Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 701ca1f5 authored by Jaegeuk Kim's avatar Jaegeuk Kim
Browse files

Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.19.y' into android-4.19 



* origin/upstream-f2fs-stable-linux-4.19.y:
  fscrypt: remove filesystem specific build config option
  f2fs: use IS_ENCRYPTED() to check encryption status
  ext4: use IS_ENCRYPTED() to check encryption status
  fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
  fscrypt: remove CRYPTO_CTR dependency
  fscrypt: add Adiantum support
  crypto: speck - remove Speck

 Conflicts:
	arch/arm/crypto/Kconfig
	arch/arm/crypto/Makefile
	crypto/testmgr.h

Change-Id: I1a6d1e35c857c4117190388b4797d0c11a109cf0
Signed-off-by: default avatarJaegeuk Kim <jaegeuk@google.com>
parents 82d2ef7b ad8ceb03

Documentation/filesystems/fscrypt.rst

+12 −4
Original line number Original line Diff line number Diff line
@@ -343,9 +343,9 @@ FS_IOC_SET_ENCRYPTION_POLICY can fail with the following errors: 
- ``ENOTEMPTY``: the file is unencrypted and is a nonempty directory

- ``ENOTEMPTY``: the file is unencrypted and is a nonempty directory

- ``ENOTTY``: this type of filesystem does not implement encryption

- ``ENOTTY``: this type of filesystem does not implement encryption

- ``EOPNOTSUPP``: the kernel was not configured with encryption

- ``EOPNOTSUPP``: the kernel was not configured with encryption

  support for this filesystem, or the filesystem superblock has not

  support for filesystems, or the filesystem superblock has not

  had encryption enabled on it.  (For example, to use encryption on an

  had encryption enabled on it.  (For example, to use encryption on an

  ext4 filesystem, CONFIG_EXT4_ENCRYPTION must be enabled in the

  ext4 filesystem, CONFIG_FS_ENCRYPTION must be enabled in the

  kernel config, and the superblock must have had the "encrypt"

  kernel config, and the superblock must have had the "encrypt"

  feature flag enabled using ``tune2fs -O encrypt`` or ``mkfs.ext4 -O

  feature flag enabled using ``tune2fs -O encrypt`` or ``mkfs.ext4 -O

  encrypt``.)

  encrypt``.)
@@ -451,10 +451,18 @@ astute users may notice some differences in behavior: 
- Unencrypted files, or files encrypted with a different encryption

- Unencrypted files, or files encrypted with a different encryption

  policy (i.e. different key, modes, or flags), cannot be renamed or

  policy (i.e. different key, modes, or flags), cannot be renamed or

  linked into an encrypted directory; see `Encryption policy

  linked into an encrypted directory; see `Encryption policy

  enforcement`_.  Attempts to do so will fail with EPERM.  However,

  enforcement`_.  Attempts to do so will fail with EXDEV.  However,

  encrypted files can be renamed within an encrypted directory, or

  encrypted files can be renamed within an encrypted directory, or

  into an unencrypted directory.

  into an unencrypted directory.





  Note: "moving" an unencrypted file into an encrypted directory, e.g.

  with the `mv` program, is implemented in userspace by a copy

  followed by a delete.  Be aware that the original unencrypted data

  may remain recoverable from free space on the disk; prefer to keep

  all files encrypted from the very beginning.  The `shred` program

  may be used to overwrite the source files but isn't guaranteed to be

  effective on all filesystems and storage devices.



- Direct I/O is not supported on encrypted files.  Attempts to use

- Direct I/O is not supported on encrypted files.  Attempts to use

  direct I/O on such files will fall back to buffered I/O.

  direct I/O on such files will fall back to buffered I/O.
@@ -541,7 +549,7 @@ not be encrypted. 
Except for those special files, it is forbidden to have unencrypted

Except for those special files, it is forbidden to have unencrypted

files, or files encrypted with a different encryption policy, in an

files, or files encrypted with a different encryption policy, in an

encrypted directory tree.  Attempts to link or rename such a file into

encrypted directory tree.  Attempts to link or rename such a file into

an encrypted directory will fail with EPERM.  This is also enforced

an encrypted directory will fail with EXDEV.  This is also enforced

during ->lookup() to provide limited protection against offline

during ->lookup() to provide limited protection against offline

attacks that try to disable or downgrade encryption in known locations

attacks that try to disable or downgrade encryption in known locations

where applications may later write sensitive data.  It is recommended

where applications may later write sensitive data.  It is recommended

arch/mips/configs/generic_defconfig

+1 −1
Original line number Original line Diff line number Diff line
@@ -63,7 +63,7 @@ CONFIG_HID_MONTEREY=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY=y

CONFIG_FUSE_FS=y

CONFIG_FUSE_FS=y

CONFIG_CUSE=y

CONFIG_CUSE=y

arch/nds32/configs/defconfig

+1 −1
Original line number Original line Diff line number Diff line
@@ -74,7 +74,7 @@ CONFIG_GENERIC_PHY=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FUSE_FS=y

CONFIG_FUSE_FS=y

CONFIG_MSDOS_FS=y

CONFIG_MSDOS_FS=y

CONFIG_VFAT_FS=y

CONFIG_VFAT_FS=y

arch/s390/configs/debug_defconfig

+1 −1
Original line number Original line Diff line number Diff line
@@ -492,7 +492,6 @@ CONFIG_VIRTIO_INPUT=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_JBD2_DEBUG=y

CONFIG_JBD2_DEBUG=y

CONFIG_JFS_FS=m

CONFIG_JFS_FS=m

CONFIG_JFS_POSIX_ACL=y

CONFIG_JFS_POSIX_ACL=y
@@ -512,6 +511,7 @@ CONFIG_BTRFS_DEBUG=y 
CONFIG_NILFS2_FS=m

CONFIG_NILFS2_FS=m

CONFIG_FS_DAX=y

CONFIG_FS_DAX=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

CONFIG_QUOTA_NETLINK_INTERFACE=y

CONFIG_QUOTA_NETLINK_INTERFACE=y

arch/s390/configs/performance_defconfig

+1 −1
Original line number Original line Diff line number Diff line
@@ -489,7 +489,6 @@ CONFIG_VIRTIO_INPUT=y 
CONFIG_EXT4_FS=y

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_JBD2_DEBUG=y

CONFIG_JBD2_DEBUG=y

CONFIG_JFS_FS=m

CONFIG_JFS_FS=m

CONFIG_JFS_POSIX_ACL=y

CONFIG_JFS_POSIX_ACL=y
@@ -507,6 +506,7 @@ CONFIG_BTRFS_FS_POSIX_ACL=y 
CONFIG_NILFS2_FS=m

CONFIG_NILFS2_FS=m

CONFIG_FS_DAX=y

CONFIG_FS_DAX=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

CONFIG_QUOTA_NETLINK_INTERFACE=y

CONFIG_QUOTA_NETLINK_INTERFACE=y