Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-4.19.y' into android-4.19
Merged in v5.5-rc1. * aosp/upstream-f2fs-stable-linux-4.19.y: docs: fs-verity: mention statx() support f2fs: support STATX_ATTR_VERITY ext4: support STATX_ATTR_VERITY statx: define STATX_ATTR_VERITY docs: fs-verity: document first supported kernel version f2fs: add support for IV_INO_LBLK_64 encryption policies ext4: add support for IV_INO_LBLK_64 encryption policies fscrypt: add support for IV_INO_LBLK_64 policies fscrypt: avoid data race on fscrypt_mode::logged_impl_name fscrypt: zeroize fscrypt_info before freeing fscrypt: remove struct fscrypt_ctx fscrypt: invoke crypto API for ESSIV handling Change-Id: I9325127228fb82b67f064ce8b3bc8d40ac76e65b Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
This commit is contained in:
Jaegeuk Kim
@@ -226,6 +226,14 @@ To do so, check for FS_VERITY_FL (0x00100000) in the returned flags.
|
|||||||
The verity flag is not settable via FS_IOC_SETFLAGS. You must use
|
The verity flag is not settable via FS_IOC_SETFLAGS. You must use
|
||||||
FS_IOC_ENABLE_VERITY instead, since parameters must be provided.
|
FS_IOC_ENABLE_VERITY instead, since parameters must be provided.
|
||||||
|
|
||||||
|
statx
|
||||||
|
-----
|
||||||
|
|
||||||
|
Since Linux v5.5, the statx() system call sets STATX_ATTR_VERITY if
|
||||||
|
the file has fs-verity enabled. This can perform better than
|
||||||
|
FS_IOC_GETFLAGS and FS_IOC_MEASURE_VERITY because it doesn't require
|
||||||
|
opening the file, and opening verity files can be expensive.
|
||||||
|
|
||||||
Accessing verity files
|
Accessing verity files
|
||||||
======================
|
======================
|
||||||
|
|
||||||
@@ -398,7 +406,7 @@ pages have been read into the pagecache. (See `Verifying data`_.)
|
|||||||
ext4
|
ext4
|
||||||
----
|
----
|
||||||
|
|
||||||
ext4 supports fs-verity since Linux TODO and e2fsprogs v1.45.2.
|
ext4 supports fs-verity since Linux v5.4 and e2fsprogs v1.45.2.
|
||||||
|
|
||||||
To create verity files on an ext4 filesystem, the filesystem must have
|
To create verity files on an ext4 filesystem, the filesystem must have
|
||||||
been formatted with ``-O verity`` or had ``tune2fs -O verity`` run on
|
been formatted with ``-O verity`` or had ``tune2fs -O verity`` run on
|
||||||
@@ -434,7 +442,7 @@ also only supports extent-based files.
|
|||||||
f2fs
|
f2fs
|
||||||
----
|
----
|
||||||
|
|
||||||
f2fs supports fs-verity since Linux TODO and f2fs-tools v1.11.0.
|
f2fs supports fs-verity since Linux v5.4 and f2fs-tools v1.11.0.
|
||||||
|
|
||||||
To create verity files on an f2fs filesystem, the filesystem must have
|
To create verity files on an f2fs filesystem, the filesystem must have
|
||||||
been formatted with ``-O verity``.
|
been formatted with ``-O verity``.
|
||||||
|
|||||||
@@ -536,7 +536,7 @@ struct fscrypt_mode {
|
|||||||
const char *cipher_str;
|
const char *cipher_str;
|
||||||
int keysize;
|
int keysize;
|
||||||
int ivsize;
|
int ivsize;
|
||||||
bool logged_impl_name;
|
int logged_impl_name;
|
||||||
enum blk_crypto_mode_num blk_crypto_mode;
|
enum blk_crypto_mode_num blk_crypto_mode;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -84,15 +84,13 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
|
|||||||
mode->cipher_str, PTR_ERR(tfm));
|
mode->cipher_str, PTR_ERR(tfm));
|
||||||
return tfm;
|
return tfm;
|
||||||
}
|
}
|
||||||
if (unlikely(!mode->logged_impl_name)) {
|
if (!xchg(&mode->logged_impl_name, 1)) {
|
||||||
/*
|
/*
|
||||||
* fscrypt performance can vary greatly depending on which
|
* fscrypt performance can vary greatly depending on which
|
||||||
* crypto algorithm implementation is used. Help people debug
|
* crypto algorithm implementation is used. Help people debug
|
||||||
* performance problems by logging the ->cra_driver_name the
|
* performance problems by logging the ->cra_driver_name the
|
||||||
* first time a mode is used. Note that multiple threads can
|
* first time a mode is used.
|
||||||
* race here, but it doesn't really matter.
|
|
||||||
*/
|
*/
|
||||||
mode->logged_impl_name = true;
|
|
||||||
pr_info("fscrypt: %s using implementation \"%s\"\n",
|
pr_info("fscrypt: %s using implementation \"%s\"\n",
|
||||||
mode->friendly_name,
|
mode->friendly_name,
|
||||||
crypto_skcipher_alg(tfm)->base.cra_driver_name);
|
crypto_skcipher_alg(tfm)->base.cra_driver_name);
|
||||||
|
|||||||
@@ -5816,12 +5816,15 @@ int ext4_getattr(const struct path *path, struct kstat *stat,
|
|||||||
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
||||||
if (flags & EXT4_NODUMP_FL)
|
if (flags & EXT4_NODUMP_FL)
|
||||||
stat->attributes |= STATX_ATTR_NODUMP;
|
stat->attributes |= STATX_ATTR_NODUMP;
|
||||||
|
if (flags & EXT4_VERITY_FL)
|
||||||
|
stat->attributes |= STATX_ATTR_VERITY;
|
||||||
|
|
||||||
stat->attributes_mask |= (STATX_ATTR_APPEND |
|
stat->attributes_mask |= (STATX_ATTR_APPEND |
|
||||||
STATX_ATTR_COMPRESSED |
|
STATX_ATTR_COMPRESSED |
|
||||||
STATX_ATTR_ENCRYPTED |
|
STATX_ATTR_ENCRYPTED |
|
||||||
STATX_ATTR_IMMUTABLE |
|
STATX_ATTR_IMMUTABLE |
|
||||||
STATX_ATTR_NODUMP);
|
STATX_ATTR_NODUMP |
|
||||||
|
STATX_ATTR_VERITY);
|
||||||
|
|
||||||
generic_fillattr(inode, stat);
|
generic_fillattr(inode, stat);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -738,11 +738,14 @@ int f2fs_getattr(const struct path *path, struct kstat *stat,
|
|||||||
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
||||||
if (flags & F2FS_NODUMP_FL)
|
if (flags & F2FS_NODUMP_FL)
|
||||||
stat->attributes |= STATX_ATTR_NODUMP;
|
stat->attributes |= STATX_ATTR_NODUMP;
|
||||||
|
if (IS_VERITY(inode))
|
||||||
|
stat->attributes |= STATX_ATTR_VERITY;
|
||||||
|
|
||||||
stat->attributes_mask |= (STATX_ATTR_APPEND |
|
stat->attributes_mask |= (STATX_ATTR_APPEND |
|
||||||
STATX_ATTR_ENCRYPTED |
|
STATX_ATTR_ENCRYPTED |
|
||||||
STATX_ATTR_IMMUTABLE |
|
STATX_ATTR_IMMUTABLE |
|
||||||
STATX_ATTR_NODUMP);
|
STATX_ATTR_NODUMP |
|
||||||
|
STATX_ATTR_VERITY);
|
||||||
|
|
||||||
generic_fillattr(inode, stat);
|
generic_fillattr(inode, stat);
|
||||||
|
|
||||||
|
|||||||
@@ -33,7 +33,8 @@ struct kstat {
|
|||||||
STATX_ATTR_IMMUTABLE | \
|
STATX_ATTR_IMMUTABLE | \
|
||||||
STATX_ATTR_APPEND | \
|
STATX_ATTR_APPEND | \
|
||||||
STATX_ATTR_NODUMP | \
|
STATX_ATTR_NODUMP | \
|
||||||
STATX_ATTR_ENCRYPTED \
|
STATX_ATTR_ENCRYPTED | \
|
||||||
|
STATX_ATTR_VERITY \
|
||||||
)/* Attrs corresponding to FS_*_FL flags */
|
)/* Attrs corresponding to FS_*_FL flags */
|
||||||
u64 ino;
|
u64 ino;
|
||||||
dev_t dev;
|
dev_t dev;
|
||||||
|
|||||||
@@ -167,8 +167,8 @@ struct statx {
|
|||||||
#define STATX_ATTR_APPEND 0x00000020 /* [I] File is append-only */
|
#define STATX_ATTR_APPEND 0x00000020 /* [I] File is append-only */
|
||||||
#define STATX_ATTR_NODUMP 0x00000040 /* [I] File is not to be dumped */
|
#define STATX_ATTR_NODUMP 0x00000040 /* [I] File is not to be dumped */
|
||||||
#define STATX_ATTR_ENCRYPTED 0x00000800 /* [I] File requires key to decrypt in fs */
|
#define STATX_ATTR_ENCRYPTED 0x00000800 /* [I] File requires key to decrypt in fs */
|
||||||
|
|
||||||
#define STATX_ATTR_AUTOMOUNT 0x00001000 /* Dir: Automount trigger */
|
#define STATX_ATTR_AUTOMOUNT 0x00001000 /* Dir: Automount trigger */
|
||||||
|
#define STATX_ATTR_VERITY 0x00100000 /* [I] Verity protected file */
|
||||||
|
|
||||||
|
|
||||||
#endif /* _UAPI_LINUX_STAT_H */
|
#endif /* _UAPI_LINUX_STAT_H */
|
||||||
|
|||||||
Reference in New Issue
Block a user