From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org, kernel-team@fb.com,
ebiggers@kernel.org, linux-fscrypt@vger.kernel.org,
ngompa13@gmail.com
Cc: Omar Sandoval <osandov@osandov.com>,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH 15/35] btrfs: implement fscrypt ioctls
Date: Tue, 26 Sep 2023 14:01:41 -0400 [thread overview]
Message-ID: <9faf5ac92793fa1459aded3c23076c667f404f29.1695750478.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1695750478.git.josef@toxicpanda.com>
From: Omar Sandoval <osandov@osandov.com>
These ioctls allow encryption to actually be used.
The set_encryption_policy ioctl is the thing which actually turns on
encryption, and therefore sets the ENCRYPT flag in the superblock. This
prevents the filesystem from being loaded on older kernels.
fscrypt provides CONFIG_FS_ENCRYPTION-disabled versions of all these
functions which just return -EOPNOTSUPP, so the ioctls don't need to be
compiled out if CONFIG_FS_ENCRYPTION isn't enabled.
We could instead gate this ioctl on the superblock having the flag set,
if we wanted to require mkfs with the encrypt flag in order to have a
filesystem with any encryption.
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
fs/btrfs/ioctl.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index ae674c823d14..ddc2d2c7fc7f 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4587,6 +4587,34 @@ long btrfs_ioctl(struct file *file, unsigned int
return btrfs_ioctl_get_fslabel(fs_info, argp);
case FS_IOC_SETFSLABEL:
return btrfs_ioctl_set_fslabel(file, argp);
+ case FS_IOC_SET_ENCRYPTION_POLICY: {
+ if (!IS_ENABLED(CONFIG_FS_ENCRYPTION))
+ return -EOPNOTSUPP;
+ if (sb_rdonly(fs_info->sb))
+ return -EROFS;
+ /*
+ * If we crash before we commit, nothing encrypted could have
+ * been written so it doesn't matter whether the encrypted
+ * state persists.
+ */
+ btrfs_set_fs_incompat(fs_info, ENCRYPT);
+ return fscrypt_ioctl_set_policy(file, (const void __user *)arg);
+ }
+ case FS_IOC_GET_ENCRYPTION_POLICY:
+ return fscrypt_ioctl_get_policy(file, (void __user *)arg);
+ case FS_IOC_GET_ENCRYPTION_POLICY_EX:
+ return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg);
+ case FS_IOC_ADD_ENCRYPTION_KEY:
+ return fscrypt_ioctl_add_key(file, (void __user *)arg);
+ case FS_IOC_REMOVE_ENCRYPTION_KEY:
+ return fscrypt_ioctl_remove_key(file, (void __user *)arg);
+ case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
+ return fscrypt_ioctl_remove_key_all_users(file,
+ (void __user *)arg);
+ case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
+ return fscrypt_ioctl_get_key_status(file, (void __user *)arg);
+ case FS_IOC_GET_ENCRYPTION_NONCE:
+ return fscrypt_ioctl_get_nonce(file, (void __user *)arg);
case FITRIM:
return btrfs_ioctl_fitrim(fs_info, argp);
case BTRFS_IOC_SNAP_CREATE:
--
2.41.0
next prev parent reply other threads:[~2023-09-26 18:03 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-26 18:01 [PATCH 00/35] btrfs: add fscrypt support Josef Bacik
2023-09-26 18:01 ` [PATCH 01/35] fscrypt: rename fscrypt_info => fscrypt_inode_info Josef Bacik
2023-09-26 18:01 ` [PATCH 02/35] fscrypt: add per-extent encryption support Josef Bacik
2023-09-26 18:01 ` [PATCH 03/35] fscrypt: disable all but standard v2 policies for extent encryption Josef Bacik
2023-09-26 18:01 ` [PATCH 04/35] blk-crypto: add a process bio callback Josef Bacik
2023-09-26 18:01 ` [PATCH 05/35] fscrypt: expose fscrypt_nokey_name Josef Bacik
2023-09-26 18:01 ` [PATCH 06/35] fscrypt: add documentation about extent encryption Josef Bacik
2023-09-26 18:01 ` [PATCH 07/35] btrfs: add infrastructure for safe em freeing Josef Bacik
2023-09-26 18:01 ` [PATCH 08/35] btrfs: disable various operations on encrypted inodes Josef Bacik
2023-09-26 18:01 ` [PATCH 09/35] btrfs: disable verity " Josef Bacik
2023-09-26 18:01 ` [PATCH 10/35] btrfs: start using fscrypt hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 11/35] btrfs: add inode encryption contexts Josef Bacik
2023-09-26 18:01 ` [PATCH 12/35] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Josef Bacik
2023-09-26 18:01 ` [PATCH 13/35] btrfs: adapt readdir for encrypted and nokey names Josef Bacik
2023-09-26 18:01 ` [PATCH 14/35] btrfs: handle " Josef Bacik
2023-09-26 18:01 ` Josef Bacik [this message]
2023-09-26 18:01 ` [PATCH 16/35] btrfs: add encryption to CONFIG_BTRFS_DEBUG Josef Bacik
2023-09-26 18:01 ` [PATCH 17/35] btrfs: add get_devices hook for fscrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 18/35] btrfs: turn on inlinecrypt mount option for encrypt Josef Bacik
2023-09-26 18:01 ` [PATCH 19/35] btrfs: set file extent encryption excplicitly Josef Bacik
2023-09-26 18:01 ` [PATCH 20/35] btrfs: add fscrypt_info and encryption_type to extent_map Josef Bacik
2023-09-26 18:01 ` [PATCH 21/35] btrfs: add fscrypt_info and encryption_type to ordered_extent Josef Bacik
2023-09-26 18:01 ` [PATCH 22/35] btrfs: plumb through setting the fscrypt_info for ordered extents Josef Bacik
2023-09-26 18:01 ` [PATCH 23/35] btrfs: populate the ordered_extent with the fscrypt context Josef Bacik
2023-09-26 18:01 ` [PATCH 24/35] btrfs: keep track of fscrypt info and orig_start for dio reads Josef Bacik
2023-09-26 18:01 ` [PATCH 25/35] btrfs: add an optional encryption context to the end of file extents Josef Bacik
2023-09-26 18:01 ` [PATCH 26/35] btrfs: explicitly track file extent length for replace and drop Josef Bacik
2023-09-26 18:01 ` [PATCH 27/35] btrfs: pass through fscrypt_extent_info to the file extent helpers Josef Bacik
2023-09-26 18:01 ` [PATCH 28/35] btrfs: pass the fscrypt_info through the replace extent infrastructure Josef Bacik
2023-09-26 18:01 ` [PATCH 29/35] btrfs: implement the fscrypt extent encryption hooks Josef Bacik
2023-09-26 18:01 ` [PATCH 30/35] btrfs: setup fscrypt_extent_info for new extents Josef Bacik
2023-09-26 18:01 ` [PATCH 31/35] btrfs: populate ordered_extent with the orig offset Josef Bacik
2023-09-26 18:01 ` [PATCH 32/35] btrfs: set the bio fscrypt context when applicable Josef Bacik
2023-09-26 18:01 ` [PATCH 33/35] btrfs: add a bio argument to btrfs_csum_one_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 34/35] btrfs: add orig_logical to btrfs_bio Josef Bacik
2023-09-26 18:02 ` [PATCH 35/35] btrfs: implement process_bio cb for fscrypt Josef Bacik
2023-10-04 20:57 [PATCH 13/35] btrfs: adapt readdir for encrypted and nokey names kernel test robot
2023-10-07 1:15 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9faf5ac92793fa1459aded3c23076c667f404f29.1695750478.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=ebiggers@kernel.org \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=ngompa13@gmail.com \
--cc=osandov@osandov.com \
--cc=sweettea-kernel@dorminy.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.