Re: [PATCH v5 3/3] fscrypt: add support for hardware-wrapped keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Mar 03, 2022 at 05:03:10PM -0800, Bart Van Assche wrote:
> On 2/27/22 23:05, Eric Biggers wrote:
> > diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h
> > index 9f4428be3e362..884c5bf526a05 100644
> > --- a/include/uapi/linux/fscrypt.h
> > +++ b/include/uapi/linux/fscrypt.h
> > @@ -20,6 +20,7 @@
> >   #define FSCRYPT_POLICY_FLAG_DIRECT_KEY		0x04
> >   #define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64	0x08
> >   #define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32	0x10
> > +#define FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY	0x20
> >   /* Encryption algorithms */
> >   #define FSCRYPT_MODE_AES_256_XTS		1
> > @@ -115,7 +116,7 @@ struct fscrypt_key_specifier {
> >    */
> >   struct fscrypt_provisioning_key_payload {
> >   	__u32 type;
> > -	__u32 __reserved;
> > +	__u32 flags;
> >   	__u8 raw[];
> >   };
> > @@ -124,7 +125,9 @@ struct fscrypt_add_key_arg {
> >   	struct fscrypt_key_specifier key_spec;
> >   	__u32 raw_size;
> >   	__u32 key_id;
> > -	__u32 __reserved[8];
> > +#define FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED			0x00000001
> > +	__u32 flags;
> > +	__u32 __reserved[7];
> >   	__u8 raw[];
> >   };
> 
> Is it allowed to use _Static_assert() in UAPI header files? There are
> already some static_assert() checks under include/linux to verify the size
> of certain data structures. gcc supports _Static_assert() since version 4.6.
> That is older than the minimum required gcc version to build the kernel.
> 

Are you requesting static assertions that verify that the size of each fscrypt
UAPI struct is a certain value?  Kernel UAPIs generally don't bother with that
sort of thing, but it does seem like a good idea.  I'll add them as a cleanup,
but it's orthogonal to this patch series.

To answer your direct question, I believe that _Static_assert generally can't be
used in UAPI header files, as it's a C11 feature and UAPI headers are included
by arbitrary userspace programs.  These assertions will need to be in
kernel-only code, either in a kernel-only file such as include/linux/fscrypt.h,
or in an #ifdef __KERNEL__ section of the UAPI header.  Also, the kernel already
conventionally uses BUILD_BUG_ON() for static assertions.

- Eric
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux