aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* ext4 crypto: release crypto resource on module exitChao Yu2017-05-271-0/+1
| | | | | | | | | Crypto resource should be released when ext4 module exits, otherwise it will cause memory leak. Change-Id: Ie298e73bd766768707a7af440691ce2f418f5acc Signed-off-by: Chao Yu <chao2.yu@samsung.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* ext4 crypto: handle unexpected lack of encryption keysTheodore Ts'o2017-05-273-9/+14
| | | | | | | | Fix up attempts by users to try to write to a file when they don't have access to the encryption key. Change-Id: Iabdd438b26b409eaccf9c847fcf9c3ab52f1959e Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* ext4 crypto: allocate the right amount of memory for the on-disk symlinkTheodore Ts'o2017-05-273-21/+37
| | | | | | | | | | Previously we were taking the required padding when allocating space for the on-disk symlink. This caused a buffer overrun which could trigger a krenel crash when running fsstress. Change-Id: I4e05ff207748192036de58bc5af91ae4c357b5b4 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: clean up error handling in ext4_fname_setup_filenameTheodore Ts'o2017-05-271-19/+16
| | | | | | | | | | Fix a potential memory leak where fname->crypto_buf.name wouldn't get freed in some error paths, and also make the error handling easier to understand/audit. Change-Id: I251041ff2df61dcc2a818539783cfc0de2e2933a Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: policies may only be set on directoriesTheodore Ts'o2017-05-271-0/+2
| | | | | | | | | Thanks to Chao Yu <chao2.yu@samsung.com> for pointing out we were missing this check. Change-Id: I823edbeddf6cc5086e4d17262d7c497368b1acb7 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: enforce crypto policy restrictions on cross-renamesTheodore Ts'o2017-05-271-0/+9
| | | | | | | | | Thanks to Chao Yu <chao2.yu@samsung.com> for pointing out the need for this check. Change-Id: I957a4e4be043582972d3c8799f18826fc136d567 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: encrypt tmpfile located in encryption protected directoryTheodore Ts'o2017-05-273-34/+30
| | | | | | | | | | | | | Factor out calls to ext4_inherit_context() and move them to __ext4_new_inode(); this fixes a problem where ext4_tmpfile() wasn't calling calling ext4_inherit_context(), so the temporary file wasn't getting protected. Since the blocks for the tmpfile could end up on disk, they really should be protected if the tmpfile is created within the context of an encrypted directory. Change-Id: I05e04109aa38878aba970d537de0316326a96fe1 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: make sure the encryption info is initialized on opendir(2)Theodore Ts'o2017-05-271-0/+8
| | | | | | Change-Id: Ie78f2f807c0b3bc5959d2b601f18826f2658984d Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: set up encryption info for new inodes in ext4_inherit_context()Theodore Ts'o2017-05-271-0/+1
| | | | | | | | | | Set up the encryption information for newly created inodes immediately after they inherit their encryption context from their parent directories. Change-Id: Ie2a48cde918eaf8ad978a8a698de24627b363955 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: fix memory leaks in ext4_encrypted_zerooutTheodore Ts'o2017-05-271-31/+31
| | | | | | | | | | ext4_encrypted_zeroout() could end up leaking a bio and bounce page. Fortunately it's not used much. While we're fixing things up, refactor out common code into the static function alloc_bounce_page(). Change-Id: I44023c01de7ec97ad43bfa85cd7d3b97b22ee0c0 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: use per-inode tfm structureTheodore Ts'o2017-05-279-156/+96
| | | | | | | | | | | | | | | As suggested by Herbert Xu, we shouldn't allocate a new tfm each time we read or write a page. Instead we can use a single tfm hanging off the inode's crypt_info structure for all of our encryption needs for that inode, since the tfm can be used by multiple crypto requests in parallel. Also use cmpxchg() to avoid races that could result in crypt_info structure getting doubly allocated or doubly freed. Change-Id: I4ae5c07d0e5d99ec1e26eeb49d833c4a284d9a5f Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: require CONFIG_CRYPTO_CTR if ext4 encryption is enabledTheodore Ts'o2017-05-271-0/+1
