Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2a9032a authored by Jaegeuk Kim's avatar Jaegeuk Kim
Browse files

f2fs/fscrypt: updates to v4.17-rc1 



Pull f2fs update from Jaegeuk Kim:
 "In this round, we've mainly focused on performance tuning and critical
  bug fixes occurred in low-end devices. Sheng Yong introduced
  lost_found feature to keep missing files during recovery instead of
  thrashing them. We're preparing coming fsverity implementation. And,
  we've got more features to communicate with users for better
  performance. In low-end devices, some memory-related issues were
  fixed, and subtle race condtions and corner cases were addressed as
  well.

  Enhancements:
   - large nat bitmaps for more free node ids
   - add three block allocation policies to pass down write hints given by user
   - expose extension list to user and introduce hot file extension
   - tune small devices seamlessly for low-end devices
   - set readdir_ra by default
   - give more resources under gc_urgent mode regarding to discard and cleaning
   - introduce fsync_mode to enforce posix or not
   - nowait aio support
   - add lost_found feature to keep dangling inodes
   - reserve bits for future fsverity feature
   - add test_dummy_encryption for FBE

  Bug fixes:
   - don't use highmem for dentry pages
   - align memory boundary for bitops
   - truncate preallocated blocks in write errors
   - guarantee i_times on fsync call
   - clear CP_TRIMMED_FLAG correctly
   - prevent node chain loop during recovery
   - avoid data race between atomic write and background cleaning
   - avoid unnecessary selinux violation warnings on resgid option
   - GFP_NOFS to avoid deadlock in quota and read paths
   - fix f2fs_skip_inode_update to allow i_size recovery

  In addition to the above, there are several minor bug fixes and clean-ups"

Cherry-pick from origin/upstream-f2fs-stable-linux-4.14.y:

de465aa5 f2fs: remain written times to update inode during fsync
d0ebaf0b f2fs: make assignment of t->dentry_bitmap more readable
7f05fb45 f2fs: truncate preallocated blocks in error case
a0a9a51e f2fs: fix a wrong condition in f2fs_skip_inode_update
5dc89047 f2fs: reserve bits for fs-verity
0751f013 f2fs: Add a segment type check in inplace write
27d9598d f2fs: no need to initialize zero value for GFP_F2FS_ZERO
42a34ff7 f2fs: don't track new nat entry in nat set
14040505 f2fs: clean up with F2FS_BLK_ALIGN
fcea9e00 f2fs: check blkaddr more accuratly before issue a bio
2c217b07 f2fs: Set GF_NOFS in read_cache_page_gfp while doing f2fs_quota_read
0a8cedc2 f2fs: introduce a new mount option test_dummy_encryption
5786b414 f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
9813cae6 f2fs: release locks before return in f2fs_ioc_gc_range()
cee6482c f2fs: align memory boundary for bitops
8dbfcba5 f2fs: remove unneeded set_cold_node()
7e93bf8e f2fs: add nowait aio support
1e64d3ed f2fs: wrap all options with f2fs_sb_info.mount_opt
7f270a67 f2fs: Don't overwrite all types of node to keep node chain
c6a9e6a4 f2fs: introduce mount option for fsync mode
82bebed3 f2fs: fix to restore old mount option in ->remount_fs
808427a6 f2fs: wrap sb_rdonly with f2fs_readonly
5ebe362c f2fs: avoid selinux denial on CAP_SYS_RESOURCE
ea347343 f2fs: support hot file extension
2189c2e4 f2fs: fix to avoid race in between atomic write and background GC
5f695080 f2fs: do gc in greedy mode for whole range if gc_urgent mode is set
79f1a15f f2fs: issue discard aggressively in the gc_urgent mode
aea8da88 f2fs: set readdir_ra by default
8fe06ea2 f2fs: add auto tuning for small devices
073c145d f2fs: add mount option for segment allocation policy
e7efe40d f2fs: don't stop GC if GC is contended
882d0e09 f2fs: expose extension_list sysfs entry
52320a2a f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
ef66237f f2fs: introduce sb_lock to make encrypt pwsalt update exclusive
c8e77267 f2fs: remove redundant initialization of pointer 'p'
755dcc32 f2fs: flush cp pack except cp pack 2 page at first
92223ccb f2fs: clean up f2fs_sb_has_xxx functions
d8ecd46c f2fs: remove redundant check of page type when submit bio
99f51213 f2fs: fix to handle looped node chain during recovery
66a2346d f2fs: handle quota for orphan inodes
bd9e1956 f2fs: support passing down write hints to block layer with F2FS policy
d8f02c3b f2fs: support passing down write hints given by users to block layer
d4fff141 f2fs: fix to clear CP_TRIMMED_FLAG
f5010086 f2fs: support large nat bitmap
e9437125 f2fs: fix to check extent cache in f2fs_drop_extent_tree
5c1d55c3 f2fs: restrict inline_xattr_size configuration
74d48dc6 f2fs: fix heap mode to reset it back
68afcb25 f2fs: fix potential corruption in area before F2FS_SUPER_OFFSET
6b4edfb1 fscrypt: fix build with pre-4.6 gcc versions
4bcc4865 fscrypt: remove 'ci' parameter from fscrypt_put_encryption_info()
69e5234f fscrypt: fix up fscrypt_fname_encrypted_size() for internal use
7919cba9 fscrypt: define fscrypt_fname_alloc_buffer() to be for presented names
aef0017f fscrypt: calculate NUL-padding length in one place only
5232cae0 fscrypt: move fscrypt_symlink_data to fscrypt_private.h
169bd9ba ubifs: switch to fscrypt_get_symlink()
63498ca7 ubifs: switch to fscrypt ->symlink() helper functions
a85637d1 fscrypt: remove fscrypt_fname_usr_to_disk()
77bb20f7 ext4: switch to fscrypt_get_symlink()
79b3f39a ext4: switch to fscrypt ->symlink() helper functions
70fe2fb6 f2fs: switch to fscrypt_get_symlink()
96dda4e0 f2fs: switch to fscrypt ->symlink() helper functions
0063988c fscrypt: new helper function - fscrypt_get_symlink()
48a0375c fscrypt: new helper functions for ->symlink()
585a194d fscrypt: trim down fscrypt.h includes
411771ab fscrypt: move fscrypt_is_dot_dotdot() to fs/crypto/fname.c
ad35db34 fscrypt: move fscrypt_valid_enc_modes() to fscrypt_private.h
72b3e1c6 fscrypt: move fscrypt_operations declaration to fscrypt_supp.h
2fa9a1f9 fscrypt: split fscrypt_dummy_context_enabled() into supp/notsupp versions
e298b5de fscrypt: move fscrypt_ctx declaration to fscrypt_supp.h
8db0a6de fscrypt: move fscrypt_info_cachep declaration to fscrypt_private.h
c73c350a fscrypt: move fscrypt_control_page() to supp/notsupp headers
ca64f2f4 fscrypt: move fscrypt_has_encryption_key() to supp/notsupp headers

Signed-off-by: default avatarJaegeuk Kim <jaegeuk@google.com>
parent 7e76ead2

Documentation/ABI/testing/sysfs-fs-f2fs

+11 −0
Original line number Diff line number Diff line
@@ -192,3 +192,14 @@ Date: November 2017 
Contact:	"Sheng Yong" <shengyong1@huawei.com>

Description:

		 Controls readahead inode block in readdir.



What:		/sys/fs/f2fs/<disk>/extension_list

Date:		Feburary 2018

Contact:	"Chao Yu" <yuchao0@huawei.com>

Description:

		 Used to control configure extension list:

		 - Query: cat /sys/fs/f2fs/<disk>/extension_list

		 - Add: echo '[h/c]extension' > /sys/fs/f2fs/<disk>/extension_list

		 - Del: echo '[h/c]!extension' > /sys/fs/f2fs/<disk>/extension_list

		 - [h] means add/del hot file extension

		 - [c] means add/del cold file extension

Documentation/filesystems/f2fs.txt

+17 −0
Original line number Diff line number Diff line
@@ -174,6 +174,23 @@ offgrpjquota Turn off group journelled quota. 
offprjjquota           Turn off project journelled quota.

