In order to have a common code base for fscrypt & fsverity "post read"
processing across filesystems which implement fscrypt/fsverity, this
commit removes filesystem specific build config option
(CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY,
CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and
CONFIG_UBIFS_FS_ENCRYPTION) and replaces it with build options
(CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY) whose values affect all
the filesystems making use of fscrypt and fsverity.
Since I have access to only to x86 and ppc64le machines, I haven't
tested the defconfig files for other architectures.
Changelog:
V4 -> V5:
1. UBIFS: Do not select CONFIG_BLOCK if CONFIG_FS_ENCRYPTION is enabled. This
fixes the "Kconfig recursive dependency" issue seen on IA64.
2. Include fixes for fsverity_file_open() & fsverity_prepare_setattr() provided
by Eric. These fixes now allow opening of non-fsverity files on fsverity
enabled Ext4/F2FS to succeed.
V3 -> V4:
1. For non-fsverity supported kernels, return success when fsverity_file_open()
is invoked for non-fsverity files.
V2 -> V3:
1. Remove unnecessary line breaks.
2. Remove the definition of f2fs_encrypted_inode().
3. Fix Kconfig dependencies for fscrypt w.r.t F2FS and UBIFS. If F2FS is enabled
in the kernel build configuration, F2FS_FS_XATTR is selected if FS_ENCRYPTION
is enabled. Similarly, if UBIFS is enabled in the kernel build configuration,
UBIFS_FS_XATTR and BLOCK is selected if FS_ENCRYPTION is enabled.
4. Two new patches have been added to move verity status check to
fsverity_file_open() and fsverity_prepare_setattr().
5. For patch "f2fs: use IS_VERITY() to check inode's fsverity status", the
acked-by tag given by Chao Yu has been removed since I added an invocation to
f2fs_set_inode_flags() inside f2fs_set_verity(). This is needed to have
S_VERITY flag set on the corresponding VFS inode.
V1 -> V2:
1. Address the following review comments provided by Eric Biggers,
- In ext4_should_use_dax(), Use ext4_test_inode_flag() to check for
fscrypt/fsverity status of an inode.
- Update documentation associated with fscrypt & fsverity to refer to
CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags.
- Remove filesystem specific fscrypt build configuration from defconfig
files.
- Provide a list of supported filesystems for CONFIG_FS_ENCRYPTION and
CONFIG_FS_VERITY build flags.
- Update comment describing S_VERITY flag.
2. Remove UBIFS specific encryption build option and make use of the generic
CONFIG_FS_ENCRYPTION flag.
RFC -> V1:
1. Add a new patch to implement S_VERITY/IS_VERITY().
2. Split code that replaces filesystem specific routines with generic
IS_ENCRYPTED() and IS_VERITY() calls into separate patches.
Chandan Rajendra (9):
ext4: use IS_ENCRYPTED() to check encryption status
f2fs: use IS_ENCRYPTED() to check encryption status
fscrypt: remove filesystem specific build config option
Add S_VERITY and IS_VERITY()
ext4: use IS_VERITY() to check inode's fsverity status
f2fs: use IS_VERITY() to check inode's fsverity status
fsverity: Remove filesystem specific build config option
fsverity: Move verity status check to fsverity_file_open
fsverity: Move verity status check to fsverity_prepare_setattr
Documentation/filesystems/fscrypt.rst | 4 +-
Documentation/filesystems/fsverity.rst | 4 +-
arch/mips/configs/generic_defconfig | 2 +-
arch/nds32/configs/defconfig | 2 +-
arch/s390/configs/debug_defconfig | 2 +-
arch/s390/configs/performance_defconfig | 2 +-
fs/crypto/Kconfig | 5 +-
fs/crypto/fscrypt_private.h | 1 -
fs/ext4/Kconfig | 35 --
fs/ext4/dir.c | 10 +-
fs/ext4/ext4.h | 23 +-
fs/ext4/ext4_jbd2.h | 2 +-
fs/ext4/extents.c | 4 +-
fs/ext4/file.c | 8 +-
fs/ext4/ialloc.c | 2 +-
fs/ext4/inode.c | 40 ++-
fs/ext4/ioctl.c | 4 +-
fs/ext4/move_extent.c | 3 +-
fs/ext4/namei.c | 18 +-
fs/ext4/page-io.c | 9 +-
fs/ext4/readpage.c | 10 +-
fs/ext4/super.c | 13 +-
fs/ext4/sysfs.c | 8 +-
fs/f2fs/Kconfig | 32 +-
fs/f2fs/data.c | 6 +-
fs/f2fs/dir.c | 10 +-
fs/f2fs/f2fs.h | 23 +-
fs/f2fs/file.c | 28 +-
fs/f2fs/inode.c | 8 +-
fs/f2fs/namei.c | 6 +-
fs/f2fs/super.c | 15 +-
fs/f2fs/sysfs.c | 8 +-
fs/ubifs/Kconfig | 12 +-
fs/ubifs/Makefile | 2 +-
fs/ubifs/ioctl.c | 4 +-
fs/ubifs/sb.c | 2 +-
fs/ubifs/super.c | 2 +-
fs/ubifs/ubifs.h | 5 +-
fs/verity/Kconfig | 3 +-
fs/verity/fsverity_private.h | 1 -
fs/verity/setup.c | 32 +-
include/linux/fs.h | 10 +-
include/linux/fscrypt.h | 416 +++++++++++++++++++++++-
include/linux/fscrypt_notsupp.h | 231 -------------
include/linux/fscrypt_supp.h | 204 ------------
include/linux/fsverity.h | 57 +++-
46 files changed, 598 insertions(+), 730 deletions(-)
delete mode 100644 include/linux/fscrypt_notsupp.h
delete mode 100644 include/linux/fscrypt_supp.h
--
2.19.1