| | | | | | | | | On arm64 this is apparently needed for CTS mode to function correctly. Otherwise attempts to use CTS return ENOENT. Change-Id: I3f597f5f88e806dbeed75a7123c3d6bb7e608350 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@google.com>
* ext4 crypto: shrink size of the ext4_crypto_ctx structureTheodore Ts'o2017-05-274-34/+30
| | | | | | | | | | | Some fields are only used when the crypto_ctx is being used on the read path, some are only used on the write path, and some are only used when the structure is on free list. Optimize memory use by using a union. Change-Id: I66de766a0f1122463edf3280ff0c2923be2472b8 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@google.com>
* ext4 crypto: get rid of ci_mode from struct ext4_crypt_infoTheodore Ts'o2017-05-274-15/+12
| | | | | | | | | The ci_mode field was superfluous, and getting rid of it gets rid of an unused hole in the structure. Change-Id: I0f4c38a1162fa9c6da8a3529b7477ff5560c21df Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@google.com>
* ext4 crypto: use slab cachesTheodore Ts'o2017-05-273-34/+39
| | | | | | | | | Use slab caches the ext4_crypto_ctx and ext4_crypt_info structures for slighly better memory efficiency and debuggability. Change-Id: If47986e2e29fa181d113864dcd9d1cae79c72639 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@google.com>
* ext4: clean up superblock encryption mode fieldsTheodore Ts'o2017-05-274-32/+7
| | | | | | | | | | | | | The superblock fields s_file_encryption_mode and s_dir_encryption_mode are vestigal, so remove them as a cleanup. While we're at it, allow file systems with both encryption and inline_data enabled at the same time to work correctly. We can't have encrypted inodes with inline data, but there's no reason to prohibit unencrypted inodes from using the inline data feature. Change-Id: Ia90b7e24bcf9ebabef529b710d70bd8ba71a17a4 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: "Theodore Ts'o" <tytso@google.com>
* ext4 crypto: reorganize how we store keys in the inodeTheodore Ts'o2017-05-2711-346/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a pretty massive patch which does a number of different things: 1) The per-inode encryption information is now stored in an allocated data structure, ext4_crypt_info, instead of directly in the node. This reduces the size usage of an in-memory inode when it is not using encryption. 2) We drop the ext4_fname_crypto_ctx entirely, and use the per-inode encryption structure instead. This remove an unnecessary memory allocation and free for the fname_crypto_ctx as well as allowing us to reuse the ctfm in a directory for multiple lookups and file creations. 3) We also cache the inode's policy information in the ext4_crypt_info structure so we don't have to continually read it out of the extended attributes. 4) We now keep the keyring key in the inode's encryption structure instead of releasing it after we are done using it to derive the per-inode key. This allows us to test to see if the key has been revoked; if it has, we prevent the use of the derived key and free it. 5) When an inode is released (or when the derived key is freed), we will use memset_explicit() to zero out the derived key, so it's not left hanging around in memory. This implies that when a user logs out, it is important to first revoke the key, and then unlink it, and then finally, to use "echo 3 > /proc/sys/vm/drop_caches" to release any decrypted pages and dcache entries from the system caches. 6) All this, and we also shrink the number of lines of code by around 100. :-) Change-Id: I948f7844d425c0ce616f800446ecb0b6bea686f8 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: separate kernel and userspace structure for the keyTheodore Ts'o2017-05-276-48/+43
| | | | | | | | | | | | | | | Use struct ext4_encryption_key only for the master key passed via the kernel keyring. For internal kernel space users, we now use struct ext4_crypt_info. This will allow us to put information from the policy structure so we can cache it and avoid needing to constantly looking up the extended attribute. We will do this in a spearate patch. This patch is mostly mechnical to make it easier for patch review. Change-Id: I208472675d0550df5f60b3b58652a9a1b434caed Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: don't allocate a page when encrypting/decrypting file namesTheodore Ts'o2017-05-275-54/+28
| | | | | | Change-Id: Ib0deff3a9aff318d8f2be6b4a550168d4771ccc2 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: optimize filename encryptionTheodore Ts'o2017-05-274-313/+230
| | | | | | | | | | | | | | | | Encrypt the filename as soon it is passed in by the user. This avoids our needing to encrypt the filename 2 or 3 times while in the process of creating a filename. Similarly, when looking up a directory entry, encrypt the filename early, or if the encryption key is not available, base-64 decode the file syystem so that the hash value and the last 16 bytes of the encrypted filename is available in the new struct ext4_filename data structure. Change-Id: Ia76a5e51770840c57a53180cd89476f2e9b8c966 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add padding to filenames before encryptingTheodore Ts'o2017-05-275-8/+31
| | | | | | | | | | | | This obscures the length of the filenames, to decrease the amount of information leakage. By default, we pad the filenames to the next 4 byte boundaries. This costs nothing, since the directory entries are aligned to 4 byte boundaries anyway. Filenames can also be padded to 8, 16, or 32 bytes, which will consume more directory space. Change-Id: I2d4ab2b76797ab93fada683f405e3876e0cff9dc Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: simplify and speed up filename encryptionTheodore Ts'o2017-05-275-204/+149
| | | | | | | | | | Avoid using SHA-1 when calculating the user-visible filename when the encryption key is available, and avoid decrypting lots of filenames when searching for a directory entry in a directory block. Change-Id: Ifff4c07a80740112e2e984d2da3105e2fe41ab68 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: sync up the mainline 4.1-rc1 mergeTheodore Ts'o2017-05-275-15/+16
| | | | | | | | | | | | There were some last minute changes that weren't reflected in the ext4 crypto patches that we were syncing with flounder. They were mostly whitespace changes, plus an error handling bugfix if there was a normal (non-crypto-related) bugs when adding a directory entry to an inode while creating a file. Change-Id: I01e1f8ee07aef2f826a27efcbfa85a825000f2bc Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4: make fsync to sync parent dir in no-journal for real this timeTheodore Ts'o2017-05-271-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry picked from commit e12fb97222fc41e8442896934f76d39ef99b590a) (needed to avoid patch conflicts with further ext4 crypto patches) Previously commit 14ece1028b3ed53ffec1b1213ffc6acaf79ad77c added a support for for syncing parent directory of newly created inodes to make sure that the inode is not lost after a power failure in no-journal mode. However this does not work in majority of cases, namely: - if the directory has inline data - if the directory is already indexed - if the directory already has at least one block and: - the new entry fits into it - or we've successfully converted it to indexed So in those cases we might lose the inode entirely even after fsync in the no-journal mode. This also includes ext2 default mode obviously. I've noticed this while running xfstest generic/321 and even though the test should fail (we need to run fsck after a crash in no-journal mode) I could not find a newly created entries even when if it was fsynced before. Fix this by adjusting the ext4_add_entry() successful exit paths to set the inode EXT4_STATE_NEWENTRY so that fsync has the chance to fsync the parent directory as well. Change-Id: I742fb1c5304986cb990352a2471186bcd2c77ceb Signed-off-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz> Cc: Frank Mayhar <fmayhar@google.com> Cc: stable@vger.kernel.org Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: enable encryption feature flagTheodore Ts'o2017-05-276-24/+79
| | | | | | | | | | Also add the test dummy encryption mode flag so we can more easily test the encryption patches using xfstests. Change-Id: Iaae44110ab5870e5da60aca76197828f0ebc139b Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: Add symlink encryptionTheodore Ts'o2017-05-275-23/+184
| | | | | | | Change-Id: Iea4299ef61fb5493db679115d75534474785bb78 Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: enable filename encryptionMichael Halcrow2017-05-272-17/+68
| | | | | | | | | Change-Id: Ic3ee64ce59dc349944acc5cf0140c89796009c7f Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: filename encryption modificationsMichael Halcrow2017-05-271-44/+204
