Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d1cae948 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt 

Pull fscrypt updates from Eric Biggers:
 "First: Ted, Jaegeuk, and I have decided to add me as a co-maintainer
  for fscrypt, and we're now using a shared git tree. So we've updated
  MAINTAINERS accordingly, and I'm doing the pull request this time.

  The actual changes for v5.1 are:

   - Remove the fs-specific kconfig options like CONFIG_EXT4_ENCRYPTION
     and make fscrypt support for all fscrypt-capable filesystems be
     controlled by CONFIG_FS_ENCRYPTION, similar to how CONFIG_QUOTA
     works.

   - Improve error code for rename() and link() into encrypted
     directories.

   - Various cleanups"

* tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt:
  MAINTAINERS: add Eric Biggers as an fscrypt maintainer
  fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
  fscrypt: remove filesystem specific build config option
  f2fs: use IS_ENCRYPTED() to check encryption status
  ext4: use IS_ENCRYPTED() to check encryption status
  fscrypt: remove CRYPTO_CTR dependency
parents 99b25a7f 129ca2d2

Documentation/filesystems/fscrypt.rst

+12 −4
Original line number Diff line number Diff line
@@ -343,9 +343,9 @@ FS_IOC_SET_ENCRYPTION_POLICY can fail with the following errors: 
- ``ENOTEMPTY``: the file is unencrypted and is a nonempty directory

- ``ENOTTY``: this type of filesystem does not implement encryption

- ``EOPNOTSUPP``: the kernel was not configured with encryption

  support for this filesystem, or the filesystem superblock has not

  support for filesystems, or the filesystem superblock has not

  had encryption enabled on it.  (For example, to use encryption on an

  ext4 filesystem, CONFIG_EXT4_ENCRYPTION must be enabled in the

  ext4 filesystem, CONFIG_FS_ENCRYPTION must be enabled in the

  kernel config, and the superblock must have had the "encrypt"

  feature flag enabled using ``tune2fs -O encrypt`` or ``mkfs.ext4 -O

  encrypt``.)
@@ -451,10 +451,18 @@ astute users may notice some differences in behavior: 
- Unencrypted files, or files encrypted with a different encryption

  policy (i.e. different key, modes, or flags), cannot be renamed or

  linked into an encrypted directory; see `Encryption policy

  enforcement`_.  Attempts to do so will fail with EPERM.  However,

  enforcement`_.  Attempts to do so will fail with EXDEV.  However,

  encrypted files can be renamed within an encrypted directory, or

  into an unencrypted directory.



  Note: "moving" an unencrypted file into an encrypted directory, e.g.

  with the `mv` program, is implemented in userspace by a copy

  followed by a delete.  Be aware that the original unencrypted data

  may remain recoverable from free space on the disk; prefer to keep

  all files encrypted from the very beginning.  The `shred` program

  may be used to overwrite the source files but isn't guaranteed to be

  effective on all filesystems and storage devices.



- Direct I/O is not supported on encrypted files.  Attempts to use

  direct I/O on such files will fall back to buffered I/O.
@@ -541,7 +549,7 @@ not be encrypted. 
Except for those special files, it is forbidden to have unencrypted

files, or files encrypted with a different encryption policy, in an

encrypted directory tree.  Attempts to link or rename such a file into

an encrypted directory will fail with EPERM.  This is also enforced

an encrypted directory will fail with EXDEV.  This is also enforced

during ->lookup() to provide limited protection against offline

attacks that try to disable or downgrade encryption in known locations

where applications may later write sensitive data.  It is recommended

MAINTAINERS

+2 −1
Original line number Diff line number Diff line
@@ -6337,9 +6337,10 @@ F: include/linux/fscache*.h 
FSCRYPT: FILE SYSTEM LEVEL ENCRYPTION SUPPORT

M:	Theodore Y. Ts'o <tytso@mit.edu>

M:	Jaegeuk Kim <jaegeuk@kernel.org>

M:	Eric Biggers <ebiggers@kernel.org>

L:	linux-fscrypt@vger.kernel.org

Q:	https://patchwork.kernel.org/project/linux-fscrypt/list/

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git

T:	git git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git

S:	Supported

F:	fs/crypto/

F:	include/linux/fscrypt*.h

arch/mips/configs/generic_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -59,7 +59,7 @@ CONFIG_HID_MONTEREY=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FUSE_FS=y

CONFIG_CUSE=y

arch/nds32/configs/defconfig

+1 −1
Original line number Diff line number Diff line
@@ -74,7 +74,7 @@ CONFIG_GENERIC_PHY=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FUSE_FS=y

CONFIG_MSDOS_FS=y

CONFIG_VFAT_FS=y

arch/s390/configs/debug_defconfig

+1 −1
Original line number Diff line number Diff line
@@ -500,7 +500,6 @@ CONFIG_S390_AP_IOMMU=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_JBD2_DEBUG=y

CONFIG_JFS_FS=m

CONFIG_JFS_POSIX_ACL=y
@@ -520,6 +519,7 @@ CONFIG_BTRFS_DEBUG=y 
CONFIG_NILFS2_FS=m

CONFIG_FS_DAX=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

CONFIG_QUOTA_NETLINK_INTERFACE=y