Commit e021986e authored by Richard Weinberger's avatar Richard Weinberger

ubifs: Implement UBIFS_FLG_ENCRYPTION

This feature flag indicates that the filesystem contains encrypted
files.
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent d63d61c1
...@@ -183,6 +183,7 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -183,6 +183,7 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
} }
case FS_IOC_SET_ENCRYPTION_POLICY: { case FS_IOC_SET_ENCRYPTION_POLICY: {
#ifdef CONFIG_UBIFS_FS_ENCRYPTION #ifdef CONFIG_UBIFS_FS_ENCRYPTION
struct ubifs_info *c = inode->i_sb->s_fs_info;
struct fscrypt_policy policy; struct fscrypt_policy policy;
if (copy_from_user(&policy, if (copy_from_user(&policy,
...@@ -190,6 +191,10 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -190,6 +191,10 @@ long ubifs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
sizeof(policy))) sizeof(policy)))
return -EFAULT; return -EFAULT;
err = ubifs_enable_encryption(c);
if (err)
return err;
err = fscrypt_process_policy(file, &policy); err = fscrypt_process_policy(file, &policy);
return err; return err;
......
...@@ -622,6 +622,16 @@ int ubifs_read_superblock(struct ubifs_info *c) ...@@ -622,6 +622,16 @@ int ubifs_read_superblock(struct ubifs_info *c)
c->big_lpt = !!(sup_flags & UBIFS_FLG_BIGLPT); c->big_lpt = !!(sup_flags & UBIFS_FLG_BIGLPT);
c->space_fixup = !!(sup_flags & UBIFS_FLG_SPACE_FIXUP); c->space_fixup = !!(sup_flags & UBIFS_FLG_SPACE_FIXUP);
c->double_hash = !!(sup_flags & UBIFS_FLG_DOUBLE_HASH); c->double_hash = !!(sup_flags & UBIFS_FLG_DOUBLE_HASH);
c->encrypted = !!(sup_flags & UBIFS_FLG_ENCRYPTION);
#ifndef CONFIG_UBIFS_FS_ENCRYPTION
if (c->encrypted) {
ubifs_err(c, "file system contains encrypted files but UBIFS"
" was built without crypto support.");
err = -EINVAL;
goto out;
}
#endif
/* Automatically increase file system size to the maximum size */ /* Automatically increase file system size to the maximum size */
c->old_leb_cnt = c->leb_cnt; c->old_leb_cnt = c->leb_cnt;
...@@ -809,3 +819,33 @@ int ubifs_fixup_free_space(struct ubifs_info *c) ...@@ -809,3 +819,33 @@ int ubifs_fixup_free_space(struct ubifs_info *c)
ubifs_msg(c, "free space fixup complete"); ubifs_msg(c, "free space fixup complete");
return err; return err;
} }
int ubifs_enable_encryption(struct ubifs_info *c)
{
int err;
struct ubifs_sb_node *sup;
if (c->encrypted)
return 0;
if (c->ro_mount || c->ro_media)
return -EROFS;
if (c->fmt_version < 5) {
ubifs_err(c, "on-flash format version 5 is needed for encryption");
return -EINVAL;
}
sup = ubifs_read_sb_node(c);
if (IS_ERR(sup))
return PTR_ERR(sup);
sup->flags |= cpu_to_le32(UBIFS_FLG_ENCRYPTION);
err = ubifs_write_sb_node(c, sup);
if (!err)
c->encrypted = 1;
kfree(sup);
return err;
}
...@@ -420,11 +420,13 @@ enum { ...@@ -420,11 +420,13 @@ enum {
* UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed * UBIFS_FLG_SPACE_FIXUP: first-mount "fixup" of free space within LEBs needed
* UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to * UBIFS_FLG_DOUBLE_HASH: store a 32bit cookie in directory entry nodes to
* support 64bit cookies for lookups by hash * support 64bit cookies for lookups by hash
* UBIFS_FLG_ENCRYPTION: this filesystem contains encrypted files
*/ */
enum { enum {
UBIFS_FLG_BIGLPT = 0x02, UBIFS_FLG_BIGLPT = 0x02,
UBIFS_FLG_SPACE_FIXUP = 0x04, UBIFS_FLG_SPACE_FIXUP = 0x04,
UBIFS_FLG_DOUBLE_HASH = 0x08, UBIFS_FLG_DOUBLE_HASH = 0x08,
UBIFS_FLG_ENCRYPTION = 0x10,
}; };
/** /**
......
...@@ -1007,6 +1007,7 @@ struct ubifs_debug_info; ...@@ -1007,6 +1007,7 @@ struct ubifs_debug_info;
* @big_lpt: flag that LPT is too big to write whole during commit * @big_lpt: flag that LPT is too big to write whole during commit
* @space_fixup: flag indicating that free space in LEBs needs to be cleaned up * @space_fixup: flag indicating that free space in LEBs needs to be cleaned up
* @double_hash: flag indicating that we can do lookups by hash * @double_hash: flag indicating that we can do lookups by hash
* @encrypted: flag indicating that this file system contains encrypted files
* @no_chk_data_crc: do not check CRCs when reading data nodes (except during * @no_chk_data_crc: do not check CRCs when reading data nodes (except during
* recovery) * recovery)
* @bulk_read: enable bulk-reads * @bulk_read: enable bulk-reads
...@@ -1250,6 +1251,7 @@ struct ubifs_info { ...@@ -1250,6 +1251,7 @@ struct ubifs_info {
unsigned int big_lpt:1; unsigned int big_lpt:1;
unsigned int space_fixup:1; unsigned int space_fixup:1;
unsigned int double_hash:1; unsigned int double_hash:1;
unsigned int encrypted:1;
unsigned int no_chk_data_crc:1; unsigned int no_chk_data_crc:1;
unsigned int bulk_read:1; unsigned int bulk_read:1;
unsigned int default_compr:2; unsigned int default_compr:2;
...@@ -1649,6 +1651,7 @@ int ubifs_read_superblock(struct ubifs_info *c); ...@@ -1649,6 +1651,7 @@ int ubifs_read_superblock(struct ubifs_info *c);
struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c); struct ubifs_sb_node *ubifs_read_sb_node(struct ubifs_info *c);
int ubifs_write_sb_node(struct ubifs_info *c, struct ubifs_sb_node *sup); int ubifs_write_sb_node(struct ubifs_info *c, struct ubifs_sb_node *sup);
int ubifs_fixup_free_space(struct ubifs_info *c); int ubifs_fixup_free_space(struct ubifs_info *c);
int ubifs_enable_encryption(struct ubifs_info *c);
/* replay.c */ /* replay.c */
int ubifs_validate_entry(struct ubifs_info *c, int ubifs_validate_entry(struct ubifs_info *c,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment