* [RFC PATCH v4 0/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
@ 2018-03-09 7:53 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: miaoxie, linux-f2fs-devel, linux-fscrypt
v4->v3:
* split f2fs patch into 2: one for LOST_FOUND feature, another for
test_dummy_encryption
* do not set enc_name if dir is not encrypted
* do not allow mounting with test_dummy_encryption if encrypt feature
is not set
v3->v2:
* fix test_dummy_encryption
v2->v1:
* introduce new mount option test_dummy_encryption
* add sysfs entry for LOST_FOUND feature
---8<---
This patchset introduces LOST_FOUND feature in f2fs. If the feature is
enabled, f2fs should avoid to encrypt root directory.
A new mount option "test_dummy_encryption" is introduced, this is used by
xfstests.
Thanks,
Sheng
Sheng Yong (3):
f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
f2fs: introduce a new mount option test_dummy_encryption
ext4: do not allow mount with test_dummy_encryption if encrypt not set
fs/ext4/super.c | 5 +++--
fs/f2fs/dir.c | 4 +++-
fs/f2fs/f2fs.h | 13 +++++++++++++
fs/f2fs/namei.c | 9 ++++++---
fs/f2fs/super.c | 43 +++++++++++++++++++++++++++++++++++++++++++
fs/f2fs/sysfs.c | 7 +++++++
6 files changed, 75 insertions(+), 6 deletions(-)
--
2.14.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [RFC PATCH v4 0/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
@ 2018-03-09 7:53 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
v4->v3:
* split f2fs patch into 2: one for LOST_FOUND feature, another for
test_dummy_encryption
* do not set enc_name if dir is not encrypted
* do not allow mounting with test_dummy_encryption if encrypt feature
is not set
v3->v2:
* fix test_dummy_encryption
v2->v1:
* introduce new mount option test_dummy_encryption
* add sysfs entry for LOST_FOUND feature
---8<---
This patchset introduces LOST_FOUND feature in f2fs. If the feature is
enabled, f2fs should avoid to encrypt root directory.
A new mount option "test_dummy_encryption" is introduced, this is used by
xfstests.
Thanks,
Sheng
Sheng Yong (3):
f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
f2fs: introduce a new mount option test_dummy_encryption
ext4: do not allow mount with test_dummy_encryption if encrypt not set
fs/ext4/super.c | 5 +++--
fs/f2fs/dir.c | 4 +++-
fs/f2fs/f2fs.h | 13 +++++++++++++
fs/f2fs/namei.c | 9 ++++++---
fs/f2fs/super.c | 43 +++++++++++++++++++++++++++++++++++++++++++
fs/f2fs/sysfs.c | 7 +++++++
6 files changed, 75 insertions(+), 6 deletions(-)
--
2.14.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply [flat|nested] 14+ messages in thread
* [RFC PATCH v4 1/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
2018-03-09 7:53 ` Sheng Yong
@ 2018-03-09 7:53 ` Sheng Yong
-1 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: miaoxie, linux-f2fs-devel, linux-fscrypt
This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
is set by mkfs. mkfs creates a directory named lost+found, which saves
unreachable files. If fsck finds a file which has no parent, or its
parent is removed by fsck, the file will be placed under lost+found
directory by fsck.
lost+found directory could not be encrypted. As a result, the root
directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
let's avoid to encrypt root directory.
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/f2fs/f2fs.h | 2 ++
fs/f2fs/super.c | 12 ++++++++++++
fs/f2fs/sysfs.c | 7 +++++++
3 files changed, 21 insertions(+)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index f6dc70666ebb..31f39ab7fce4 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -125,6 +125,7 @@ struct f2fs_mount_info {
#define F2FS_FEATURE_FLEXIBLE_INLINE_XATTR 0x0040
#define F2FS_FEATURE_QUOTA_INO 0x0080
#define F2FS_FEATURE_INODE_CRTIME 0x0100
+#define F2FS_FEATURE_LOST_FOUND 0x0200
#define F2FS_HAS_FEATURE(sb, mask) \
((F2FS_SB(sb)->raw_super->feature & cpu_to_le32(mask)) != 0)
@@ -3211,6 +3212,7 @@ F2FS_FEATURE_FUNCS(inode_chksum, INODE_CHKSUM);
F2FS_FEATURE_FUNCS(flexible_inline_xattr, FLEXIBLE_INLINE_XATTR);
F2FS_FEATURE_FUNCS(quota_ino, QUOTA_INO);
F2FS_FEATURE_FUNCS(inode_crtime, INODE_CRTIME);
+F2FS_FEATURE_FUNCS(lost_found, LOST_FOUND);
#ifdef CONFIG_BLK_DEV_ZONED
static inline int get_blkz_type(struct f2fs_sb_info *sbi,
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 30b93ad44b9d..b9a6b97c3bd3 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1865,6 +1865,18 @@ static int f2fs_get_context(struct inode *inode, void *ctx, size_t len)
static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
void *fs_data)
{
+ struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
+
+ /*
+ * Encrypting the root directory is not allowed because fsck
+ * expects lost+found directory to exist and remain unencrypted
+ * if LOST_FOUND feature is enabled.
+ *
+ */
+ if (f2fs_sb_has_lost_found(sbi->sb) &&
+ inode->i_ino == F2FS_ROOT_INO(sbi))
+ return -EPERM;
+
return f2fs_setxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
F2FS_XATTR_NAME_ENCRYPTION_CONTEXT,
ctx, len, fs_data, XATTR_CREATE);
diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
index 23a2d8d66c43..53c6785c1916 100644
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -116,6 +116,9 @@ static ssize_t features_show(struct f2fs_attr *a,
if (f2fs_sb_has_inode_crtime(sb))
len += snprintf(buf + len, PAGE_SIZE - len, "%s%s",
len ? ", " : "", "inode_crtime");
+ if (f2fs_sb_has_lost_found(sb))
+ len += snprintf(buf + len, PAGE_SIZE - len, "%s%s",
+ len ? ", " : "", "lost_found");
len += snprintf(buf + len, PAGE_SIZE - len, "\n");
return len;
}
@@ -292,6 +295,7 @@ enum feat_id {
FEAT_FLEXIBLE_INLINE_XATTR,
FEAT_QUOTA_INO,
FEAT_INODE_CRTIME,
+ FEAT_LOST_FOUND,
};
static ssize_t f2fs_feature_show(struct f2fs_attr *a,
@@ -307,6 +311,7 @@ static ssize_t f2fs_feature_show(struct f2fs_attr *a,
case FEAT_FLEXIBLE_INLINE_XATTR:
case FEAT_QUOTA_INO:
case FEAT_INODE_CRTIME:
+ case FEAT_LOST_FOUND:
return snprintf(buf, PAGE_SIZE, "supported\n");
}
return 0;
@@ -386,6 +391,7 @@ F2FS_FEATURE_RO_ATTR(inode_checksum, FEAT_INODE_CHECKSUM);
F2FS_FEATURE_RO_ATTR(flexible_inline_xattr, FEAT_FLEXIBLE_INLINE_XATTR);
F2FS_FEATURE_RO_ATTR(quota_ino, FEAT_QUOTA_INO);
F2FS_FEATURE_RO_ATTR(inode_crtime, FEAT_INODE_CRTIME);
+F2FS_FEATURE_RO_ATTR(lost_found, FEAT_LOST_FOUND);
#define ATTR_LIST(name) (&f2fs_attr_##name.attr)
static struct attribute *f2fs_attrs[] = {
@@ -441,6 +447,7 @@ static struct attribute *f2fs_feat_attrs[] = {
ATTR_LIST(flexible_inline_xattr),
ATTR_LIST(quota_ino),
ATTR_LIST(inode_crtime),
+ ATTR_LIST(lost_found),
NULL,
};
--
2.14.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [RFC PATCH v4 1/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
@ 2018-03-09 7:53 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
is set by mkfs. mkfs creates a directory named lost+found, which saves
unreachable files. If fsck finds a file which has no parent, or its
parent is removed by fsck, the file will be placed under lost+found
directory by fsck.
lost+found directory could not be encrypted. As a result, the root
directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
let's avoid to encrypt root directory.
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/f2fs/f2fs.h | 2 ++
fs/f2fs/super.c | 12 ++++++++++++
fs/f2fs/sysfs.c | 7 +++++++
3 files changed, 21 insertions(+)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index f6dc70666ebb..31f39ab7fce4 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -125,6 +125,7 @@ struct f2fs_mount_info {
#define F2FS_FEATURE_FLEXIBLE_INLINE_XATTR 0x0040
#define F2FS_FEATURE_QUOTA_INO 0x0080
#define F2FS_FEATURE_INODE_CRTIME 0x0100
+#define F2FS_FEATURE_LOST_FOUND 0x0200
#define F2FS_HAS_FEATURE(sb, mask) \
((F2FS_SB(sb)->raw_super->feature & cpu_to_le32(mask)) != 0)
@@ -3211,6 +3212,7 @@ F2FS_FEATURE_FUNCS(inode_chksum, INODE_CHKSUM);
F2FS_FEATURE_FUNCS(flexible_inline_xattr, FLEXIBLE_INLINE_XATTR);
F2FS_FEATURE_FUNCS(quota_ino, QUOTA_INO);
F2FS_FEATURE_FUNCS(inode_crtime, INODE_CRTIME);
+F2FS_FEATURE_FUNCS(lost_found, LOST_FOUND);
#ifdef CONFIG_BLK_DEV_ZONED
static inline int get_blkz_type(struct f2fs_sb_info *sbi,
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 30b93ad44b9d..b9a6b97c3bd3 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1865,6 +1865,18 @@ static int f2fs_get_context(struct inode *inode, void *ctx, size_t len)
static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
void *fs_data)
{
+ struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
+
+ /*
+ * Encrypting the root directory is not allowed because fsck
+ * expects lost+found directory to exist and remain unencrypted
+ * if LOST_FOUND feature is enabled.
+ *
+ */
+ if (f2fs_sb_has_lost_found(sbi->sb) &&
+ inode->i_ino == F2FS_ROOT_INO(sbi))
+ return -EPERM;
+
return f2fs_setxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
F2FS_XATTR_NAME_ENCRYPTION_CONTEXT,
ctx, len, fs_data, XATTR_CREATE);
diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
index 23a2d8d66c43..53c6785c1916 100644
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -116,6 +116,9 @@ static ssize_t features_show(struct f2fs_attr *a,
if (f2fs_sb_has_inode_crtime(sb))
len += snprintf(buf + len, PAGE_SIZE - len, "%s%s",
len ? ", " : "", "inode_crtime");
+ if (f2fs_sb_has_lost_found(sb))
+ len += snprintf(buf + len, PAGE_SIZE - len, "%s%s",
+ len ? ", " : "", "lost_found");
len += snprintf(buf + len, PAGE_SIZE - len, "\n");
return len;
}
@@ -292,6 +295,7 @@ enum feat_id {
FEAT_FLEXIBLE_INLINE_XATTR,
FEAT_QUOTA_INO,
FEAT_INODE_CRTIME,
+ FEAT_LOST_FOUND,
};
static ssize_t f2fs_feature_show(struct f2fs_attr *a,
@@ -307,6 +311,7 @@ static ssize_t f2fs_feature_show(struct f2fs_attr *a,
case FEAT_FLEXIBLE_INLINE_XATTR:
case FEAT_QUOTA_INO:
case FEAT_INODE_CRTIME:
+ case FEAT_LOST_FOUND:
return snprintf(buf, PAGE_SIZE, "supported\n");
}
return 0;
@@ -386,6 +391,7 @@ F2FS_FEATURE_RO_ATTR(inode_checksum, FEAT_INODE_CHECKSUM);
F2FS_FEATURE_RO_ATTR(flexible_inline_xattr, FEAT_FLEXIBLE_INLINE_XATTR);
F2FS_FEATURE_RO_ATTR(quota_ino, FEAT_QUOTA_INO);
F2FS_FEATURE_RO_ATTR(inode_crtime, FEAT_INODE_CRTIME);
+F2FS_FEATURE_RO_ATTR(lost_found, FEAT_LOST_FOUND);
#define ATTR_LIST(name) (&f2fs_attr_##name.attr)
static struct attribute *f2fs_attrs[] = {
@@ -441,6 +447,7 @@ static struct attribute *f2fs_feat_attrs[] = {
ATTR_LIST(flexible_inline_xattr),
ATTR_LIST(quota_ino),
ATTR_LIST(inode_crtime),
+ ATTR_LIST(lost_found),
NULL,
};
--
2.14.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
2018-03-09 7:53 ` Sheng Yong
@ 2018-03-09 7:53 ` Sheng Yong
-1 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: miaoxie, linux-f2fs-devel, linux-fscrypt
This patch introduces a new mount option `test_dummy_encryption' to
allow fscrypt to create a fake fscrypt context. This is used by xfstests.
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/f2fs/dir.c | 4 +++-
fs/f2fs/f2fs.h | 11 +++++++++++
fs/f2fs/namei.c | 9 ++++++---
fs/f2fs/super.c | 31 +++++++++++++++++++++++++++++++
4 files changed, 51 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 797eb05cb538..73ddc35fba4f 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
struct page *dpage)
{
struct page *page;
+ int dummy_encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
int err;
if (is_inode_flag_set(inode, FI_NEW_INODE)) {
@@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
if (err)
goto put_error;
- if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
+ if ((f2fs_encrypted_inode(dir) || dummy_encrypt) &&
+ f2fs_may_encrypt(inode)) {
err = fscrypt_inherit_context(dir, inode, page, false);
if (err)
goto put_error;
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 31f39ab7fce4..c0dbd8b6050b 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1053,6 +1053,15 @@ enum {
ALLOC_MODE_REUSE, /* reuse segments as much as possible */
};
+#define F2FS_MF_TEST_DUMMY_ENCRYPTION 0x0001
+
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (unlikely((sbi)->mount_flags & \
+ F2FS_MF_TEST_DUMMY_ENCRYPTION))
+#else
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
+#endif
+
struct f2fs_sb_info {
struct super_block *sb; /* pointer to VFS super block */
struct proc_dir_entry *s_proc; /* proc entry */
@@ -1242,6 +1251,8 @@ struct f2fs_sb_info {
/* segment allocation policy */
int alloc_mode;
+
+ unsigned int mount_flags;
};
#ifdef CONFIG_F2FS_FAULT_INJECTION
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 318dfe870cb5..5dd6a112e13d 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -78,7 +78,8 @@ static struct inode *f2fs_new_inode(struct inode *dir, umode_t mode)
set_inode_flag(inode, FI_NEW_INODE);
/* If the directory encrypted, then we should encrypt the inode. */
- if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode))
+ if ((f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) &&
+ f2fs_may_encrypt(inode))
f2fs_set_encrypted_inode(inode);
if (f2fs_sb_has_extra_attr(sbi->sb)) {
@@ -788,10 +789,12 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry,
static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
{
- if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
+ struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
+
+ if (unlikely(f2fs_cp_error(sbi)))
return -EIO;
- if (f2fs_encrypted_inode(dir)) {
+ if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
int err = fscrypt_get_encryption_info(dir);
if (err)
return err;
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index b9a6b97c3bd3..345e4f63f6fc 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -131,6 +131,7 @@ enum {
Opt_jqfmt_vfsv1,
Opt_whint,
Opt_alloc,
+ Opt_test_dummy_encryption,
Opt_err,
};
@@ -186,6 +187,7 @@ static match_table_t f2fs_tokens = {
{Opt_jqfmt_vfsv1, "jqfmt=vfsv1"},
{Opt_whint, "whint_mode=%s"},
{Opt_alloc, "alloc_mode=%s"},
+ {Opt_test_dummy_encryption, "test_dummy_encryption"},
{Opt_err, NULL},
};
@@ -719,6 +721,16 @@ static int parse_options(struct super_block *sb, char *options)
}
kfree(name);
break;
+ case Opt_test_dummy_encryption:
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+ sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
+ f2fs_msg(sb, KERN_INFO,
+ "Test dummy encryption mode enabled");
+#else
+ f2fs_msg(sb, KERN_INFO,
+ "Test dummy encryption mount option ignored");
+#endif
+ break;
default:
f2fs_msg(sb, KERN_ERR,
"Unrecognized mount option \"%s\" or missing value",
@@ -1282,6 +1294,10 @@ static int f2fs_show_options(struct seq_file *seq, struct dentry *root)
seq_printf(seq, ",whint_mode=%s", "user-based");
else if (sbi->whint_mode == WHINT_MODE_FS)
seq_printf(seq, ",whint_mode=%s", "fs-based");
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+ if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION)
+ seq_puts(seq, ",test_dummy_encryption");
+#endif
if (sbi->alloc_mode == ALLOC_MODE_DEFAULT)
seq_printf(seq, ",alloc_mode=%s", "default");
@@ -1882,6 +1898,11 @@ static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
ctx, len, fs_data, XATTR_CREATE);
}
+static bool f2fs_dummy_context(struct inode *inode)
+{
+ return DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(inode));
+}
+
static unsigned f2fs_max_namelen(struct inode *inode)
{
return S_ISLNK(inode->i_mode) ?
@@ -1892,6 +1913,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
.key_prefix = "f2fs:",
.get_context = f2fs_get_context,
.set_context = f2fs_set_context,
+ .dummy_context = f2fs_dummy_context,
.empty_dir = f2fs_empty_dir,
.max_namelen = f2fs_max_namelen,
};
@@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
if (err)
goto free_options;
+ if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
+ (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
+ f2fs_msg(sb, KERN_ERR,
+ "Encrypt feature is off or filesystem is read-only");
+ err = -EINVAL;
+ retry = false;
+ goto free_options;
+ }
+
sbi->max_file_blocks = max_file_blocks();
sb->s_maxbytes = sbi->max_file_blocks <<
le32_to_cpu(raw_super->log_blocksize);
--
2.14.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
@ 2018-03-09 7:53 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
This patch introduces a new mount option `test_dummy_encryption' to
allow fscrypt to create a fake fscrypt context. This is used by xfstests.
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/f2fs/dir.c | 4 +++-
fs/f2fs/f2fs.h | 11 +++++++++++
fs/f2fs/namei.c | 9 ++++++---
fs/f2fs/super.c | 31 +++++++++++++++++++++++++++++++
4 files changed, 51 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 797eb05cb538..73ddc35fba4f 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
struct page *dpage)
{
struct page *page;
+ int dummy_encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
int err;
if (is_inode_flag_set(inode, FI_NEW_INODE)) {
@@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
if (err)
goto put_error;
- if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
+ if ((f2fs_encrypted_inode(dir) || dummy_encrypt) &&
+ f2fs_may_encrypt(inode)) {
err = fscrypt_inherit_context(dir, inode, page, false);
if (err)
goto put_error;
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 31f39ab7fce4..c0dbd8b6050b 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1053,6 +1053,15 @@ enum {
ALLOC_MODE_REUSE, /* reuse segments as much as possible */
};
+#define F2FS_MF_TEST_DUMMY_ENCRYPTION 0x0001
+
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (unlikely((sbi)->mount_flags & \
+ F2FS_MF_TEST_DUMMY_ENCRYPTION))
+#else
+#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
+#endif
+
struct f2fs_sb_info {
struct super_block *sb; /* pointer to VFS super block */
struct proc_dir_entry *s_proc; /* proc entry */
@@ -1242,6 +1251,8 @@ struct f2fs_sb_info {
/* segment allocation policy */
int alloc_mode;
+
+ unsigned int mount_flags;
};
#ifdef CONFIG_F2FS_FAULT_INJECTION
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 318dfe870cb5..5dd6a112e13d 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -78,7 +78,8 @@ static struct inode *f2fs_new_inode(struct inode *dir, umode_t mode)
set_inode_flag(inode, FI_NEW_INODE);
/* If the directory encrypted, then we should encrypt the inode. */
- if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode))
+ if ((f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) &&
+ f2fs_may_encrypt(inode))
f2fs_set_encrypted_inode(inode);
if (f2fs_sb_has_extra_attr(sbi->sb)) {
@@ -788,10 +789,12 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry,
static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
{
- if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
+ struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
+
+ if (unlikely(f2fs_cp_error(sbi)))
return -EIO;
- if (f2fs_encrypted_inode(dir)) {
+ if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
int err = fscrypt_get_encryption_info(dir);
if (err)
return err;
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index b9a6b97c3bd3..345e4f63f6fc 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -131,6 +131,7 @@ enum {
Opt_jqfmt_vfsv1,
Opt_whint,
Opt_alloc,
+ Opt_test_dummy_encryption,
Opt_err,
};
@@ -186,6 +187,7 @@ static match_table_t f2fs_tokens = {
{Opt_jqfmt_vfsv1, "jqfmt=vfsv1"},
{Opt_whint, "whint_mode=%s"},
{Opt_alloc, "alloc_mode=%s"},
+ {Opt_test_dummy_encryption, "test_dummy_encryption"},
{Opt_err, NULL},
};
@@ -719,6 +721,16 @@ static int parse_options(struct super_block *sb, char *options)
}
kfree(name);
break;
+ case Opt_test_dummy_encryption:
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+ sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
+ f2fs_msg(sb, KERN_INFO,
+ "Test dummy encryption mode enabled");
+#else
+ f2fs_msg(sb, KERN_INFO,
+ "Test dummy encryption mount option ignored");
+#endif
+ break;
default:
f2fs_msg(sb, KERN_ERR,
"Unrecognized mount option \"%s\" or missing value",
@@ -1282,6 +1294,10 @@ static int f2fs_show_options(struct seq_file *seq, struct dentry *root)
seq_printf(seq, ",whint_mode=%s", "user-based");
else if (sbi->whint_mode == WHINT_MODE_FS)
seq_printf(seq, ",whint_mode=%s", "fs-based");
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
+ if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION)
+ seq_puts(seq, ",test_dummy_encryption");
+#endif
if (sbi->alloc_mode == ALLOC_MODE_DEFAULT)
seq_printf(seq, ",alloc_mode=%s", "default");
@@ -1882,6 +1898,11 @@ static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
ctx, len, fs_data, XATTR_CREATE);
}
+static bool f2fs_dummy_context(struct inode *inode)
+{
+ return DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(inode));
+}
+
static unsigned f2fs_max_namelen(struct inode *inode)
{
return S_ISLNK(inode->i_mode) ?
@@ -1892,6 +1913,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
.key_prefix = "f2fs:",
.get_context = f2fs_get_context,
.set_context = f2fs_set_context,
+ .dummy_context = f2fs_dummy_context,
.empty_dir = f2fs_empty_dir,
.max_namelen = f2fs_max_namelen,
};
@@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
if (err)
goto free_options;
+ if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
+ (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
+ f2fs_msg(sb, KERN_ERR,
+ "Encrypt feature is off or filesystem is read-only");
+ err = -EINVAL;
+ retry = false;
+ goto free_options;
+ }
+
sbi->max_file_blocks = max_file_blocks();
sb->s_maxbytes = sbi->max_file_blocks <<
le32_to_cpu(raw_super->log_blocksize);
--
2.14.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [RFC PATCH 3/3] ext4: do not allow mount with test_dummy_encryption if encrypt not set
2018-03-09 7:53 ` Sheng Yong
@ 2018-03-09 7:53 ` Sheng Yong
-1 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: miaoxie, linux-f2fs-devel, linux-fscrypt
When mounting with test_dummy_encryption option, if encrypt feature
is not set, return fail instead of setting encrypt feature forcely.
CC: linux-ext4@vger.kernel.org
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/ext4/super.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39bf464c35f1..c424af0ccda9 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4151,8 +4151,9 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
if (DUMMY_ENCRYPTION_ENABLED(sbi) && !sb_rdonly(sb) &&
!ext4_has_feature_encrypt(sb)) {
- ext4_set_feature_encrypt(sb);
- ext4_commit_super(sb, 1);
+ ext4_msg(sb, KERN_ERR,
+ "Encrypt does not support or filesystem is read-only");
+ goto failed_mount_wq;
}
/*
--
2.14.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [RFC PATCH 3/3] ext4: do not allow mount with test_dummy_encryption if encrypt not set
@ 2018-03-09 7:53 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-09 7:53 UTC (permalink / raw)
To: jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
When mounting with test_dummy_encryption option, if encrypt feature
is not set, return fail instead of setting encrypt feature forcely.
CC: linux-ext4@vger.kernel.org
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
---
fs/ext4/super.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39bf464c35f1..c424af0ccda9 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4151,8 +4151,9 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
if (DUMMY_ENCRYPTION_ENABLED(sbi) && !sb_rdonly(sb) &&
!ext4_has_feature_encrypt(sb)) {
- ext4_set_feature_encrypt(sb);
- ext4_commit_super(sb, 1);
+ ext4_msg(sb, KERN_ERR,
+ "Encrypt does not support or filesystem is read-only");
+ goto failed_mount_wq;
}
/*
--
2.14.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [f2fs-dev] [RFC PATCH v4 1/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
2018-03-09 7:53 ` Sheng Yong
@ 2018-03-09 12:31 ` Chao Yu
-1 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2018-03-09 12:31 UTC (permalink / raw)
To: Sheng Yong, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
On 2018/3/9 15:53, Sheng Yong wrote:
> This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
> is set by mkfs. mkfs creates a directory named lost+found, which saves
> unreachable files. If fsck finds a file which has no parent, or its
> parent is removed by fsck, the file will be placed under lost+found
> directory by fsck.
>
> lost+found directory could not be encrypted. As a result, the root
> directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
> let's avoid to encrypt root directory.
>
> Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH v4 1/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
@ 2018-03-09 12:31 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2018-03-09 12:31 UTC (permalink / raw)
To: Sheng Yong, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
On 2018/3/9 15:53, Sheng Yong wrote:
> This patch introduces a new feature, F2FS_FEATURE_LOST_FOUND, which
> is set by mkfs. mkfs creates a directory named lost+found, which saves
> unreachable files. If fsck finds a file which has no parent, or its
> parent is removed by fsck, the file will be placed under lost+found
> directory by fsck.
>
> lost+found directory could not be encrypted. As a result, the root
> directory cannot be encrypted too. So if LOST_FOUND feature is enabled,
> let's avoid to encrypt root directory.
>
> Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Thanks,
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [f2fs-dev] [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
2018-03-09 7:53 ` Sheng Yong
@ 2018-03-09 12:32 ` Chao Yu
-1 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2018-03-09 12:32 UTC (permalink / raw)
To: Sheng Yong, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
On 2018/3/9 15:53, Sheng Yong wrote:
> This patch introduces a new mount option `test_dummy_encryption' to
> allow fscrypt to create a fake fscrypt context. This is used by xfstests.
It needs to add doc for this new mount option.
>
> Signed-off-by: Sheng Yong <shengyong1@huawei.com>
> ---
> fs/f2fs/dir.c | 4 +++-
> fs/f2fs/f2fs.h | 11 +++++++++++
> fs/f2fs/namei.c | 9 ++++++---
> fs/f2fs/super.c | 31 +++++++++++++++++++++++++++++++
> 4 files changed, 51 insertions(+), 4 deletions(-)
>
> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
> index 797eb05cb538..73ddc35fba4f 100644
> --- a/fs/f2fs/dir.c
> +++ b/fs/f2fs/dir.c
> @@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> struct page *dpage)
> {
> struct page *page;
> + int dummy_encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
> int err;
>
> if (is_inode_flag_set(inode, FI_NEW_INODE)) {
> @@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> if (err)
> goto put_error;
>
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
> + if ((f2fs_encrypted_inode(dir) || dummy_encrypt) &&
> + f2fs_may_encrypt(inode)) {
> err = fscrypt_inherit_context(dir, inode, page, false);
> if (err)
> goto put_error;
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 31f39ab7fce4..c0dbd8b6050b 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -1053,6 +1053,15 @@ enum {
> ALLOC_MODE_REUSE, /* reuse segments as much as possible */
> };
>
> +#define F2FS_MF_TEST_DUMMY_ENCRYPTION 0x0001
> +
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> +#define DUMMY_ENCRYPTION_ENABLED(sbi) (unlikely((sbi)->mount_flags & \
> + F2FS_MF_TEST_DUMMY_ENCRYPTION))
> +#else
> +#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
> +#endif
> +
> struct f2fs_sb_info {
> struct super_block *sb; /* pointer to VFS super block */
> struct proc_dir_entry *s_proc; /* proc entry */
> @@ -1242,6 +1251,8 @@ struct f2fs_sb_info {
>
> /* segment allocation policy */
> int alloc_mode;
> +
> + unsigned int mount_flags;
> };
>
> #ifdef CONFIG_F2FS_FAULT_INJECTION
> diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> index 318dfe870cb5..5dd6a112e13d 100644
> --- a/fs/f2fs/namei.c
> +++ b/fs/f2fs/namei.c
> @@ -78,7 +78,8 @@ static struct inode *f2fs_new_inode(struct inode *dir, umode_t mode)
> set_inode_flag(inode, FI_NEW_INODE);
>
> /* If the directory encrypted, then we should encrypt the inode. */
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode))
> + if ((f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) &&
> + f2fs_may_encrypt(inode))
> f2fs_set_encrypted_inode(inode);
>
> if (f2fs_sb_has_extra_attr(sbi->sb)) {
> @@ -788,10 +789,12 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry,
>
> static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
> {
> - if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
> + struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
> +
> + if (unlikely(f2fs_cp_error(sbi)))
> return -EIO;
>
> - if (f2fs_encrypted_inode(dir)) {
> + if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
Why we need to add this condition here?
> int err = fscrypt_get_encryption_info(dir);
> if (err)
> return err;
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index b9a6b97c3bd3..345e4f63f6fc 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -131,6 +131,7 @@ enum {
> Opt_jqfmt_vfsv1,
> Opt_whint,
> Opt_alloc,
> + Opt_test_dummy_encryption,
> Opt_err,
> };
>
> @@ -186,6 +187,7 @@ static match_table_t f2fs_tokens = {
> {Opt_jqfmt_vfsv1, "jqfmt=vfsv1"},
> {Opt_whint, "whint_mode=%s"},
> {Opt_alloc, "alloc_mode=%s"},
> + {Opt_test_dummy_encryption, "test_dummy_encryption"},
> {Opt_err, NULL},
> };
>
> @@ -719,6 +721,16 @@ static int parse_options(struct super_block *sb, char *options)
> }
> kfree(name);
> break;
> + case Opt_test_dummy_encryption:
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mode enabled");
> +#else
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mount option ignored");
> +#endif
> + break;
> default:
> f2fs_msg(sb, KERN_ERR,
> "Unrecognized mount option \"%s\" or missing value",
> @@ -1282,6 +1294,10 @@ static int f2fs_show_options(struct seq_file *seq, struct dentry *root)
> seq_printf(seq, ",whint_mode=%s", "user-based");
> else if (sbi->whint_mode == WHINT_MODE_FS)
> seq_printf(seq, ",whint_mode=%s", "fs-based");
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION)
> + seq_puts(seq, ",test_dummy_encryption");
> +#endif
>
> if (sbi->alloc_mode == ALLOC_MODE_DEFAULT)
> seq_printf(seq, ",alloc_mode=%s", "default");
> @@ -1882,6 +1898,11 @@ static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
> ctx, len, fs_data, XATTR_CREATE);
> }
>
> +static bool f2fs_dummy_context(struct inode *inode)
> +{
> + return DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(inode));
> +}
> +
> static unsigned f2fs_max_namelen(struct inode *inode)
> {
> return S_ISLNK(inode->i_mode) ?
> @@ -1892,6 +1913,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
> .key_prefix = "f2fs:",
> .get_context = f2fs_get_context,
> .set_context = f2fs_set_context,
> + .dummy_context = f2fs_dummy_context,
> .empty_dir = f2fs_empty_dir,
> .max_namelen = f2fs_max_namelen,
> };
> @@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> if (err)
> goto free_options;
>
> + if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
> + (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
Use f2fs_readonly() here which can wrap sb_rdonly()?
> + f2fs_msg(sb, KERN_ERR,
> + "Encrypt feature is off or filesystem is read-only");
> + err = -EINVAL;
> + retry = false;
> + goto free_options;
> + }
How about moving this check into parse_options(), so we can check this condition
in remount_fs() too.
Thanks,
> +
> sbi->max_file_blocks = max_file_blocks();
> sb->s_maxbytes = sbi->max_file_blocks <<
> le32_to_cpu(raw_super->log_blocksize);
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
@ 2018-03-09 12:32 ` Chao Yu
0 siblings, 0 replies; 14+ messages in thread
From: Chao Yu @ 2018-03-09 12:32 UTC (permalink / raw)
To: Sheng Yong, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
On 2018/3/9 15:53, Sheng Yong wrote:
> This patch introduces a new mount option `test_dummy_encryption' to
> allow fscrypt to create a fake fscrypt context. This is used by xfstests.
It needs to add doc for this new mount option.
