diff options
| -rw-r--r-- | fs/crypto/keyinfo.c | 31 | ||||
| -rw-r--r-- | fs/ext4/ext4.h | 11 | ||||
| -rw-r--r-- | fs/ext4/super.c | 13 | ||||
| -rw-r--r-- | fs/f2fs/f2fs.h | 9 | ||||
| -rw-r--r-- | fs/f2fs/super.c | 14 | ||||
| -rw-r--r-- | fs/ubifs/crypto.c | 11 | ||||
| -rw-r--r-- | include/linux/fscrypto.h | 2 |
7 files changed, 15 insertions, 76 deletions
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 80f145c8d550..eeb6fd67ea17 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c | |||
| @@ -77,26 +77,22 @@ out: | |||
| 77 | 77 | ||
| 78 | static int validate_user_key(struct fscrypt_info *crypt_info, | 78 | static int validate_user_key(struct fscrypt_info *crypt_info, |
| 79 | struct fscrypt_context *ctx, u8 *raw_key, | 79 | struct fscrypt_context *ctx, u8 *raw_key, |
| 80 | u8 *prefix, int prefix_size) | 80 | const char *prefix) |
| 81 | { | 81 | { |
| 82 | u8 *full_key_descriptor; | 82 | char *description; |
| 83 | struct key *keyring_key; | 83 | struct key *keyring_key; |
| 84 | struct fscrypt_key *master_key; | 84 | struct fscrypt_key *master_key; |
| 85 | const struct user_key_payload *ukp; | 85 | const struct user_key_payload *ukp; |
| 86 | int full_key_len = prefix_size + (FS_KEY_DESCRIPTOR_SIZE * 2) + 1; | ||
| 87 | int res; | 86 | int res; |
| 88 | 87 | ||
| 89 | full_key_descriptor = kmalloc(full_key_len, GFP_NOFS); | 88 | description = kasprintf(GFP_NOFS, "%s%*phN", prefix, |
| 90 | if (!full_key_descriptor) | 89 | FS_KEY_DESCRIPTOR_SIZE, |
| 90 | ctx->master_key_descriptor); | ||
| 91 | if (!description) | ||
| 91 | return -ENOMEM; | 92 | return -ENOMEM; |
| 92 | 93 | ||
| 93 | memcpy(full_key_descriptor, prefix, prefix_size); | 94 | keyring_key = request_key(&key_type_logon, description, NULL); |
| 94 | sprintf(full_key_descriptor + prefix_size, | 95 | kfree(description); |
| 95 | "%*phN", FS_KEY_DESCRIPTOR_SIZE, | ||
| 96 | ctx->master_key_descriptor); | ||
| 97 | full_key_descriptor[full_key_len - 1] = '\0'; | ||
| 98 | keyring_key = request_key(&key_type_logon, full_key_descriptor, NULL); | ||
| 99 | kfree(full_key_descriptor); | ||
| 100 | if (IS_ERR(keyring_key)) | 96 | if (IS_ERR(keyring_key)) |
| 101 | return PTR_ERR(keyring_key); | 97 | return PTR_ERR(keyring_key); |
| 102 | 98 | ||
| @@ -251,15 +247,10 @@ retry: | |||
| 251 | if (!raw_key) | 247 | if (!raw_key) |
| 252 | goto out; | 248 | goto out; |
| 253 | 249 | ||
| 254 | res = validate_user_key(crypt_info, &ctx, raw_key, | 250 | res = validate_user_key(crypt_info, &ctx, raw_key, FS_KEY_DESC_PREFIX); |
| 255 | FS_KEY_DESC_PREFIX, FS_KEY_DESC_PREFIX_SIZE); | ||
| 256 | if (res && inode->i_sb->s_cop->key_prefix) { | 251 | if (res && inode->i_sb->s_cop->key_prefix) { |
| 257 | u8 *prefix = NULL; | 252 | int res2 = validate_user_key(crypt_info, &ctx, raw_key, |
| 258 | int prefix_size, res2; | 253 | inode->i_sb->s_cop->key_prefix); |
| 259 | |||
| 260 | prefix_size = inode->i_sb->s_cop->key_prefix(inode, &prefix); | ||
| 261 | res2 = validate_user_key(crypt_info, &ctx, raw_key, | ||
| 262 | prefix, prefix_size); | ||
| 263 | if (res2) { | 254 | if (res2) { |
| 264 | if (res2 == -ENOKEY) | 255 | if (res2 == -ENOKEY) |
| 265 | res = -ENOKEY; | 256 | res = -ENOKEY; |
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 2163c1e69f2a..6bcb9622fdf9 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h | |||
| @@ -1343,11 +1343,6 @@ struct ext4_super_block { | |||
| 1343 | /* Number of quota types we support */ | 1343 | /* Number of quota types we support */ |
| 1344 | #define EXT4_MAXQUOTAS 3 | 1344 | #define EXT4_MAXQUOTAS 3 |
| 1345 | 1345 | ||
| 1346 | #ifdef CONFIG_EXT4_FS_ENCRYPTION | ||
| 1347 | #define EXT4_KEY_DESC_PREFIX "ext4:" | ||
| 1348 | #define EXT4_KEY_DESC_PREFIX_SIZE 5 | ||
| 1349 | #endif | ||
| 1350 | |||
| 1351 | /* | 1346 | /* |
| 1352 | * fourth extended-fs super-block data in memory | 1347 | * fourth extended-fs super-block data in memory |
| 1353 | */ | 1348 | */ |
| @@ -1517,12 +1512,6 @@ struct ext4_sb_info { | |||
| 1517 | 1512 | ||
| 1518 | /* Barrier between changing inodes' journal flags and writepages ops. */ | 1513 | /* Barrier between changing inodes' journal flags and writepages ops. */ |
| 1519 | struct percpu_rw_semaphore s_journal_flag_rwsem; | 1514 | struct percpu_rw_semaphore s_journal_flag_rwsem; |
| 1520 | |||
| 1521 | /* Encryption support */ | ||
| 1522 | #ifdef CONFIG_EXT4_FS_ENCRYPTION | ||
| 1523 | u8 key_prefix[EXT4_KEY_DESC_PREFIX_SIZE]; | ||
| 1524 | u8 key_prefix_size; | ||
| 1525 | #endif | ||
| 1526 | }; | 1515 | }; |
| 1527 | 1516 | ||
| 1528 | static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) | 1517 | static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) |
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 66845a08a87a..9d15a6293124 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c | |||
| @@ -1100,12 +1100,6 @@ static int ext4_get_context(struct inode *inode, void *ctx, size_t len) | |||
| 1100 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); | 1100 | EXT4_XATTR_NAME_ENCRYPTION_CONTEXT, ctx, len); |
| 1101 | } | 1101 | } |
| 1102 | 1102 | ||
| 1103 | static int ext4_key_prefix(struct inode *inode, u8 **key) | ||
| 1104 | { | ||
| 1105 | *key = EXT4_SB(inode->i_sb)->key_prefix; | ||
| 1106 | return EXT4_SB(inode->i_sb)->key_prefix_size; | ||
| 1107 | } | ||
| 1108 | |||
| 1109 | static int ext4_prepare_context(struct inode *inode) | 1103 | static int ext4_prepare_context(struct inode *inode) |
| 1110 | { | 1104 | { |
| 1111 | return ext4_convert_inline_data(inode); | 1105 | return ext4_convert_inline_data(inode); |
| @@ -1180,8 +1174,8 @@ static unsigned ext4_max_namelen(struct inode *inode) | |||
| 1180 | } | 1174 | } |
| 1181 | 1175 | ||
| 1182 | static struct fscrypt_operations ext4_cryptops = { | 1176 | static struct fscrypt_operations ext4_cryptops = { |
| 1177 | .key_prefix = "ext4:", | ||
| 1183 | .get_context = ext4_get_context, | 1178 | .get_context = ext4_get_context, |
| 1184 | .key_prefix = ext4_key_prefix, | ||
| 1185 | .prepare_context = ext4_prepare_context, | 1179 | .prepare_context = ext4_prepare_context, |
| 1186 | .set_context = ext4_set_context, | 1180 | .set_context = ext4_set_context, |
| 1187 | .dummy_context = ext4_dummy_context, | 1181 | .dummy_context = ext4_dummy_context, |
| @@ -4218,11 +4212,6 @@ no_journal: | |||
| 4218 | ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); | 4212 | ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); |
| 4219 | 4213 | ||
| 4220 | kfree(orig_data); | 4214 | kfree(orig_data); |
| 4221 | #ifdef CONFIG_EXT4_FS_ENCRYPTION | ||
| 4222 | memcpy(sbi->key_prefix, EXT4_KEY_DESC_PREFIX, | ||
