From: Chandan Rajendra <chandan@linux.vnet.ibm.com> To: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-doc@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org Cc: Chandan Rajendra <chandan@linux.vnet.ibm.com>, tytso@mit.edu, adilger.kernel@dilger.ca, ebiggers@kernel.org, jaegeuk@kernel.org, yuchao0@huawei.com, corbet@lwn.net, ralf@linux-mips.org, paul.burton@mips.com, jhogan@kernel.org, green.hu@gmail.com, deanbo422@gmail.com, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, richard@nod.at, dedekind1@gmail.com, adrian.hunter@intel.com, viro@zeniv.linux.org.uk Subject: [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options Date: Wed, 12 Dec 2018 15:20:09 +0530 [thread overview] Message-ID: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> (raw) In order to have a common code base for fscrypt & fsverity "post read" processing across filesystems which implement fscrypt/fsverity, this commit removes filesystem specific build config option (CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY, CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and CONFIG_UBIFS_FS_ENCRYPTION) and replaces it with build options (CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY) whose values affect all the filesystems making use of fscrypt and fsverity. Since I have access to only to x86 and ppc64le machines, I haven't tested the defconfig files for other architectures. Changelog: V4 -> V5: 1. UBIFS: Do not select CONFIG_BLOCK if CONFIG_FS_ENCRYPTION is enabled. This fixes the "Kconfig recursive dependency" issue seen on IA64. 2. Include fixes for fsverity_file_open() & fsverity_prepare_setattr() provided by Eric. These fixes now allow opening of non-fsverity files on fsverity enabled Ext4/F2FS to succeed. V3 -> V4: 1. For non-fsverity supported kernels, return success when fsverity_file_open() is invoked for non-fsverity files. V2 -> V3: 1. Remove unnecessary line breaks. 2. Remove the definition of f2fs_encrypted_inode(). 3. Fix Kconfig dependencies for fscrypt w.r.t F2FS and UBIFS. If F2FS is enabled in the kernel build configuration, F2FS_FS_XATTR is selected if FS_ENCRYPTION is enabled. Similarly, if UBIFS is enabled in the kernel build configuration, UBIFS_FS_XATTR and BLOCK is selected if FS_ENCRYPTION is enabled. 4. Two new patches have been added to move verity status check to fsverity_file_open() and fsverity_prepare_setattr(). 5. For patch "f2fs: use IS_VERITY() to check inode's fsverity status", the acked-by tag given by Chao Yu has been removed since I added an invocation to f2fs_set_inode_flags() inside f2fs_set_verity(). This is needed to have S_VERITY flag set on the corresponding VFS inode. V1 -> V2: 1. Address the following review comments provided by Eric Biggers, - In ext4_should_use_dax(), Use ext4_test_inode_flag() to check for fscrypt/fsverity status of an inode. - Update documentation associated with fscrypt & fsverity to refer to CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags. - Remove filesystem specific fscrypt build configuration from defconfig files. - Provide a list of supported filesystems for CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags. - Update comment describing S_VERITY flag. 2. Remove UBIFS specific encryption build option and make use of the generic CONFIG_FS_ENCRYPTION flag. RFC -> V1: 1. Add a new patch to implement S_VERITY/IS_VERITY(). 2. Split code that replaces filesystem specific routines with generic IS_ENCRYPTED() and IS_VERITY() calls into separate patches. Chandan Rajendra (9): ext4: use IS_ENCRYPTED() to check encryption status f2fs: use IS_ENCRYPTED() to check encryption status fscrypt: remove filesystem specific build config option Add S_VERITY and IS_VERITY() ext4: use IS_VERITY() to check inode's fsverity status f2fs: use IS_VERITY() to check inode's fsverity status fsverity: Remove filesystem specific build config option fsverity: Move verity status check to fsverity_file_open fsverity: Move verity status check to fsverity_prepare_setattr Documentation/filesystems/fscrypt.rst | 4 +- Documentation/filesystems/fsverity.rst | 4 +- arch/mips/configs/generic_defconfig | 2 +- arch/nds32/configs/defconfig | 2 +- arch/s390/configs/debug_defconfig | 2 +- arch/s390/configs/performance_defconfig | 2 +- fs/crypto/Kconfig | 5 +- fs/crypto/fscrypt_private.h | 1 - fs/ext4/Kconfig | 35 -- fs/ext4/dir.c | 10 +- fs/ext4/ext4.h | 23 +- fs/ext4/ext4_jbd2.h | 2 +- fs/ext4/extents.c | 4 +- fs/ext4/file.c | 8 +- fs/ext4/ialloc.c | 2 +- fs/ext4/inode.c | 40 ++- fs/ext4/ioctl.c | 4 +- fs/ext4/move_extent.c | 3 +- fs/ext4/namei.c | 18 +- fs/ext4/page-io.c | 9 +- fs/ext4/readpage.c | 10 +- fs/ext4/super.c | 13 +- fs/ext4/sysfs.c | 8 +- fs/f2fs/Kconfig | 32 +- fs/f2fs/data.c | 6 +- fs/f2fs/dir.c | 10 +- fs/f2fs/f2fs.h | 23 +- fs/f2fs/file.c | 28 +- fs/f2fs/inode.c | 8 +- fs/f2fs/namei.c | 6 +- fs/f2fs/super.c | 15 +- fs/f2fs/sysfs.c | 8 +- fs/ubifs/Kconfig | 12 +- fs/ubifs/Makefile | 2 +- fs/ubifs/ioctl.c | 4 +- fs/ubifs/sb.c | 2 +- fs/ubifs/super.c | 2 +- fs/ubifs/ubifs.h | 5 +- fs/verity/Kconfig | 3 +- fs/verity/fsverity_private.h | 1 - fs/verity/setup.c | 32 +- include/linux/fs.h | 10 +- include/linux/fscrypt.h | 416 +++++++++++++++++++++++- include/linux/fscrypt_notsupp.h | 231 ------------- include/linux/fscrypt_supp.h | 204 ------------ include/linux/fsverity.h | 57 +++- 46 files changed, 598 insertions(+), 730 deletions(-) delete mode 100644 include/linux/fscrypt_notsupp.h delete mode 100644 include/linux/fscrypt_supp.h -- 2.19.1
WARNING: multiple messages have this Message-ID (diff)
From: Chandan Rajendra <chandan@linux.vnet.ibm.com> To: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-doc@vger.kernel.org, linux-mips@linux-mips.org, linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org Cc: dedekind1@gmail.com, tytso@mit.edu, corbet@lwn.net, jhogan@kernel.org, yuchao0@huawei.com, heiko.carstens@de.ibm.com, adrian.hunter@intel.com, ralf@linux-mips.org, ebiggers@kernel.org, paul.burton@mips.com, Chandan Rajendra <chandan@linux.vnet.ibm.com>, adilger.kernel@dilger.ca, green.hu@gmail.com, richard@nod.at, schwidefsky@de.ibm.com, jaegeuk@kernel.org, deanbo422@gmail.com, viro@zeniv.linux.org.uk Subject: [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options Date: Wed, 12 Dec 2018 15:20:09 +0530 [thread overview] Message-ID: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> (raw) In order to have a common code base for fscrypt & fsverity "post read" processing across filesystems which implement fscrypt/fsverity, this commit removes filesystem specific build config option (CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY, CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and CONFIG_UBIFS_FS_ENCRYPTION) and replaces it with build options (CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY) whose values affect all the filesystems making use of fscrypt and fsverity. Since I have access to only to x86 and ppc64le machines, I haven't tested the defconfig files for other architectures. Changelog: V4 -> V5: 1. UBIFS: Do not select CONFIG_BLOCK if CONFIG_FS_ENCRYPTION is enabled. This fixes the "Kconfig recursive dependency" issue seen on IA64. 2. Include fixes for fsverity_file_open() & fsverity_prepare_setattr() provided by Eric. These fixes now allow opening of non-fsverity files on fsverity enabled Ext4/F2FS to succeed. V3 -> V4: 1. For non-fsverity supported kernels, return success when fsverity_file_open() is invoked for non-fsverity files. V2 -> V3: 1. Remove unnecessary line breaks. 2. Remove the definition of f2fs_encrypted_inode(). 3. Fix Kconfig dependencies for fscrypt w.r.t F2FS and UBIFS. If F2FS is enabled in the kernel build configuration, F2FS_FS_XATTR is selected if FS_ENCRYPTION is enabled. Similarly, if UBIFS is enabled in the kernel build configuration, UBIFS_FS_XATTR and BLOCK is selected if FS_ENCRYPTION is enabled. 4. Two new patches have been added to move verity status check to fsverity_file_open() and fsverity_prepare_setattr(). 5. For patch "f2fs: use IS_VERITY() to check inode's fsverity status", the acked-by tag given by Chao Yu has been removed since I added an invocation to f2fs_set_inode_flags() inside f2fs_set_verity(). This is needed to have S_VERITY flag set on the corresponding VFS inode. V1 -> V2: 1. Address the following review comments provided by Eric Biggers, - In ext4_should_use_dax(), Use ext4_test_inode_flag() to check for fscrypt/fsverity status of an inode. - Update documentation associated with fscrypt & fsverity to refer to CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags. - Remove filesystem specific fscrypt build configuration from defconfig files. - Provide a list of supported filesystems for CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags. - Update comment describing S_VERITY flag. 2. Remove UBIFS specific encryption build option and make use of the generic CONFIG_FS_ENCRYPTION flag. RFC -> V1: 1. Add a new patch to implement S_VERITY/IS_VERITY(). 