>
> Signed-off-by: Sheng Yong <shengyong1@huawei.com>
> ---
> fs/f2fs/dir.c | 4 +++-
> fs/f2fs/f2fs.h | 11 +++++++++++
> fs/f2fs/namei.c | 9 ++++++---
> fs/f2fs/super.c | 31 +++++++++++++++++++++++++++++++
> 4 files changed, 51 insertions(+), 4 deletions(-)
>
> diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
> index 797eb05cb538..73ddc35fba4f 100644
> --- a/fs/f2fs/dir.c
> +++ b/fs/f2fs/dir.c
> @@ -361,6 +361,7 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> struct page *dpage)
> {
> struct page *page;
> + int dummy_encrypt = DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(dir));
> int err;
>
> if (is_inode_flag_set(inode, FI_NEW_INODE)) {
> @@ -387,7 +388,8 @@ struct page *init_inode_metadata(struct inode *inode, struct inode *dir,
> if (err)
> goto put_error;
>
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode)) {
> + if ((f2fs_encrypted_inode(dir) || dummy_encrypt) &&
> + f2fs_may_encrypt(inode)) {
> err = fscrypt_inherit_context(dir, inode, page, false);
> if (err)
> goto put_error;
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index 31f39ab7fce4..c0dbd8b6050b 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -1053,6 +1053,15 @@ enum {
> ALLOC_MODE_REUSE, /* reuse segments as much as possible */
> };
>
> +#define F2FS_MF_TEST_DUMMY_ENCRYPTION 0x0001
> +
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> +#define DUMMY_ENCRYPTION_ENABLED(sbi) (unlikely((sbi)->mount_flags & \
> + F2FS_MF_TEST_DUMMY_ENCRYPTION))
> +#else
> +#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
> +#endif
> +
> struct f2fs_sb_info {
> struct super_block *sb; /* pointer to VFS super block */
> struct proc_dir_entry *s_proc; /* proc entry */
> @@ -1242,6 +1251,8 @@ struct f2fs_sb_info {
>
> /* segment allocation policy */
> int alloc_mode;
> +
> + unsigned int mount_flags;
> };
>
> #ifdef CONFIG_F2FS_FAULT_INJECTION
> diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> index 318dfe870cb5..5dd6a112e13d 100644
> --- a/fs/f2fs/namei.c
> +++ b/fs/f2fs/namei.c
> @@ -78,7 +78,8 @@ static struct inode *f2fs_new_inode(struct inode *dir, umode_t mode)
> set_inode_flag(inode, FI_NEW_INODE);
>
> /* If the directory encrypted, then we should encrypt the inode. */
> - if (f2fs_encrypted_inode(dir) && f2fs_may_encrypt(inode))
> + if ((f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) &&
> + f2fs_may_encrypt(inode))
> f2fs_set_encrypted_inode(inode);
>
> if (f2fs_sb_has_extra_attr(sbi->sb)) {
> @@ -788,10 +789,12 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry,
>
> static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
> {
> - if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
> + struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
> +
> + if (unlikely(f2fs_cp_error(sbi)))
> return -EIO;
>
> - if (f2fs_encrypted_inode(dir)) {
> + if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
Why we need to add this condition here?
> int err = fscrypt_get_encryption_info(dir);
> if (err)
> return err;
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index b9a6b97c3bd3..345e4f63f6fc 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -131,6 +131,7 @@ enum {
> Opt_jqfmt_vfsv1,
> Opt_whint,
> Opt_alloc,
> + Opt_test_dummy_encryption,
> Opt_err,
> };
>
> @@ -186,6 +187,7 @@ static match_table_t f2fs_tokens = {
> {Opt_jqfmt_vfsv1, "jqfmt=vfsv1"},
> {Opt_whint, "whint_mode=%s"},
> {Opt_alloc, "alloc_mode=%s"},
> + {Opt_test_dummy_encryption, "test_dummy_encryption"},
> {Opt_err, NULL},
> };
>
> @@ -719,6 +721,16 @@ static int parse_options(struct super_block *sb, char *options)
> }
> kfree(name);
> break;
> + case Opt_test_dummy_encryption:
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + sbi->mount_flags |= F2FS_MF_TEST_DUMMY_ENCRYPTION;
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mode enabled");
> +#else
> + f2fs_msg(sb, KERN_INFO,
> + "Test dummy encryption mount option ignored");
> +#endif
> + break;
> default:
> f2fs_msg(sb, KERN_ERR,
> "Unrecognized mount option \"%s\" or missing value",
> @@ -1282,6 +1294,10 @@ static int f2fs_show_options(struct seq_file *seq, struct dentry *root)
> seq_printf(seq, ",whint_mode=%s", "user-based");
> else if (sbi->whint_mode == WHINT_MODE_FS)
> seq_printf(seq, ",whint_mode=%s", "fs-based");
> +#ifdef CONFIG_F2FS_FS_ENCRYPTION
> + if (sbi->mount_flags & F2FS_MF_TEST_DUMMY_ENCRYPTION)
> + seq_puts(seq, ",test_dummy_encryption");
> +#endif
>
> if (sbi->alloc_mode == ALLOC_MODE_DEFAULT)
> seq_printf(seq, ",alloc_mode=%s", "default");
> @@ -1882,6 +1898,11 @@ static int f2fs_set_context(struct inode *inode, const void *ctx, size_t len,
> ctx, len, fs_data, XATTR_CREATE);
> }
>
> +static bool f2fs_dummy_context(struct inode *inode)
> +{
> + return DUMMY_ENCRYPTION_ENABLED(F2FS_I_SB(inode));
> +}
> +
> static unsigned f2fs_max_namelen(struct inode *inode)
> {
> return S_ISLNK(inode->i_mode) ?
> @@ -1892,6 +1913,7 @@ static const struct fscrypt_operations f2fs_cryptops = {
> .key_prefix = "f2fs:",
> .get_context = f2fs_get_context,
> .set_context = f2fs_set_context,
> + .dummy_context = f2fs_dummy_context,
> .empty_dir = f2fs_empty_dir,
> .max_namelen = f2fs_max_namelen,
> };
> @@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
> if (err)
> goto free_options;
>
> + if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
> + (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
Use f2fs_readonly() here which can wrap sb_rdonly()?
> + f2fs_msg(sb, KERN_ERR,
> + "Encrypt feature is off or filesystem is read-only");
> + err = -EINVAL;
> + retry = false;
> + goto free_options;
> + }
How about moving this check into parse_options(), so we can check this condition
in remount_fs() too.
Thanks,
> +
> sbi->max_file_blocks = max_file_blocks();
> sb->s_maxbytes = sbi->max_file_blocks <<
> le32_to_cpu(raw_super->log_blocksize);
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [f2fs-dev] [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
2018-03-09 12:32 ` Chao Yu
@ 2018-03-12 1:13 ` Sheng Yong
-1 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-12 1:13 UTC (permalink / raw)
To: Chao Yu, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
Hi, Chao
On 2018/3/9 20:32, Chao Yu wrote:
> On 2018/3/9 15:53, Sheng Yong wrote:
>> This patch introduces a new mount option `test_dummy_encryption' to
>> allow fscrypt to create a fake fscrypt context. This is used by xfstests.
>
> It needs to add doc for this new mount option.
>
Oh. Right, I'll update the doc.
>>
[...]
>> static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
>> {
>> - if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
>> + struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
>> +
>> + if (unlikely(f2fs_cp_error(sbi)))
>> return -EIO;
>>
>> - if (f2fs_encrypted_inode(dir)) {
>> + if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
>
> Why we need to add this condition here?
>
I think it's both OK if we add the check or not. But since commit 304eecc3462e ("f2fs crypto:
check encryption for tmpfile) add f2fs_encrypt_inode() to check encryption earlier, IMO, we
should do the same check if test_dummy_encryption is enabled according to the semantic.
>> int err = fscrypt_get_encryption_info(dir);
>> if (err)
>> return err;
[...]
>> @@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
>> if (err)
>> goto free_options;
>>
>> + if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
>> + (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
>
> Use f2fs_readonly() here which can wrap sb_rdonly()?
> OK.
>> + f2fs_msg(sb, KERN_ERR,
>> + "Encrypt feature is off or filesystem is read-only");
>> + err = -EINVAL;
>> + retry = false;
>> + goto free_options;
>> + }
>
> How about moving this check into parse_options(), so we can check this condition
> in remount_fs() too.
>
OK.
Thanks,
Sheng
> Thanks,
>
>> +
>> sbi->max_file_blocks = max_file_blocks();
>> sb->s_maxbytes = sbi->max_file_blocks <<
>> le32_to_cpu(raw_super->log_blocksize);
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> .
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption
@ 2018-03-12 1:13 ` Sheng Yong
0 siblings, 0 replies; 14+ messages in thread
From: Sheng Yong @ 2018-03-12 1:13 UTC (permalink / raw)
To: Chao Yu, jaegeuk, yuchao0, ebiggers, tytso
Cc: linux-fscrypt, miaoxie, linux-f2fs-devel
Hi, Chao
On 2018/3/9 20:32, Chao Yu wrote:
> On 2018/3/9 15:53, Sheng Yong wrote:
>> This patch introduces a new mount option `test_dummy_encryption' to
>> allow fscrypt to create a fake fscrypt context. This is used by xfstests.
>
> It needs to add doc for this new mount option.
>
Oh. Right, I'll update the doc.
>>
[...]
>> static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
>> {
>> - if (unlikely(f2fs_cp_error(F2FS_I_SB(dir))))
>> + struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
>> +
>> + if (unlikely(f2fs_cp_error(sbi)))
>> return -EIO;
>>
>> - if (f2fs_encrypted_inode(dir)) {
>> + if (f2fs_encrypted_inode(dir) || DUMMY_ENCRYPTION_ENABLED(sbi)) {
>
> Why we need to add this condition here?
>
I think it's both OK if we add the check or not. But since commit 304eecc3462e ("f2fs crypto:
check encryption for tmpfile) add f2fs_encrypt_inode() to check encryption earlier, IMO, we
should do the same check if test_dummy_encryption is enabled according to the semantic.
>> int err = fscrypt_get_encryption_info(dir);
>> if (err)
>> return err;
[...]
>> @@ -2620,6 +2642,15 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
>> if (err)
>> goto free_options;
>>
>> + if (DUMMY_ENCRYPTION_ENABLED(sbi) &&
>> + (sb_rdonly(sb) || !f2fs_sb_has_encrypt(sb))) {
>
> Use f2fs_readonly() here which can wrap sb_rdonly()?
> OK.
>> + f2fs_msg(sb, KERN_ERR,
>> + "Encrypt feature is off or filesystem is read-only");
>> + err = -EINVAL;
>> + retry = false;
>> + goto free_options;
>> + }
>
> How about moving this check into parse_options(), so we can check this condition
> in remount_fs() too.
>
OK.
Thanks,
Sheng
> Thanks,
>
>> +
>> sbi->max_file_blocks = max_file_blocks();
>> sb->s_maxbytes = sbi->max_file_blocks <<
>> le32_to_cpu(raw_super->log_blocksize);
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> .
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2018-03-12 1:14 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-09 7:53 [RFC PATCH v4 0/3] f2fs: introduce F2FS_FEATURE_LOST_FOUND feature Sheng Yong
2018-03-09 7:53 ` Sheng Yong
2018-03-09 7:53 ` [RFC PATCH v4 1/3] " Sheng Yong
2018-03-09 7:53 ` Sheng Yong
2018-03-09 12:31 ` [f2fs-dev] " Chao Yu
2018-03-09 12:31 ` Chao Yu
2018-03-09 7:53 ` [RFC PATCH v4 2/3] f2fs: introduce a new mount option test_dummy_encryption Sheng Yong
2018-03-09 7:53 ` Sheng Yong
2018-03-09 12:32 ` [f2fs-dev] " Chao Yu
2018-03-09 12:32 ` Chao Yu
2018-03-12 1:13 ` [f2fs-dev] " Sheng Yong
2018-03-12 1:13 ` Sheng Yong
2018-03-09 7:53 ` [RFC PATCH 3/3] ext4: do not allow mount with test_dummy_encryption if encrypt not set Sheng Yong
2018-03-09 7:53 ` Sheng Yong
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.