| 4223 | EXT4_KEY_DESC_PREFIX_SIZE); | ||
| 4224 | sbi->key_prefix_size = EXT4_KEY_DESC_PREFIX_SIZE; | ||
| 4225 | #endif | ||
| 4226 | return 0; | 4215 | return 0; |
| 4227 | 4216 | ||
| 4228 | cantfind_ext4: | 4217 | cantfind_ext4: |
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 2da8c3aa0ce5..93d38d854a41 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h | |||
| @@ -760,10 +760,6 @@ enum { | |||
| 760 | MAX_TIME, | 760 | MAX_TIME, |
| 761 | }; | 761 | }; |
| 762 | 762 | ||
| 763 | #ifdef CONFIG_F2FS_FS_ENCRYPTION | ||
| 764 | #define F2FS_KEY_DESC_PREFIX "f2fs:" | ||
| 765 | #define F2FS_KEY_DESC_PREFIX_SIZE 5 | ||
| 766 | #endif | ||
| 767 | struct f2fs_sb_info { | 763 | struct f2fs_sb_info { |
| 768 | struct super_block *sb; /* pointer to VFS super block */ | 764 | struct super_block *sb; /* pointer to VFS super block */ |
| 769 | struct proc_dir_entry *s_proc; /* proc entry */ | 765 | struct proc_dir_entry *s_proc; /* proc entry */ |
| @@ -771,11 +767,6 @@ struct f2fs_sb_info { | |||
| 771 | int valid_super_block; /* valid super block no */ | 767 | int valid_super_block; /* valid super block no */ |
| 772 | unsigned long s_flag; /* flags for sbi */ | 768 | unsigned long s_flag; /* flags for sbi */ |
| 773 | 769 | ||
| 774 | #ifdef CONFIG_F2FS_FS_ENCRYPTION | ||
| 775 | u8 key_prefix[F2FS_KEY_DESC_PREFIX_SIZE]; | ||
| 776 | u8 key_prefix_size; | ||
| 777 | #endif | ||
| 778 | |||
| 779 | #ifdef CONFIG_BLK_DEV_ZONED | 770 | #ifdef CONFIG_BLK_DEV_ZONED |
| 780 | unsigned int blocks_per_blkz; /* F2FS blocks per zone */ | 771 | unsigned int blocks_per_blkz; /* F2FS blocks per zone */ |
| 781 | unsigned int log_blocks_per_blkz; /* log2 F2FS blocks per zone */ | 772 | unsigned int log_blocks_per_blkz; /* log2 F2FS blocks per zone */ |
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 702638e21c76..739192d95e71 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c | |||
| @@ -1156,12 +1156,6 @@ static int f2fs_get_context(struct inode *inode, void *ctx, size_t len) | |||
| 1156 | ctx, len, NULL); | 1156 | ctx, len, NULL); |
| 1157 | } | 1157 | } |
| 1158 | 1158 | ||
| 1159 | static int f2fs_key_prefix(struct inode *inode, u8 **key) | ||
| 1160 | { | ||
| 1161 | *key = F2FS_I_SB(inode)->key_prefix; | ||
| 1162 | return F2FS_I_SB(inode)->key_prefix_size; | ||
| 1163 | } | ||
| 1164 | |||
| 1165 | static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len, | 1159 | static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len, |
| 1166 | void *fs_data) | 1160 | void *fs_data) |
| 1167 | { | 1161 | { |
| @@ -1177,8 +1171,8 @@ static unsigned f2fs_max_namelen(struct inode *inode) | |||
| 1177 | } | 1171 | } |
| 1178 | 1172 | ||
| 1179 | static struct fscrypt_operations f2fs_cryptops = { | 1173 | static struct fscrypt_operations f2fs_cryptops = { |
| 1174 | .key_prefix = "f2fs:", | ||
| 1180 | .get_context = f2fs_get_context, | 1175 | .get_context = f2fs_get_context, |
| 1181 | .key_prefix = f2fs_key_prefix, | ||
| 1182 | .set_context = f2fs_set_context, | 1176 | .set_context = f2fs_set_context, |
| 1183 | .is_encrypted = f2fs_encrypted_inode, | 1177 | .is_encrypted = f2fs_encrypted_inode, |
| 1184 | .empty_dir = f2fs_empty_dir, | 1178 | .empty_dir = f2fs_empty_dir, |
| @@ -1518,12 +1512,6 @@ static void init_sb_info(struct f2fs_sb_info *sbi) | |||