2. Split code that replaces filesystem specific routines with generic IS_ENCRYPTED() and IS_VERITY() calls into separate patches. Chandan Rajendra (9): ext4: use IS_ENCRYPTED() to check encryption status f2fs: use IS_ENCRYPTED() to check encryption status fscrypt: remove filesystem specific build config option Add S_VERITY and IS_VERITY() ext4: use IS_VERITY() to check inode's fsverity status f2fs: use IS_VERITY() to check inode's fsverity status fsverity: Remove filesystem specific build config option fsverity: Move verity status check to fsverity_file_open fsverity: Move verity status check to fsverity_prepare_setattr Documentation/filesystems/fscrypt.rst | 4 +- Documentation/filesystems/fsverity.rst | 4 +- arch/mips/configs/generic_defconfig | 2 +- arch/nds32/configs/defconfig | 2 +- arch/s390/configs/debug_defconfig | 2 +- arch/s390/configs/performance_defconfig | 2 +- fs/crypto/Kconfig | 5 +- fs/crypto/fscrypt_private.h | 1 - fs/ext4/Kconfig | 35 -- fs/ext4/dir.c | 10 +- fs/ext4/ext4.h | 23 +- fs/ext4/ext4_jbd2.h | 2 +- fs/ext4/extents.c | 4 +- fs/ext4/file.c | 8 +- fs/ext4/ialloc.c | 2 +- fs/ext4/inode.c | 40 ++- fs/ext4/ioctl.c | 4 +- fs/ext4/move_extent.c | 3 +- fs/ext4/namei.c | 18 +- fs/ext4/page-io.c | 9 +- fs/ext4/readpage.c | 10 +- fs/ext4/super.c | 13 +- fs/ext4/sysfs.c | 8 +- fs/f2fs/Kconfig | 32 +- fs/f2fs/data.c | 6 +- fs/f2fs/dir.c | 10 +- fs/f2fs/f2fs.h | 23 +- fs/f2fs/file.c | 28 +- fs/f2fs/inode.c | 8 +- fs/f2fs/namei.c | 6 +- fs/f2fs/super.c | 15 +- fs/f2fs/sysfs.c | 8 +- fs/ubifs/Kconfig | 12 +- fs/ubifs/Makefile | 2 +- fs/ubifs/ioctl.c | 4 +- fs/ubifs/sb.c | 2 +- fs/ubifs/super.c | 2 +- fs/ubifs/ubifs.h | 5 +- fs/verity/Kconfig | 3 +- fs/verity/fsverity_private.h | 1 - fs/verity/setup.c | 32 +- include/linux/fs.h | 10 +- include/linux/fscrypt.h | 416 +++++++++++++++++++++++- include/linux/fscrypt_notsupp.h | 231 ------------- include/linux/fscrypt_supp.h | 204 ------------ include/linux/fsverity.h | 57 +++- 46 files changed, 598 insertions(+), 730 deletions(-) delete mode 100644 include/linux/fscrypt_notsupp.h delete mode 100644 include/linux/fscrypt_supp.h -- 2.19.1 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/
next reply other threads:[~2018-12-12 9:50 UTC|newest] Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-12-12 9:50 Chandan Rajendra [this message] 2018-12-12 9:50 ` [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 1/9] ext4: use IS_ENCRYPTED() to check encryption status Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 2/9] f2fs: " Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 3/9] fscrypt: remove filesystem specific build config option Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 4/9] Add S_VERITY and IS_VERITY() Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 5/9] ext4: use IS_VERITY() to check inode's fsverity status Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 6/9] f2fs: " Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 7/9] fsverity: Remove filesystem specific build config option Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 8/9] fsverity: Move verity status check to fsverity_file_open Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra 2018-12-12 9:50 ` [PATCH V5 9/9] fsverity: Move verity status check to fsverity_prepare_setattr Chandan Rajendra 2018-12-12 9:50 ` Chandan Rajendra
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181212095018.12648-1-chandan@linux.vnet.ibm.com \ --to=chandan@linux.vnet.ibm.com \ --cc=adilger.kernel@dilger.ca \ --cc=adrian.hunter@intel.com \ --cc=corbet@lwn.net \ --cc=deanbo422@gmail.com \ --cc=dedekind1@gmail.com \ --cc=ebiggers@kernel.org \ --cc=green.hu@gmail.com \ --cc=heiko.carstens@de.ibm.com \ --cc=jaegeuk@kernel.org \ --cc=jhogan@kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-f2fs-devel@lists.sourceforge.net \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-mips@linux-mips.org \ --cc=linux-mtd@lists.infradead.org \ --cc=linux-s390@vger.kernel.org \ --cc=paul.burton@mips.com \ --cc=ralf@linux-mips.org \ --cc=richard@nod.at \ --cc=schwidefsky@de.ibm.com \ --cc=tytso@mit.edu \ --cc=viro@zeniv.linux.org.uk \ --cc=yuchao0@huawei.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.