Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fcc85a4d authored by Jaegeuk Kim's avatar Jaegeuk Kim
Browse files

f2fs crypto: activate encryption support for fs APIs 



This patch activates the following APIs for encryption support.

The rules quoted by ext4 are:
 - An unencrypted directory may contain encrypted or unencrypted files
   or directories.
 - All files or directories in a directory must be protected using the
   same key as their containing directory.
 - Encrypted inode for regular file should not have inline_data.
 - Encrypted symlink and directory may have inline_data and inline_dentry.

This patch activates the following APIs.
1. f2fs_link              : validate context
2. f2fs_lookup            :      ''
3. f2fs_rename            :      ''
4. f2fs_create/f2fs_mkdir : inherit its dir's context
5. f2fs_direct_IO         : do buffered io for regular files
6. f2fs_open              : check encryption info
7. f2fs_file_mmap         :      ''
8. f2fs_setattr           :      ''
9. f2fs_file_write_iter   :      ''           (Called by sys_io_submit)
10. f2fs_fallocate        : do not support fcollapse
11. f2fs_evict_inode      : free_encryption_info

Signed-off-by: default avatarMichael Halcrow <mhalcrow@google.com>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
parent 6b3bd08f

fs/f2fs/data.c

+3 −0
Original line number Diff line number Diff line
@@ -1982,6 +1982,9 @@ static ssize_t f2fs_direct_IO(struct kiocb *iocb, struct iov_iter *iter, 
			return err;

	}



	if (f2fs_encrypted_inode(inode) && S_ISREG(inode->i_mode))

		return 0;



	if (check_direct_IO(inode, iter, offset))

		return 0;

fs/f2fs/dir.c

+6 −0
Original line number Diff line number Diff line
@@ -390,6 +390,12 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir, 
		err = f2fs_init_security(inode, dir, name, page);

		if (err)

			goto put_error;



		if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {

			err = f2fs_inherit_context(dir, inode, page);

			if (err)

				goto put_error;

		}

	} else {

		page = get_node_page(F2FS_I_SB(dir), inode->i_ino);

		if (IS_ERR(page))

fs/f2fs/f2fs.h

+11 −0
Original line number Diff line number Diff line
@@ -1975,6 +1975,17 @@ static inline int f2fs_sb_has_crypto(struct super_block *sb) 
#endif

}



static inline bool f2fs_may_encrypt(struct inode *inode)

{

#ifdef CONFIG_F2FS_FS_ENCRYPTION

	mode_t mode = inode->i_mode;



	return (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode));

#else

	return 0;

#endif

}



/* crypto_policy.c */

int f2fs_is_child_context_consistent_with_parent(struct inode *,

							struct inode *);

fs/f2fs/file.c

+39 −2
Original line number Diff line number Diff line
@@ -408,6 +408,12 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma) 
{

	struct inode *inode = file_inode(file);



	if (f2fs_encrypted_inode(inode)) {

		int err = f2fs_get_encryption_info(inode);

		if (err)

			return 0;

	}



	/* we don't need to use inline_data strictly */

	if (f2fs_has_inline_data(inode)) {

		int err = f2fs_convert_inline_inode(inode);
@@ -420,6 +426,18 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma) 
	return 0;

}



static int f2fs_file_open(struct inode *inode, struct file *filp)

{

	int ret = generic_file_open(inode, filp);



	if (!ret && f2fs_encrypted_inode(inode)) {

		ret = f2fs_get_encryption_info(inode);

		if (ret)

			ret = -EACCES;

	}

	return ret;

}



int truncate_data_blocks_range(struct dnode_of_data *dn, int count)

{

	int nr_free = 0, ofs = dn->ofs_in_node;
@@ -627,6 +645,10 @@ int f2fs_setattr(struct dentry *dentry, struct iattr *attr) 
		return err;



	if (attr->ia_valid & ATTR_SIZE) {

		if (f2fs_encrypted_inode(inode) &&

				f2fs_get_encryption_info(inode))

			return -EACCES;



		if (attr->ia_size != i_size_read(inode)) {

			truncate_setsize(inode, attr->ia_size);

			f2fs_truncate(inode);
@@ -1061,6 +1083,9 @@ static long f2fs_fallocate(struct file *file, int mode, 
	struct inode *inode = file_inode(file);

	long ret = 0;



	if (f2fs_encrypted_inode(inode) && (mode & FALLOC_FL_COLLAPSE_RANGE))

		return -EOPNOTSUPP;



	if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE |

			FALLOC_FL_COLLAPSE_RANGE | FALLOC_FL_ZERO_RANGE))

		return -EOPNOTSUPP;
@@ -1468,6 +1493,18 @@ long f2fs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 
	}

}



static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from)

{

	struct inode *inode = file_inode(iocb->ki_filp);



	if (f2fs_encrypted_inode(inode) &&

				!f2fs_has_encryption_key(inode) &&

				f2fs_get_encryption_info(inode))

		return -EACCES;



	return generic_file_write_iter(iocb, from);

}



#ifdef CONFIG_COMPAT

long f2fs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)

{
@@ -1488,8 +1525,8 @@ long f2fs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 
const struct file_operations f2fs_file_operations = {

	.llseek		= f2fs_llseek,

	.read_iter	= generic_file_read_iter,

	.write_iter	= generic_file_write_iter,

	.open		= generic_file_open,

	.write_iter	= f2fs_file_write_iter,

	.open		= f2fs_file_open,

	.release	= f2fs_release_file,

	.mmap		= f2fs_file_mmap,

	.fsync		= f2fs_sync_file,

fs/f2fs/inline.c

+3 −0
Original line number Diff line number Diff line
@@ -27,6 +27,9 @@ bool f2fs_may_inline_data(struct inode *inode) 
	if (i_size_read(inode) > MAX_INLINE_DATA)

		return false;



	if (f2fs_encrypted_inode(inode) && S_ISREG(inode->i_mode))

		return false;



	return true;

}