| 1518 | mutex_init(&sbi->wio_mutex[NODE]); | 1512 | mutex_init(&sbi->wio_mutex[NODE]); |
| 1519 | mutex_init(&sbi->wio_mutex[DATA]); | 1513 | mutex_init(&sbi->wio_mutex[DATA]); |
| 1520 | spin_lock_init(&sbi->cp_lock); | 1514 | spin_lock_init(&sbi->cp_lock); |
| 1521 | |||
| 1522 | #ifdef CONFIG_F2FS_FS_ENCRYPTION | ||
| 1523 | memcpy(sbi->key_prefix, F2FS_KEY_DESC_PREFIX, | ||
| 1524 | F2FS_KEY_DESC_PREFIX_SIZE); | ||
| 1525 | sbi->key_prefix_size = F2FS_KEY_DESC_PREFIX_SIZE; | ||
| 1526 | #endif | ||
| 1527 | } | 1515 | } |
| 1528 | 1516 | ||
| 1529 | static int init_percpu_info(struct f2fs_sb_info *sbi) | 1517 | static int init_percpu_info(struct f2fs_sb_info *sbi) |
diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c index 3402720f2b28..6335abcf98df 100644 --- a/fs/ubifs/crypto.c +++ b/fs/ubifs/crypto.c | |||
| @@ -26,15 +26,6 @@ static unsigned int ubifs_crypt_max_namelen(struct inode *inode) | |||
| 26 | return UBIFS_MAX_NLEN; | 26 | return UBIFS_MAX_NLEN; |
| 27 | } | 27 | } |
| 28 | 28 | ||
| 29 | static int ubifs_key_prefix(struct inode *inode, u8 **key) | ||
| 30 | { | ||
| 31 | static char prefix[] = "ubifs:"; | ||
| 32 | |||
| 33 | *key = prefix; | ||
| 34 | |||
| 35 | return sizeof(prefix) - 1; | ||
| 36 | } | ||
| 37 | |||
| 38 | int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn, | 29 | int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn, |
| 39 | unsigned int in_len, unsigned int *out_len, int block) | 30 | unsigned int in_len, unsigned int *out_len, int block) |
| 40 | { | 31 | { |
| @@ -88,10 +79,10 @@ int ubifs_decrypt(const struct inode *inode, struct ubifs_data_node *dn, | |||
| 88 | 79 | ||
| 89 | struct fscrypt_operations ubifs_crypt_operations = { | 80 | struct fscrypt_operations ubifs_crypt_operations = { |
| 90 | .flags = FS_CFLG_OWN_PAGES, | 81 | .flags = FS_CFLG_OWN_PAGES, |
| 82 | .key_prefix = "ubifs:", | ||
| 91 | .get_context = ubifs_crypt_get_context, | 83 | .get_context = ubifs_crypt_get_context, |
| 92 | .set_context = ubifs_crypt_set_context, | 84 | .set_context = ubifs_crypt_set_context, |
| 93 | .is_encrypted = __ubifs_crypt_is_encrypted, | 85 | .is_encrypted = __ubifs_crypt_is_encrypted, |
| 94 | .empty_dir = ubifs_crypt_empty_dir, | 86 | .empty_dir = ubifs_crypt_empty_dir, |
| 95 | .max_namelen = ubifs_crypt_max_namelen, | 87 | .max_namelen = ubifs_crypt_max_namelen, |
| 96 | .key_prefix = ubifs_key_prefix, | ||
| 97 | }; | 88 | }; |
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h index 8635ea46ef6e..715f17b3c6d7 100644 --- a/include/linux/fscrypto.h +++ b/include/linux/fscrypto.h | |||
| @@ -85,8 +85,8 @@ struct fscrypt_name { | |||
| 85 | */ | 85 | */ |
| 86 | struct fscrypt_operations { | 86 | struct fscrypt_operations { |
| 87 | unsigned int flags; | 87 | unsigned int flags; |
| 88 | const char *key_prefix; | ||
| 88 | int (*get_context)(struct inode *, void *, size_t); | 89 | int (*get_context)(struct inode *, void *, size_t); |
| 89 | int (*key_prefix)(struct inode *, u8 **); | ||
| 90 | int (*prepare_context)(struct inode *); | 90 | int (*prepare_context)(struct inode *); |
| 91 | int (*set_context)(struct inode *, const void *, size_t, void *); | 91 | int (*set_context)(struct inode *, const void *, size_t, void *); |
| 92 | int (*dummy_context)(struct inode *); | 92 | int (*dummy_context)(struct inode *); |