Jaegeuk Kim <jaegeuk@kernel.org>
4948S: Supported
4949F: fs/crypto/
4950F: include/linux/fscrypto.h
4951
4945F2FS FILE SYSTEM 4952F2FS FILE SYSTEM
4946M: Jaegeuk Kim <jaegeuk@kernel.org> 4953M: Jaegeuk Kim <jaegeuk@kernel.org>
4947M: Changman Lee <cm224.lee@samsung.com> 4954M: Changman Lee <cm224.lee@samsung.com>
diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
index 9f9992b37924..4c40c0786e16 100644
--- a/fs/ext2/balloc.c
+++ b/fs/ext2/balloc.c
@@ -1194,6 +1194,27 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
1194} 1194}
1195 1195
1196/* 1196/*
1197 * Returns 1 if the passed-in block region is valid; 0 if some part overlaps
1198 * with filesystem metadata blocksi.
1199 */
1200int ext2_data_block_valid(struct ext2_sb_info *sbi, ext2_fsblk_t start_blk,
1201 unsigned int count)
1202{
1203 if ((start_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
1204 (start_blk + count < start_blk) ||
1205 (start_blk > le32_to_cpu(sbi->s_es->s_blocks_count)))
1206 return 0;
1207
1208 /* Ensure we do not step over superblock */
1209 if ((start_blk <= sbi->s_sb_block) &&
1210 (start_blk + count >= sbi->s_sb_block))
1211 return 0;
1212
1213
1214 return 1;
1215}
1216
1217/*
1197 * ext2_new_blocks() -- core block(s) allocation function 1218 * ext2_new_blocks() -- core block(s) allocation function
1198 * @inode: file inode 1219 * @inode: file inode
1199 * @goal: given target block(filesystem wide) 1220 * @goal: given target block(filesystem wide)
diff --git a/fs/ext2/ext2.h b/fs/ext2/ext2.h
index 170939f379d7..3fb93681bf7f 100644
--- a/fs/ext2/ext2.h
+++ b/fs/ext2/ext2.h
@@ -367,6 +367,7 @@ struct ext2_inode {
367 */ 367 */
368#define EXT2_VALID_FS 0x0001 /* Unmounted cleanly */ 368#define EXT2_VALID_FS 0x0001 /* Unmounted cleanly */
369#define EXT2_ERROR_FS 0x0002 /* Errors detected */ 369#define EXT2_ERROR_FS 0x0002 /* Errors detected */
370#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
370 371
371/* 372/*
372 * Mount flags 373 * Mount flags
@@ -739,6 +740,8 @@ extern unsigned long ext2_bg_num_gdb(struct super_block *sb, int group);
739extern ext2_fsblk_t ext2_new_block(struct inode *, unsigned long, int *); 740extern ext2_fsblk_t ext2_new_block(struct inode *, unsigned long, int *);
740extern ext2_fsblk_t ext2_new_blocks(struct inode *, unsigned long, 741extern ext2_fsblk_t ext2_new_blocks(struct inode *, unsigned long,
741 unsigned long *, int *); 742 unsigned long *, int *);
743extern int ext2_data_block_valid(struct ext2_sb_info *sbi, ext2_fsblk_t start_blk,
744 unsigned int count);
742extern void ext2_free_blocks (struct inode *, unsigned long, 745extern void ext2_free_blocks (struct inode *, unsigned long,
743 unsigned long); 746 unsigned long);
744extern unsigned long ext2_count_free_blocks (struct super_block *); 747extern unsigned long ext2_count_free_blocks (struct super_block *);
diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
index fcbe58641e40..d5c7d09919f3 100644
--- a/fs/ext2/inode.c
+++ b/fs/ext2/inode.c
@@ -1389,6 +1389,16 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
1389 ei->i_frag_size = raw_inode->i_fsize; 1389 ei->i_frag_size = raw_inode->i_fsize;
1390 ei->i_file_acl = le32_to_cpu(raw_inode->i_file_acl); 1390 ei->i_file_acl = le32_to_cpu(raw_inode->i_file_acl);
1391 ei->i_dir_acl = 0; 1391 ei->i_dir_acl = 0;
1392
1393 if (ei->i_file_acl &&
1394 !ext2_data_block_valid(EXT2_SB(sb), ei->i_file_acl, 1)) {
1395 ext2_error(sb, "ext2_iget", "bad extended attribute block %u",
1396 ei->i_file_acl);
1397 brelse(bh);
1398 ret = -EFSCORRUPTED;
1399 goto bad_inode;
1400 }
1401
1392 if (S_ISREG(inode->i_mode)) 1402 if (S_ISREG(inode->i_mode))
1393 inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32; 1403 inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
1394 else 1404 else
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
index 1a5e3bff0b63..b7f896f3f7a7 100644
--- a/fs/ext2/xattr.c
+++ b/fs/ext2/xattr.c
@@ -759,10 +759,19 @@ void
759ext2_xattr_delete_inode(struct inode *inode) 759ext2_xattr_delete_inode(struct inode *inode)
760{ 760{
761 struct buffer_head *bh = NULL; 761 struct buffer_head *bh = NULL;
762 struct ext2_sb_info *sbi = EXT2_SB(inode->i_sb);
762 763
763 down_write(&EXT2_I(inode)->xattr_sem); 764 down_write(&EXT2_I(inode)->xattr_sem);
764 if (!EXT2_I(inode)->i_file_acl) 765 if (!EXT2_I(inode)->i_file_acl)
765 goto cleanup; 766 goto cleanup;
767
768 if (!ext2_data_block_valid(sbi, EXT2_I(inode)->i_file_acl, 0)) {
769 ext2_error(inode->i_sb, "ext2_xattr_delete_inode",
770 "inode %ld: xattr block %d is out of data blocks range",
771 inode->i_ino, EXT2_I(inode)->i_file_acl);
772 goto cleanup;
773 }
774
766 bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl); 775 bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl);
767 if (!bh) { 776 if (!bh) {
768 ext2_error(inode->i_sb, "ext2_xattr_delete_inode", 777 ext2_error(inode->i_sb, "ext2_xattr_delete_inode",
diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
index b46e9fc64196..e38039fd96ff 100644
--- a/fs/ext4/Kconfig
+++ b/fs/ext4/Kconfig
@@ -99,17 +99,9 @@ config EXT4_FS_SECURITY
99 extended attributes for file security labels, say N. 99 extended attributes for file security labels, say N.
100 100
101config EXT4_ENCRYPTION 101config EXT4_ENCRYPTION
102 tristate "Ext4 Encryption" 102 bool "Ext4 Encryption"
103 depends on EXT4_FS 103 depends on EXT4_FS
104 select CRYPTO_AES 104 select FS_ENCRYPTION
105 select CRYPTO_CBC
106 select CRYPTO_ECB
107 select CRYPTO_XTS
108 select CRYPTO_CTS
109 select CRYPTO_CTR
110 select CRYPTO_SHA256
111 select KEYS
112 select ENCRYPTED_KEYS
113 help 105 help
114 Enable encryption of ext4 files and directories. This 106 Enable encryption of ext4 files and directories. This
115 feature is similar to ecryptfs, but it is more memory 107 feature is similar to ecryptfs, but it is more memory
diff --git a/fs/ext4/Makefile b/fs/ext4/Makefile
index f52cf54f0cbc..354103f3490c 100644
--- a/fs/ext4/Makefile
+++ b/fs/ext4/Makefile
@@ -12,5 +12,3 @@ ext4-y := balloc.o bitmap.o dir.o file.o fsync.o ialloc.o inode.o page-io.o \
12 12
13ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o 13ext4-$(CONFIG_EXT4_FS_POSIX_ACL) += acl.o
14ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o 14ext4-$(CONFIG_EXT4_FS_SECURITY) += xattr_security.o
15ext4-$(CONFIG_EXT4_FS_ENCRYPTION) += crypto_policy.o crypto.o \
16 crypto_key.o crypto_fname.o
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index a806b58e4646..e04ec868e37e 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -208,6 +208,9 @@ static int ext4_init_block_bitmap(struct super_block *sb,
208 memset(bh->b_data, 0, sb->s_blocksize); 208 memset(bh->b_data, 0, sb->s_blocksize);
209 209
210 bit_max = ext4_num_base_meta_clusters(sb, block_group); 210 bit_max = ext4_num_base_meta_clusters(sb, block_group);
211 if ((bit_max >> 3) >= bh->b_size)
212 return -EFSCORRUPTED;
213
211 for (bit = 0; bit < bit_max; bit++) 214 for (bit = 0; bit < bit_max; bit++)
212 ext4_set_bit(bit, bh->b_data); 215 ext4_set_bit(bit, bh->b_data);
213 216
@@ -610,7 +613,9 @@ int ext4_should_retry_alloc(struct super_block *sb, int *retries)
610 613
611 jbd_debug(1, "%s: retrying operation after ENOSPC\n", sb->s_id); 614 jbd_debug(1, "%s: retrying operation after ENOSPC\n", sb->s_id);
612 615
613 jbd2_journal_force_commit_nested(EXT4_SB(sb)->s_journal); 616 smp_mb();
617 if (EXT4_SB(sb)->s_mb_free_pending)
618 jbd2_journal_force_commit_nested(EXT4_SB(sb)->s_journal);
614 return 1; 619 return 1;
615} 620}
616 621
diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
deleted file mode 100644
index d3fa47c2b8a3..000000000000
--- a/fs/ext4/crypto.c
+++ /dev/null
@@ -1,537 +0,0 @@
1/*
2 * linux/fs/ext4/crypto.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption functions for ext4
7 *
8 * Written by Michael Halcrow, 2014.
9 *
10 * Filename encryption additions
11 * Uday Savagaonkar, 2014
12 * Encryption policy handling additions
13 * Ildar Muslukhov, 2014
14 *
15 * This has not yet undergone a rigorous security audit.
16 *
17 * The usage of AES-XTS should conform to recommendations in NIST
18 * Special Publication 800-38E and IEEE P1619/D16.
19 */
20
21#include <crypto/skcipher.h>
22#include <keys/user-type.h>
23#include <keys/encrypted-type.h>
24#include <linux/ecryptfs.h>
25#include <linux/gfp.h>
26#include <linux/kernel.h>
27#include <linux/key.h>
28#include <linux/list.h>
29#include <linux/mempool.h>
30#include <linux/module.h>
31#include <linux/mutex.h>
32#include <linux/random.h>
33#include <linux/scatterlist.h>
34#include <linux/spinlock_types.h>
35#include <linux/namei.h>
36
37#include "ext4_extents.h"
38#include "xattr.h"
39
40/* Encryption added and removed here! (L: */
41
42static unsigned int num_prealloc_crypto_pages = 32;
43static unsigned int num_prealloc_crypto_ctxs = 128;
44
45module_param(num_prealloc_crypto_pages, uint, 0444);
46MODULE_PARM_DESC(num_prealloc_crypto_pages,
47 "Number of crypto pages to preallocate");
48module_param(num_prealloc_crypto_ctxs, uint, 0444);
49MODULE_PARM_DESC(num_prealloc_crypto_ctxs,
50 "Number of crypto contexts to preallocate");
51
52static mempool_t *ext4_bounce_page_pool;
53
54static LIST_HEAD(ext4_free_crypto_ctxs);
55static DEFINE_SPINLOCK(ext4_crypto_ctx_lock);
56
57static struct kmem_cache *ext4_crypto_ctx_cachep;
58struct kmem_cache *ext4_crypt_info_cachep;
59
60/**
61 * ext4_release_crypto_ctx() - Releases an encryption context
62 * @ctx: The encryption context to release.
63 *
64 * If the encryption context was allocated from the pre-allocated pool, returns
65 * it to that pool. Else, frees it.
66 *
67 * If there's a bounce page in the context, this frees that.
68 */
69void ext4_release_crypto_ctx(struct ext4_crypto_ctx *ctx)
70{
71 unsigned long flags;
72
73 if (ctx->flags & EXT4_WRITE_PATH_FL && ctx->w.bounce_page)
74 mempool_free(ctx->w.bounce_page, ext4_bounce_page_pool);
75 ctx->w.bounce_page = NULL;
76 ctx->w.control_page = NULL;
77 if (ctx->flags & EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL) {
78 kmem_cache_free(ext4_crypto_ctx_cachep, ctx);
79 } else {
80 spin_lock_irqsave(&ext4_crypto_ctx_lock, flags);
81 list_add(&ctx->free_list, &ext4_free_crypto_ctxs);
82 spin_unlock_irqrestore(&ext4_crypto_ctx_lock, flags);
83 }
84}
85
86/**
87 * ext4_get_crypto_ctx() - Gets an encryption context
88 * @inode: The inode for which we are doing the crypto
89 *
90 * Allocates and initializes an encryption context.
91 *
92 * Return: An allocated and initialized encryption context on success; error
93 * value or NULL otherwise.
94 */
95struct ext4_crypto_ctx *ext4_get_crypto_ctx(struct inode *inode,
96 gfp_t gfp_flags)
97{
98 struct ext4_crypto_ctx *ctx = NULL;
99 int res = 0;
100 unsigned long flags;
101 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
102
103 if (ci == NULL)
104 return ERR_PTR(-ENOKEY);
105
106 /*
107 * We first try getting the ctx from a free list because in
108 * the common case the ctx will have an allocated and
109 * initialized crypto tfm, so it's probably a worthwhile
110 * optimization. For the bounce page, we first try getting it
111 * from the kernel allocator because that's just about as fast
112 * as getting it from a list and because a cache of free pages
113 * should generally be a "last resort" option for a filesystem
114 * to be able to do its job.
115 */
116 spin_lock_irqsave(&ext4_crypto_ctx_lock, flags);
117 ctx = list_first_entry_or_null(&ext4_free_crypto_ctxs,
118 struct ext4_crypto_ctx, free_list);
119 if (ctx)
120 list_del(&ctx->free_list);
121 spin_unlock_irqrestore(&ext4_crypto_ctx_lock, flags);
122 if (!ctx) {
123 ctx = kmem_cache_zalloc(ext4_crypto_ctx_cachep, gfp_flags);
124 if (!ctx) {
125 res = -ENOMEM;
126 goto out;
127 }
128 ctx->flags |= EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL;
129 } else {
130 ctx->flags &= ~EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL;
131 }
132 ctx->flags &= ~EXT4_WRITE_PATH_FL;
133
134out:
135 if (res) {
136 if (!IS_ERR_OR_NULL(ctx))
137 ext4_release_crypto_ctx(ctx);
138 ctx = ERR_PTR(res);
139 }
140 return ctx;
141}
142
143struct workqueue_struct *ext4_read_workqueue;
144static DEFINE_MUTEX(crypto_init);
145
146/**
147 * ext4_exit_crypto() - Shutdown the ext4 encryption system
148 */
149void ext4_exit_crypto(void)
150{
151 struct ext4_crypto_ctx *pos, *n;
152
153 list_for_each_entry_safe(pos, n, &ext4_free_crypto_ctxs, free_list)
154 kmem_cache_free(ext4_crypto_ctx_cachep, pos);
155 INIT_LIST_HEAD(&ext4_free_crypto_ctxs);
156 if (ext4_bounce_page_pool)
157 mempool_destroy(ext4_bounce_page_pool);
158 ext4_bounce_page_pool = NULL;
159 if (ext4_read_workqueue)
160 destroy_workqueue(ext4_read_workqueue);
161 ext4_read_workqueue = NULL;
162 if (ext4_crypto_ctx_cachep)
163 kmem_cache_destroy(ext4_crypto_ctx_cachep);
164 ext4_crypto_ctx_cachep = NULL;
165 if (ext4_crypt_info_cachep)
166 kmem_cache_destroy(ext4_crypt_info_cachep);
167 ext4_crypt_info_cachep = NULL;
168}
169
170/**
171 * ext4_init_crypto() - Set up for ext4 encryption.
172 *
173 * We only call this when we start accessing encrypted files, since it
174 * results in memory getting allocated that wouldn't otherwise be used.
175 *
176 * Return: Zero on success, non-zero otherwise.
177 */
178int ext4_init_crypto(void)
179{
180 int i, res = -ENOMEM;
181
182 mutex_lock(&crypto_init);
183 if (ext4_read_workqueue)
184 goto already_initialized;
185 ext4_read_workqueue = alloc_workqueue("ext4_crypto", WQ_HIGHPRI, 0);
186 if (!ext4_read_workqueue)
187 goto fail;
188
189 ext4_crypto_ctx_cachep = KMEM_CACHE(ext4_crypto_ctx,
190 SLAB_RECLAIM_ACCOUNT);
191 if (!ext4_crypto_ctx_cachep)
192 goto fail;
193
194 ext4_crypt_info_cachep = KMEM_CACHE(ext4_crypt_info,
195 SLAB_RECLAIM_ACCOUNT);
196 if (!ext4_crypt_info_cachep)
197 goto fail;
198
199 for (i = 0; i < num_prealloc_crypto_ctxs; i++) {
200 struct ext4_crypto_ctx *ctx;
201
202 ctx = kmem_cache_zalloc(ext4_crypto_ctx_cachep, GFP_NOFS);
203 if (!ctx) {
204 res = -ENOMEM;
205 goto fail;
206 }
207 list_add(&ctx->free_list, &ext4_free_crypto_ctxs);
208 }
209
210 ext4_bounce_page_pool =
211 mempool_create_page_pool(num_prealloc_crypto_pages, 0);
212 if (!ext4_bounce_page_pool) {
213 res = -ENOMEM;
214 goto fail;
215 }
216already_initialized:
217 mutex_unlock(&crypto_init);
218 return 0;
219fail:
220 ext4_exit_crypto();
221 mutex_unlock(&crypto_init);
222 return res;
223}
224
225void ext4_restore_control_page(struct page *data_page)
226{
227 struct ext4_crypto_ctx *ctx =
228 (struct ext4_crypto_ctx *)page_private(data_page);
229
230 set_page_private(data_page, (unsigned long)NULL);
231 ClearPagePrivate(data_page);
232 unlock_page(data_page);
233 ext4_release_crypto_ctx(ctx);
234}
235
236/**
237 * ext4_crypt_complete() - The completion callback for page encryption
238 * @req: The asynchronous encryption request context
239 * @res: The result of the encryption operation
240 */
241static void ext4_crypt_complete(struct crypto_async_request *req, int res)
242{
243 struct ext4_completion_result *ecr = req->data;
244
245 if (res == -EINPROGRESS)
246 return;
247 ecr->res = res;
248 complete(&ecr->completion);
249}
250
251typedef enum {
252 EXT4_DECRYPT = 0,
253 EXT4_ENCRYPT,
254} ext4_direction_t;
255
256static int ext4_page_crypto(struct inode *inode,
257 ext4_direction_t rw,
258 pgoff_t index,
259 struct page *src_page,
260 struct page *dest_page,
261 gfp_t gfp_flags)
262
263{
264 u8 xts_tweak[EXT4_XTS_TWEAK_SIZE];
265 struct skcipher_request *req = NULL;
266 DECLARE_EXT4_COMPLETION_RESULT(ecr);
267 struct scatterlist dst, src;
268 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
269 struct crypto_skcipher *tfm = ci->ci_ctfm;
270 int res = 0;
271
272 req = skcipher_request_alloc(tfm, gfp_flags);
273 if (!req) {
274 printk_ratelimited(KERN_ERR
275 "%s: crypto_request_alloc() failed\n",
276 __func__);
277 return -ENOMEM;
278 }
279 skcipher_request_set_callback(
280 req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
281 ext4_crypt_complete, &ecr);
282
283 BUILD_BUG_ON(EXT4_XTS_TWEAK_SIZE < sizeof(index));
284 memcpy(xts_tweak, &index, sizeof(index));
285 memset(&xts_tweak[sizeof(index)], 0,
286 EXT4_XTS_TWEAK_SIZE - sizeof(index));
287
288 sg_init_table(&dst, 1);
289 sg_set_page(&dst, dest_page, PAGE_SIZE, 0);
290 sg_init_table(&src, 1);
291 sg_set_page(&src, src_page, PAGE_SIZE, 0);
292 skcipher_request_set_crypt(req, &src, &dst, PAGE_SIZE,
293 xts_tweak);
294 if (rw == EXT4_DECRYPT)
295 res = crypto_skcipher_decrypt(req);
296 else
297 res = crypto_skcipher_encrypt(req);
298 if (res == -EINPROGRESS || res == -EBUSY) {
299 wait_for_completion(&ecr.completion);
300 res = ecr.res;
301 }
302 skcipher_request_free(req);
303 if (res) {
304 printk_ratelimited(
305 KERN_ERR
306 "%s: crypto_skcipher_encrypt() returned %d\n",
307 __func__, res);
308 return res;
309 }
310 return 0;
311}
312
313static struct page *alloc_bounce_page(struct ext4_crypto_ctx *ctx,
314 gfp_t gfp_flags)
315{
316 ctx->w.bounce_page = mempool_alloc(ext4_bounce_page_pool, gfp_flags);
317 if (ctx->w.bounce_page == NULL)
318 return ERR_PTR(-ENOMEM);
319 ctx->flags |= EXT4_WRITE_PATH_FL;
320 return ctx->w.bounce_page;
321}
322
323/**
324 * ext4_encrypt() - Encrypts a page
325 * @inode: The inode for which the encryption should take place
326 * @plaintext_page: The page to encrypt. Must be locked.
327 *
328 * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
329 * encryption context.
330 *
331 * Called on the page write path. The caller must call
332 * ext4_restore_control_page() on the returned ciphertext page to
333 * release the bounce buffer and the encryption context.
334 *
335 * Return: An allocated page with the encrypted content on success. Else, an
336 * error value or NULL.
337 */
338struct page *ext4_encrypt(struct inode *inode,
339 struct page *plaintext_page,
340 gfp_t gfp_flags)
341{
342 struct ext4_crypto_ctx *ctx;
343 struct page *ciphertext_page = NULL;
344 int err;
345
346 BUG_ON(!PageLocked(plaintext_page));
347
348 ctx = ext4_get_crypto_ctx(inode, gfp_flags);
349 if (IS_ERR(ctx))
350 return (struct page *) ctx;
351
352 /* The encryption operation will require a bounce page. */
353 ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
354 if (IS_ERR(ciphertext_page))
355 goto errout;
356 ctx->w.control_page = plaintext_page;
357 err = ext4_page_crypto(inode, EXT4_ENCRYPT, plaintext_page->index,
358 plaintext_page, ciphertext_page, gfp_flags);
359 if (err) {
360 ciphertext_page = ERR_PTR(err);
361 errout:
362 ext4_release_crypto_ctx(ctx);
363 return ciphertext_page;
364 }
365 SetPagePrivate(ciphertext_page);
366 set_page_private(ciphertext_page, (unsigned long)ctx);
367 lock_page(ciphertext_page);
368 return ciphertext_page;
369}
370
371/**
372 * ext4_decrypt() - Decrypts a page in-place
373 * @ctx: The encryption context.
374 * @page: The page to decrypt. Must be locked.
375 *
376 * Decrypts page in-place using the ctx encryption context.
377 *
378 * Called from the read completion callback.
379 *
380 * Return: Zero on success, non-zero otherwise.
381 */
382int ext4_decrypt(struct page *page)
383{
384 BUG_ON(!PageLocked(page));
385
386 return ext4_page_crypto(page->mapping->host, EXT4_DECRYPT,
387 page->index, page, page, GFP_NOFS);
388}
389
390int ext4_encrypted_zeroout(struct inode *inode, ext4_lblk_t lblk,
391 ext4_fsblk_t pblk, ext4_lblk_t len)
392{
393 struct ext4_crypto_ctx *ctx;
394 struct page *ciphertext_page = NULL;
395 struct bio *bio;
396 int ret, err = 0;
397
398#if 0
399 ext4_msg(inode->i_sb, KERN_CRIT,
400 "ext4_encrypted_zeroout ino %lu lblk %u len %u",
401 (unsigned long) inode->i_ino, lblk, len);
402#endif
403
404 BUG_ON(inode->i_sb->s_blocksize != PAGE_SIZE);
405
406 ctx = ext4_get_crypto_ctx(inode, GFP_NOFS);
407 if (IS_ERR(ctx))
408 return PTR_ERR(ctx);
409
410 ciphertext_page = alloc_bounce_page(ctx, GFP_NOWAIT);
411 if (IS_ERR(ciphertext_page)) {
412 err = PTR_ERR(ciphertext_page);
413 goto errout;
414 }
415
416 while (len--) {
417 err = ext4_page_crypto(inode, EXT4_ENCRYPT, lblk,
418 ZERO_PAGE(0), ciphertext_page,
419 GFP_NOFS);
420 if (err)
421 goto errout;
422
423 bio = bio_alloc(GFP_NOWAIT, 1);
424 if (!bio) {
425 err = -ENOMEM;
426 goto errout;
427 }
428 bio->bi_bdev = inode->i_sb->s_bdev;
429 bio->bi_iter.bi_sector =
430 pblk << (inode->i_sb->s_blocksize_bits - 9);
431 bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
432 ret = bio_add_page(bio, ciphertext_page,
433 inode->i_sb->s_blocksize, 0);
434 if (ret != inode->i_sb->s_blocksize) {
435 /* should never happen! */
436 ext4_msg(inode->i_sb, KERN_ERR,
437 "bio_add_page failed: %d", ret);
438 WARN_ON(1);
439 bio_put(bio);
440 err = -EIO;
441 goto errout;
442 }
443 err = submit_bio_wait(bio);
444 if ((err == 0) && bio->bi_error)
445 err = -EIO;
446 bio_put(bio);
447 if (err)
448 goto errout;
449 lblk++; pblk++;
450 }
451 err = 0;
452errout:
453 ext4_release_crypto_ctx(ctx);
454 return err;
455}
456
457bool ext4_valid_contents_enc_mode(uint32_t mode)
458{
459 return (mode == EXT4_ENCRYPTION_MODE_AES_256_XTS);
460}
461
462/**
463 * ext4_validate_encryption_key_size() - Validate the encryption key size
464 * @mode: The key mode.
465 * @size: The key size to validate.
466 *
467 * Return: The validated key size for @mode. Zero if invalid.
468 */
469uint32_t ext4_validate_encryption_key_size(uint32_t mode, uint32_t size)
470{
471 if (size == ext4_encryption_key_size(mode))
472 return size;
473 return 0;
474}
475
476/*
477 * Validate dentries for encrypted directories to make sure we aren't
478 * potentially caching stale data after a key has been added or
479 * removed.
480 */
481static int ext4_d_revalidate(struct dentry *dentry, unsigned int flags)
482{
483 struct dentry *dir;
484 struct ext4_crypt_info *ci;
485 int dir_has_key, cached_with_key;
486
487 if (flags & LOOKUP_RCU)
488 return -ECHILD;
489
490 dir = dget_parent(dentry);
491 if (!ext4_encrypted_inode(d_inode(dir))) {
492 dput(dir);
493 return 0;
494 }
495 ci = EXT4_I(d_inode(dir))->i_crypt_info;
496 if (ci && ci->ci_keyring_key &&
497 (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
498 (1 << KEY_FLAG_REVOKED) |
499 (1 << KEY_FLAG_DEAD))))
500 ci = NULL;
501
502 /* this should eventually be an flag in d_flags */
503 cached_with_key = dentry->d_fsdata != NULL;
504 dir_has_key = (ci != NULL);
505 dput(dir);
506
507 /*
508 * If the dentry was cached without the key, and it is a
509 * negative dentry, it might be a valid name. We can't check
510 * if the key has since been made available due to locking
511 * reasons, so we fail the validation so ext4_lookup() can do
512 * this check.
513 *
514 * We also fail the validation if the dentry was created with
515 * the key present, but we no longer have the key, or vice versa.
516 */
517 if ((!cached_with_key && d_is_negative(dentry)) ||
518 (!cached_with_key && dir_has_key) ||
519 (cached_with_key && !dir_has_key)) {
520#if 0 /* Revalidation debug */
521 char buf[80];
522 char *cp = simple_dname(dentry, buf, sizeof(buf));
523
524 if (IS_ERR(cp))
525 cp = (char *) "???";
526 pr_err("revalidate: %s %p %d %d %d\n", cp, dentry->d_fsdata,
527 cached_with_key, d_is_negative(dentry),
528 dir_has_key);
529#endif
530 return 0;
531 }
532 return 1;
533}
534
535const struct dentry_operations ext4_encrypted_d_ops = {
536 .d_revalidate = ext4_d_revalidate,
537};
diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
deleted file mode 100644
index 1a2f360405db..000000000000
--- a/fs/ext4/crypto_fname.c
+++ /dev/null
@@ -1,468 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_fname.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains functions for filename crypto management in ext4
7 *
8 * Written by Uday Savagaonkar, 2014.
9 *
10 * This has not yet undergone a rigorous security audit.
11 *
12 */
13
14#include <crypto/skcipher.h>
15#include <keys/encrypted-type.h>
16#include <keys/user-type.h>
17#include <linux/gfp.h>
18#include <linux/kernel.h>
19#include <linux/key.h>
20#include <linux/list.h>
21#include <linux/mempool.h>
22#include <linux/random.h>
23#include <linux/scatterlist.h>
24#include <linux/spinlock_types.h>
25
26#include "ext4.h"
27#include "ext4_crypto.h"
28#include "xattr.h"
29
30/**
31 * ext4_dir_crypt_complete() -
32 */
33static void ext4_dir_crypt_complete(struct crypto_async_request *req, int res)
34{
35 struct ext4_completion_result *ecr = req->data;
36
37 if (res == -EINPROGRESS)
38 return;
39 ecr->res = res;
40 complete(&ecr->completion);
41}
42
43bool ext4_valid_filenames_enc_mode(uint32_t mode)
44{
45 return (mode == EXT4_ENCRYPTION_MODE_AES_256_CTS);
46}
47
48static unsigned max_name_len(struct inode *inode)
49{
50 return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
51 EXT4_NAME_LEN;
52}
53
54/**
55 * ext4_fname_encrypt() -
56 *
57 * This function encrypts the input filename, and returns the length of the
58 * ciphertext. Errors are returned as negative numbers. We trust the caller to
59 * allocate sufficient memory to oname string.
60 */
61static int ext4_fname_encrypt(struct inode *inode,
62 const struct qstr *iname,
63 struct ext4_str *oname)
64{
65 u32 ciphertext_len;
66 struct skcipher_request *req = NULL;
67 DECLARE_EXT4_COMPLETION_RESULT(ecr);
68 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
69 struct crypto_skcipher *tfm = ci->ci_ctfm;
70 int res = 0;
71 char iv[EXT4_CRYPTO_BLOCK_SIZE];
72 struct scatterlist src_sg, dst_sg;
73 int padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
74 char *workbuf, buf[32], *alloc_buf = NULL;
75 unsigned lim = max_name_len(inode);
76
77 if (iname->len <= 0 || iname->len > lim)
78 return -EIO;
79
80 ciphertext_len = (iname->len < EXT4_CRYPTO_BLOCK_SIZE) ?
81 EXT4_CRYPTO_BLOCK_SIZE : iname->len;
82 ciphertext_len = ext4_fname_crypto_round_up(ciphertext_len, padding);
83 ciphertext_len = (ciphertext_len > lim)
84 ? lim : ciphertext_len;
85
86 if (ciphertext_len <= sizeof(buf)) {
87 workbuf = buf;
88 } else {
89 alloc_buf = kmalloc(ciphertext_len, GFP_NOFS);
90 if (!alloc_buf)
91 return -ENOMEM;
92 workbuf = alloc_buf;
93 }
94
95 /* Allocate request */
96 req = skcipher_request_alloc(tfm, GFP_NOFS);
97 if (!req) {
98 printk_ratelimited(
99 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
100 kfree(alloc_buf);
101 return -ENOMEM;
102 }
103 skcipher_request_set_callback(req,
104 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
105 ext4_dir_crypt_complete, &ecr);
106
107 /* Copy the input */
108 memcpy(workbuf, iname->name, iname->len);
109 if (iname->len < ciphertext_len)
110 memset(workbuf + iname->len, 0, ciphertext_len - iname->len);
111
112 /* Initialize IV */
113 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
114
115 /* Create encryption request */
116 sg_init_one(&src_sg, workbuf, ciphertext_len);
117 sg_init_one(&dst_sg, oname->name, ciphertext_len);
118 skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
119 res = crypto_skcipher_encrypt(req);
120 if (res == -EINPROGRESS || res == -EBUSY) {
121 wait_for_completion(&ecr.completion);
122 res = ecr.res;
123 }
124 kfree(alloc_buf);
125 skcipher_request_free(req);
126 if (res < 0) {
127 printk_ratelimited(
128 KERN_ERR "%s: Error (error code %d)\n", __func__, res);
129 }
130 oname->len = ciphertext_len;
131 return res;
132}
133
134/*
135 * ext4_fname_decrypt()
136 * This function decrypts the input filename, and returns
137 * the length of the plaintext.
138 * Errors are returned as negative numbers.
139 * We trust the caller to allocate sufficient memory to oname string.
140 */
141static int ext4_fname_decrypt(struct inode *inode,
142 const struct ext4_str *iname,
143 struct ext4_str *oname)
144{
145 struct ext4_str tmp_in[2], tmp_out[1];
146 struct skcipher_request *req = NULL;
147 DECLARE_EXT4_COMPLETION_RESULT(ecr);
148 struct scatterlist src_sg, dst_sg;
149 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
150 struct crypto_skcipher *tfm = ci->ci_ctfm;
151 int res = 0;
152 char iv[EXT4_CRYPTO_BLOCK_SIZE];
153 unsigned lim = max_name_len(inode);
154
155 if (iname->len <= 0 || iname->len > lim)
156 return -EIO;
157
158 tmp_in[0].name = iname->name;
159 tmp_in[0].len = iname->len;
160 tmp_out[0].name = oname->name;
161
162 /* Allocate request */
163 req = skcipher_request_alloc(tfm, GFP_NOFS);
164 if (!req) {
165 printk_ratelimited(
166 KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
167 return -ENOMEM;
168 }
169 skcipher_request_set_callback(req,
170 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
171 ext4_dir_crypt_complete, &ecr);
172
173 /* Initialize IV */
174 memset(iv, 0, EXT4_CRYPTO_BLOCK_SIZE);
175
176 /* Create encryption request */
177 sg_init_one(&src_sg, iname->name, iname->len);
178 sg_init_one(&dst_sg, oname->name, oname->len);
179 skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, iv);
180 res = crypto_skcipher_decrypt(req);
181 if (res == -EINPROGRESS || res == -EBUSY) {
182 wait_for_completion(&ecr.completion);
183 res = ecr.res;
184 }
185 skcipher_request_free(req);
186 if (res < 0) {
187 printk_ratelimited(
188 KERN_ERR "%s: Error in ext4_fname_encrypt (error code %d)\n",
189 __func__, res);
190 return res;
191 }
192
193 oname->len = strnlen(oname->name, iname->len);
194 return oname->len;
195}
196
197static const char *lookup_table =
198 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
199
200/**
201 * ext4_fname_encode_digest() -
202 *
203 * Encodes the input digest using characters from the set [a-zA-Z0-9_+].
204 * The encoded string is roughly 4/3 times the size of the input string.
205 */
206static int digest_encode(const char *src, int len, char *dst)
207{
208 int i = 0, bits = 0, ac = 0;
209 char *cp = dst;
210
211 while (i < len) {
212 ac += (((unsigned char) src[i]) << bits);
213 bits += 8;
214 do {
215 *cp++ = lookup_table[ac & 0x3f];
216 ac >>= 6;
217 bits -= 6;
218 } while (bits >= 6);
219 i++;
220 }
221 if (bits)
222 *cp++ = lookup_table[ac & 0x3f];
223 return cp - dst;
224}
225
226static int digest_decode(const char *src, int len, char *dst)
227{
228 int i = 0, bits = 0, ac = 0;
229 const char *p;
230 char *cp = dst;
231
232 while (i < len) {
233 p = strchr(lookup_table, src[i]);
234 if (p == NULL || src[i] == 0)
235 return -2;
236 ac += (p - lookup_table) << bits;
237 bits += 6;
238 if (bits >= 8) {
239 *cp++ = ac & 0xff;
240 ac >>= 8;
241 bits -= 8;
242 }
243 i++;
244 }
245 if (ac)
246 return -1;
247 return cp - dst;
248}
249
250/**
251 * ext4_fname_crypto_round_up() -
252 *
253 * Return: The next multiple of block size
254 */
255u32 ext4_fname_crypto_round_up(u32 size, u32 blksize)
256{
257 return ((size+blksize-1)/blksize)*blksize;
258}
259
260unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen)
261{
262 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
263 int padding = 32;
264
265 if (ci)
266 padding = 4 << (ci->ci_flags & EXT4_POLICY_FLAGS_PAD_MASK);
267 if (ilen < EXT4_CRYPTO_BLOCK_SIZE)
268 ilen = EXT4_CRYPTO_BLOCK_SIZE;
269 return ext4_fname_crypto_round_up(ilen, padding);
270}
271
272/*
273 * ext4_fname_crypto_alloc_buffer() -
274 *
275 * Allocates an output buffer that is sufficient for the crypto operation
276 * specified by the context and the direction.
277 */
278int ext4_fname_crypto_alloc_buffer(struct inode *inode,
279 u32 ilen, struct ext4_str *crypto_str)
280{
281 unsigned int olen = ext4_fname_encrypted_size(inode, ilen);
282
283 crypto_str->len = olen;
284 if (olen < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2)
285 olen = EXT4_FNAME_CRYPTO_DIGEST_SIZE*2;
286 /* Allocated buffer can hold one more character to null-terminate the
287 * string */
288 crypto_str->name = kmalloc(olen+1, GFP_NOFS);
289 if (!(crypto_str->name))
290 return -ENOMEM;
291 return 0;
292}
293
294/**
295 * ext4_fname_crypto_free_buffer() -
296 *
297 * Frees the buffer allocated for crypto operation.
298 */
299void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str)
300{
301 if (!crypto_str)
302 return;
303 kfree(crypto_str->name);
304 crypto_str->name = NULL;
305}
306
307/**
308 * ext4_fname_disk_to_usr() - converts a filename from disk space to user space
309 */
310int _ext4_fname_disk_to_usr(struct inode *inode,
311 struct dx_hash_info *hinfo,
312 const struct ext4_str *iname,
313 struct ext4_str *oname)
314{
315 char buf[24];
316 int ret;
317
318 if (iname->len < 3) {
319 /*Check for . and .. */
320 if (iname->name[0] == '.' && iname->name[iname->len-1] == '.') {
321 oname->name[0] = '.';
322 oname->name[iname->len-1] = '.';
323 oname->len = iname->len;
324 return oname->len;
325 }
326 }
327 if (iname->len < EXT4_CRYPTO_BLOCK_SIZE) {
328 EXT4_ERROR_INODE(inode, "encrypted inode too small");
329 return -EUCLEAN;
330 }
331 if (EXT4_I(inode)->i_crypt_info)
332 return ext4_fname_decrypt(inode, iname, oname);
333
334 if (iname->len <= EXT4_FNAME_CRYPTO_DIGEST_SIZE) {
335 ret = digest_encode(iname->name, iname->len, oname->name);
336 oname->len = ret;
337 return ret;
338 }
339 if (hinfo) {
340 memcpy(buf, &hinfo->hash, 4);
341 memcpy(buf+4, &hinfo->minor_hash, 4);
342 } else
343 memset(buf, 0, 8);
344 memcpy(buf + 8, iname->name + iname->len - 16, 16);
345 oname->name[0] = '_';
346 ret = digest_encode(buf, 24, oname->name+1);
347 oname->len = ret + 1;
348 return ret + 1;
349}
350
351int ext4_fname_disk_to_usr(struct inode *inode,
352 struct dx_hash_info *hinfo,
353 const struct ext4_dir_entry_2 *de,
354 struct ext4_str *oname)
355{
356 struct ext4_str iname = {.name = (unsigned char *) de->name,
357 .len = de->name_len };
358
359 return _ext4_fname_disk_to_usr(inode, hinfo, &iname, oname);
360}
361
362
363/**
364 * ext4_fname_usr_to_disk() - converts a filename from user space to disk space
365 */
366int ext4_fname_usr_to_disk(struct inode *inode,
367 const struct qstr *iname,
368 struct ext4_str *oname)
369{
370 int res;
371 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
372
373 if (iname->len < 3) {
374 /*Check for . and .. */
375 if (iname->name[0] == '.' &&
376 iname->name[iname->len-1] == '.') {
377 oname->name[0] = '.';
378 oname->name[iname->len-1] = '.';
379 oname->len = iname->len;
380 return oname->len;
381 }
382 }
383 if (ci) {
384 res = ext4_fname_encrypt(inode, iname, oname);
385 return res;
386 }
387 /* Without a proper key, a user is not allowed to modify the filenames
388 * in a directory. Consequently, a user space name cannot be mapped to
389 * a disk-space name */
390 return -EACCES;
391}
392
393int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
394 int lookup, struct ext4_filename *fname)
395{
396 struct ext4_crypt_info *ci;
397 int ret = 0, bigname = 0;
398
399 memset(fname, 0, sizeof(struct ext4_filename));
400 fname->usr_fname = iname;
401
402 if (!ext4_encrypted_inode(dir) ||
403 ((iname->name[0] == '.') &&
404 ((iname->len == 1) ||
405 ((iname->name[1] == '.') && (iname->len == 2))))) {
406 fname->disk_name.name = (unsigned char *) iname->name;
407 fname->disk_name.len = iname->len;
408 return 0;
409 }
410 ret = ext4_get_encryption_info(dir);
411 if (ret)
412 return ret;
413 ci = EXT4_I(dir)->i_crypt_info;
414 if (ci) {
415 ret = ext4_fname_crypto_alloc_buffer(dir, iname->len,
416 &fname->crypto_buf);
417 if (ret < 0)
418 return ret;
419 ret = ext4_fname_encrypt(dir, iname, &fname->crypto_buf);
420 if (ret < 0)
421 goto errout;
422 fname->disk_name.name = fname->crypto_buf.name;
423 fname->disk_name.len = fname->crypto_buf.len;
424 return 0;
425 }
426 if (!lookup)
427 return -EACCES;
428
429 /* We don't have the key and we are doing a lookup; decode the
430 * user-supplied name
431 */
432 if (iname->name[0] == '_')
433 bigname = 1;
434 if ((bigname && (iname->len != 33)) ||
435 (!bigname && (iname->len > 43)))
436 return -ENOENT;
437
438 fname->crypto_buf.name = kmalloc(32, GFP_KERNEL);
439 if (fname->crypto_buf.name == NULL)
440 return -ENOMEM;
441 ret = digest_decode(iname->name + bigname, iname->len - bigname,
442 fname->crypto_buf.name);
443 if (ret < 0) {
444 ret = -ENOENT;
445 goto errout;
446 }
447 fname->crypto_buf.len = ret;
448 if (bigname) {
449 memcpy(&fname->hinfo.hash, fname->crypto_buf.name, 4);
450 memcpy(&fname->hinfo.minor_hash, fname->crypto_buf.name + 4, 4);
451 } else {
452 fname->disk_name.name = fname->crypto_buf.name;
453 fname->disk_name.len = fname->crypto_buf.len;
454 }
455 return 0;
456errout:
457 kfree(fname->crypto_buf.name);
458 fname->crypto_buf.name = NULL;
459 return ret;
460}
461
462void ext4_fname_free_filename(struct ext4_filename *fname)
463{
464 kfree(fname->crypto_buf.name);
465 fname->crypto_buf.name = NULL;
466 fname->usr_fname = NULL;
467 fname->disk_name.name = NULL;
468}
diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c
deleted file mode 100644
index 0129d688d1f7..000000000000
--- a/fs/ext4/crypto_key.c
+++ /dev/null
@@ -1,274 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_key.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption key functions for ext4
7 *
8 * Written by Michael Halcrow, Ildar Muslukhov, and Uday Savagaonkar, 2015.
9 */
10
11#include <crypto/skcipher.h>
12#include <keys/encrypted-type.h>
13#include <keys/user-type.h>
14#include <linux/random.h>
15#include <linux/scatterlist.h>
16#include <uapi/linux/keyctl.h>
17
18#include "ext4.h"
19#include "xattr.h"
20
21static void derive_crypt_complete(struct crypto_async_request *req, int rc)
22{
23 struct ext4_completion_result *ecr = req->data;
24
25 if (rc == -EINPROGRESS)
26 return;
27
28 ecr->res = rc;
29 complete(&ecr->completion);
30}
31
32/**
33 * ext4_derive_key_aes() - Derive a key using AES-128-ECB
34 * @deriving_key: Encryption key used for derivation.
35 * @source_key: Source key to which to apply derivation.
36 * @derived_key: Derived key.
37 *
38 * Return: Zero on success; non-zero otherwise.
39 */
40static int ext4_derive_key_aes(char deriving_key[EXT4_AES_128_ECB_KEY_SIZE],
41 char source_key[EXT4_AES_256_XTS_KEY_SIZE],
42 char derived_key[EXT4_AES_256_XTS_KEY_SIZE])
43{
44 int res = 0;
45 struct skcipher_request *req = NULL;
46 DECLARE_EXT4_COMPLETION_RESULT(ecr);
47 struct scatterlist src_sg, dst_sg;
48 struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0);
49
50 if (IS_ERR(tfm)) {
51 res = PTR_ERR(tfm);
52 tfm = NULL;
53 goto out;
54 }
55 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
56 req = skcipher_request_alloc(tfm, GFP_NOFS);
57 if (!req) {
58 res = -ENOMEM;
59 goto out;
60 }
61 skcipher_request_set_callback(req,
62 CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
63 derive_crypt_complete, &ecr);
64 res = crypto_skcipher_setkey(tfm, deriving_key,
65 EXT4_AES_128_ECB_KEY_SIZE);
66 if (res < 0)
67 goto out;
68 sg_init_one(&src_sg, source_key, EXT4_AES_256_XTS_KEY_SIZE);
69 sg_init_one(&dst_sg, derived_key, EXT4_AES_256_XTS_KEY_SIZE);
70 skcipher_request_set_crypt(req, &src_sg, &dst_sg,
71 EXT4_AES_256_XTS_KEY_SIZE, NULL);
72 res = crypto_skcipher_encrypt(req);
73 if (res == -EINPROGRESS || res == -EBUSY) {
74 wait_for_completion(&ecr.completion);
75 res = ecr.res;
76 }
77
78out:
79 skcipher_request_free(req);
80 crypto_free_skcipher(tfm);
81 return res;
82}
83
84void ext4_free_crypt_info(struct ext4_crypt_info *ci)
85{
86 if (!ci)
87 return;
88
89 if (ci->ci_keyring_key)
90 key_put(ci->ci_keyring_key);
91 crypto_free_skcipher(ci->ci_ctfm);
92 kmem_cache_free(ext4_crypt_info_cachep, ci);
93}
94
95void ext4_free_encryption_info(struct inode *inode,
96 struct ext4_crypt_info *ci)
97{
98 struct ext4_inode_info *ei = EXT4_I(inode);
99 struct ext4_crypt_info *prev;
100
101 if (ci == NULL)
102 ci = ACCESS_ONCE(ei->i_crypt_info);
103 if (ci == NULL)
104 return;
105 prev = cmpxchg(&ei->i_crypt_info, ci, NULL);
106 if (prev != ci)
107 return;
108
109 ext4_free_crypt_info(ci);
110}
111
112int _ext4_get_encryption_info(struct inode *inode)
113{
114 struct ext4_inode_info *ei = EXT4_I(inode);
115 struct ext4_crypt_info *crypt_info;
116 char full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
117 (EXT4_KEY_DESCRIPTOR_SIZE * 2) + 1];
118 struct key *keyring_key = NULL;
119 struct ext4_encryption_key *master_key;
120 struct ext4_encryption_context ctx;
121 const struct user_key_payload *ukp;
122 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
123 struct crypto_skcipher *ctfm;
124 const char *cipher_str;
125 char raw_key[EXT4_MAX_KEY_SIZE];
126 char mode;
127 int res;
128
129 if (!ext4_read_workqueue) {
130 res = ext4_init_crypto();
131 if (res)
132 return res;
133 }
134
135retry:
136 crypt_info = ACCESS_ONCE(ei->i_crypt_info);
137 if (crypt_info) {
138 if (!crypt_info->ci_keyring_key ||
139 key_validate(crypt_info->ci_keyring_key) == 0)
140 return 0;
141 ext4_free_encryption_info(inode, crypt_info);
142 goto retry;
143 }
144
145 res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
146 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
147 &ctx, sizeof(ctx));
148 if (res < 0) {
149 if (!DUMMY_ENCRYPTION_ENABLED(sbi))
150 return res;
151 ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
152 ctx.filenames_encryption_mode =
153 EXT4_ENCRYPTION_MODE_AES_256_CTS;
154 ctx.flags = 0;
155 } else if (res != sizeof(ctx))
156 return -EINVAL;
157 res = 0;
158
159 crypt_info = kmem_cache_alloc(ext4_crypt_info_cachep, GFP_KERNEL);
160 if (!crypt_info)
161 return -ENOMEM;
162
163 crypt_info->ci_flags = ctx.flags;
164 crypt_info->ci_data_mode = ctx.contents_encryption_mode;
165 crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
166 crypt_info->ci_ctfm = NULL;
167 crypt_info->ci_keyring_key = NULL;
168 memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
169 sizeof(crypt_info->ci_master_key));
170 if (S_ISREG(inode->i_mode))
171 mode = crypt_info->ci_data_mode;
172 else if (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode))
173 mode = crypt_info->ci_filename_mode;
174 else
175 BUG();
176 switch (mode) {
177 case EXT4_ENCRYPTION_MODE_AES_256_XTS:
178 cipher_str = "xts(aes)";
179 break;
180 case EXT4_ENCRYPTION_MODE_AES_256_CTS:
181 cipher_str = "cts(cbc(aes))";
182 break;
183 default:
184 printk_once(KERN_WARNING
185 "ext4: unsupported key mode %d (ino %u)\n",
186 mode, (unsigned) inode->i_ino);
187 res = -ENOKEY;
188 goto out;
189 }
190 if (DUMMY_ENCRYPTION_ENABLED(sbi)) {
191 memset(raw_key, 0x42, EXT4_AES_256_XTS_KEY_SIZE);
192 goto got_key;
193 }
194 memcpy(full_key_descriptor, EXT4_KEY_DESC_PREFIX,
195 EXT4_KEY_DESC_PREFIX_SIZE);
196 sprintf(full_key_descriptor + EXT4_KEY_DESC_PREFIX_SIZE,
197 "%*phN", EXT4_KEY_DESCRIPTOR_SIZE,
198 ctx.master_key_descriptor);
199 full_key_descriptor[EXT4_KEY_DESC_PREFIX_SIZE +
200 (2 * EXT4_KEY_DESCRIPTOR_SIZE)] = '\0';
201 keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL);
202 if (IS_ERR(keyring_key)) {
203 res = PTR_ERR(keyring_key);
204 keyring_key = NULL;
205 goto out;
206 }
207 crypt_info->ci_keyring_key = keyring_key;
208 if (keyring_key->type != &key_type_logon) {
209 printk_once(KERN_WARNING
210 "ext4: key type must be logon\n");
211 res = -ENOKEY;
212 goto out;
213 }
214 down_read(&keyring_key->sem);
215 ukp = user_key_payload(keyring_key);
216 if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
217 res = -EINVAL;
218 up_read(&keyring_key->sem);
219 goto out;
220 }
221 master_key = (struct ext4_encryption_key *)ukp->data;
222 BUILD_BUG_ON(EXT4_AES_128_ECB_KEY_SIZE !=
223 EXT4_KEY_DERIVATION_NONCE_SIZE);
224 if (master_key->size != EXT4_AES_256_XTS_KEY_SIZE) {
225 printk_once(KERN_WARNING
226 "ext4: key size incorrect: %d\n",
227 master_key->size);
228 res = -ENOKEY;
229 up_read(&keyring_key->sem);
230 goto out;
231 }
232 res = ext4_derive_key_aes(ctx.nonce, master_key->raw,
233 raw_key);
234 up_read(&keyring_key->sem);
235 if (res)
236 goto out;
237got_key:
238 ctfm = crypto_alloc_skcipher(cipher_str, 0, 0);
239 if (!ctfm || IS_ERR(ctfm)) {
240 res = ctfm ? PTR_ERR(ctfm) : -ENOMEM;
241 printk(KERN_DEBUG
242 "%s: error %d (inode %u) allocating crypto tfm\n",
243 __func__, res, (unsigned) inode->i_ino);
244 goto out;
245 }
246 crypt_info->ci_ctfm = ctfm;
247 crypto_skcipher_clear_flags(ctfm, ~0);
248 crypto_tfm_set_flags(crypto_skcipher_tfm(ctfm),
249 CRYPTO_TFM_REQ_WEAK_KEY);
250 res = crypto_skcipher_setkey(ctfm, raw_key,
251 ext4_encryption_key_size(mode));
252 if (res)
253 goto out;
254 memzero_explicit(raw_key, sizeof(raw_key));
255 if (cmpxchg(&ei->i_crypt_info, NULL, crypt_info) != NULL) {
256 ext4_free_crypt_info(crypt_info);
257 goto retry;
258 }
259 return 0;
260
261out:
262 if (res == -ENOKEY)
263 res = 0;
264 ext4_free_crypt_info(crypt_info);
265 memzero_explicit(raw_key, sizeof(raw_key));
266 return res;
267}
268
269int ext4_has_encryption_key(struct inode *inode)
270{
271 struct ext4_inode_info *ei = EXT4_I(inode);
272
273 return (ei->i_crypt_info != NULL);
274}
diff --git a/fs/ext4/crypto_policy.c b/fs/ext4/crypto_policy.c
deleted file mode 100644
index ad050698143f..000000000000
--- a/fs/ext4/crypto_policy.c
+++ /dev/null
@@ -1,229 +0,0 @@
1/*
2 * linux/fs/ext4/crypto_policy.c
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption policy functions for ext4
7 *
8 * Written by Michael Halcrow, 2015.
9 */
10
11#include <linux/random.h>
12#include <linux/string.h>
13#include <linux/types.h>
14
15#include "ext4_jbd2.h"
16#include "ext4.h"
17#include "xattr.h"
18
19static int ext4_inode_has_encryption_context(struct inode *inode)
20{
21 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
22 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, NULL, 0);
23 return (res > 0);
24}
25
26/*
27 * check whether the policy is consistent with the encryption context
28 * for the inode
29 */
30static int ext4_is_encryption_context_consistent_with_policy(
31 struct inode *inode, const struct ext4_encryption_policy *policy)
32{
33 struct ext4_encryption_context ctx;
34 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
35 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
36 sizeof(ctx));
37 if (res != sizeof(ctx))
38 return 0;
39 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor,
40 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
41 (ctx.flags ==
42 policy->flags) &&
43 (ctx.contents_encryption_mode ==
44 policy->contents_encryption_mode) &&
45 (ctx.filenames_encryption_mode ==
46 policy->filenames_encryption_mode));
47}
48
49static int ext4_create_encryption_context_from_policy(
50 struct inode *inode, const struct ext4_encryption_policy *policy)
51{
52 struct ext4_encryption_context ctx;
53 handle_t *handle;
54 int res, res2;
55
56 res = ext4_convert_inline_data(inode);
57 if (res)
58 return res;
59
60 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
61 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor,
62 EXT4_KEY_DESCRIPTOR_SIZE);
63 if (!ext4_valid_contents_enc_mode(policy->contents_encryption_mode)) {
64 printk(KERN_WARNING
65 "%s: Invalid contents encryption mode %d\n", __func__,
66 policy->contents_encryption_mode);
67 return -EINVAL;
68 }
69 if (!ext4_valid_filenames_enc_mode(policy->filenames_encryption_mode)) {
70 printk(KERN_WARNING
71 "%s: Invalid filenames encryption mode %d\n", __func__,
72 policy->filenames_encryption_mode);
73 return -EINVAL;
74 }
75 if (policy->flags & ~EXT4_POLICY_FLAGS_VALID)
76 return -EINVAL;
77 ctx.contents_encryption_mode = policy->contents_encryption_mode;
78 ctx.filenames_encryption_mode = policy->filenames_encryption_mode;
79 ctx.flags = policy->flags;
80 BUILD_BUG_ON(sizeof(ctx.nonce) != EXT4_KEY_DERIVATION_NONCE_SIZE);
81 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
82
83 handle = ext4_journal_start(inode, EXT4_HT_MISC,
84 ext4_jbd2_credits_xattr(inode));
85 if (IS_ERR(handle))
86 return PTR_ERR(handle);
87 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
88 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
89 sizeof(ctx), 0);
90 if (!res) {
91 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
92 res = ext4_mark_inode_dirty(handle, inode);
93 if (res)
94 EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
95 }
96 res2 = ext4_journal_stop(handle);
97 if (!res)
98 res = res2;
99 return res;
100}
101
102int ext4_process_policy(const struct ext4_encryption_policy *policy,
103 struct inode *inode)
104{
105 if (policy->version != 0)
106 return -EINVAL;
107
108 if (!ext4_inode_has_encryption_context(inode)) {
109 if (!S_ISDIR(inode->i_mode))
110 return -EINVAL;
111 if (!ext4_empty_dir(inode))
112 return -ENOTEMPTY;
113 return ext4_create_encryption_context_from_policy(inode,
114 policy);
115 }
116
117 if (ext4_is_encryption_context_consistent_with_policy(inode, policy))
118 return 0;
119
120 printk(KERN_WARNING "%s: Policy inconsistent with encryption context\n",
121 __func__);
122 return -EINVAL;
123}
124
125int ext4_get_policy(struct inode *inode, struct ext4_encryption_policy *policy)
126{
127 struct ext4_encryption_context ctx;
128
129 int res = ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
130 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT,
131 &ctx, sizeof(ctx));
132 if (res != sizeof(ctx))
133 return -ENOENT;
134 if (ctx.format != EXT4_ENCRYPTION_CONTEXT_FORMAT_V1)
135 return -EINVAL;
136 policy->version = 0;
137 policy->contents_encryption_mode = ctx.contents_encryption_mode;
138 policy->filenames_encryption_mode = ctx.filenames_encryption_mode;
139 policy->flags = ctx.flags;
140 memcpy(&policy->master_key_descriptor, ctx.master_key_descriptor,
141 EXT4_KEY_DESCRIPTOR_SIZE);
142 return 0;
143}
144
145int ext4_is_child_context_consistent_with_parent(struct inode *parent,
146 struct inode *child)
147{
148 struct ext4_crypt_info *parent_ci, *child_ci;
149 int res;
150
151 if ((parent == NULL) || (child == NULL)) {
152 pr_err("parent %p child %p\n", parent, child);
153 WARN_ON(1); /* Should never happen */
154 return 0;
155 }
156 /* no restrictions if the parent directory is not encrypted */
157 if (!ext4_encrypted_inode(parent))
158 return 1;
159 /* if the child directory is not encrypted, this is always a problem */
160 if (!ext4_encrypted_inode(child))
161 return 0;
162 res = ext4_get_encryption_info(parent);
163 if (res)
164 return 0;
165 res = ext4_get_encryption_info(child);
166 if (res)
167 return 0;
168 parent_ci = EXT4_I(parent)->i_crypt_info;
169 child_ci = EXT4_I(child)->i_crypt_info;
170 if (!parent_ci && !child_ci)
171 return 1;
172 if (!parent_ci || !child_ci)
173 return 0;
174
175 return (memcmp(parent_ci->ci_master_key,
176 child_ci->ci_master_key,
177 EXT4_KEY_DESCRIPTOR_SIZE) == 0 &&
178 (parent_ci->ci_data_mode == child_ci->ci_data_mode) &&
179 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) &&
180 (parent_ci->ci_flags == child_ci->ci_flags));
181}
182
183/**
184 * ext4_inherit_context() - Sets a child context from its parent
185 * @parent: Parent inode from which the context is inherited.
186 * @child: Child inode that inherits the context from @parent.
187 *
188 * Return: Zero on success, non-zero otherwise
189 */
190int ext4_inherit_context(struct inode *parent, struct inode *child)
191{
192 struct ext4_encryption_context ctx;
193 struct ext4_crypt_info *ci;
194 int res;
195
196 res = ext4_get_encryption_info(parent);
197 if (res < 0)
198 return res;
199 ci = EXT4_I(parent)->i_crypt_info;
200 if (ci == NULL)
201 return -ENOKEY;
202
203 ctx.format = EXT4_ENCRYPTION_CONTEXT_FORMAT_V1;
204 if (DUMMY_ENCRYPTION_ENABLED(EXT4_SB(parent->i_sb))) {
205 ctx.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
206 ctx.filenames_encryption_mode =
207 EXT4_ENCRYPTION_MODE_AES_256_CTS;
208 ctx.flags = 0;
209 memset(ctx.master_key_descriptor, 0x42,
210 EXT4_KEY_DESCRIPTOR_SIZE);
211 res = 0;
212 } else {
213 ctx.contents_encryption_mode = ci->ci_data_mode;
214 ctx.filenames_encryption_mode = ci->ci_filename_mode;
215 ctx.flags = ci->ci_flags;
216 memcpy(ctx.master_key_descriptor, ci->ci_master_key,
217 EXT4_KEY_DESCRIPTOR_SIZE);
218 }
219 get_random_bytes(ctx.nonce, EXT4_KEY_DERIVATION_NONCE_SIZE);
220 res = ext4_xattr_set(child, EXT4_XATTR_INDEX_ENCRYPTION,
221 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, &ctx,
222 sizeof(ctx), 0);
223 if (!res) {
224 ext4_set_inode_flag(child, EXT4_INODE_ENCRYPT);
225 ext4_clear_inode_state(child, EXT4_STATE_MAY_INLINE_DATA);
226 res = ext4_get_encryption_info(child);
227 }
228 return res;
229}
diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
index 68323e3da3fa..67415e0e6af0 100644
--- a/fs/ext4/dir.c
+++ b/fs/ext4/dir.c
@@ -109,10 +109,10 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
109 struct super_block *sb = inode->i_sb; 109 struct super_block *sb = inode->i_sb;
110 struct buffer_head *bh = NULL; 110 struct buffer_head *bh = NULL;
111 int dir_has_error = 0; 111 int dir_has_error = 0;
112 struct ext4_str fname_crypto_str = {.name = NULL, .len = 0}; 112 struct fscrypt_str fstr = FSTR_INIT(NULL, 0);
113 113
114 if (ext4_encrypted_inode(inode)) { 114 if (ext4_encrypted_inode(inode)) {
115 err = ext4_get_encryption_info(inode); 115 err = fscrypt_get_encryption_info(inode);
116 if (err && err != -ENOKEY) 116 if (err && err != -ENOKEY)
117 return err; 117 return err;
118 } 118 }
@@ -139,8 +139,7 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
139 } 139 }
140 140
141 if (ext4_encrypted_inode(inode)) { 141 if (ext4_encrypted_inode(inode)) {
142 err = ext4_fname_crypto_alloc_buffer(inode, EXT4_NAME_LEN, 142 err = fscrypt_fname_alloc_buffer(inode, EXT4_NAME_LEN, &fstr);
143 &fname_crypto_str);
144 if (err < 0) 143 if (err < 0)
145 return err; 144 return err;
146 } 145 }
@@ -253,16 +252,19 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx)
253 get_dtype(sb, de->file_type))) 252 get_dtype(sb, de->file_type)))
254 goto done; 253 goto done;
255 } else { 254 } else {
256 int save_len = fname_crypto_str.len; 255 int save_len = fstr.len;
256 struct fscrypt_str de_name =
257 FSTR_INIT(de->name,
258 de->name_len);
257 259
258 /* Directory is encrypted */ 260 /* Directory is encrypted */
259 err = ext4_fname_disk_to_usr(inode, 261 err = fscrypt_fname_disk_to_usr(inode,
260 NULL, de, &fname_crypto_str); 262 0, 0, &de_name, &fstr);
261 fname_crypto_str.len = save_len; 263 fstr.len = save_len;
262 if (err < 0) 264 if (err < 0)
263 goto errout; 265 goto errout;
264 if (!dir_emit(ctx, 266 if (!dir_emit(ctx,
265 fname_crypto_str.name, err, 267 fstr.name, err,
266 le32_to_cpu(de->inode), 268 le32_to_cpu(de->inode),
267 get_dtype(sb, de->file_type))) 269 get_dtype(sb, de->file_type)))
268 goto done; 270 goto done;
@@ -281,7 +283,7 @@ done:
281 err = 0; 283 err = 0;
282errout: 284errout:
283#ifdef CONFIG_EXT4_FS_ENCRYPTION 285#ifdef CONFIG_EXT4_FS_ENCRYPTION
284 ext4_fname_crypto_free_buffer(&fname_crypto_str); 286 fscrypt_fname_free_buffer(&fstr);
285#endif 287#endif
286 brelse(bh); 288 brelse(bh);
287 return err; 289 return err;
@@ -432,7 +434,7 @@ void ext4_htree_free_dir_info(struct dir_private_info *p)
432int ext4_htree_store_dirent(struct file *dir_file, __u32 hash, 434int ext4_htree_store_dirent(struct file *dir_file, __u32 hash,
433 __u32 minor_hash, 435 __u32 minor_hash,
434 struct ext4_dir_entry_2 *dirent, 436 struct ext4_dir_entry_2 *dirent,
435 struct ext4_str *ent_name) 437 struct fscrypt_str *ent_name)
436{ 438{
437 struct rb_node **p, *parent = NULL; 439 struct rb_node **p, *parent = NULL;
438 struct fname *fname, *new_fn; 440 struct fname *fname, *new_fn;
@@ -609,7 +611,7 @@ finished:
609static int ext4_dir_open(struct inode * inode, struct file * filp) 611static int ext4_dir_open(struct inode * inode, struct file * filp)
610{ 612{
611 if (ext4_encrypted_inode(inode)) 613 if (ext4_encrypted_inode(inode))
612 return ext4_get_encryption_info(inode) ? -EACCES : 0; 614 return fscrypt_get_encryption_info(inode) ? -EACCES : 0;
613 return 0; 615 return 0;
614} 616}
615 617
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index b84aa1ca480a..ea31931386ec 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -32,6 +32,7 @@
32#include <linux/percpu_counter.h> 32#include <linux/percpu_counter.h>
33#include <linux/ratelimit.h> 33#include <linux/ratelimit.h>
34#include <crypto/hash.h> 34#include <crypto/hash.h>
35#include <linux/fscrypto.h>
35#include <linux/falloc.h> 36#include <linux/falloc.h>
36#include <linux/percpu-rwsem.h> 37#include <linux/percpu-rwsem.h>
37#ifdef __KERNEL__ 38#ifdef __KERNEL__
@@ -608,15 +609,6 @@ enum {
608#define EXT4_FREE_BLOCKS_NOFREE_FIRST_CLUSTER 0x0010 609#define EXT4_FREE_BLOCKS_NOFREE_FIRST_CLUSTER 0x0010
609#define EXT4_FREE_BLOCKS_NOFREE_LAST_CLUSTER 0x0020 610#define EXT4_FREE_BLOCKS_NOFREE_LAST_CLUSTER 0x0020
610 611
611/* Encryption algorithms */
612#define EXT4_ENCRYPTION_MODE_INVALID 0
613#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1
614#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2
615#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3
616#define EXT4_ENCRYPTION_MODE_AES_256_CTS 4
617
618#include "ext4_crypto.h"
619
620/* 612/*
621 * ioctl commands 613 * ioctl commands
622 */ 614 */
@@ -638,9 +630,9 @@ enum {
638#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64) 630#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64)
639#define EXT4_IOC_SWAP_BOOT _IO('f', 17) 631#define EXT4_IOC_SWAP_BOOT _IO('f', 17)
640#define EXT4_IOC_PRECACHE_EXTENTS _IO('f', 18) 632#define EXT4_IOC_PRECACHE_EXTENTS _IO('f', 18)
641#define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy) 633#define EXT4_IOC_SET_ENCRYPTION_POLICY FS_IOC_SET_ENCRYPTION_POLICY
642#define EXT4_IOC_GET_ENCRYPTION_PWSALT _IOW('f', 20, __u8[16]) 634#define EXT4_IOC_GET_ENCRYPTION_PWSALT FS_IOC_GET_ENCRYPTION_PWSALT
643#define EXT4_IOC_GET_ENCRYPTION_POLICY _IOW('f', 21, struct ext4_encryption_policy) 635#define EXT4_IOC_GET_ENCRYPTION_POLICY FS_IOC_GET_ENCRYPTION_POLICY
644 636
645#ifndef FS_IOC_FSGETXATTR 637#ifndef FS_IOC_FSGETXATTR
646/* Until the uapi changes get merged for project quota... */ 638/* Until the uapi changes get merged for project quota... */
@@ -1082,10 +1074,6 @@ struct ext4_inode_info {
1082 /* Precomputed uuid+inum+igen checksum for seeding inode checksums */ 1074 /* Precomputed uuid+inum+igen checksum for seeding inode checksums */
1083 __u32 i_csum_seed; 1075 __u32 i_csum_seed;
1084 1076
1085#ifdef CONFIG_EXT4_FS_ENCRYPTION
1086 /* Encryption params */
1087 struct ext4_crypt_info *i_crypt_info;
1088#endif
1089 kprojid_t i_projid; 1077 kprojid_t i_projid;
1090}; 1078};
1091 1079
@@ -1344,6 +1332,11 @@ struct ext4_super_block {
1344/* Number of quota types we support */ 1332/* Number of quota types we support */
1345#define EXT4_MAXQUOTAS 3 1333#define EXT4_MAXQUOTAS 3
1346 1334
1335#ifdef CONFIG_EXT4_FS_ENCRYPTION
1336#define EXT4_KEY_DESC_PREFIX "ext4:"
1337#define EXT4_KEY_DESC_PREFIX_SIZE 5
1338#endif
1339
1347/* 1340/*
1348 * fourth extended-fs super-block data in memory 1341 * fourth extended-fs super-block data in memory
1349 */ 1342 */
@@ -1430,6 +1423,7 @@ struct ext4_sb_info {
1430 unsigned short *s_mb_offsets; 1423 unsigned short *s_mb_offsets;
1431 unsigned int *s_mb_maxs; 1424 unsigned int *s_mb_maxs;
1432 unsigned int s_group_info_size; 1425 unsigned int s_group_info_size;
1426 unsigned int s_mb_free_pending;
1433 1427
1434 /* tunables */ 1428 /* tunables */
1435 unsigned long s_stripe; 1429 unsigned long s_stripe;
@@ -1512,6 +1506,12 @@ struct ext4_sb_info {
1512 1506
1513 /* Barrier between changing inodes' journal flags and writepages ops. */ 1507 /* Barrier between changing inodes' journal flags and writepages ops. */
1514 struct percpu_rw_semaphore s_journal_flag_rwsem; 1508 struct percpu_rw_semaphore s_journal_flag_rwsem;
1509
1510 /* Encryption support */
1511#ifdef CONFIG_EXT4_FS_ENCRYPTION
1512 u8 key_prefix[EXT4_KEY_DESC_PREFIX_SIZE];
1513 u8 key_prefix_size;
1514#endif
1515}; 1515};
1516 1516
1517static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) 1517static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb)
@@ -1610,15 +1610,6 @@ static inline void ext4_clear_state_flags(struct ext4_inode_info *ei)
1610/* 1610/*
1611 * Returns true if the inode is inode is encrypted 1611 * Returns true if the inode is inode is encrypted
1612 */ 1612 */
1613static inline int ext4_encrypted_inode(struct inode *inode)
1614{
1615#ifdef CONFIG_EXT4_FS_ENCRYPTION
1616 return ext4_test_inode_flag(inode, EXT4_INODE_ENCRYPT);
1617#else
1618 return 0;
1619#endif
1620}
1621
1622#define NEXT_ORPHAN(inode) EXT4_I(inode)->i_dtime 1613#define NEXT_ORPHAN(inode) EXT4_I(inode)->i_dtime
1623 1614
1624/* 1615/*
@@ -2082,10 +2073,10 @@ struct dx_hash_info
2082 2073
2083struct ext4_filename { 2074struct ext4_filename {
2084 const struct qstr *usr_fname; 2075 const struct qstr *usr_fname;
2085 struct ext4_str disk_name; 2076 struct fscrypt_str disk_name;
2086 struct dx_hash_info hinfo; 2077 struct dx_hash_info hinfo;
2087#ifdef CONFIG_EXT4_FS_ENCRYPTION 2078#ifdef CONFIG_EXT4_FS_ENCRYPTION
2088 struct ext4_str crypto_buf; 2079 struct fscrypt_str crypto_buf;
2089#endif 2080#endif
2090}; 2081};
2091 2082
@@ -2296,132 +2287,82 @@ extern unsigned ext4_free_clusters_after_init(struct super_block *sb,
2296 struct ext4_group_desc *gdp); 2287 struct ext4_group_desc *gdp);
2297ext4_fsblk_t ext4_inode_to_goal_block(struct inode *); 2288ext4_fsblk_t ext4_inode_to_goal_block(struct inode *);
2298 2289
2299/* crypto_policy.c */
2300int ext4_is_child_context_consistent_with_parent(struct inode *parent,
2301 struct inode *child);
2302int ext4_inherit_context(struct inode *parent, struct inode *child);
2303void ext4_to_hex(char *dst, char *src, size_t src_size);
2304int ext4_process_policy(const struct ext4_encryption_policy *policy,
2305 struct inode *inode);
2306int ext4_get_policy(struct inode *inode,
2307 struct ext4_encryption_policy *policy);
2308
2309/* crypto.c */
2310extern struct kmem_cache *ext4_crypt_info_cachep;
2311bool ext4_valid_contents_enc_mode(uint32_t mode);
2312uint32_t ext4_validate_encryption_key_size(uint32_t mode, uint32_t size);
2313extern struct workqueue_struct *ext4_read_workqueue;
2314struct ext4_crypto_ctx *ext4_get_crypto_ctx(struct inode *inode,
2315 gfp_t gfp_flags);
2316void ext4_release_crypto_ctx(struct ext4_crypto_ctx *ctx);
2317void ext4_restore_control_page(struct page *data_page);
2318struct page *ext4_encrypt(struct inode *inode,
2319 struct page *plaintext_page,
2320 gfp_t gfp_flags);
2321int ext4_decrypt(struct page *page);
2322int ext4_encrypted_zeroout(struct inode *inode, ext4_lblk_t lblk,
2323 ext4_fsblk_t pblk, ext4_lblk_t len);
2324extern const struct dentry_operations ext4_encrypted_d_ops;
2325
2326#ifdef CONFIG_EXT4_FS_ENCRYPTION
2327int ext4_init_crypto(void);
2328void ext4_exit_crypto(void);
2329static inline int ext4_sb_has_crypto(struct super_block *sb) 2290static inline int ext4_sb_has_crypto(struct super_block *sb)
2330{ 2291{
2331 return ext4_has_feature_encrypt(sb); 2292 return ext4_has_feature_encrypt(sb);
2332} 2293}
2333#else 2294
2334static inline int ext4_init_crypto(void) { return 0; } 2295static inline bool ext4_encrypted_inode(struct inode *inode)
2335static inline void ext4_exit_crypto(void) { }
2336static inline int ext4_sb_has_crypto(struct super_block *sb)
2337{ 2296{
2338 return 0; 2297 return ext4_test_inode_flag(inode, EXT4_INODE_ENCRYPT);
2339} 2298}
2340#endif
2341 2299
2342/* crypto_fname.c */
2343bool ext4_valid_filenames_enc_mode(uint32_t mode);
2344u32 ext4_fname_crypto_round_up(u32 size, u32 blksize);
2345unsigned ext4_fname_encrypted_size(struct inode *inode, u32 ilen);
2346int ext4_fname_crypto_alloc_buffer(struct inode *inode,
2347 u32 ilen, struct ext4_str *crypto_str);
2348int _ext4_fname_disk_to_usr(struct inode *inode,
2349 struct dx_hash_info *hinfo,
2350 const struct ext4_str *iname,
2351 struct ext4_str *oname);
2352int ext4_fname_disk_to_usr(struct inode *inode,
2353 struct dx_hash_info *hinfo,
2354 const struct ext4_dir_entry_2 *de,
2355 struct ext4_str *oname);
2356int ext4_fname_usr_to_disk(struct inode *inode,
2357 const struct qstr *iname,
2358 struct ext4_str *oname);
2359#ifdef CONFIG_EXT4_FS_ENCRYPTION 2300#ifdef CONFIG_EXT4_FS_ENCRYPTION
2360void ext4_fname_crypto_free_buffer(struct ext4_str *crypto_str);
2361int ext4_fname_setup_filename(struct inode *dir, const struct qstr *iname,
2362 int lookup, struct ext4_filename *fname);
2363void ext4_fname_free_filename(struct ext4_filename *fname);
2364#else
2365static inline
2366int ext4_setup_fname_crypto(struct inode *inode)
2367{
2368 return 0;
2369}
2370static inline void ext4_fname_crypto_free_buffer(struct ext4_str *p) { }
2371static inline int ext4_fname_setup_filename(struct inode *dir, 2301static inline int ext4_fname_setup_filename(struct inode *dir,
2372 const struct qstr *iname, 2302 const struct qstr *iname,
2373 int lookup, struct ext4_filename *fname) 2303 int lookup, struct ext4_filename *fname)
2374{ 2304{
2375 fname->usr_fname = iname; 2305 struct fscrypt_name name;
2376 fname->disk_name.name = (unsigned char *) iname->name; 2306 int err;
2377 fname->disk_name.len = iname->len;
2378 return 0;
2379}
2380static inline void ext4_fname_free_filename(struct ext4_filename *fname) { }
2381#endif
2382
2383 2307
2384/* crypto_key.c */ 2308 memset(fname, 0, sizeof(struct ext4_filename));
2385void ext4_free_crypt_info(struct ext4_crypt_info *ci);
2386void ext4_free_encryption_info(struct inode *inode, struct ext4_crypt_info *ci);
2387int _ext4_get_encryption_info(struct inode *inode);
2388 2309
2389#ifdef CONFIG_EXT4_FS_ENCRYPTION 2310 err = fscrypt_setup_filename(dir, iname, lookup, &name);
2390int ext4_has_encryption_key(struct inode *inode);
2391 2311
2392static inline int ext4_get_encryption_info(struct inode *inode) 2312 fname->usr_fname = name.usr_fname;
2393{ 2313 fname->disk_name = name.disk_name;
2394 struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info; 2314 fname->hinfo.hash = name.hash;
2395 2315 fname->hinfo.minor_hash = name.minor_hash;
2396 if (!ci || 2316 fname->crypto_buf = name.crypto_buf;
2397 (ci->ci_keyring_key && 2317 return err;
2398 (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
2399 (1 << KEY_FLAG_REVOKED) |
2400 (1 << KEY_FLAG_DEAD)))))
2401 return _ext4_get_encryption_info(inode);
2402 return 0;
2403} 2318}
2404 2319
2405static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode) 2320static inline void ext4_fname_free_filename(struct ext4_filename *fname)
2406{ 2321{
2407 return EXT4_I(inode)->i_crypt_info; 2322 struct fscrypt_name name;
2408}
2409 2323
2410#else 2324 name.crypto_buf = fname->crypto_buf;
2411static inline int ext4_has_encryption_key(struct inode *inode) 2325 fscrypt_free_filename(&name);
2412{ 2326
2413 return 0; 2327 fname->crypto_buf.name = NULL;
2328 fname->usr_fname = NULL;
2329 fname->disk_name.name = NULL;
2414} 2330}
2415static inline int ext4_get_encryption_info(struct inode *inode) 2331#else
2332static inline int ext4_fname_setup_filename(struct inode *dir,
2333 const struct qstr *iname,
2334 int lookup, struct ext4_filename *fname)
2416{ 2335{
2336 fname->usr_fname = iname;
2337 fname->disk_name.name = (unsigned char *) iname->name;
2338 fname->disk_name.len = iname->len;
2417 return 0; 2339 return 0;
2418} 2340}
2419static inline struct ext4_crypt_info *ext4_encryption_info(struct inode *inode) 2341static inline void ext4_fname_free_filename(struct ext4_filename *fname) { }
2420{
2421 return NULL;
2422}
2423#endif
2424 2342
2343#define fscrypt_set_d_op(i)
2344#define fscrypt_get_ctx fscrypt_notsupp_get_ctx
2345#define fscrypt_release_ctx fscrypt_notsupp_release_ctx
2346#define fscrypt_encrypt_page fscrypt_notsupp_encrypt_page
2347#define fscrypt_decrypt_page fscrypt_notsupp_decrypt_page
2348#define fscrypt_decrypt_bio_pages fscrypt_notsupp_decrypt_bio_pages
2349#define fscrypt_pullback_bio_page fscrypt_notsupp_pullback_bio_page
2350#define fscrypt_restore_control_page fscrypt_notsupp_restore_control_page
2351#define fscrypt_zeroout_range fscrypt_notsupp_zeroout_range
2352#define fscrypt_process_policy fscrypt_notsupp_process_policy
2353#define fscrypt_get_policy fscrypt_notsupp_get_policy
2354#define fscrypt_has_permitted_context fscrypt_notsupp_has_permitted_context
2355#define fscrypt_inherit_context fscrypt_notsupp_inherit_context
2356#define fscrypt_get_encryption_info fscrypt_notsupp_get_encryption_info
2357#define fscrypt_put_encryption_info fscrypt_notsupp_put_encryption_info
2358#define fscrypt_setup_filename fscrypt_notsupp_setup_filename
2359#define fscrypt_free_filename fscrypt_notsupp_free_filename
2360#define fscrypt_fname_encrypted_size fscrypt_notsupp_fname_encrypted_size
2361#define fscrypt_fname_alloc_buffer fscrypt_notsupp_fname_alloc_buffer
2362#define fscrypt_fname_free_buffer fscrypt_notsupp_fname_free_buffer
2363#define fscrypt_fname_disk_to_usr fscrypt_notsupp_fname_disk_to_usr
2364#define fscrypt_fname_usr_to_disk fscrypt_notsupp_fname_usr_to_disk
2365#endif
2425 2366
2426/* dir.c */ 2367/* dir.c */
2427extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *, 2368extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *,
@@ -2435,7 +2376,7 @@ extern int __ext4_check_dir_entry(const char *, unsigned int, struct inode *,
2435extern int ext4_htree_store_dirent(struct file *dir_file, __u32 hash, 2376extern int ext4_htree_store_dirent(struct file *dir_file, __u32 hash,
2436 __u32 minor_hash, 2377 __u32 minor_hash,
2437 struct ext4_dir_entry_2 *dirent, 2378 struct ext4_dir_entry_2 *dirent,
2438 struct ext4_str *ent_name); 2379 struct fscrypt_str *ent_name);
2439extern void ext4_htree_free_dir_info(struct dir_private_info *p); 2380extern void ext4_htree_free_dir_info(struct dir_private_info *p);
2440extern int ext4_find_dest_de(struct inode *dir, struct inode *inode, 2381extern int ext4_find_dest_de(struct inode *dir, struct inode *inode,
2441 struct buffer_head *bh, 2382 struct buffer_head *bh,
@@ -2623,7 +2564,7 @@ extern int ext4_generic_delete_entry(handle_t *handle,
2623 void *entry_buf, 2564 void *entry_buf,
2624 int buf_size, 2565 int buf_size,
2625 int csum_size); 2566 int csum_size);
2626extern int ext4_empty_dir(struct inode *inode); 2567extern bool ext4_empty_dir(struct inode *inode);
2627 2568
2628/* resize.c */ 2569/* resize.c */
2629extern int ext4_group_add(struct super_block *sb, 2570extern int ext4_group_add(struct super_block *sb,
@@ -3105,7 +3046,7 @@ extern int ext4_delete_inline_entry(handle_t *handle,
3105 struct ext4_dir_entry_2 *de_del, 3046 struct ext4_dir_entry_2 *de_del,
3106 struct buffer_head *bh, 3047 struct buffer_head *bh,
3107 int *has_inline_data); 3048 int *has_inline_data);
3108extern int empty_inline_dir(struct inode *dir, int *has_inline_data); 3049extern bool empty_inline_dir(struct inode *dir, int *has_inline_data);
3109extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode, 3050extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode,
3110 struct ext4_dir_entry_2 **parent_de, 3051 struct ext4_dir_entry_2 **parent_de,
3111 int *retval); 3052 int *retval);
diff --git a/fs/ext4/ext4_crypto.h b/fs/ext4/ext4_crypto.h
deleted file mode 100644
index 1f73c29717e1..000000000000
--- a/fs/ext4/ext4_crypto.h
+++ /dev/null
@@ -1,159 +0,0 @@
1/*
2 * linux/fs/ext4/ext4_crypto.h
3 *
4 * Copyright (C) 2015, Google, Inc.
5 *
6 * This contains encryption header content for ext4
7 *
8 * Written by Michael Halcrow, 2015.
9 */
10
11#ifndef _EXT4_CRYPTO_H
12#define _EXT4_CRYPTO_H
13
14#include <linux/fs.h>
15
16#define EXT4_KEY_DESCRIPTOR_SIZE 8
17
18/* Policy provided via an ioctl on the topmost directory */
19struct ext4_encryption_policy {
20 char version;
21 char contents_encryption_mode;
22 char filenames_encryption_mode;
23 char flags;
24 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
25} __attribute__((__packed__));
26
27#define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1
28#define EXT4_KEY_DERIVATION_NONCE_SIZE 16
29
30#define EXT4_POLICY_FLAGS_PAD_4 0x00
31#define EXT4_POLICY_FLAGS_PAD_8 0x01
32#define EXT4_POLICY_FLAGS_PAD_16 0x02
33#define EXT4_POLICY_FLAGS_PAD_32 0x03
34#define EXT4_POLICY_FLAGS_PAD_MASK 0x03
35#define EXT4_POLICY_FLAGS_VALID 0x03
36
37/**
38 * Encryption context for inode
39 *
40 * Protector format:
41 * 1 byte: Protector format (1 = this version)
42 * 1 byte: File contents encryption mode
43 * 1 byte: File names encryption mode
44 * 1 byte: Reserved
45 * 8 bytes: Master Key descriptor
46 * 16 bytes: Encryption Key derivation nonce
47 */
48struct ext4_encryption_context {
49 char format;
50 char contents_encryption_mode;
51 char filenames_encryption_mode;
52 char flags;
53 char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
54 char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE];
55} __attribute__((__packed__));
56
57/* Encryption parameters */
58#define EXT4_XTS_TWEAK_SIZE 16
59#define EXT4_AES_128_ECB_KEY_SIZE 16
60#define EXT4_AES_256_GCM_KEY_SIZE 32
61#define EXT4_AES_256_CBC_KEY_SIZE 32
62#define EXT4_AES_256_CTS_KEY_SIZE 32
63#define EXT4_AES_256_XTS_KEY_SIZE 64
64#define EXT4_MAX_KEY_SIZE 64
65
66#define EXT4_KEY_DESC_PREFIX "ext4:"
67#define EXT4_KEY_DESC_PREFIX_SIZE 5
68
69/* This is passed in from userspace into the kernel keyring */
70struct ext4_encryption_key {
71 __u32 mode;
72 char raw[EXT4_MAX_KEY_SIZE];
73 __u32 size;
74} __attribute__((__packed__));
75
76struct ext4_crypt_info {
77 char ci_data_mode;
78 char ci_filename_mode;
79 char ci_flags;
80 struct crypto_skcipher *ci_ctfm;
81 struct key *ci_keyring_key;
82 char ci_master_key[EXT4_KEY_DESCRIPTOR_SIZE];
83};
84
85#define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
86#define EXT4_WRITE_PATH_FL 0x00000002
87
88struct ext4_crypto_ctx {
89 union {
90 struct {
91 struct page *bounce_page; /* Ciphertext page */
92 struct page *control_page; /* Original page */
93 } w;
94 struct {
95 struct bio *bio;
96 struct work_struct work;
97 } r;
98 struct list_head free_list; /* Free list */
99 };
100 char flags; /* Flags */
101 char mode; /* Encryption mode for tfm */
102};
103
104struct ext4_completion_result {
105 struct completion completion;
106 int res;
107};
108
109#define DECLARE_EXT4_COMPLETION_RESULT(ecr) \
110 struct ext4_completion_result ecr = { \
111 COMPLETION_INITIALIZER((ecr).completion), 0 }
112
113static inline int ext4_encryption_key_size(int mode)
114{
115 switch (mode) {
116 case EXT4_ENCRYPTION_MODE_AES_256_XTS:
117 return EXT4_AES_256_XTS_KEY_SIZE;
118 case EXT4_ENCRYPTION_MODE_AES_256_GCM:
119 return EXT4_AES_256_GCM_KEY_SIZE;
120 case EXT4_ENCRYPTION_MODE_AES_256_CBC:
121 return EXT4_AES_256_CBC_KEY_SIZE;
122 case EXT4_ENCRYPTION_MODE_AES_256_CTS:
123 return EXT4_AES_256_CTS_KEY_SIZE;
124 default:
125 BUG();
126 }
127 return 0;
128}
129
130#define EXT4_FNAME_NUM_SCATTER_ENTRIES 4
131#define EXT4_CRYPTO_BLOCK_SIZE 16
132#define EXT4_FNAME_CRYPTO_DIGEST_SIZE 32
133
134struct ext4_str {
135 unsigned char *name;
136 u32 len;
137};
138
139/**
140 * For encrypted symlinks, the ciphertext length is stored at the beginning
141 * of the string in little-endian format.
