From: Chandan Rajendra <chandan@linux.vnet.ibm.com>
To: linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-doc@vger.kernel.org, linux-mips@linux-mips.org,
linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-fsdevel@vger.kernel.org
Cc: Chandan Rajendra <chandan@linux.vnet.ibm.com>,
tytso@mit.edu, adilger.kernel@dilger.ca, ebiggers@kernel.org,
jaegeuk@kernel.org, yuchao0@huawei.com, corbet@lwn.net,
ralf@linux-mips.org, paul.burton@mips.com, jhogan@kernel.org,
green.hu@gmail.com, deanbo422@gmail.com, schwidefsky@de.ibm.com,
heiko.carstens@de.ibm.com, richard@nod.at, dedekind1@gmail.com,
adrian.hunter@intel.com, viro@zeniv.linux.org.uk
Subject: [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options
Date: Wed, 12 Dec 2018 15:20:09 +0530 [thread overview]
Message-ID: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> (raw)
In order to have a common code base for fscrypt & fsverity "post read"
processing across filesystems which implement fscrypt/fsverity, this
commit removes filesystem specific build config option
(CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY,
CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and
CONFIG_UBIFS_FS_ENCRYPTION) and replaces it with build options
(CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY) whose values affect all
the filesystems making use of fscrypt and fsverity.
Since I have access to only to x86 and ppc64le machines, I haven't
tested the defconfig files for other architectures.
Changelog:
V4 -> V5:
1. UBIFS: Do not select CONFIG_BLOCK if CONFIG_FS_ENCRYPTION is enabled. This
fixes the "Kconfig recursive dependency" issue seen on IA64.
2. Include fixes for fsverity_file_open() & fsverity_prepare_setattr() provided
by Eric. These fixes now allow opening of non-fsverity files on fsverity
enabled Ext4/F2FS to succeed.
V3 -> V4:
1. For non-fsverity supported kernels, return success when fsverity_file_open()
is invoked for non-fsverity files.
V2 -> V3:
1. Remove unnecessary line breaks.
2. Remove the definition of f2fs_encrypted_inode().
3. Fix Kconfig dependencies for fscrypt w.r.t F2FS and UBIFS. If F2FS is enabled
in the kernel build configuration, F2FS_FS_XATTR is selected if FS_ENCRYPTION
is enabled. Similarly, if UBIFS is enabled in the kernel build configuration,
UBIFS_FS_XATTR and BLOCK is selected if FS_ENCRYPTION is enabled.
4. Two new patches have been added to move verity status check to
fsverity_file_open() and fsverity_prepare_setattr().
5. For patch "f2fs: use IS_VERITY() to check inode's fsverity status", the
acked-by tag given by Chao Yu has been removed since I added an invocation to
f2fs_set_inode_flags() inside f2fs_set_verity(). This is needed to have
S_VERITY flag set on the corresponding VFS inode.
V1 -> V2:
1. Address the following review comments provided by Eric Biggers,
- In ext4_should_use_dax(), Use ext4_test_inode_flag() to check for
fscrypt/fsverity status of an inode.
- Update documentation associated with fscrypt & fsverity to refer to
CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags.
- Remove filesystem specific fscrypt build configuration from defconfig
files.
- Provide a list of supported filesystems for CONFIG_FS_ENCRYPTION and
CONFIG_FS_VERITY build flags.
- Update comment describing S_VERITY flag.
2. Remove UBIFS specific encryption build option and make use of the generic
CONFIG_FS_ENCRYPTION flag.
RFC -> V1:
1. Add a new patch to implement S_VERITY/IS_VERITY().
2. Split code that replaces filesystem specific routines with generic
IS_ENCRYPTED() and IS_VERITY() calls into separate patches.
Chandan Rajendra (9):
ext4: use IS_ENCRYPTED() to check encryption status
f2fs: use IS_ENCRYPTED() to check encryption status
fscrypt: remove filesystem specific build config option
Add S_VERITY and IS_VERITY()
ext4: use IS_VERITY() to check inode's fsverity status
f2fs: use IS_VERITY() to check inode's fsverity status
fsverity: Remove filesystem specific build config option
fsverity: Move verity status check to fsverity_file_open
fsverity: Move verity status check to fsverity_prepare_setattr
Documentation/filesystems/fscrypt.rst | 4 +-
Documentation/filesystems/fsverity.rst | 4 +-
arch/mips/configs/generic_defconfig | 2 +-
arch/nds32/configs/defconfig | 2 +-
arch/s390/configs/debug_defconfig | 2 +-
arch/s390/configs/performance_defconfig | 2 +-
fs/crypto/Kconfig | 5 +-
fs/crypto/fscrypt_private.h | 1 -
fs/ext4/Kconfig | 35 --
fs/ext4/dir.c | 10 +-
fs/ext4/ext4.h | 23 +-
fs/ext4/ext4_jbd2.h | 2 +-
fs/ext4/extents.c | 4 +-
fs/ext4/file.c | 8 +-
fs/ext4/ialloc.c | 2 +-
fs/ext4/inode.c | 40 ++-
fs/ext4/ioctl.c | 4 +-
fs/ext4/move_extent.c | 3 +-
fs/ext4/namei.c | 18 +-
fs/ext4/page-io.c | 9 +-
fs/ext4/readpage.c | 10 +-
fs/ext4/super.c | 13 +-
fs/ext4/sysfs.c | 8 +-
fs/f2fs/Kconfig | 32 +-
fs/f2fs/data.c | 6 +-
fs/f2fs/dir.c | 10 +-
fs/f2fs/f2fs.h | 23 +-
fs/f2fs/file.c | 28 +-
fs/f2fs/inode.c | 8 +-
fs/f2fs/namei.c | 6 +-
fs/f2fs/super.c | 15 +-
fs/f2fs/sysfs.c | 8 +-
fs/ubifs/Kconfig | 12 +-
fs/ubifs/Makefile | 2 +-
fs/ubifs/ioctl.c | 4 +-
fs/ubifs/sb.c | 2 +-
fs/ubifs/super.c | 2 +-
fs/ubifs/ubifs.h | 5 +-
fs/verity/Kconfig | 3 +-
fs/verity/fsverity_private.h | 1 -
fs/verity/setup.c | 32 +-
include/linux/fs.h | 10 +-
include/linux/fscrypt.h | 416 +++++++++++++++++++++++-
include/linux/fscrypt_notsupp.h | 231 -------------
include/linux/fscrypt_supp.h | 204 ------------
include/linux/fsverity.h | 57 +++-
46 files changed, 598 insertions(+), 730 deletions(-)
delete mode 100644 include/linux/fscrypt_notsupp.h
delete mode 100644 include/linux/fscrypt_supp.h
--
2.19.1
WARNING: multiple messages have this Message-ID (diff)
From: Chandan Rajendra <chandan@linux.vnet.ibm.com>
To: linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-doc@vger.kernel.org, linux-mips@linux-mips.org,
linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-fsdevel@vger.kernel.org
Cc: dedekind1@gmail.com, tytso@mit.edu, corbet@lwn.net,
jhogan@kernel.org, yuchao0@huawei.com, heiko.carstens@de.ibm.com,
adrian.hunter@intel.com, ralf@linux-mips.org,
ebiggers@kernel.org, paul.burton@mips.com,
Chandan Rajendra <chandan@linux.vnet.ibm.com>,
adilger.kernel@dilger.ca, green.hu@gmail.com, richard@nod.at,
schwidefsky@de.ibm.com, jaegeuk@kernel.org, deanbo422@gmail.com,
viro@zeniv.linux.org.uk
Subject: [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options
Date: Wed, 12 Dec 2018 15:20:09 +0530 [thread overview]
Message-ID: <20181212095018.12648-1-chandan@linux.vnet.ibm.com> (raw)
In order to have a common code base for fscrypt & fsverity "post read"
processing across filesystems which implement fscrypt/fsverity, this
commit removes filesystem specific build config option
(CONFIG_EXT4_FS_ENCRYPTION, CONFIG_EXT4_FS_VERITY,
CONFIG_F2FS_FS_ENCRYPTION, CONFIG_F2FS_FS_VERITY and
CONFIG_UBIFS_FS_ENCRYPTION) and replaces it with build options
(CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY) whose values affect all
the filesystems making use of fscrypt and fsverity.
Since I have access to only to x86 and ppc64le machines, I haven't
tested the defconfig files for other architectures.
Changelog:
V4 -> V5:
1. UBIFS: Do not select CONFIG_BLOCK if CONFIG_FS_ENCRYPTION is enabled. This
fixes the "Kconfig recursive dependency" issue seen on IA64.
2. Include fixes for fsverity_file_open() & fsverity_prepare_setattr() provided
by Eric. These fixes now allow opening of non-fsverity files on fsverity
enabled Ext4/F2FS to succeed.
V3 -> V4:
1. For non-fsverity supported kernels, return success when fsverity_file_open()
is invoked for non-fsverity files.
V2 -> V3:
1. Remove unnecessary line breaks.
2. Remove the definition of f2fs_encrypted_inode().
3. Fix Kconfig dependencies for fscrypt w.r.t F2FS and UBIFS. If F2FS is enabled
in the kernel build configuration, F2FS_FS_XATTR is selected if FS_ENCRYPTION
is enabled. Similarly, if UBIFS is enabled in the kernel build configuration,
UBIFS_FS_XATTR and BLOCK is selected if FS_ENCRYPTION is enabled.
4. Two new patches have been added to move verity status check to
fsverity_file_open() and fsverity_prepare_setattr().
5. For patch "f2fs: use IS_VERITY() to check inode's fsverity status", the
acked-by tag given by Chao Yu has been removed since I added an invocation to
f2fs_set_inode_flags() inside f2fs_set_verity(). This is needed to have
S_VERITY flag set on the corresponding VFS inode.
V1 -> V2:
1. Address the following review comments provided by Eric Biggers,
- In ext4_should_use_dax(), Use ext4_test_inode_flag() to check for
fscrypt/fsverity status of an inode.
- Update documentation associated with fscrypt & fsverity to refer to
CONFIG_FS_ENCRYPTION and CONFIG_FS_VERITY build flags.
- Remove filesystem specific fscrypt build configuration from defconfig
files.
- Provide a list of supported filesystems for CONFIG_FS_ENCRYPTION and
CONFIG_FS_VERITY build flags.
- Update comment describing S_VERITY flag.
2. Remove UBIFS specific encryption build option and make use of the generic
CONFIG_FS_ENCRYPTION flag.
RFC -> V1:
1. Add a new patch to implement S_VERITY/IS_VERITY().
2. Split code that replaces filesystem specific routines with generic
IS_ENCRYPTED() and IS_VERITY() calls into separate patches.