quota                  Enable plain user disk quota accounting.

noquota                Disable all plain disk quota option.

whint_mode=%s          Control which write hints are passed down to block

                       layer. This supports "off", "user-based", and

                       "fs-based".  In "off" mode (default), f2fs does not pass

                       down hints. In "user-based" mode, f2fs tries to pass

                       down hints given by users. And in "fs-based" mode, f2fs

                       passes down hints with its policy.

alloc_mode=%s          Adjust block allocation policy, which supports "reuse"

                       and "default".

fsync_mode=%s          Control the policy of fsync. Currently supports "posix"

                       and "strict". In "posix" mode, which is default, fsync

                       will follow POSIX semantics and does a light operation

                       to improve the filesystem performance. In "strict" mode,

                       fsync will be heavy and behaves in line with xfs, ext4

                       and btrfs, where xfstest generic/342 will pass, but the

                       performance will regress.

test_dummy_encryption  Enable dummy encryption, which provides a fake fscrypt

                       context. The fake fscrypt context is used by xfstests.



================================================================================

DEBUGFS ENTRIES

fs/crypto/crypto.c

+1 −0
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ 
#include <linux/dcache.h>

#include <linux/namei.h>

#include <crypto/aes.h>

#include <crypto/skcipher.h>

#include "fscrypt_private.h"



static unsigned int num_prealloc_crypto_pages = 32;

fs/crypto/fname.c

+61 −79
Original line number Diff line number Diff line
@@ -13,42 +13,46 @@ 


#include <linux/scatterlist.h>

#include <linux/ratelimit.h>

#include <crypto/skcipher.h>

#include "fscrypt_private.h"



static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)

{

	if (str->len == 1 && str->name[0] == '.')

		return true;



	if (str->len == 2 && str->name[0] == '.' && str->name[1] == '.')

		return true;



	return false;

}



/**

 * fname_encrypt() - encrypt a filename

 *

 * The caller must have allocated sufficient memory for the @oname string.

 * The output buffer must be at least as large as the input buffer.

 * Any extra space is filled with NUL padding before encryption.

 *

 * Return: 0 on success, -errno on failure

 */

static int fname_encrypt(struct inode *inode,

			const struct qstr *iname, struct fscrypt_str *oname)

int fname_encrypt(struct inode *inode, const struct qstr *iname,

		  u8 *out, unsigned int olen)

{

	struct skcipher_request *req = NULL;

	DECLARE_CRYPTO_WAIT(wait);

	struct fscrypt_info *ci = inode->i_crypt_info;

	struct crypto_skcipher *tfm = ci->ci_ctfm;

	struct crypto_skcipher *tfm = inode->i_crypt_info->ci_ctfm;

	int res = 0;

	char iv[FS_CRYPTO_BLOCK_SIZE];

	struct scatterlist sg;

	int padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK);

	unsigned int lim;

	unsigned int cryptlen;



	lim = inode->i_sb->s_cop->max_namelen(inode);

	if (iname->len <= 0 || iname->len > lim)

		return -EIO;



	/*

	 * Copy the filename to the output buffer for encrypting in-place and

	 * pad it with the needed number of NUL bytes.

	 */

	cryptlen = max_t(unsigned int, iname->len, FS_CRYPTO_BLOCK_SIZE);

	cryptlen = round_up(cryptlen, padding);

	cryptlen = min(cryptlen, lim);

	memcpy(oname->name, iname->name, iname->len);

	memset(oname->name + iname->len, 0, cryptlen - iname->len);

	if (WARN_ON(olen < iname->len))

		return -ENOBUFS;

	memcpy(out, iname->name, iname->len);

	memset(out + iname->len, 0, olen - iname->len);



	/* Initialize the IV */

	memset(iv, 0, FS_CRYPTO_BLOCK_SIZE);
@@ -63,8 +67,8 @@ static int fname_encrypt(struct inode *inode, 
	skcipher_request_set_callback(req,