142 */
143struct ext4_encrypted_symlink_data {
144 __le16 len;
145 char encrypted_path[1];
146} __attribute__((__packed__));
147
148/**
149 * This function is used to calculate the disk space required to
150 * store a filename of length l in encrypted symlink format.
151 */
152static inline u32 encrypted_symlink_data_len(u32 l)
153{
154 if (l < EXT4_CRYPTO_BLOCK_SIZE)
155 l = EXT4_CRYPTO_BLOCK_SIZE;
156 return (l + sizeof(struct ext4_encrypted_symlink_data) - 1);
157}
158
159#endif /* _EXT4_CRYPTO_H */
diff --git a/fs/ext4/ext4_jbd2.h b/fs/ext4/ext4_jbd2.h
index 09c1ef38cbe6..b1d52c14098e 100644
--- a/fs/ext4/ext4_jbd2.h
+++ b/fs/ext4/ext4_jbd2.h
@@ -175,6 +175,13 @@ struct ext4_journal_cb_entry {
175 * There is no guaranteed calling order of multiple registered callbacks on 175 * There is no guaranteed calling order of multiple registered callbacks on
176 * the same transaction. 176 * the same transaction.
177 */ 177 */
178static inline void _ext4_journal_callback_add(handle_t *handle,
179 struct ext4_journal_cb_entry *jce)
180{
181 /* Add the jce to transaction's private list */
182 list_add_tail(&jce->jce_list, &handle->h_transaction->t_private_list);
183}
184
178static inline void ext4_journal_callback_add(handle_t *handle, 185static inline void ext4_journal_callback_add(handle_t *handle,
179 void (*func)(struct super_block *sb, 186 void (*func)(struct super_block *sb,
180 struct ext4_journal_cb_entry *jce, 187 struct ext4_journal_cb_entry *jce,
@@ -187,10 +194,11 @@ static inline void ext4_journal_callback_add(handle_t *handle,
187 /* Add the jce to transaction's private list */ 194 /* Add the jce to transaction's private list */
188 jce->jce_func = func; 195 jce->jce_func = func;
189 spin_lock(&sbi->s_md_lock); 196 spin_lock(&sbi->s_md_lock);
190 list_add_tail(&jce->jce_list, &handle->h_transaction->t_private_list); 197 _ext4_journal_callback_add(handle, jce);
191 spin_unlock(&sbi->s_md_lock); 198 spin_unlock(&sbi->s_md_lock);
192} 199}
193 200
201
194/** 202/**
195 * ext4_journal_callback_del: delete a registered callback 203 * ext4_journal_callback_del: delete a registered callback
196 * @handle: active journal transaction handle on which callback was registered 204 * @handle: active journal transaction handle on which callback was registered
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 2a2eef9c14e4..d7ccb7f51dfc 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -381,9 +381,13 @@ static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
381 ext4_fsblk_t block = ext4_ext_pblock(ext); 381 ext4_fsblk_t block = ext4_ext_pblock(ext);
382 int len = ext4_ext_get_actual_len(ext); 382 int len = ext4_ext_get_actual_len(ext);
383 ext4_lblk_t lblock = le32_to_cpu(ext->ee_block); 383 ext4_lblk_t lblock = le32_to_cpu(ext->ee_block);
384 ext4_lblk_t last = lblock + len - 1;
385 384
386 if (len == 0 || lblock > last) 385 /*
386 * We allow neither:
387 * - zero length
388 * - overflow/wrap-around
389 */
390 if (lblock + len <= lblock)
387 return 0; 391 return 0;
388 return ext4_data_block_valid(EXT4_SB(inode->i_sb), block, len); 392 return ext4_data_block_valid(EXT4_SB(inode->i_sb), block, len);
389} 393}
@@ -474,6 +478,10 @@ static int __ext4_ext_check(const char *function, unsigned int line,
474 error_msg = "invalid extent entries"; 478 error_msg = "invalid extent entries";
475 goto corrupted; 479 goto corrupted;
476 } 480 }
481 if (unlikely(depth > 32)) {
482 error_msg = "too large eh_depth";
483 goto corrupted;
484 }
477 /* Verify checksum on non-root extent tree nodes */ 485 /* Verify checksum on non-root extent tree nodes */
478 if (ext_depth(inode) != depth && 486 if (ext_depth(inode) != depth &&
479 !ext4_extent_block_csum_verify(inode, eh)) { 487 !ext4_extent_block_csum_verify(inode, eh)) {
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index df44c877892a..4f615cdd22ca 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -303,10 +303,10 @@ static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
303 struct inode *inode = file->f_mapping->host; 303 struct inode *inode = file->f_mapping->host;
304 304
305 if (ext4_encrypted_inode(inode)) { 305 if (ext4_encrypted_inode(inode)) {
306 int err = ext4_get_encryption_info(inode); 306 int err = fscrypt_get_encryption_info(inode);
307 if (err) 307 if (err)
308 return 0; 308 return 0;
309 if (ext4_encryption_info(inode) == NULL) 309 if (!fscrypt_has_encryption_key(inode))
310 return -ENOKEY; 310 return -ENOKEY;
311 } 311 }
312 file_accessed(file); 312 file_accessed(file);
@@ -362,16 +362,16 @@ static int ext4_file_open(struct inode * inode, struct file * filp)
362 } 362 }
363 } 363 }
364 if (ext4_encrypted_inode(inode)) { 364 if (ext4_encrypted_inode(inode)) {
365 ret = ext4_get_encryption_info(inode); 365 ret = fscrypt_get_encryption_info(inode);
366 if (ret) 366 if (ret)
367 return -EACCES; 367 return -EACCES;
368 if (ext4_encryption_info(inode) == NULL) 368 if (!fscrypt_has_encryption_key(inode))
369 return -ENOKEY; 369 return -ENOKEY;
370 } 370 }
371 371
372 dir = dget_parent(file_dentry(filp)); 372 dir = dget_parent(file_dentry(filp));
373 if (ext4_encrypted_inode(d_inode(dir)) && 373 if (ext4_encrypted_inode(d_inode(dir)) &&
374 !ext4_is_child_context_consistent_with_parent(d_inode(dir), inode)) { 374 !fscrypt_has_permitted_context(d_inode(dir), inode)) {
375 ext4_warning(inode->i_sb, 375 ext4_warning(inode->i_sb,
376 "Inconsistent encryption contexts: %lu/%lu", 376 "Inconsistent encryption contexts: %lu/%lu",
377 (unsigned long) d_inode(dir)->i_ino, 377 (unsigned long) d_inode(dir)->i_ino,
diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c
index 8850254136ae..5c4372512ef7 100644
--- a/fs/ext4/fsync.c
+++ b/fs/ext4/fsync.c
@@ -106,9 +106,11 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
106 } 106 }
107 107
108 if (!journal) { 108 if (!journal) {
109 ret = generic_file_fsync(file, start, end, datasync); 109 ret = __generic_file_fsync(file, start, end, datasync);
110 if (!ret && !hlist_empty(&inode->i_dentry)) 110 if (!ret && !hlist_empty(&inode->i_dentry))
111 ret = ext4_sync_parent(inode); 111 ret = ext4_sync_parent(inode);
112 if (test_opt(inode->i_sb, BARRIER))
113 goto issue_flush;
112 goto out; 114 goto out;
113 } 115 }
114 116
@@ -140,6 +142,7 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
140 needs_barrier = true; 142 needs_barrier = true;
141 ret = jbd2_complete_transaction(journal, commit_tid); 143 ret = jbd2_complete_transaction(journal, commit_tid);
142 if (needs_barrier) { 144 if (needs_barrier) {
145 issue_flush:
143 err = blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL); 146 err = blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL);
144 if (!ret) 147 if (!ret)
145 ret = err; 148 ret = err;
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 1e4b0b7425e5..9e66cd1d7b78 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -767,10 +767,10 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
767 if ((ext4_encrypted_inode(dir) || 767 if ((ext4_encrypted_inode(dir) ||
768 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) && 768 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))) &&
769 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) { 769 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) {
770 err = ext4_get_encryption_info(dir); 770 err = fscrypt_get_encryption_info(dir);
771 if (err) 771 if (err)
772 return ERR_PTR(err); 772 return ERR_PTR(err);
773 if (ext4_encryption_info(dir) == NULL) 773 if (!fscrypt_has_encryption_key(dir))
774 return ERR_PTR(-EPERM); 774 return ERR_PTR(-EPERM);
775 if (!handle) 775 if (!handle)
776 nblocks += EXT4_DATA_TRANS_BLOCKS(dir->i_sb); 776 nblocks += EXT4_DATA_TRANS_BLOCKS(dir->i_sb);
@@ -1115,7 +1115,8 @@ got:
1115 } 1115 }
1116 1116
1117 if (encrypt) { 1117 if (encrypt) {
1118 err = ext4_inherit_context(dir, inode); 1118 /* give pointer to avoid set_context with journal ops. */
1119 err = fscrypt_inherit_context(dir, inode, &encrypt, true);
1119 if (err) 1120 if (err)
1120 goto fail_free_drop; 1121 goto fail_free_drop;
1121 } 1122 }
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index ff7538c26992..f74d5ee2cdec 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1326,7 +1326,7 @@ int htree_inlinedir_to_tree(struct file *dir_file,
1326 struct ext4_iloc iloc; 1326 struct ext4_iloc iloc;
1327 void *dir_buf = NULL; 1327 void *dir_buf = NULL;
1328 struct ext4_dir_entry_2 fake; 1328 struct ext4_dir_entry_2 fake;
1329 struct ext4_str tmp_str; 1329 struct fscrypt_str tmp_str;
1330 1330
1331 ret = ext4_get_inode_loc(inode, &iloc); 1331 ret = ext4_get_inode_loc(inode, &iloc);
1332 if (ret) 1332 if (ret)
@@ -1739,20 +1739,20 @@ ext4_get_inline_entry(struct inode *inode,
1739 return (struct ext4_dir_entry_2 *)(inline_pos + offset); 1739 return (struct ext4_dir_entry_2 *)(inline_pos + offset);
1740} 1740}
1741 1741
1742int empty_inline_dir(struct inode *dir, int *has_inline_data) 1742bool empty_inline_dir(struct inode *dir, int *has_inline_data)
1743{ 1743{
1744 int err, inline_size; 1744 int err, inline_size;
1745 struct ext4_iloc iloc; 1745 struct ext4_iloc iloc;
1746 void *inline_pos; 1746 void *inline_pos;
1747 unsigned int offset; 1747 unsigned int offset;
1748 struct ext4_dir_entry_2 *de; 1748 struct ext4_dir_entry_2 *de;
1749 int ret = 1; 1749 bool ret = true;
1750 1750
1751 err = ext4_get_inode_loc(dir, &iloc); 1751 err = ext4_get_inode_loc(dir, &iloc);
1752 if (err) { 1752 if (err) {
1753 EXT4_ERROR_INODE(dir, "error %d getting inode %lu block", 1753 EXT4_ERROR_INODE(dir, "error %d getting inode %lu block",
1754 err, dir->i_ino); 1754 err, dir->i_ino);
1755 return 1; 1755 return true;
1756 } 1756 }
1757 1757
1758 down_read(&EXT4_I(dir)->xattr_sem); 1758 down_read(&EXT4_I(dir)->xattr_sem);
@@ -1766,7 +1766,7 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data)
1766 ext4_warning(dir->i_sb, 1766 ext4_warning(dir->i_sb,
1767 "bad inline directory (dir #%lu) - no `..'", 1767 "bad inline directory (dir #%lu) - no `..'",
1768 dir->i_ino); 1768 dir->i_ino);
1769 ret = 1; 1769 ret = true;
1770 goto out; 1770 goto out;
1771 } 1771 }
1772 1772
@@ -1784,11 +1784,11 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data)
1784 dir->i_ino, le32_to_cpu(de->inode), 1784 dir->i_ino, le32_to_cpu(de->inode),
1785 le16_to_cpu(de->rec_len), de->name_len, 1785 le16_to_cpu(de->rec_len), de->name_len,
1786 inline_size); 1786 inline_size);
1787 ret = 1; 1787 ret = true;
1788 goto out; 1788 goto out;
1789 } 1789 }
1790 if (le32_to_cpu(de->inode)) { 1790 if (le32_to_cpu(de->inode)) {
1791 ret = 0; 1791 ret = false;
1792 goto out; 1792 goto out;
1793 } 1793 }
1794 offset += ext4_rec_len_from_disk(de->rec_len, inline_size); 1794 offset += ext4_rec_len_from_disk(de->rec_len, inline_size);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index ae44916d40e2..3131747199e1 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -51,25 +51,31 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw,
51 struct ext4_inode_info *ei) 51 struct ext4_inode_info *ei)
52{ 52{
53 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 53 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
54 __u16 csum_lo;
55 __u16 csum_hi = 0;
56 __u32 csum; 54 __u32 csum;
55 __u16 dummy_csum = 0;
56 int offset = offsetof(struct ext4_inode, i_checksum_lo);
57 unsigned int csum_size = sizeof(dummy_csum);
57 58
58 csum_lo = le16_to_cpu(raw->i_checksum_lo); 59 csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw, offset);
59 raw->i_checksum_lo = 0; 60 csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, csum_size);
60 if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && 61 offset += csum_size;
61 EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) { 62 csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset,
62 csum_hi = le16_to_cpu(raw->i_checksum_hi); 63 EXT4_GOOD_OLD_INODE_SIZE - offset);
63 raw->i_checksum_hi = 0;
64 }
65
66 csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw,
67 EXT4_INODE_SIZE(inode->i_sb));
68 64
69 raw->i_checksum_lo = cpu_to_le16(csum_lo); 65 if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) {
70 if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && 66 offset = offsetof(struct ext4_inode, i_checksum_hi);
71 EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) 67 csum = ext4_chksum(sbi, csum, (__u8 *)raw +
72 raw->i_checksum_hi = cpu_to_le16(csum_hi); 68 EXT4_GOOD_OLD_INODE_SIZE,
69 offset - EXT4_GOOD_OLD_INODE_SIZE);
70 if (EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) {
71 csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum,
72 csum_size);
73 offset += csum_size;
74 csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset,
75 EXT4_INODE_SIZE(inode->i_sb) -
76 offset);
77 }
78 }
73 79
74 return csum; 80 return csum;
75} 81}
@@ -205,9 +211,9 @@ void ext4_evict_inode(struct inode *inode)
205 * Note that directories do not have this problem because they 211 * Note that directories do not have this problem because they
206 * don't use page cache. 212 * don't use page cache.
207 */ 213 */
208 if (ext4_should_journal_data(inode) && 214 if (inode->i_ino != EXT4_JOURNAL_INO &&
209 (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode)) && 215 ext4_should_journal_data(inode) &&
210 inode->i_ino != EXT4_JOURNAL_INO) { 216 (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode))) {
211 journal_t *journal = EXT4_SB(inode->i_sb)->s_journal; 217 journal_t *journal = EXT4_SB(inode->i_sb)->s_journal;
212 tid_t commit_tid = EXT4_I(inode)->i_datasync_tid; 218 tid_t commit_tid = EXT4_I(inode)->i_datasync_tid;
213 219
@@ -386,7 +392,7 @@ int ext4_issue_zeroout(struct inode *inode, ext4_lblk_t lblk, ext4_fsblk_t pblk,
386 int ret; 392 int ret;
387 393
388 if (ext4_encrypted_inode(inode)) 394 if (ext4_encrypted_inode(inode))
389 return ext4_encrypted_zeroout(inode, lblk, pblk, len); 395 return fscrypt_zeroout_range(inode, lblk, pblk, len);
390 396
391 ret = sb_issue_zeroout(inode->i_sb, pblk, len, GFP_NOFS); 397 ret = sb_issue_zeroout(inode->i_sb, pblk, len, GFP_NOFS);
392 if (ret > 0) 398 if (ret > 0)
@@ -1152,7 +1158,7 @@ static int ext4_block_write_begin(struct page *page, loff_t pos, unsigned len,
1152 if (unlikely(err)) 1158 if (unlikely(err))
1153 page_zero_new_buffers(page, from, to); 1159 page_zero_new_buffers(page, from, to);
1154 else if (decrypt) 1160 else if (decrypt)
1155 err = ext4_decrypt(page); 1161 err = fscrypt_decrypt_page(page);
1156 return err; 1162 return err;
1157} 1163}
1158#endif 1164#endif
@@ -2748,13 +2754,36 @@ retry:
2748 done = true; 2754 done = true;
2749 } 2755 }
2750 } 2756 }
2751 ext4_journal_stop(handle); 2757 /*
2758 * Caution: If the handle is synchronous,
2759 * ext4_journal_stop() can wait for transaction commit
2760 * to finish which may depend on writeback of pages to
2761 * complete or on page lock to be released. In that
2762 * case, we have to wait until after after we have
2763 * submitted all the IO, released page locks we hold,
2764 * and dropped io_end reference (for extent conversion
2765 * to be able to complete) before stopping the handle.
2766 */
2767 if (!ext4_handle_valid(handle) || handle->h_sync == 0) {
2768 ext4_journal_stop(handle);
2769 handle = NULL;
2770 }
2752 /* Submit prepared bio */ 2771 /* Submit prepared bio */
2753 ext4_io_submit(&mpd.io_submit); 2772 ext4_io_submit(&mpd.io_submit);
2754 /* Unlock pages we didn't use */ 2773 /* Unlock pages we didn't use */
2755 mpage_release_unused_pages(&mpd, give_up_on_write); 2774 mpage_release_unused_pages(&mpd, give_up_on_write);
2756 /* Drop our io_end reference we got from init */ 2775 /*
2757 ext4_put_io_end(mpd.io_submit.io_end); 2776 * Drop our io_end reference we got from init. We have
2777 * to be careful and use deferred io_end finishing if
2778 * we are still holding the transaction as we can
2779 * release the last reference to io_end which may end
2780 * up doing unwritten extent conversion.