Chandan Rajendra (9):
ext4: use IS_ENCRYPTED() to check encryption status
f2fs: use IS_ENCRYPTED() to check encryption status
fscrypt: remove filesystem specific build config option
Add S_VERITY and IS_VERITY()
ext4: use IS_VERITY() to check inode's fsverity status
f2fs: use IS_VERITY() to check inode's fsverity status
fsverity: Remove filesystem specific build config option
fsverity: Move verity status check to fsverity_file_open
fsverity: Move verity status check to fsverity_prepare_setattr
Documentation/filesystems/fscrypt.rst | 4 +-
Documentation/filesystems/fsverity.rst | 4 +-
arch/mips/configs/generic_defconfig | 2 +-
arch/nds32/configs/defconfig | 2 +-
arch/s390/configs/debug_defconfig | 2 +-
arch/s390/configs/performance_defconfig | 2 +-
fs/crypto/Kconfig | 5 +-
fs/crypto/fscrypt_private.h | 1 -
fs/ext4/Kconfig | 35 --
fs/ext4/dir.c | 10 +-
fs/ext4/ext4.h | 23 +-
fs/ext4/ext4_jbd2.h | 2 +-
fs/ext4/extents.c | 4 +-
fs/ext4/file.c | 8 +-
fs/ext4/ialloc.c | 2 +-
fs/ext4/inode.c | 40 ++-
fs/ext4/ioctl.c | 4 +-
fs/ext4/move_extent.c | 3 +-
fs/ext4/namei.c | 18 +-
fs/ext4/page-io.c | 9 +-
fs/ext4/readpage.c | 10 +-
fs/ext4/super.c | 13 +-
fs/ext4/sysfs.c | 8 +-
fs/f2fs/Kconfig | 32 +-
fs/f2fs/data.c | 6 +-
fs/f2fs/dir.c | 10 +-
fs/f2fs/f2fs.h | 23 +-
fs/f2fs/file.c | 28 +-
fs/f2fs/inode.c | 8 +-
fs/f2fs/namei.c | 6 +-
fs/f2fs/super.c | 15 +-
fs/f2fs/sysfs.c | 8 +-
fs/ubifs/Kconfig | 12 +-
fs/ubifs/Makefile | 2 +-
fs/ubifs/ioctl.c | 4 +-
fs/ubifs/sb.c | 2 +-
fs/ubifs/super.c | 2 +-
fs/ubifs/ubifs.h | 5 +-
fs/verity/Kconfig | 3 +-
fs/verity/fsverity_private.h | 1 -
fs/verity/setup.c | 32 +-
include/linux/fs.h | 10 +-
include/linux/fscrypt.h | 416 +++++++++++++++++++++++-
include/linux/fscrypt_notsupp.h | 231 -------------
include/linux/fscrypt_supp.h | 204 ------------
include/linux/fsverity.h | 57 +++-
46 files changed, 598 insertions(+), 730 deletions(-)
delete mode 100644 include/linux/fscrypt_notsupp.h
delete mode 100644 include/linux/fscrypt_supp.h
--
2.19.1
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next reply other threads:[~2018-12-12 9:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 9:50 Chandan Rajendra [this message]
2018-12-12 9:50 ` [PATCH V5 0/9] Remove fs specific fscrypt and fsverity build config options Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 1/9] ext4: use IS_ENCRYPTED() to check encryption status Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 2/9] f2fs: " Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 3/9] fscrypt: remove filesystem specific build config option Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 4/9] Add S_VERITY and IS_VERITY() Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 5/9] ext4: use IS_VERITY() to check inode's fsverity status Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 6/9] f2fs: " Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 7/9] fsverity: Remove filesystem specific build config option Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 8/9] fsverity: Move verity status check to fsverity_file_open Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
2018-12-12 9:50 ` [PATCH V5 9/9] fsverity: Move verity status check to fsverity_prepare_setattr Chandan Rajendra
2018-12-12 9:50 ` Chandan Rajendra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181212095018.12648-1-chandan@linux.vnet.ibm.com \
--to=chandan@linux.vnet.ibm.com \
--cc=adilger.kernel@dilger.ca \
--cc=adrian.hunter@intel.com \
--cc=corbet@lwn.net \
--cc=deanbo422@gmail.com \
--cc=dedekind1@gmail.com \
--cc=ebiggers@kernel.org \
--cc=green.hu@gmail.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jaegeuk@kernel.org \
--cc=jhogan@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=paul.burton@mips.com \
--cc=ralf@linux-mips.org \
--cc=richard@nod.at \
--cc=schwidefsky@de.ibm.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.