| | | | | | | | | | | | | Modifies htree_dirblock_to_tree, dx_make_map, ext4_match search_dir, and ext4_find_dest_de to support fname crypto. Filename encryption feature is not yet enabled at this patch. Change-Id: Icd1089bd7762de78341b75fb501770f16d7b018d Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: partial update to namei.c for fname cryptoMichael Halcrow2017-05-271-8/+101
| | | | | | | | | | | | Modifies dx_show_leaf and dx_probe to support fname encryption. Filename encryption not yet enabled. Change-Id: I1787ba58fc6a8cfff83e59f4b00829030cb95e42 Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: insert encrypted filenames into a leaf directory blockMichael Halcrow2017-05-273-13/+79
| | | | | | | | | Change-Id: Idc42ab8360930e42d7a6999215f9016412298b66 Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: teach ext4_htree_store_dirent() to store decrypted filenamesTheodore Ts'o2017-05-274-13/+35
| | | | | | | | | | For encrypted directories, we need to pass in a separate parameter for the decrypted filename, since the directory entry contains the encrypted filename. Change-Id: I7290eb0979d9e9d9d65ee07bbf11223b3382394f Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: filename encryption facilitiesMichael Halcrow2017-05-275-1/+779
| | | | | | | | | Change-Id: I3747c17790c296dbef4ee8d8d4405796ef462aa8 Signed-off-by: Uday Savagaonkar <savagaon@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: implement the ext4 decryption read pathMichael Halcrow2017-05-273-3/+88
| | | | | | | | Change-Id: I66c32c7fa9ad6269f3ea929d773a2b35bccb2290 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: implement the ext4 encryption write pathMichael Halcrow2017-05-274-6/+173
| | | | | | | | | | | | Pulls block_write_begin() into fs/ext4/inode.c because it might need to do a low-level read of the existing data, in which case we need to decrypt it. Change-Id: If317411eb54d5fb8d0b5570289e2cbefe78b389d Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: inherit encryption policies on inode and directory createMichael Halcrow2017-05-271-1/+19
| | | | | | | Change-Id: I117081ed17bd60e76b3bc938daf1404ceffb94c2 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: enforce context consistencyTheodore Ts'o2017-05-271-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enforce the following inheritance policy: 1) An unencrypted directory may contain encrypted or unencrypted files or directories. 2) All files or directories in a directory must be protected using the same key as their containing directory. As a result, assuming the following setup: mke2fs -t ext4 -Fq -O encrypt /dev/vdc mount -t ext4 /dev/vdc /vdc mkdir /vdc/a /vdc/b /vdc/c echo foo | e4crypt add_key /vdc/a echo bar | e4crypt add_key /vdc/b for i in a b c ; do cp /etc/motd /vdc/$i/motd-$i ; done Then we will see the following results: cd /vdc mv a b # will fail; /vdc/a and /vdc/b have different keys mv b/motd-b a # will fail, see above ln a/motd-a b # will fail, see above mv c a # will fail; all inodes in an encrypted directory # must be encrypted ln c/motd-c b # will fail, see above mv a/motd-a c # will succeed mv c/motd-a a # will succeed Change-Id: I5a7ff5cbec6258855402d579f994f381b8779e2c Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add encryption key management facilitiesMichael Halcrow2017-05-274-1/+179
| | | | | | | | Change-Id: I4e59c73febff7041c9db6c58c775413e2f5bd0e8 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Ildar Muslukhov <muslukhovi@gmail.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add ext4 encryption facilitiesMichael Halcrow2017-05-276-1/+682
| | | | | | | | | | | | | | | | | | | | | | On encrypt, we will re-assign the buffer_heads to point to a bounce page rather than the control_page (which is the original page to write that contains the plaintext). The block I/O occurs against the bounce page. On write completion, we re-assign the buffer_heads to the original plaintext page. On decrypt, we will attach a read completion callback to the bio struct. This read completion will decrypt the read contents in-place prior to setting the page up-to-date. The current encryption mode, AES-256-XTS, lacks cryptographic integrity. AES-256-GCM is in-plan, but we will need to devise a mechanism for handling the integrity data. Change-Id: I6e0569c9f19a82c75f4b545ad04ff7fdd1908d74 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Ildar Muslukhov <ildarm@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add encryption policy and password salt supportMichael Halcrow2017-05-275-0/+317
| | | | | | | | Change-Id: I1a48fadd5f5ab6188ee93709a9c86ac75da2c220 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Ildar Muslukhov <muslukhovi@gmail.com> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add encryption xattr supportMichael Halcrow2017-05-271-0/+3
| | | | | | | Change-Id: I8ab9c1e751751e27ad3075b70bf792d141c96236 Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: export ext4_empty_dir()Michael Halcrow2017-05-272-5/+7
| | | | | | | | | Required for future encryption xattr changes. Change-Id: I40325ae4d7509104e1482d3404ebc6d43e678b6a Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add ext4 encryption KconfigTheodore Ts'o2017-05-271-0/+17
| | | | | | | Change-Id: I343b76ce9c2a2f5cd887db3f0ff2c9dee329c15f Signed-off-by: Michael Halcrow <mhalcrow@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: reserve codepoints used by the ext4 encryption featureTheodore Ts'o2017-05-271-6/+19
| | | | | | Change-Id: I729993a48b2acd13449b8e7625d8c640905a8974 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4 crypto: add ext4_mpage_readpages()Theodore Ts'o2017-05-274-3/+271
| | | | | | | | | | This takes code from fs/mpage.c and optimizes it for ext4. Its primary reason is to allow us to more easily add encryption to ext4's read path in an efficient manner. Change-Id: I7d3a27c9768c1487dd374754b40ea6fe64589593 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* Add missing definitions for PTR_ERR_OR_ZERO() and NEED_KEY_SEARCHTheodore Ts'o2017-05-272-0/+12
| | | | | | | | These definitions are needed for the ext4 encryption patches Change-Id: Ib4254abadaeaf234f8539834f481c24dc93233eb Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Theodore Ts'o <tytso@google.com>
* ext4: Add support for FIDTRIM, a best-effort ioctl for deep discard trimJP Abgrall2017-05-273-12/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (This is a re-application of commit 687f999e1fbd3b553bccbd7f52996ae56c5e327e applied to the ext4 file system code as of 3.18.) * What This provides an interface for issuing an FITRIM which uses the secure discard instead of just a discard. Only the eMMC command is "secure", and not how the FS uses it: due to the fact that the FS might reassign a region somewhere else, the original deleted data will not be affected by the "trim" which only handles un-used regions. So we'll just call it "deep discard", and note that this is a "best effort" cleanup. * Why Once in a while, We want to be able to cleanup most of the unused blocks after erasing a bunch of files. We don't want to constantly secure-discard via a mount option. From an eMMC spec perspective, it tells the device to really get rid of all the data for the specified blocks and not just put them back into the pool of free ones (unlike the normal TRIM). The eMMC spec says the secure trim handling must make sure the data (and metadata) is not available anymore. A simple TRIM doesn't clear the data, it just puts blocks in the free pool. JEDEC Standard No. 84-A441 7.6.9 Secure Erase 7.6.10 Secure Trim From an FS perspective, it is acceptable to leave some data behind. - directory entries related to deleted files - databases entries related to deleted files - small-file data stored in inode extents - blocks held by the FS waiting to be re-used (mitigated by sync). - blocks reassigned by the FS prior to FIDTRIM. Change-Id: I687f999e1fbd3b553bccbd7f52996ae56c5e327e Signed-off-by: Geremy Condra <gcondra@google.com> Signed-off-by: JP Abgrall <jpa@google.com>
* ext4: use old legacy direct I/O interface for 3.18 backportTheodore Ts'o2017-05-273-15/+20
| | | | Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* non-ext4 portions of "direct-io: Implement generic deferred AIO completions"Theodore Ts'o2017-05-277-60/+91
| | | | | | Originally from 7b7a8665edd8db73 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* ext4: revert to old read/write/aio interface for 3.18 backportTheodore Ts'o2017-05-271-5/+176
| | | | Signed-off-by: Theodore Ts'o <tytso@mit.edu>
* ext4: remove tmpfile, rename2, set_acl operations for 3.18 backportTheodore Ts'o2017-05-271-12/+19
| | | | | | Also switch to the rename operation. Signed-off-by: Theodore Ts'o <tytso@mit.edu>
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-21 22:36:32 +0000