2781 */
2782 if (handle) {
2783 ext4_put_io_end_defer(mpd.io_submit.io_end);
2784 ext4_journal_stop(handle);
2785 } else
2786 ext4_put_io_end(mpd.io_submit.io_end);
2758 2787
2759 if (ret == -ENOSPC && sbi->s_journal) { 2788 if (ret == -ENOSPC && sbi->s_journal) {
2760 /* 2789 /*
@@ -3706,9 +3735,9 @@ static int __ext4_block_zero_page_range(handle_t *handle,
3706 if (S_ISREG(inode->i_mode) && 3735 if (S_ISREG(inode->i_mode) &&
3707 ext4_encrypted_inode(inode)) { 3736 ext4_encrypted_inode(inode)) {
3708 /* We expect the key to be set. */ 3737 /* We expect the key to be set. */
3709 BUG_ON(!ext4_has_encryption_key(inode)); 3738 BUG_ON(!fscrypt_has_encryption_key(inode));
3710 BUG_ON(blocksize != PAGE_SIZE); 3739 BUG_ON(blocksize != PAGE_SIZE);
3711 WARN_ON_ONCE(ext4_decrypt(page)); 3740 WARN_ON_ONCE(fscrypt_decrypt_page(page));
3712 } 3741 }
3713 } 3742 }
3714 if (ext4_should_journal_data(inode)) { 3743 if (ext4_should_journal_data(inode)) {
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 28cc412852af..10686fd67fb4 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -308,6 +308,7 @@ static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
308 kprojid_t kprojid; 308 kprojid_t kprojid;
309 struct ext4_iloc iloc; 309 struct ext4_iloc iloc;
310 struct ext4_inode *raw_inode; 310 struct ext4_inode *raw_inode;
311 struct dquot *transfer_to[MAXQUOTAS] = { };
311 312
312 if (!EXT4_HAS_RO_COMPAT_FEATURE(sb, 313 if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
313 EXT4_FEATURE_RO_COMPAT_PROJECT)) { 314 EXT4_FEATURE_RO_COMPAT_PROJECT)) {
@@ -361,17 +362,14 @@ static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
361 if (err) 362 if (err)
362 goto out_stop; 363 goto out_stop;
363 364
364 if (sb_has_quota_limits_enabled(sb, PRJQUOTA)) { 365 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
365 struct dquot *transfer_to[MAXQUOTAS] = { }; 366 if (!IS_ERR(transfer_to[PRJQUOTA])) {
366 367 err = __dquot_transfer(inode, transfer_to);
367 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 368 dqput(transfer_to[PRJQUOTA]);
368 if (!IS_ERR(transfer_to[PRJQUOTA])) { 369 if (err)
369 err = __dquot_transfer(inode, transfer_to); 370 goto out_dirty;
370 dqput(transfer_to[PRJQUOTA]);
371 if (err)
372 goto out_dirty;
373 }
374 } 371 }
372
375 EXT4_I(inode)->i_projid = kprojid; 373 EXT4_I(inode)->i_projid = kprojid;
376 inode->i_ctime = ext4_current_time(inode); 374 inode->i_ctime = ext4_current_time(inode);
377out_dirty: 375out_dirty:
@@ -772,19 +770,13 @@ resizefs_out:
772 return ext4_ext_precache(inode); 770 return ext4_ext_precache(inode);
773 case EXT4_IOC_SET_ENCRYPTION_POLICY: { 771 case EXT4_IOC_SET_ENCRYPTION_POLICY: {
774#ifdef CONFIG_EXT4_FS_ENCRYPTION 772#ifdef CONFIG_EXT4_FS_ENCRYPTION
775 struct ext4_encryption_policy policy; 773 struct fscrypt_policy policy;
776 int err = 0;
777 774
778 if (copy_from_user(&policy, 775 if (copy_from_user(&policy,
779 (struct ext4_encryption_policy __user *)arg, 776 (struct fscrypt_policy __user *)arg,
780 sizeof(policy))) { 777 sizeof(policy)))
781 err = -EFAULT; 778 return -EFAULT;
782 goto encryption_policy_out; 779 return fscrypt_process_policy(inode, &policy);
783 }
784
785 err = ext4_process_policy(&policy, inode);
786encryption_policy_out:
787 return err;
788#else 780#else
789 return -EOPNOTSUPP; 781 return -EOPNOTSUPP;
790#endif 782#endif
@@ -827,12 +819,12 @@ encryption_policy_out:
827 } 819 }
828 case EXT4_IOC_GET_ENCRYPTION_POLICY: { 820 case EXT4_IOC_GET_ENCRYPTION_POLICY: {
829#ifdef CONFIG_EXT4_FS_ENCRYPTION 821#ifdef CONFIG_EXT4_FS_ENCRYPTION
830 struct ext4_encryption_policy policy; 822 struct fscrypt_policy policy;
831 int err = 0; 823 int err = 0;
832 824
833 if (!ext4_encrypted_inode(inode)) 825 if (!ext4_encrypted_inode(inode))
834 return -ENOENT; 826 return -ENOENT;
835 err = ext4_get_policy(inode, &policy); 827 err = fscrypt_get_policy(inode, &policy);
836 if (err) 828 if (err)
837 return err; 829 return err;
838 if (copy_to_user((void __user *)arg, &policy, sizeof(policy))) 830 if (copy_to_user((void __user *)arg, &policy, sizeof(policy)))
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index c1ab3ec30423..11562161e24a 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -2627,6 +2627,7 @@ int ext4_mb_init(struct super_block *sb)
2627 2627
2628 spin_lock_init(&sbi->s_md_lock); 2628 spin_lock_init(&sbi->s_md_lock);
2629 spin_lock_init(&sbi->s_bal_lock); 2629 spin_lock_init(&sbi->s_bal_lock);
2630 sbi->s_mb_free_pending = 0;
2630 2631
2631 sbi->s_mb_max_to_scan = MB_DEFAULT_MAX_TO_SCAN; 2632 sbi->s_mb_max_to_scan = MB_DEFAULT_MAX_TO_SCAN;
2632 sbi->s_mb_min_to_scan = MB_DEFAULT_MIN_TO_SCAN; 2633 sbi->s_mb_min_to_scan = MB_DEFAULT_MIN_TO_SCAN;
@@ -2814,6 +2815,9 @@ static void ext4_free_data_callback(struct super_block *sb,
2814 /* we expect to find existing buddy because it's pinned */ 2815 /* we expect to find existing buddy because it's pinned */
2815 BUG_ON(err != 0); 2816 BUG_ON(err != 0);
2816 2817
2818 spin_lock(&EXT4_SB(sb)->s_md_lock);
2819 EXT4_SB(sb)->s_mb_free_pending -= entry->efd_count;
2820 spin_unlock(&EXT4_SB(sb)->s_md_lock);
2817 2821
2818 db = e4b.bd_info; 2822 db = e4b.bd_info;
2819 /* there are blocks to put in buddy to make them really free */ 2823 /* there are blocks to put in buddy to make them really free */
@@ -2939,7 +2943,7 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac,
2939 ext4_error(sb, "Allocating blocks %llu-%llu which overlap " 2943 ext4_error(sb, "Allocating blocks %llu-%llu which overlap "
2940 "fs metadata", block, block+len); 2944 "fs metadata", block, block+len);
2941 /* File system mounted not to panic on error 2945 /* File system mounted not to panic on error
2942 * Fix the bitmap and repeat the block allocation 2946 * Fix the bitmap and return EFSCORRUPTED
2943 * We leak some of the blocks here. 2947 * We leak some of the blocks here.
2944 */ 2948 */
2945 ext4_lock_group(sb, ac->ac_b_ex.fe_group); 2949 ext4_lock_group(sb, ac->ac_b_ex.fe_group);
@@ -2948,7 +2952,7 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac,
2948 ext4_unlock_group(sb, ac->ac_b_ex.fe_group); 2952 ext4_unlock_group(sb, ac->ac_b_ex.fe_group);
2949 err = ext4_handle_dirty_metadata(handle, NULL, bitmap_bh); 2953 err = ext4_handle_dirty_metadata(handle, NULL, bitmap_bh);
2950 if (!err) 2954 if (!err)
2951 err = -EAGAIN; 2955 err = -EFSCORRUPTED;
2952 goto out_err; 2956 goto out_err;
2953 } 2957 }
2954 2958
@@ -4513,18 +4517,7 @@ repeat:
4513 } 4517 }
4514 if (likely(ac->ac_status == AC_STATUS_FOUND)) { 4518 if (likely(ac->ac_status == AC_STATUS_FOUND)) {
4515 *errp = ext4_mb_mark_diskspace_used(ac, handle, reserv_clstrs); 4519 *errp = ext4_mb_mark_diskspace_used(ac, handle, reserv_clstrs);
4516 if (*errp == -EAGAIN) { 4520 if (*errp) {
4517 /*
4518 * drop the reference that we took
4519 * in ext4_mb_use_best_found
4520 */
4521 ext4_mb_release_context(ac);
4522 ac->ac_b_ex.fe_group = 0;
4523 ac->ac_b_ex.fe_start = 0;
4524 ac->ac_b_ex.fe_len = 0;
4525 ac->ac_status = AC_STATUS_CONTINUE;
4526 goto repeat;
4527 } else if (*errp) {
4528 ext4_discard_allocated_blocks(ac); 4521 ext4_discard_allocated_blocks(ac);
4529 goto errout; 4522 goto errout;
4530 } else { 4523 } else {
@@ -4583,6 +4576,7 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b,
4583{ 4576{
4584 ext4_group_t group = e4b->bd_group; 4577 ext4_group_t group = e4b->bd_group;
4585 ext4_grpblk_t cluster; 4578 ext4_grpblk_t cluster;
4579 ext4_grpblk_t clusters = new_entry->efd_count;
4586 struct ext4_free_data *entry; 4580 struct ext4_free_data *entry;
4587 struct ext4_group_info *db = e4b->bd_info; 4581 struct ext4_group_info *db = e4b->bd_info;
4588 struct super_block *sb = e4b->bd_sb; 4582 struct super_block *sb = e4b->bd_sb;
@@ -4649,8 +4643,11 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b,
4649 } 4643 }
4650 } 4644 }
4651 /* Add the extent to transaction's private list */ 4645 /* Add the extent to transaction's private list */
4652 ext4_journal_callback_add(handle, ext4_free_data_callback, 4646 new_entry->efd_jce.jce_func = ext4_free_data_callback;
4653 &new_entry->efd_jce); 4647 spin_lock(&sbi->s_md_lock);
4648 _ext4_journal_callback_add(handle, &new_entry->efd_jce);
4649 sbi->s_mb_free_pending += clusters;
4650 spin_unlock(&sbi->s_md_lock);
4654 return 0; 4651 return 0;
4655} 4652}
4656 4653
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 6569c6b47da4..34c0142caf6a 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -420,15 +420,14 @@ static __le32 ext4_dx_csum(struct inode *inode, struct ext4_dir_entry *dirent,
420 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 420 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
421 struct ext4_inode_info *ei = EXT4_I(inode); 421 struct ext4_inode_info *ei = EXT4_I(inode);
422 __u32 csum; 422 __u32 csum;
423 __le32 save_csum;
424 int size; 423 int size;
424 __u32 dummy_csum = 0;
425 int offset = offsetof(struct dx_tail, dt_checksum);
425 426
426 size = count_offset + (count * sizeof(struct dx_entry)); 427 size = count_offset + (count * sizeof(struct dx_entry));
427 save_csum = t->dt_checksum;
428 t->dt_checksum = 0;
429 csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)dirent, size); 428 csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)dirent, size);
430 csum = ext4_chksum(sbi, csum, (__u8 *)t, sizeof(struct dx_tail)); 429 csum = ext4_chksum(sbi, csum, (__u8 *)t, offset);
431 t->dt_checksum = save_csum; 430 csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum));
432 431
433 return cpu_to_le32(csum); 432 return cpu_to_le32(csum);
434} 433}
@@ -446,14 +445,14 @@ static int ext4_dx_csum_verify(struct inode *inode,
446 c = get_dx_countlimit(inode, dirent, &count_offset); 445 c = get_dx_countlimit(inode, dirent, &count_offset);
447 if (!c) { 446 if (!c) {
448 EXT4_ERROR_INODE(inode, "dir seems corrupt? Run e2fsck -D."); 447 EXT4_ERROR_INODE(inode, "dir seems corrupt? Run e2fsck -D.");
449 return 1; 448 return 0;
450 } 449 }
451 limit = le16_to_cpu(c->limit); 450 limit = le16_to_cpu(c->limit);
452 count = le16_to_cpu(c->count); 451 count = le16_to_cpu(c->count);
453 if (count_offset + (limit * sizeof(struct dx_entry)) > 452 if (count_offset + (limit * sizeof(struct dx_entry)) >
454 EXT4_BLOCK_SIZE(inode->i_sb) - sizeof(struct dx_tail)) { 453 EXT4_BLOCK_SIZE(inode->i_sb) - sizeof(struct dx_tail)) {
455 warn_no_space_for_csum(inode); 454 warn_no_space_for_csum(inode);
456 return 1; 455 return 0;
457 } 456 }
458 t = (struct dx_tail *)(((struct dx_entry *)c) + limit); 457 t = (struct dx_tail *)(((struct dx_entry *)c) + limit);
459 458
@@ -612,19 +611,19 @@ static struct stats dx_show_leaf(struct inode *dir,
612#ifdef CONFIG_EXT4_FS_ENCRYPTION 611#ifdef CONFIG_EXT4_FS_ENCRYPTION
613 int len; 612 int len;
614 char *name; 613 char *name;
615 struct ext4_str fname_crypto_str 614 struct fscrypt_str fname_crypto_str =
616 = {.name = NULL, .len = 0}; 615 FSTR_INIT(NULL, 0);
617 int res = 0; 616 int res = 0;
618 617
619 name = de->name; 618 name = de->name;
620 len = de->name_len; 619 len = de->name_len;
621 if (ext4_encrypted_inode(inode)) 620 if (ext4_encrypted_inode(dir))
622 res = ext4_get_encryption_info(dir); 621 res = fscrypt_get_encryption_info(dir);
623 if (res) { 622 if (res) {
624 printk(KERN_WARNING "Error setting up" 623 printk(KERN_WARNING "Error setting up"
625 " fname crypto: %d\n", res); 624 " fname crypto: %d\n", res);
626 } 625 }
627 if (ctx == NULL) { 626 if (!fscrypt_has_encryption_key(dir)) {
628 /* Directory is not encrypted */ 627 /* Directory is not encrypted */
629 ext4fs_dirhash(de->name, 628 ext4fs_dirhash(de->name,
630 de->name_len, &h); 629 de->name_len, &h);
@@ -633,19 +632,21 @@ static struct stats dx_show_leaf(struct inode *dir,
633 (unsigned) ((char *) de 632 (unsigned) ((char *) de
634 - base)); 633 - base));
635 } else { 634 } else {
635 struct fscrypt_str de_name =
636 FSTR_INIT(name, len);
637
636 /* Directory is encrypted */ 638 /* Directory is encrypted */
637 res = ext4_fname_crypto_alloc_buffer( 639 res = fscrypt_fname_alloc_buffer(
638 ctx, de->name_len, 640 dir, len,
639 &fname_crypto_str); 641 &fname_crypto_str);
640 if (res < 0) { 642 if (res < 0)
641 printk(KERN_WARNING "Error " 643 printk(KERN_WARNING "Error "
642 "allocating crypto " 644 "allocating crypto "
643 "buffer--skipping " 645 "buffer--skipping "
644 "crypto\n"); 646 "crypto\n");
645 ctx = NULL; 647 res = fscrypt_fname_disk_to_usr(dir,
646 } 648 0, 0, &de_name,
647 res = ext4_fname_disk_to_usr(ctx, NULL, de, 649 &fname_crypto_str);
648 &fname_crypto_str);
649 if (res < 0) { 650 if (res < 0) {
650 printk(KERN_WARNING "Error " 651 printk(KERN_WARNING "Error "
651 "converting filename " 652 "converting filename "
@@ -662,8 +663,8 @@ static struct stats dx_show_leaf(struct inode *dir,
662 printk("%*.s:(E)%x.%u ", len, name, 663 printk("%*.s:(E)%x.%u ", len, name,
663 h.hash, (unsigned) ((char *) de 664 h.hash, (unsigned) ((char *) de
664 - base)); 665 - base));
665 ext4_fname_crypto_free_buffer( 666 fscrypt_fname_free_buffer(
666 &fname_crypto_str); 667 &fname_crypto_str);
667 } 668 }
668#else 669#else
669 int len = de->name_len; 670 int len = de->name_len;
@@ -952,7 +953,7 @@ static int htree_dirblock_to_tree(struct file *dir_file,
952 struct buffer_head *bh; 953 struct buffer_head *bh;
953 struct ext4_dir_entry_2 *de, *top; 954 struct ext4_dir_entry_2 *de, *top;
954 int err = 0, count = 0; 955 int err = 0, count = 0;
955 struct ext4_str fname_crypto_str = {.name = NULL, .len = 0}, tmp_str; 956 struct fscrypt_str fname_crypto_str = FSTR_INIT(NULL, 0), tmp_str;
956 957
957 dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n", 958 dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n",
958 (unsigned long)block)); 959 (unsigned long)block));
@@ -967,12 +968,12 @@ static int htree_dirblock_to_tree(struct file *dir_file,
967#ifdef CONFIG_EXT4_FS_ENCRYPTION 968#ifdef CONFIG_EXT4_FS_ENCRYPTION
968 /* Check if the directory is encrypted */ 969 /* Check if the directory is encrypted */
969 if (ext4_encrypted_inode(dir)) { 970 if (ext4_encrypted_inode(dir)) {
970 err = ext4_get_encryption_info(dir); 971 err = fscrypt_get_encryption_info(dir);
971 if (err < 0) { 972 if (err < 0) {
972 brelse(bh); 973 brelse(bh);
973 return err; 974 return err;
974 } 975 }
975 err = ext4_fname_crypto_alloc_buffer(dir, EXT4_NAME_LEN, 976 err = fscrypt_fname_alloc_buffer(dir, EXT4_NAME_LEN,
976 &fname_crypto_str); 977 &fname_crypto_str);
977 if (err < 0) { 978 if (err < 0) {
978 brelse(bh); 979 brelse(bh);
@@ -1003,10 +1004,13 @@ static int htree_dirblock_to_tree(struct file *dir_file,
1003 &tmp_str); 1004 &tmp_str);
1004 } else { 1005 } else {
1005 int save_len = fname_crypto_str.len; 1006 int save_len = fname_crypto_str.len;
1007 struct fscrypt_str de_name = FSTR_INIT(de->name,
1008 de->name_len);
1006 1009
1007 /* Directory is encrypted */ 1010 /* Directory is encrypted */
1008 err = ext4_fname_disk_to_usr(dir, hinfo, de, 1011 err = fscrypt_fname_disk_to_usr(dir, hinfo->hash,
1009 &fname_crypto_str); 1012 hinfo->minor_hash, &de_name,
1013 &fname_crypto_str);
1010 if (err < 0) { 1014 if (err < 0) {
1011 count = err; 1015 count = err;
1012 goto errout; 1016 goto errout;
@@ -1025,7 +1029,7 @@ static int htree_dirblock_to_tree(struct file *dir_file,
1025errout: 1029errout:
1026 brelse(bh); 1030 brelse(bh);
1027#ifdef CONFIG_EXT4_FS_ENCRYPTION 1031#ifdef CONFIG_EXT4_FS_ENCRYPTION
1028 ext4_fname_crypto_free_buffer(&fname_crypto_str); 1032 fscrypt_fname_free_buffer(&fname_crypto_str);
1029#endif 1033#endif
1030 return count; 1034 return count;
1031} 1035}
@@ -1050,7 +1054,7 @@ int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash,
1050 int count = 0; 1054 int count = 0;
1051 int ret, err; 1055 int ret, err;
1052 __u32 hashval; 1056 __u32 hashval;
1053 struct ext4_str tmp_str; 1057 struct fscrypt_str tmp_str;
1054 1058
1055 dxtrace(printk(KERN_DEBUG "In htree_fill_tree, start hash: %x:%x\n", 1059 dxtrace(printk(KERN_DEBUG "In htree_fill_tree, start hash: %x:%x\n",
1056 start_hash, start_minor_hash)); 1060 start_hash, start_minor_hash));
@@ -1564,26 +1568,23 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi
1564 struct ext4_dir_entry_2 *de; 1568 struct ext4_dir_entry_2 *de;
1565 struct buffer_head *bh; 1569 struct buffer_head *bh;
1566 1570
1567 if (ext4_encrypted_inode(dir)) { 1571 if (ext4_encrypted_inode(dir)) {
1568 int res = ext4_get_encryption_info(dir); 1572 int res = fscrypt_get_encryption_info(dir);
1569 1573
1570 /* 1574 /*
1571 * This should be a properly defined flag for 1575 * DCACHE_ENCRYPTED_WITH_KEY is set if the dentry is
1572 * dentry->d_flags when we uplift this to the VFS.
1573 * d_fsdata is set to (void *) 1 if if the dentry is
1574 * created while the directory was encrypted and we 1576 * created while the directory was encrypted and we
1575 * don't have access to the key. 1577 * have access to the key.