			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,

			crypto_req_done, &wait);

	sg_init_one(&sg, oname->name, cryptlen);

	skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv);

	sg_init_one(&sg, out, olen);

	skcipher_request_set_crypt(req, &sg, &sg, olen, iv);



	/* Do the encryption */

	res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
@@ -75,7 +79,6 @@ static int fname_encrypt(struct inode *inode, 
		return res;

	}



	oname->len = cryptlen;

	return 0;

}
@@ -188,50 +191,52 @@ static int digest_decode(const char *src, int len, char *dst) 
	return cp - dst;

}



u32 fscrypt_fname_encrypted_size(const struct inode *inode, u32 ilen)

bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,

				  u32 max_len, u32 *encrypted_len_ret)

{

	int padding = 32;

	struct fscrypt_info *ci = inode->i_crypt_info;



	if (ci)

		padding = 4 << (ci->ci_flags & FS_POLICY_FLAGS_PAD_MASK);

	ilen = max(ilen, (u32)FS_CRYPTO_BLOCK_SIZE);

	return round_up(ilen, padding);

	int padding = 4 << (inode->i_crypt_info->ci_flags &

			    FS_POLICY_FLAGS_PAD_MASK);

	u32 encrypted_len;



	if (orig_len > max_len)

		return false;

	encrypted_len = max(orig_len, (u32)FS_CRYPTO_BLOCK_SIZE);

	encrypted_len = round_up(encrypted_len, padding);

	*encrypted_len_ret = min(encrypted_len, max_len);

	return true;

}

EXPORT_SYMBOL(fscrypt_fname_encrypted_size);



/**

 * fscrypt_fname_crypto_alloc_obuff() -

 * fscrypt_fname_alloc_buffer - allocate a buffer for presented filenames

 *

 * Allocates an output buffer that is sufficient for the crypto operation

 * specified by the context and the direction.

 * Allocate a buffer that is large enough to hold any decrypted or encoded

 * filename (null-terminated), for the given maximum encrypted filename length.

 *

 * Return: 0 on success, -errno on failure

 */

int fscrypt_fname_alloc_buffer(const struct inode *inode,

				u32 ilen, struct fscrypt_str *crypto_str)

			       u32 max_encrypted_len,

			       struct fscrypt_str *crypto_str)

{

	u32 olen = fscrypt_fname_encrypted_size(inode, ilen);

	const u32 max_encoded_len =

		max_t(u32, BASE64_CHARS(FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE),

		      1 + BASE64_CHARS(sizeof(struct fscrypt_digested_name)));

	u32 max_presented_len;



	crypto_str->len = olen;

	olen = max(olen, max_encoded_len);

	max_presented_len = max(max_encoded_len, max_encrypted_len);



	/*

	 * Allocated buffer can hold one more character to null-terminate the

	 * string

	 */

	crypto_str->name = kmalloc(olen + 1, GFP_NOFS);

	if (!(crypto_str->name))

	crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);

	if (!crypto_str->name)

		return -ENOMEM;

	crypto_str->len = max_presented_len;

	return 0;

}

EXPORT_SYMBOL(fscrypt_fname_alloc_buffer);



/**

 * fscrypt_fname_crypto_free_buffer() -

 * fscrypt_fname_free_buffer - free the buffer for presented filenames

 *

 * Frees the buffer allocated for crypto operation.

 * Free the buffer allocated by fscrypt_fname_alloc_buffer().

 */

void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)

{
@@ -297,35 +302,6 @@ int fscrypt_fname_disk_to_usr(struct inode *inode, 
}

EXPORT_SYMBOL(fscrypt_fname_disk_to_usr);



/**

 * fscrypt_fname_usr_to_disk() - converts a filename from user space to disk

 * space

 *

 * The caller must have allocated sufficient memory for the @oname string.

