* [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature
@ 2020-01-16 19:20 Eric Biggers
2020-01-17 8:12 ` Christoph Hellwig
0 siblings, 1 reply; 4+ messages in thread
From: Eric Biggers @ 2020-01-16 19:20 UTC (permalink / raw)
To: linux-fscrypt
Cc: Barani Muthukumaran, Gaurav Kashyap, linux-api, linux-f2fs-devel,
linux-mtd, Jaegeuk Kim, Theodore Ts'o, linux-ext4
From: Eric Biggers <ebiggers@google.com>
Reserve flags for the hardware-wrapped keys feature which is being
worked on [1]. FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY will denote that the
encryption policy needs a hardware-wrapped key to be unlocked.
FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED will denote that the key being added is
a hardware-wrapped key.
This reservation is tentative, and these codepoints may be reused if the
feature is not upstreamed.
[1] https://android-review.googlesource.com/c/kernel/common/+/1200864
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Documentation/filesystems/fscrypt.rst | 5 +++--
fs/crypto/keyring.c | 5 ++++-
fs/crypto/policy.c | 4 +++-
include/uapi/linux/fscrypt.h | 9 ++++++---
4 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 9c53336d06a438..4c443d7b1fc6b5 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -639,7 +639,8 @@ follows::
struct fscrypt_key_specifier key_spec;
__u32 raw_size;
__u32 key_id;
- __u32 __reserved[8];
+ __u32 flags;
+ __u32 __reserved[7];
__u8 raw[];
};
@@ -658,7 +659,7 @@ follows::
struct fscrypt_provisioning_key_payload {
__u32 type;
- __u32 __reserved;
+ __u32 flags;
__u8 raw[];
};
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index 098ff2e0f0bb41..fc27f5d08d7dbe 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -477,7 +477,7 @@ static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep)
payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
return -EINVAL;
- if (payload->__reserved)
+ if (payload->flags)
return -EINVAL;
prep->payload.data[0] = kmemdup(payload, prep->datalen, GFP_KERNEL);
@@ -606,6 +606,9 @@ int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg)
if (!valid_key_spec(&arg.key_spec))
return -EINVAL;
+ if (arg.flags)
+ return -EINVAL;
+
if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
return -EINVAL;
diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index f1cff83c151acf..36a2bb077b6910 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -139,7 +139,9 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy,
return false;
}
- if (policy->flags & ~FSCRYPT_POLICY_FLAGS_VALID) {
+ if (policy->flags & ~(FSCRYPT_POLICY_FLAGS_PAD_MASK |
+ FSCRYPT_POLICY_FLAG_DIRECT_KEY |
+ FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) {
fscrypt_warn(inode, "Unsupported encryption flags (0x%02x)",
policy->flags);
return false;
diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h
index 0d8a6f47711c32..fad624a4c5feda 100644
--- a/include/uapi/linux/fscrypt.h
+++ b/include/uapi/linux/fscrypt.h
@@ -19,7 +19,8 @@
#define FSCRYPT_POLICY_FLAGS_PAD_MASK 0x03
#define FSCRYPT_POLICY_FLAG_DIRECT_KEY 0x04
#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08
-#define FSCRYPT_POLICY_FLAGS_VALID 0x0F
+#define FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY 0x10
+#define FSCRYPT_POLICY_FLAGS_VALID 0x1F
/* Encryption algorithms */
#define FSCRYPT_MODE_AES_256_XTS 1
@@ -116,7 +117,7 @@ struct fscrypt_key_specifier {
*/
struct fscrypt_provisioning_key_payload {
__u32 type;
- __u32 __reserved;
+ __u32 flags;
__u8 raw[];
};
@@ -125,7 +126,9 @@ struct fscrypt_add_key_arg {
struct fscrypt_key_specifier key_spec;
__u32 raw_size;
__u32 key_id;
- __u32 __reserved[8];
+#define FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED 0x00000001
+ __u32 flags;
+ __u32 __reserved[7];
__u8 raw[];
};
base-commit: 2d8f7f119b0b2ce5e7ff0e8024b0763bf42b99c9
--
2.25.0.rc1.283.g88dfdc4193-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature
2020-01-16 19:20 [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature Eric Biggers
@ 2020-01-17 8:12 ` Christoph Hellwig
2020-01-17 16:40 ` Theodore Y. Ts'o
0 siblings, 1 reply; 4+ messages in thread
From: Christoph Hellwig @ 2020-01-17 8:12 UTC (permalink / raw)
To: Eric Biggers
Cc: Barani Muthukumaran, Gaurav Kashyap, linux-api, linux-f2fs-devel,
linux-fscrypt, linux-mtd, Jaegeuk Kim, Theodore Ts'o,
linux-ext4
On Thu, Jan 16, 2020 at 11:20:08AM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Reserve flags for the hardware-wrapped keys feature which is being
> worked on [1]. FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY will denote that the
> encryption policy needs a hardware-wrapped key to be unlocked.
> FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED will denote that the key being added is
> a hardware-wrapped key.
>
> This reservation is tentative, and these codepoints may be reused if the
> feature is not upstreamed.
NAK. While the feature itself sounds really useful we don't just
reserve format bits for code not upstream.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature
2020-01-17 8:12 ` Christoph Hellwig
@ 2020-01-17 16:40 ` Theodore Y. Ts'o
2020-01-17 16:56 ` Greg KH
0 siblings, 1 reply; 4+ messages in thread
From: Theodore Y. Ts'o @ 2020-01-17 16:40 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Barani Muthukumaran, Gaurav Kashyap, linux-api, linux-f2fs-devel,
Eric Biggers, linux-fscrypt, linux-mtd, Jaegeuk Kim, linux-ext4
On Fri, Jan 17, 2020 at 12:12:46AM -0800, Christoph Hellwig wrote:
> On Thu, Jan 16, 2020 at 11:20:08AM -0800, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > Reserve flags for the hardware-wrapped keys feature which is being
> > worked on [1]. FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY will denote that the
> > encryption policy needs a hardware-wrapped key to be unlocked.
> > FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED will denote that the key being added is
> > a hardware-wrapped key.
> >
> > This reservation is tentative, and these codepoints may be reused if the
> > feature is not upstreamed.
>
> NAK. While the feature itself sounds really useful we don't just
> reserve format bits for code not upstream.
I disagree; saving a codepoint to avoid accidental collision of a
feature bit is a good and proper thing to do.
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
- Ted
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature
2020-01-17 16:40 ` Theodore Y. Ts'o
@ 2020-01-17 16:56 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2020-01-17 16:56 UTC (permalink / raw)
To: Theodore Y. Ts'o
Cc: Eric Biggers, Barani Muthukumaran, Gaurav Kashyap, linux-api,
linux-f2fs-devel, Christoph Hellwig, linux-fscrypt, linux-mtd,
Jaegeuk Kim, linux-ext4
On Fri, Jan 17, 2020 at 11:40:54AM -0500, Theodore Y. Ts'o wrote:
> On Fri, Jan 17, 2020 at 12:12:46AM -0800, Christoph Hellwig wrote:
> > On Thu, Jan 16, 2020 at 11:20:08AM -0800, Eric Biggers wrote:
> > > From: Eric Biggers <ebiggers@google.com>
> > >
> > > Reserve flags for the hardware-wrapped keys feature which is being
> > > worked on [1]. FSCRYPT_POLICY_FLAG_HW_WRAPPED_KEY will denote that the
> > > encryption policy needs a hardware-wrapped key to be unlocked.
> > > FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED will denote that the key being added is
> > > a hardware-wrapped key.
> > >
> > > This reservation is tentative, and these codepoints may be reused if the
> > > feature is not upstreamed.
> >
> > NAK. While the feature itself sounds really useful we don't just
> > reserve format bits for code not upstream.
>
> I disagree; saving a codepoint to avoid accidental collision of a
> feature bit is a good and proper thing to do.
>
> Reviewed-by: Theodore Ts'o <tytso@mit.edu>
What kind of "deadline" do you have for that feature to then be merged?
I'm with Christoph here, we shouldn't be reserving bits for stuff not
in mergable state, what's the rush?
thansk,
greg k-h
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-17 16:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-16 19:20 [f2fs-dev] [PATCH] fscrypt: reserve flags for hardware-wrapped keys feature Eric Biggers
2020-01-17 8:12 ` Christoph Hellwig
2020-01-17 16:40 ` Theodore Y. Ts'o
2020-01-17 16:56 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).