1576 */ 1578 */
1577 dentry->d_fsdata = NULL; 1579 if (fscrypt_has_encryption_key(dir))
1578 if (ext4_encryption_info(dir)) 1580 fscrypt_set_encrypted_dentry(dentry);
1579 dentry->d_fsdata = (void *) 1; 1581 fscrypt_set_d_op(dentry);
1580 d_set_d_op(dentry, &ext4_encrypted_d_ops); 1582 if (res && res != -ENOKEY)
1581 if (res && res != -ENOKEY) 1583 return ERR_PTR(res);
1582 return ERR_PTR(res); 1584 }
1583 }
1584 1585
1585 if (dentry->d_name.len > EXT4_NAME_LEN) 1586 if (dentry->d_name.len > EXT4_NAME_LEN)
1586 return ERR_PTR(-ENAMETOOLONG); 1587 return ERR_PTR(-ENAMETOOLONG);
1587 1588
1588 bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL); 1589 bh = ext4_find_entry(dir, &dentry->d_name, &de, NULL);
1589 if (IS_ERR(bh)) 1590 if (IS_ERR(bh))
@@ -1610,11 +1611,9 @@ static struct dentry *ext4_lookup(struct inode *dir, struct dentry *dentry, unsi
1610 } 1611 }
1611 if (!IS_ERR(inode) && ext4_encrypted_inode(dir) && 1612 if (!IS_ERR(inode) && ext4_encrypted_inode(dir) &&
1612 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && 1613 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
1613 !ext4_is_child_context_consistent_with_parent(dir, 1614 !fscrypt_has_permitted_context(dir, inode)) {
1614 inode)) {
1615 int nokey = ext4_encrypted_inode(inode) && 1615 int nokey = ext4_encrypted_inode(inode) &&
1616 !ext4_encryption_info(inode); 1616 !fscrypt_has_encryption_key(inode);
1617
1618 iput(inode); 1617 iput(inode);
1619 if (nokey) 1618 if (nokey)
1620 return ERR_PTR(-ENOKEY); 1619 return ERR_PTR(-ENOKEY);
@@ -2691,30 +2690,30 @@ out_stop:
2691/* 2690/*
2692 * routine to check that the specified directory is empty (for rmdir) 2691 * routine to check that the specified directory is empty (for rmdir)
2693 */ 2692 */
2694int ext4_empty_dir(struct inode *inode) 2693bool ext4_empty_dir(struct inode *inode)
2695{ 2694{
2696 unsigned int offset; 2695 unsigned int offset;
2697 struct buffer_head *bh; 2696 struct buffer_head *bh;
2698 struct ext4_dir_entry_2 *de, *de1; 2697 struct ext4_dir_entry_2 *de, *de1;
2699 struct super_block *sb; 2698 struct super_block *sb;
2700 int err = 0;
2701 2699
2702 if (ext4_has_inline_data(inode)) { 2700 if (ext4_has_inline_data(inode)) {
2703 int has_inline_data = 1; 2701 int has_inline_data = 1;
2702 int ret;
2704 2703
2705 err = empty_inline_dir(inode, &has_inline_data); 2704 ret = empty_inline_dir(inode, &has_inline_data);
2706 if (has_inline_data) 2705 if (has_inline_data)
2707 return err; 2706 return ret;
2708 } 2707 }
2709 2708
2710 sb = inode->i_sb; 2709 sb = inode->i_sb;
2711 if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2)) { 2710 if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2)) {
2712 EXT4_ERROR_INODE(inode, "invalid size"); 2711 EXT4_ERROR_INODE(inode, "invalid size");
2713 return 1; 2712 return true;
2714 } 2713 }
2715 bh = ext4_read_dirblock(inode, 0, EITHER); 2714 bh = ext4_read_dirblock(inode, 0, EITHER);
2716 if (IS_ERR(bh)) 2715 if (IS_ERR(bh))
2717 return 1; 2716 return true;
2718 2717
2719 de = (struct ext4_dir_entry_2 *) bh->b_data; 2718 de = (struct ext4_dir_entry_2 *) bh->b_data;
2720 de1 = ext4_next_entry(de, sb->s_blocksize); 2719 de1 = ext4_next_entry(de, sb->s_blocksize);
@@ -2723,7 +2722,7 @@ int ext4_empty_dir(struct inode *inode)
2723 strcmp(".", de->name) || strcmp("..", de1->name)) { 2722 strcmp(".", de->name) || strcmp("..", de1->name)) {
2724 ext4_warning_inode(inode, "directory missing '.' and/or '..'"); 2723 ext4_warning_inode(inode, "directory missing '.' and/or '..'");
2725 brelse(bh); 2724 brelse(bh);
2726 return 1; 2725 return true;
2727 } 2726 }
2728 offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) + 2727 offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) +
2729 ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize); 2728 ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize);
@@ -2731,12 +2730,11 @@ int ext4_empty_dir(struct inode *inode)
2731 while (offset < inode->i_size) { 2730 while (offset < inode->i_size) {
2732 if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { 2731 if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) {
2733 unsigned int lblock; 2732 unsigned int lblock;
2734 err = 0;
2735 brelse(bh); 2733 brelse(bh);
2736 lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb); 2734 lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb);
2737 bh = ext4_read_dirblock(inode, lblock, EITHER); 2735 bh = ext4_read_dirblock(inode, lblock, EITHER);
2738 if (IS_ERR(bh)) 2736 if (IS_ERR(bh))
2739 return 1; 2737 return true;
2740 de = (struct ext4_dir_entry_2 *) bh->b_data; 2738 de = (struct ext4_dir_entry_2 *) bh->b_data;
2741 } 2739 }
2742 if (ext4_check_dir_entry(inode, NULL, de, bh, 2740 if (ext4_check_dir_entry(inode, NULL, de, bh,
@@ -2748,13 +2746,13 @@ int ext4_empty_dir(struct inode *inode)
2748 } 2746 }
2749 if (le32_to_cpu(de->inode)) { 2747 if (le32_to_cpu(de->inode)) {
2750 brelse(bh); 2748 brelse(bh);
2751 return 0; 2749 return false;
2752 } 2750 }
2753 offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); 2751 offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize);
2754 de = ext4_next_entry(de, sb->s_blocksize); 2752 de = ext4_next_entry(de, sb->s_blocksize);
2755 } 2753 }
2756 brelse(bh); 2754 brelse(bh);
2757 return 1; 2755 return true;
2758} 2756}
2759 2757
2760/* 2758/*
@@ -3077,8 +3075,8 @@ static int ext4_symlink(struct inode *dir,
3077 int err, len = strlen(symname); 3075 int err, len = strlen(symname);
3078 int credits; 3076 int credits;
3079 bool encryption_required; 3077 bool encryption_required;
3080 struct ext4_str disk_link; 3078 struct fscrypt_str disk_link;
3081 struct ext4_encrypted_symlink_data *sd = NULL; 3079 struct fscrypt_symlink_data *sd = NULL;
3082 3080
3083 disk_link.len = len + 1; 3081 disk_link.len = len + 1;
3084 disk_link.name = (char *) symname; 3082 disk_link.name = (char *) symname;
@@ -3086,13 +3084,13 @@ static int ext4_symlink(struct inode *dir,
3086 encryption_required = (ext4_encrypted_inode(dir) || 3084 encryption_required = (ext4_encrypted_inode(dir) ||
3087 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb))); 3085 DUMMY_ENCRYPTION_ENABLED(EXT4_SB(dir->i_sb)));
3088 if (encryption_required) { 3086 if (encryption_required) {
3089 err = ext4_get_encryption_info(dir); 3087 err = fscrypt_get_encryption_info(dir);
3090 if (err) 3088 if (err)
3091 return err; 3089 return err;
3092 if (ext4_encryption_info(dir) == NULL) 3090 if (!fscrypt_has_encryption_key(dir))
3093 return -EPERM; 3091 return -EPERM;
3094 disk_link.len = (ext4_fname_encrypted_size(dir, len) + 3092 disk_link.len = (fscrypt_fname_encrypted_size(dir, len) +
3095 sizeof(struct ext4_encrypted_symlink_data)); 3093 sizeof(struct fscrypt_symlink_data));
3096 sd = kzalloc(disk_link.len, GFP_KERNEL); 3094 sd = kzalloc(disk_link.len, GFP_KERNEL);
3097 if (!sd) 3095 if (!sd)
3098 return -ENOMEM; 3096 return -ENOMEM;
@@ -3140,13 +3138,12 @@ static int ext4_symlink(struct inode *dir,
3140 3138
3141 if (encryption_required) { 3139 if (encryption_required) {
3142 struct qstr istr; 3140 struct qstr istr;
3143 struct ext4_str ostr; 3141 struct fscrypt_str ostr =
3142 FSTR_INIT(sd->encrypted_path, disk_link.len);
3144 3143
3145 istr.name = (const unsigned char *) symname; 3144 istr.name = (const unsigned char *) symname;
3146 istr.len = len; 3145 istr.len = len;
3147 ostr.name = sd->encrypted_path; 3146 err = fscrypt_fname_usr_to_disk(inode, &istr, &ostr);
3148 ostr.len = disk_link.len;
3149 err = ext4_fname_usr_to_disk(inode, &istr, &ostr);
3150 if (err < 0) 3147 if (err < 0)
3151 goto err_drop_inode; 3148 goto err_drop_inode;
3152 sd->len = cpu_to_le16(ostr.len); 3149 sd->len = cpu_to_le16(ostr.len);
@@ -3235,7 +3232,7 @@ static int ext4_link(struct dentry *old_dentry,
3235 if (inode->i_nlink >= EXT4_LINK_MAX) 3232 if (inode->i_nlink >= EXT4_LINK_MAX)
3236 return -EMLINK; 3233 return -EMLINK;
3237 if (ext4_encrypted_inode(dir) && 3234 if (ext4_encrypted_inode(dir) &&
3238 !ext4_is_child_context_consistent_with_parent(dir, inode)) 3235 !fscrypt_has_permitted_context(dir, inode))
3239 return -EPERM; 3236 return -EPERM;
3240 3237
3241 if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) && 3238 if ((ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT)) &&
@@ -3558,8 +3555,7 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
3558 3555
3559 if ((old.dir != new.dir) && 3556 if ((old.dir != new.dir) &&
3560 ext4_encrypted_inode(new.dir) && 3557 ext4_encrypted_inode(new.dir) &&
3561 !ext4_is_child_context_consistent_with_parent(new.dir, 3558 !fscrypt_has_permitted_context(new.dir, old.inode)) {
3562 old.inode)) {
3563 retval = -EPERM; 3559 retval = -EPERM;
3564 goto end_rename; 3560 goto end_rename;
3565 } 3561 }
@@ -3731,10 +3727,8 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
3731 if ((ext4_encrypted_inode(old_dir) || 3727 if ((ext4_encrypted_inode(old_dir) ||
3732 ext4_encrypted_inode(new_dir)) && 3728 ext4_encrypted_inode(new_dir)) &&
3733 (old_dir != new_dir) && 3729 (old_dir != new_dir) &&
3734 (!ext4_is_child_context_consistent_with_parent(new_dir, 3730 (!fscrypt_has_permitted_context(new_dir, old.inode) ||
3735 old.inode) || 3731 !fscrypt_has_permitted_context(old_dir, new.inode)))
3736 !ext4_is_child_context_consistent_with_parent(old_dir,
3737 new.inode)))
3738 return -EPERM; 3732 return -EPERM;
3739 3733
3740 if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) && 3734 if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT) &&
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index 5185fed40fab..a6132a730967 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -24,6 +24,7 @@
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <linux/mm.h> 25#include <linux/mm.h>
26#include <linux/backing-dev.h> 26#include <linux/backing-dev.h>
27#include <linux/fscrypto.h>
27 28
28#include "ext4_jbd2.h" 29#include "ext4_jbd2.h"
29#include "xattr.h" 30#include "xattr.h"
@@ -67,7 +68,6 @@ static void ext4_finish_bio(struct bio *bio)
67 struct page *page = bvec->bv_page; 68 struct page *page = bvec->bv_page;
68#ifdef CONFIG_EXT4_FS_ENCRYPTION 69#ifdef CONFIG_EXT4_FS_ENCRYPTION
69 struct page *data_page = NULL; 70 struct page *data_page = NULL;
70 struct ext4_crypto_ctx *ctx = NULL;
71#endif 71#endif
72 struct buffer_head *bh, *head; 72 struct buffer_head *bh, *head;
73 unsigned bio_start = bvec->bv_offset; 73 unsigned bio_start = bvec->bv_offset;
@@ -82,8 +82,7 @@ static void ext4_finish_bio(struct bio *bio)
82 if (!page->mapping) { 82 if (!page->mapping) {
83 /* The bounce data pages are unmapped. */ 83 /* The bounce data pages are unmapped. */
84 data_page = page; 84 data_page = page;
85 ctx = (struct ext4_crypto_ctx *)page_private(data_page); 85 fscrypt_pullback_bio_page(&page, false);
86 page = ctx->w.control_page;
87 } 86 }
88#endif 87#endif
89 88
@@ -113,8 +112,8 @@ static void ext4_finish_bio(struct bio *bio)
113 local_irq_restore(flags); 112 local_irq_restore(flags);
114 if (!under_io) { 113 if (!under_io) {
115#ifdef CONFIG_EXT4_FS_ENCRYPTION 114#ifdef CONFIG_EXT4_FS_ENCRYPTION
116 if (ctx) 115 if (data_page)
117 ext4_restore_control_page(data_page); 116 fscrypt_restore_control_page(data_page);
118#endif 117#endif
119 end_page_writeback(page); 118 end_page_writeback(page);
120 } 119 }
@@ -473,7 +472,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
473 gfp_t gfp_flags = GFP_NOFS; 472 gfp_t gfp_flags = GFP_NOFS;
474 473
475 retry_encrypt: 474 retry_encrypt:
476 data_page = ext4_encrypt(inode, page, gfp_flags); 475 data_page = fscrypt_encrypt_page(inode, page, gfp_flags);
477 if (IS_ERR(data_page)) { 476 if (IS_ERR(data_page)) {
478 ret = PTR_ERR(data_page); 477 ret = PTR_ERR(data_page);
479 if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) { 478 if (ret == -ENOMEM && wbc->sync_mode == WB_SYNC_ALL) {
@@ -511,7 +510,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io,
511 if (ret) { 510 if (ret) {
512 out: 511 out:
513 if (data_page) 512 if (data_page)
514 ext4_restore_control_page(data_page); 513 fscrypt_restore_control_page(data_page);
515 printk_ratelimited(KERN_ERR "%s: ret = %d\n", __func__, ret); 514 printk_ratelimited(KERN_ERR "%s: ret = %d\n", __func__, ret);
516 redirty_page_for_writepage(wbc, page); 515 redirty_page_for_writepage(wbc, page);
517 do { 516 do {
diff --git a/fs/ext4/readpage.c b/fs/ext4/readpage.c
index 2ced5a823354..bfc7f4d30643 100644
--- a/fs/ext4/readpage.c
+++ b/fs/ext4/readpage.c
@@ -46,37 +46,6 @@
46 46
47#include "ext4.h" 47#include "ext4.h"
48 48
49/*
50 * Call ext4_decrypt on every single page, reusing the encryption
51 * context.
52 */
53static void completion_pages(struct work_struct *work)
54{
55#ifdef CONFIG_EXT4_FS_ENCRYPTION
56 struct ext4_crypto_ctx *ctx =
57 container_of(work, struct ext4_crypto_ctx, r.work);
58 struct bio *bio = ctx->r.bio;
59 struct bio_vec *bv;
60 int i;
61
62 bio_for_each_segment_all(bv, bio, i) {
63 struct page *page = bv->bv_page;
64
65 int ret = ext4_decrypt(page);
66 if (ret) {
67 WARN_ON_ONCE(1);
68 SetPageError(page);
69 } else
70 SetPageUptodate(page);
71 unlock_page(page);
72 }
73 ext4_release_crypto_ctx(ctx);
74 bio_put(bio);
75#else
76 BUG();
77#endif
78}
79
80static inline bool ext4_bio_encrypted(struct bio *bio) 49static inline bool ext4_bio_encrypted(struct bio *bio)
81{ 50{
82#ifdef CONFIG_EXT4_FS_ENCRYPTION 51#ifdef CONFIG_EXT4_FS_ENCRYPTION
@@ -104,14 +73,10 @@ static void mpage_end_io(struct bio *bio)
104 int i; 73 int i;
105 74
106 if (ext4_bio_encrypted(bio)) { 75 if (ext4_bio_encrypted(bio)) {
107 struct ext4_crypto_ctx *ctx = bio->bi_private;
108
109 if (bio->bi_error) { 76 if (bio->bi_error) {
110 ext4_release_crypto_ctx(ctx); 77 fscrypt_release_ctx(bio->bi_private);
111 } else { 78 } else {
112 INIT_WORK(&ctx->r.work, completion_pages); 79 fscrypt_decrypt_bio_pages(bio->bi_private, bio);
113 ctx->r.bio = bio;
114 queue_work(ext4_read_workqueue, &ctx->r.work);
115 return; 80 return;
116 } 81 }
117 } 82 }
@@ -135,7 +100,6 @@ int ext4_mpage_readpages(struct address_space *mapping,
135 unsigned nr_pages) 100 unsigned nr_pages)
136{ 101{
137 struct bio *bio = NULL; 102 struct bio *bio = NULL;
138 unsigned page_idx;
139 sector_t last_block_in_bio = 0; 103 sector_t last_block_in_bio = 0;
140 104
141 struct inode *inode = mapping->host; 105 struct inode *inode = mapping->host;
@@ -157,7 +121,7 @@ int ext4_mpage_readpages(struct address_space *mapping,
157 map.m_len = 0; 121 map.m_len = 0;
158 map.m_flags = 0; 122 map.m_flags = 0;
159 123
160 for (page_idx = 0; nr_pages; page_idx++, nr_pages--) { 124 for (; nr_pages; nr_pages--) {
161 int fully_mapped = 1; 125 int fully_mapped = 1;
162 unsigned first_hole = blocks_per_page; 126 unsigned first_hole = blocks_per_page;
163 127
@@ -275,11 +239,11 @@ int ext4_mpage_readpages(struct address_space *mapping,
275 bio = NULL; 239 bio = NULL;
276 } 240 }
277 if (bio == NULL) { 241 if (bio == NULL) {
278 struct ext4_crypto_ctx *ctx = NULL; 242 struct fscrypt_ctx *ctx = NULL;
279 243
280 if (ext4_encrypted_inode(inode) && 244 if (ext4_encrypted_inode(inode) &&
281 S_ISREG(inode->i_mode)) { 245 S_ISREG(inode->i_mode)) {
282 ctx = ext4_get_crypto_ctx(inode, GFP_NOFS); 246 ctx = fscrypt_get_ctx(inode, GFP_NOFS);
283 if (IS_ERR(ctx)) 247 if (IS_ERR(ctx))
284 goto set_error_page; 248 goto set_error_page;
285 } 249 }
@@ -287,7 +251,7 @@ int ext4_mpage_readpages(struct address_space *mapping,
287 min_t(int, nr_pages, BIO_MAX_PAGES)); 251 min_t(int, nr_pages, BIO_MAX_PAGES));
288 if (!bio) { 252 if (!bio) {
289 if (ctx) 253 if (ctx)
290 ext4_release_crypto_ctx(ctx); 254 fscrypt_release_ctx(ctx);
291 goto set_error_page; 255 goto set_error_page;
292 } 256 }
293 bio->bi_bdev = bdev; 257 bio->bi_bdev = bdev;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index b1a347100d54..1c593aa0218e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -945,9 +945,6 @@ static struct inode *ext4_alloc_inode(struct super_block *sb)
945 ei->i_datasync_tid = 0; 945 ei->i_datasync_tid = 0;
946 atomic_set(&ei->i_unwritten, 0); 946 atomic_set(&ei->i_unwritten, 0);
947 INIT_WORK(&ei->i_rsv_conversion_work, ext4_end_io_rsv_work); 947 INIT_WORK(&ei->i_rsv_conversion_work, ext4_end_io_rsv_work);
948#ifdef CONFIG_EXT4_FS_ENCRYPTION
949 ei->i_crypt_info = NULL;
950#endif
951 return &ei->vfs_inode; 948 return &ei->vfs_inode;
952} 949}
953 950
@@ -1026,8 +1023,7 @@ void ext4_clear_inode(struct inode *inode)
1026 EXT4_I(inode)->jinode = NULL; 1023 EXT4_I(inode)->jinode = NULL;
1027 } 1024 }
1028#ifdef CONFIG_EXT4_FS_ENCRYPTION 1025#ifdef CONFIG_EXT4_FS_ENCRYPTION
1029 if (EXT4_I(inode)->i_crypt_info) 1026 fscrypt_put_encryption_info(inode, NULL);
1030 ext4_free_encryption_info(inode, EXT4_I(inode)->i_crypt_info);
1031#endif 1027#endif
1032} 1028}
1033 1029
@@ -1094,6 +1090,90 @@ static int bdev_try_to_free_page(struct super_block *sb, struct page *page,
1094 return try_to_free_buffers(page); 1090 return try_to_free_buffers(page);
1095} 1091}
1096 1092
1093#ifdef CONFIG_EXT4_FS_ENCRYPTION
1094static int ext4_get_context(struct inode *inode, void *ctx, size_t len)
1095{
1096 return ext4_xattr_get(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1097 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len);
1098}
1099
1100static int ext4_key_prefix(struct inode *inode, u8 **key)
1101{
1102 *key = EXT4_SB(inode->i_sb)->key_prefix;
1103 return EXT4_SB(inode->i_sb)->key_prefix_size;
1104}
1105
1106static int ext4_prepare_context(struct inode *inode)
1107{
1108 return ext4_convert_inline_data(inode);
1109}
1110
1111static int ext4_set_context(struct inode *inode, const void *ctx, size_t len,
1112 void *fs_data)
1113{
1114 handle_t *handle;
1115 int res, res2;
1116
1117 /* fs_data is null when internally used. */
1118 if (fs_data) {
1119 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1120 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx,
1121 len, 0);
1122 if (!res) {
1123 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
1124 ext4_clear_inode_state(inode,
1125 EXT4_STATE_MAY_INLINE_DATA);
1126 }
1127 return res;
1128 }
1129
1130 handle = ext4_journal_start(inode, EXT4_HT_MISC,
1131 ext4_jbd2_credits_xattr(inode));
1132 if (IS_ERR(handle))
1133 return PTR_ERR(handle);
1134
1135 res = ext4_xattr_set(inode, EXT4_XATTR_INDEX_ENCRYPTION,
1136 EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx,
1137 len, 0);
1138 if (!res) {
1139 ext4_set_inode_flag(inode, EXT4_INODE_ENCRYPT);
1140 res = ext4_mark_inode_dirty(handle, inode);
1141 if (res)
1142 EXT4_ERROR_INODE(inode, "Failed to mark inode dirty");
1143 }
1144 res2 = ext4_journal_stop(handle);
1145 if (!res)
1146 res = res2;
1147 return res;
1148}
1149
1150static int ext4_dummy_context(struct inode *inode)
1151{
1152 return DUMMY_ENCRYPTION_ENABLED(EXT4_SB(inode->i_sb));
1153}
1154
1155static unsigned ext4_max_namelen(struct inode *inode)
1156{
1157 return S_ISLNK(inode->i_mode) ? inode->i_sb->s_blocksize :
1158 EXT4_NAME_LEN;
1159}
1160
1161static struct fscrypt_operations ext4_cryptops = {
1162 .get_context = ext4_get_context,
1163 .key_prefix = ext4_key_prefix,
1164 .prepare_context = ext4_prepare_context,
1165 .set_context = ext4_set_context,
1166 .dummy_context = ext4_dummy_context,
1167 .is_encrypted = ext4_encrypted_inode,
1168 .empty_dir = ext4_empty_dir,
1169 .max_namelen = ext4_max_namelen,
1170};
1171#else
1172static struct fscrypt_operations ext4_cryptops = {
1173 .is_encrypted = ext4_encrypted_inode,
1174};
1175#endif
1176
1097#ifdef CONFIG_QUOTA 1177#ifdef CONFIG_QUOTA
1098static char *quotatypes[] = INITQFNAMES; 1178static char *quotatypes[] = INITQFNAMES;
1099#define QTYPE2NAME(t) (quotatypes[t]) 1179#define QTYPE2NAME(t) (quotatypes[t])
@@ -2068,23 +2148,25 @@ failed:
2068static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group, 2148static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group,
2069 struct ext4_group_desc *gdp) 2149 struct ext4_group_desc *gdp)
2070{ 2150{
2071 int offset; 2151 int offset = offsetof(struct ext4_group_desc, bg_checksum);
2072 __u16 crc = 0; 2152 __u16 crc = 0;
2073 __le32 le_group = cpu_to_le32(block_group); 2153 __le32 le_group = cpu_to_le32(block_group);
2074 struct ext4_sb_info *sbi = EXT4_SB(sb); 2154 struct ext4_sb_info *sbi = EXT4_SB(sb);
2075 2155
2076 if (ext4_has_metadata_csum(sbi->s_sb)) { 2156 if (ext4_has_metadata_csum(sbi->s_sb)) {
2077 /* Use new metadata_csum algorithm */ 2157 /* Use new metadata_csum algorithm */
2078 __le16 save_csum;
2079 __u32 csum32; 2158 __u32 csum32;
2159 __u16 dummy_csum = 0;
2080 2160
2081 save_csum = gdp->bg_checksum;
2082 gdp->bg_checksum = 0;
2083 csum32 = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&le_group, 2161 csum32 = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&le_group,
2084 sizeof(le_group)); 2162 sizeof(le_group));
2085 csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp, 2163 csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp, offset);
2086 sbi->s_desc_size); 2164 csum32 = ext4_chksum(sbi, csum32, (__u8 *)&dummy_csum,
2087 gdp->bg_checksum = save_csum; 2165 sizeof(dummy_csum));
2166 offset += sizeof(dummy_csum);
2167 if (offset < sbi->s_desc_size)
2168 csum32 = ext4_chksum(sbi, csum32, (__u8 *)gdp + offset,
2169 sbi->s_desc_size - offset);
2088 2170
2089 crc = csum32 & 0xFFFF; 2171 crc = csum32 & 0xFFFF;
2090 goto out; 2172 goto out;
@@ -2094,8 +2176,6 @@ static __le16 ext4_group_desc_csum(struct super_block *sb, __u32 block_group,
2094 if (!ext4_has_feature_gdt_csum(sb)) 2176 if (!ext4_has_feature_gdt_csum(sb))
2095 return 0; 2177 return 0;
2096 2178
2097 offset = offsetof(struct ext4_group_desc, bg_checksum);
2098
2099 crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid)); 2179 crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid));
2100 crc = crc16(crc, (__u8 *)&le_group, sizeof(le_group)); 2180 crc = crc16(crc, (__u8 *)&le_group, sizeof(le_group));
2101 crc = crc16(crc, (__u8 *)gdp, offset); 2181 crc = crc16(crc, (__u8 *)gdp, offset);
@@ -2278,6 +2358,16 @@ static void ext4_orphan_cleanup(struct super_block *sb,
2278 while (es->s_last_orphan) { 2358 while (es->s_last_orphan) {
2279 struct inode *inode; 2359 struct inode *inode;
2280 2360
2361 /*
2362 * We may have encountered an error during cleanup; if
2363 * so, skip the rest.
2364 */
2365 if (EXT4_SB(sb)->s_mount_state & EXT4_ERROR_FS) {
2366 jbd_debug(1, "Skipping orphan recovery on fs with errors.\n");
2367 es->s_last_orphan = 0;
2368 break;
2369 }
2370
2281 inode = ext4_orphan_get(sb, le32_to_cpu(es->s_last_orphan)); 2371 inode = ext4_orphan_get(sb, le32_to_cpu(es->s_last_orphan));
2282 if (IS_ERR(inode)) { 2372 if (IS_ERR(inode)) {
2283 es->s_last_orphan = 0; 2373 es->s_last_orphan = 0;
@@ -3416,6 +3506,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
3416 goto failed_mount; 3506 goto failed_mount;
3417 } 3507 }
3418 3508
3509 if (le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) > (blocksize / 4)) {
3510 ext4_msg(sb, KERN_ERR,
3511 "Number of reserved GDT blocks insanely large: %d",
3512 le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks));
3513 goto failed_mount;
3514 }
3515
3419 if (sbi->s_mount_opt & EXT4_MOUNT_DAX) { 3516 if (sbi->s_mount_opt & EXT4_MOUNT_DAX) {
3420 err = bdev_dax_supported(sb, blocksize); 3517 err = bdev_dax_supported(sb, blocksize);
3421 if (err) 3518 if (err)
@@ -3686,6 +3783,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
3686 sb->s_op = &ext4_sops; 3783 sb->s_op = &ext4_sops;
3687 sb->s_export_op = &ext4_export_ops; 3784 sb->s_export_op = &ext4_export_ops;
3688 sb->s_xattr = ext4_xattr_handlers; 3785 sb->s_xattr = ext4_xattr_handlers;
3786 sb->s_cop = &ext4_cryptops;
3689#ifdef CONFIG_QUOTA 3787#ifdef CONFIG_QUOTA
3690 sb->dq_op = &ext4_quota_operations; 3788 sb->dq_op = &ext4_quota_operations;
3691 if (ext4_has_feature_quota(sb)) 3789 if (ext4_has_feature_quota(sb))
@@ -3996,6 +4094,11 @@ no_journal:
3996 ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); 4094 ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10);
3997 4095
3998 kfree(orig_data); 4096 kfree(orig_data);
4097#ifdef CONFIG_EXT4_FS_ENCRYPTION
4098 memcpy(sbi->key_prefix, EXT4_KEY_DESC_PREFIX,
4099 EXT4_KEY_DESC_PREFIX_SIZE);
4100 sbi->key_prefix_size = EXT4_KEY_DESC_PREFIX_SIZE;
4101#endif
3999 return 0; 4102 return 0;
4000 4103
4001cantfind_ext4: 4104cantfind_ext4:
@@ -4327,20 +4430,6 @@ static int ext4_commit_super(struct super_block *sb, int sync)
4327 4430
4328 if (!sbh || block_device_ejected(sb)) 4431 if (!sbh || block_device_ejected(sb))
4329 return error; 4432 return error;
4330 if (buffer_write_io_error(sbh)) {
4331 /*
4332 * Oh, dear. A previous attempt to write the
4333 * superblock failed. This could happen because the
4334 * USB device was yanked out. Or it could happen to
4335 * be a transient write error and maybe the block will
4336 * be remapped. Nothing we can do but to retry the
4337 * write and hope for the best.
4338 */
4339 ext4_msg(sb, KERN_ERR, "previous I/O error to "
4340 "superblock detected");
4341 clear_buffer_write_io_error(sbh);
4342 set_buffer_uptodate(sbh);
4343 }
4344 /* 4433 /*
4345 * If the file system is mounted read-only, don't update the 4434 * If the file system is mounted read-only, don't update the
4346 * superblock write time. This avoids updating the superblock 4435 * superblock write time. This avoids updating the superblock
@@ -4371,7 +4460,23 @@ static int ext4_commit_super(struct super_block *sb, int sync)
4371 &EXT4_SB(sb)->s_freeinodes_counter)); 4460 &EXT4_SB(sb)->s_freeinodes_counter));
4372 BUFFER_TRACE(sbh, "marking dirty"); 4461 BUFFER_TRACE(sbh, "marking dirty");
4373 ext4_superblock_csum_set(sb); 4462 ext4_superblock_csum_set(sb);
4463 lock_buffer(sbh);
4464 if (buffer_write_io_error(sbh)) {
4465 /*
4466 * Oh, dear. A previous attempt to write the
4467 * superblock failed. This could happen because the
4468 * USB device was yanked out. Or it could happen to
4469 * be a transient write error and maybe the block will
4470 * be remapped. Nothing we can do but to retry the
4471 * write and hope for the best.
4472 */
4473 ext4_msg(sb, KERN_ERR, "previous I/O error to "
4474 "superblock detected");
4475 clear_buffer_write_io_error(sbh);
4476 set_buffer_uptodate(sbh);
4477 }
4374 mark_buffer_dirty(sbh); 4478 mark_buffer_dirty(sbh);
4479 unlock_buffer(sbh);
4375 if (sync) { 4480 if (sync) {
4376 error = __sync_dirty_buffer(sbh, 4481 error = __sync_dirty_buffer(sbh,
4377 test_opt(sb, BARRIER) ? WRITE_FUA : WRITE_SYNC); 4482 test_opt(sb, BARRIER) ? WRITE_FUA : WRITE_SYNC);
@@ -5422,7 +5527,6 @@ out5:
5422 5527
5423static void __exit ext4_exit_fs(void) 5528static void __exit ext4_exit_fs(void)
5424{ 5529{
5425 ext4_exit_crypto();
5426 ext4_destroy_lazyinit_thread(); 5530 ext4_destroy_lazyinit_thread();
5427 unregister_as_ext2(); 5531 unregister_as_ext2();
5428 unregister_as_ext3(); 5532 unregister_as_ext3();
diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c
index 75ed5c2f0c16..4d83d9e05f2e 100644
--- a/fs/ext4/symlink.c
+++ b/fs/ext4/symlink.c
@@ -22,23 +22,22 @@
22#include "ext4.h" 22#include "ext4.h"
23#include "xattr.h" 23#include "xattr.h"
24 24
25#ifdef CONFIG_EXT4_FS_ENCRYPTION
26static const char *ext4_encrypted_get_link(struct dentry *dentry, 25static const char *ext4_encrypted_get_link(struct dentry *dentry,
27 struct inode *inode, 26 struct inode *inode,
28 struct delayed_call *done) 27 struct delayed_call *done)
29{ 28{
30 struct page *cpage = NULL; 29 struct page *cpage = NULL;
31 char *caddr, *paddr = NULL; 30 char *caddr, *paddr = NULL;
32 struct ext4_str cstr, pstr; 31 struct fscrypt_str cstr, pstr;
33 struct ext4_encrypted_symlink_data *sd; 32 struct fscrypt_symlink_data *sd;
34 loff_t size = min_t(loff_t, i_size_read(inode), PAGE_SIZE - 1); 33 loff_t size = min_t(loff_t, i_size_read(inode), PAGE_SIZE - 1);
35 int res; 34 int res;
36 u32 plen, max_size = inode->i_sb->s_blocksize; 35 u32 max_size = inode->i_sb->s_blocksize;
37 36
38 if (!dentry) 37 if (!dentry)
39 return ERR_PTR(-ECHILD); 38 return ERR_PTR(-ECHILD);
40 39
41 res = ext4_get_encryption_info(inode); 40 res = fscrypt_get_encryption_info(inode);
42 if (res) 41 if (res)
43 return ERR_PTR(res); 42 return ERR_PTR(res);
44 43
@@ -54,30 +53,27 @@ static const char *ext4_encrypted_get_link(struct dentry *dentry,
54 } 53 }
55 54
56 /* Symlink is encrypted */ 55 /* Symlink is encrypted */
57 sd = (struct ext4_encrypted_symlink_data *)caddr; 56 sd = (struct fscrypt_symlink_data *)caddr;
58 cstr.name = sd->encrypted_path; 57 cstr.name = sd->encrypted_path;
59 cstr.len = le16_to_cpu(sd->len); 58 cstr.len = le16_to_cpu(sd->len);
60 if ((cstr.len + 59 if ((cstr.len + sizeof(struct fscrypt_symlink_data) - 1) > max_size) {
61 sizeof(struct ext4_encrypted_symlink_data) - 1) >
62 max_size) {
63 /* Symlink data on the disk is corrupted */ 60 /* Symlink data on the disk is corrupted */
64 res = -EFSCORRUPTED; 61 res = -EFSCORRUPTED;
65 goto errout; 62 goto errout;
66 } 63 }
67 plen = (cstr.len < EXT4_FNAME_CRYPTO_DIGEST_SIZE*2) ? 64
68 EXT4_FNAME_CRYPTO_DIGEST_SIZE*2 : cstr.len; 65 res = fscrypt_fname_alloc_buffer(inode, cstr.len, &pstr);
69 paddr = kmalloc(plen + 1, GFP_NOFS); 66 if (res)
70 if (!paddr) {
71 res = -ENOMEM;
72 goto errout; 67 goto errout;
73 } 68
74 pstr.name = paddr; 69 res = fscrypt_fname_disk_to_usr(inode, 0, 0, &cstr, &pstr);
75 pstr.len = plen;
76 res = _ext4_fname_disk_to_usr(inode, NULL, &cstr, &pstr);
77 if (res < 0) 70 if (res < 0)
78 goto errout; 71 goto errout;
72
73 paddr = pstr.name;
74
79 /* Null-terminate the name */ 75 /* Null-terminate the name */
80 if (res <= plen) 76 if (res <= pstr.len)
81 paddr[res] = '\0'; 77 paddr[res] = '\0';
82 if (cpage) 78 if (cpage)
83 put_page(cpage); 79 put_page(cpage);
@@ -99,7 +95,6 @@ const struct inode_operations ext4_encrypted_symlink_inode_operations = {
99 .listxattr = ext4_listxattr, 95 .listxattr = ext4_listxattr,
100 .removexattr = generic_removexattr, 96 .removexattr = generic_removexattr,
101}; 97};
102#endif
103 98
104const struct inode_operations ext4_symlink_inode_operations = { 99const struct inode_operations ext4_symlink_inode_operations = {
105 .readlink = generic_readlink, 100 .readlink = generic_readlink,
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index e79bd32b9b79..39e9cfb1b371 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -121,17 +121,18 @@ static __le32 ext4_xattr_block_csum(struct inode *inode,
121{ 121{
122 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 122 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
123 __u32 csum; 123 __u32 csum;
124 __le32 save_csum;
125 __le64 dsk_block_nr = cpu_to_le64(block_nr); 124 __le64 dsk_block_nr = cpu_to_le64(block_nr);
125 __u32 dummy_csum = 0;
126 int offset = offsetof(struct ext4_xattr_header, h_checksum);
126 127
127 save_csum = hdr->h_checksum;
128 hdr->h_checksum = 0;
129 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&dsk_block_nr, 128 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&dsk_block_nr,
130 sizeof(dsk_block_nr)); 129 sizeof(dsk_block_nr));
131 csum = ext4_chksum(sbi, csum, (__u8 *)hdr, 130 csum = ext4_chksum(sbi, csum, (__u8 *)hdr, offset);
132 EXT4_BLOCK_SIZE(inode->i_sb)); 131 csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, sizeof(dummy_csum));
132 offset += sizeof(dummy_csum);
133 csum = ext4_chksum(sbi, csum, (__u8 *)hdr + offset,
134 EXT4_BLOCK_SIZE(inode->i_sb) - offset);
133 135
134 hdr->h_checksum = save_csum;
135 return cpu_to_le32(csum); 136 return cpu_to_le32(csum);
136} 137}
137 138
diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
index 8f7d1339c973..5bb565f9989c 100644
--- a/fs/jbd2/commit.c
+++ b/fs/jbd2/commit.c
@@ -124,7 +124,7 @@ static int journal_submit_commit_record(journal_t *journal,
124 struct commit_header *tmp; 124 struct commit_header *tmp;
125 struct buffer_head *bh; 125 struct buffer_head *bh;
126 int ret; 126 int ret;
127 struct timespec now = current_kernel_time(); 127 struct timespec64 now = current_kernel_time64();
128 128
129 *cbh = NULL; 129 *cbh = NULL;
130 130
diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index a7c4c101fe3e..46261a6f902d 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -691,6 +691,7 @@ int jbd2_log_wait_commit(journal_t *journal, tid_t tid)
691{ 691{
692 int err = 0; 692 int err = 0;
693 693
694 jbd2_might_wait_for_commit(journal);
694 read_lock(&journal->j_state_lock); 695 read_lock(&journal->j_state_lock);
695#ifdef CONFIG_JBD2_DEBUG 696#ifdef CONFIG_JBD2_DEBUG
696 if (!tid_geq(journal->j_commit_request, tid)) { 697 if (!tid_geq(journal->j_commit_request, tid)) {
@@ -1091,6 +1092,7 @@ static void jbd2_stats_proc_exit(journal_t *journal)
1091 1092
1092static journal_t * journal_init_common (void) 1093static journal_t * journal_init_common (void)
1093{ 1094{
1095 static struct lock_class_key jbd2_trans_commit_key;
1094 journal_t *journal; 1096 journal_t *journal;
1095 int err; 1097 int err;
1096 1098
@@ -1126,6 +1128,9 @@ static journal_t * journal_init_common (void)
1126 1128
1127 spin_lock_init(&journal->j_history_lock); 1129 spin_lock_init(&journal->j_history_lock);
1128 1130
1131 lockdep_init_map(&journal->j_trans_commit_map, "jbd2_handle",
1132 &jbd2_trans_commit_key, 0);
1133
1129 return journal; 1134 return journal;
1130} 1135}
1131 1136
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index 1749519b362f..b5bc3e249163 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -182,6 +182,8 @@ static int add_transaction_credits(journal_t *journal, int blocks,
182 int needed; 182 int needed;
183 int total = blocks + rsv_blocks; 183 int total = blocks + rsv_blocks;
184 184
185 jbd2_might_wait_for_commit(journal);
186
185 /* 187 /*
186 * If the current transaction is locked down for commit, wait 188 * If the current transaction is locked down for commit, wait
187 * for the lock to be released. 189 * for the lock to be released.
@@ -382,13 +384,11 @@ repeat:
382 read_unlock(&journal->j_state_lock); 384 read_unlock(&journal->j_state_lock);
383 current->journal_info = handle; 385 current->journal_info = handle;
384 386
385 lock_map_acquire(&handle->h_lockdep_map); 387 rwsem_acquire_read(&journal->j_trans_commit_map, 0, 0, _THIS_IP_);
386 jbd2_journal_free_transaction(new_transaction); 388 jbd2_journal_free_transaction(new_transaction);
387 return 0; 389 return 0;
388} 390}
389 391
390static struct lock_class_key jbd2_handle_key;
391
392/* Allocate a new handle. This should probably be in a slab... */ 392/* Allocate a new handle. This should probably be in a slab... */
393static handle_t *new_handle(int nblocks) 393static handle_t *new_handle(int nblocks)
394{ 394{
@@ -398,9 +398,6 @@ static handle_t *new_handle(int nblocks)
398 handle->h_buffer_credits = nblocks; 398 handle->h_buffer_credits = nblocks;
399 handle->h_ref = 1; 399 handle->h_ref = 1;
400 400
401 lockdep_init_map(&handle->h_lockdep_map, "jbd2_handle",
402 &jbd2_handle_key, 0);
403
404 return handle; 401 return handle;
405} 402}
406 403
@@ -672,7 +669,7 @@ int jbd2__journal_restart(handle_t *handle, int nblocks, gfp_t gfp_mask)
672 if (need_to_start) 669 if (need_to_start)
673 jbd2_log_start_commit(journal, tid); 670 jbd2_log_start_commit(journal, tid);
674 671
675 lock_map_release(&handle->h_lockdep_map); 672 rwsem_release(&journal->j_trans_commit_map, 1, _THIS_IP_);
676 handle->h_buffer_credits = nblocks; 673 handle->h_buffer_credits = nblocks;
677 ret = start_this_handle(journal, handle, gfp_mask); 674 ret = start_this_handle(journal, handle, gfp_mask);
678 return ret; 675 return ret;
@@ -700,6 +697,8 @@ void jbd2_journal_lock_updates(journal_t *journal)
700{ 697{
701 DEFINE_WAIT(wait); 698 DEFINE_WAIT(wait);
702 699
700 jbd2_might_wait_for_commit(journal);
701
703 write_lock(&journal->j_state_lock); 702 write_lock(&journal->j_state_lock);
704 ++journal->j_barrier_count; 703 ++journal->j_barrier_count;
705 704
@@ -1750,11 +1749,11 @@ int jbd2_journal_stop(handle_t *handle)
1750 wake_up(&journal->j_wait_transaction_locked); 1749 wake_up(&journal->j_wait_transaction_locked);
1751 } 1750 }
1752 1751
1752 rwsem_release(&journal->j_trans_commit_map, 1, _THIS_IP_);
1753
1753 if (wait_for_commit) 1754 if (wait_for_commit)
1754 err = jbd2_log_wait_commit(journal, tid); 1755 err = jbd2_log_wait_commit(journal, tid);
1755 1756
1756 lock_map_release(&handle->h_lockdep_map);
1757
1758 if (handle->h_rsv_handle) 1757 if (handle->h_rsv_handle)
1759 jbd2_journal_free_reserved(handle->h_rsv_handle); 1758 jbd2_journal_free_reserved(handle->h_rsv_handle);
1760free_and_exit: 1759free_and_exit:
diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
index efb232c5f668..dfaa1f4dcb0c 100644
--- a/include/linux/jbd2.h
+++ b/include/linux/jbd2.h
@@ -491,10 +491,6 @@ struct jbd2_journal_handle
491 491
492 unsigned long h_start_jiffies; 492 unsigned long h_start_jiffies;
493 unsigned int h_requested_credits; 493 unsigned int h_requested_credits;
494
495#ifdef CONFIG_DEBUG_LOCK_ALLOC
496 struct lockdep_map h_lockdep_map;
497#endif
498}; 494};
499 495
500 496
@@ -793,6 +789,7 @@ jbd2_time_diff(unsigned long start, unsigned long end)
793 * @j_proc_entry: procfs entry for the jbd statistics directory 789 * @j_proc_entry: procfs entry for the jbd statistics directory
794 * @j_stats: Overall statistics 790 * @j_stats: Overall statistics
795 * @j_private: An opaque pointer to fs-private information. 791 * @j_private: An opaque pointer to fs-private information.
792 * @j_trans_commit_map: Lockdep entity to track transaction commit dependencies
796 */ 793 */
797 794
798struct journal_s 795struct journal_s
@@ -1035,8 +1032,26 @@ struct journal_s
1035 1032
1036 /* Precomputed journal UUID checksum for seeding other checksums */ 1033 /* Precomputed journal UUID checksum for seeding other checksums */
1037 __u32 j_csum_seed; 1034 __u32 j_csum_seed;
1035
1036#ifdef CONFIG_DEBUG_LOCK_ALLOC
1037 /*
1038 * Lockdep entity to track transaction commit dependencies. Handles
1039 * hold this "lock" for read, when we wait for commit, we acquire the
1040 * "lock" for writing. This matches the properties of jbd2 journalling
1041 * where the running transaction has to wait for all handles to be
1042 * dropped to commit that transaction and also acquiring a handle may
1043 * require transaction commit to finish.
1044 */
1045 struct lockdep_map j_trans_commit_map;
1046#endif
1038}; 1047};
1039 1048
1049#define jbd2_might_wait_for_commit(j) \
1050 do { \
1051 rwsem_acquire(&j->j_trans_commit_map, 0, 0, _THIS_IP_); \
1052 rwsem_release(&j->j_trans_commit_map, 1, _THIS_IP_); \
1053 } while (0)
1054
1040/* journal feature predicate functions */ 1055/* journal feature predicate functions */
1041#define JBD2_FEATURE_COMPAT_FUNCS(name, flagname) \ 1056#define JBD2_FEATURE_COMPAT_FUNCS(name, flagname) \
1042static inline bool jbd2_has_feature_##name(journal_t *j) \ 1057static inline bool jbd2_has_feature_##name(journal_t *j) \
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-24 12:40:19 -0400