 *

 * Return: 0 on success, -errno on failure

 */

int fscrypt_fname_usr_to_disk(struct inode *inode,

			const struct qstr *iname,

			struct fscrypt_str *oname)

{

	if (fscrypt_is_dot_dotdot(iname)) {

		oname->name[0] = '.';

		oname->name[iname->len - 1] = '.';

		oname->len = iname->len;

		return 0;

	}

	if (inode->i_crypt_info)

		return fname_encrypt(inode, iname, oname);

	/*

	 * Without a proper key, a user is not allowed to modify the filenames

	 * in a directory. Consequently, a user space name cannot be mapped to

	 * a disk-space name

	 */

	return -ENOKEY;

}

EXPORT_SYMBOL(fscrypt_fname_usr_to_disk);



/**

 * fscrypt_setup_filename() - prepare to search a possibly encrypted directory

 * @dir: the directory that will be searched
@@ -369,11 +345,17 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 
		return ret;



	if (dir->i_crypt_info) {

		ret = fscrypt_fname_alloc_buffer(dir, iname->len,

							&fname->crypto_buf);

		if (ret)

			return ret;

		ret = fname_encrypt(dir, iname, &fname->crypto_buf);

		if (!fscrypt_fname_encrypted_size(dir, iname->len,

						  dir->i_sb->s_cop->max_namelen(dir),

						  &fname->crypto_buf.len))

			return -ENAMETOOLONG;

		fname->crypto_buf.name = kmalloc(fname->crypto_buf.len,

						 GFP_NOFS);

		if (!fname->crypto_buf.name)

			return -ENOMEM;



		ret = fname_encrypt(dir, iname, fname->crypto_buf.name,

				    fname->crypto_buf.len);

		if (ret)

			goto errout;

		fname->disk_name.name = fname->crypto_buf.name;
@@ -425,7 +407,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, 
	return 0;



errout:

	fscrypt_fname_free_buffer(&fname->crypto_buf);

	kfree(fname->crypto_buf.name);

	return ret;

}

EXPORT_SYMBOL(fscrypt_setup_filename);

fs/crypto/fscrypt_private.h

+31 −0
Original line number Diff line number Diff line
@@ -50,6 +50,15 @@ struct fscrypt_context { 


#define FS_ENCRYPTION_CONTEXT_FORMAT_V1		1



/**

 * For encrypted symlinks, the ciphertext length is stored at the beginning

 * of the string in little-endian format.

 */

struct fscrypt_symlink_data {

	__le16 len;

	char encrypted_path[1];

} __packed;



/*

 * A pointer to this structure is stored in the file system's in-core

 * representation of an inode.
@@ -71,7 +80,22 @@ typedef enum { 
#define FS_CTX_REQUIRES_FREE_ENCRYPT_FL		0x00000001

#define FS_CTX_HAS_BOUNCE_BUFFER_FL		0x00000002



static inline bool fscrypt_valid_enc_modes(u32 contents_mode,

					   u32 filenames_mode)

{

	if (contents_mode == FS_ENCRYPTION_MODE_AES_128_CBC &&

	    filenames_mode == FS_ENCRYPTION_MODE_AES_128_CTS)

		return true;



	if (contents_mode == FS_ENCRYPTION_MODE_AES_256_XTS &&

	    filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS)

		return true;



	return false;

}



/* crypto.c */

extern struct kmem_cache *fscrypt_info_cachep;

extern int fscrypt_initialize(unsigned int cop_flags);

extern struct workqueue_struct *fscrypt_read_workqueue;

extern int fscrypt_do_page_crypto(const struct inode *inode,
@@ -83,6 +107,13 @@ extern int fscrypt_do_page_crypto(const struct inode *inode, 
extern struct page *fscrypt_alloc_bounce_page(struct fscrypt_ctx *ctx,

					      gfp_t gfp_flags);



/* fname.c */

extern int fname_encrypt(struct inode *inode, const struct qstr *iname,

			 u8 *out, unsigned int olen);

extern bool fscrypt_fname_encrypted_size(const struct inode *inode,

					 u32 orig_len, u32 max_len,

					 u32 *encrypted_len_ret);



/* keyinfo.c */

extern void __exit fscrypt_essiv_cleanup(void);