From patchwork Tue Sep 6 00:35:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966696 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D22C6C6FA86 for ; Tue, 6 Sep 2022 00:35:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232260AbiIFAfo (ORCPT ); Mon, 5 Sep 2022 20:35:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229575AbiIFAfm (ORCPT ); Mon, 5 Sep 2022 20:35:42 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3077696D5; Mon, 5 Sep 2022 17:35:41 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 0371B807FE; Mon, 5 Sep 2022 20:35:40 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424541; bh=Y+iKZpXHBHHoKVVRaTWk2jhbzrgFs91hTu1wIIFFP6w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r++ie2VvQvLw7c3XkmFlLzrWAXpVdEDf8xi6epESJ+sRkBWOP3d/JjsBdYw/ancaI IAHxlu0lbcCQ5tfY6htQeC/APdGh9DbRqp10gAYbi3d4Udue9kLbf0J4nMqpp+Gg4i X8VCJ91+a1oohnT3PCppVi3Qm4c/DW83FG/myf1aohf/fMLon4ZWZ/JCdMMk4Tni8P 5Hxiaynfq0vXSxwv0gN0oPaOdlZvKeQu7ODdqZuktKoaM7KVN9jYw4IvlD9TrOgbPZ h5DNwTMSvjjuqOvZY1oP50oF9CZIfWdMNBdz/WKLDRA9GVVt6yM9Xj0dPArJ0j8tkv SXT+SWZk9pFhA== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 01/20] fscrypt: expose fscrypt_nokey_name Date: Mon, 5 Sep 2022 20:35:16 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval btrfs stores its data structures, including filenames in directories, in its own buffer implementation, struct extent_buffer, composed of several non-contiguous pages. We could copy filenames into a temporary buffer and use fscrypt_match_name() against that buffer, such extensive memcpying would be expensive. Instead, exposing fscrypt_nokey_name as in this change allows btrfs to recapitulate fscrypt_match_name() using methods on struct extent_buffer instead of dealing with a raw byte array. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Reviewed-by: Josef Bacik --- fs/crypto/fname.c | 39 +-------------------------------------- include/linux/fscrypt.h | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 12bd61d20f69..6c092a1533f7 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -14,7 +14,6 @@ #include #include #include -#include #include #include "fscrypt_private.h" @@ -26,43 +25,7 @@ #define FSCRYPT_FNAME_MIN_MSG_LEN 16 /* - * struct fscrypt_nokey_name - identifier for directory entry when key is absent - * - * When userspace lists an encrypted directory without access to the key, the - * filesystem must present a unique "no-key name" for each filename that allows - * it to find the directory entry again if requested. Naively, that would just - * mean using the ciphertext filenames. However, since the ciphertext filenames - * can contain illegal characters ('\0' and '/'), they must be encoded in some - * way. We use base64url. But that can cause names to exceed NAME_MAX (255 - * bytes), so we also need to use a strong hash to abbreviate long names. - * - * The filesystem may also need another kind of hash, the "dirhash", to quickly - * find the directory entry. Since filesystems normally compute the dirhash - * over the on-disk filename (i.e. the ciphertext), it's not computable from - * no-key names that abbreviate the ciphertext using the strong hash to fit in - * NAME_MAX. It's also not computable if it's a keyed hash taken over the - * plaintext (but it may still be available in the on-disk directory entry); - * casefolded directories use this type of dirhash. At least in these cases, - * each no-key name must include the name's dirhash too. - * - * To meet all these requirements, we base64url-encode the following - * variable-length structure. It contains the dirhash, or 0's if the filesystem - * didn't provide one; up to 149 bytes of the ciphertext name; and for - * ciphertexts longer than 149 bytes, also the SHA-256 of the remaining bytes. - * - * This ensures that each no-key name contains everything needed to find the - * directory entry again, contains only legal characters, doesn't exceed - * NAME_MAX, is unambiguous unless there's a SHA-256 collision, and that we only - * take the performance hit of SHA-256 on very long filenames (which are rare). - */ -struct fscrypt_nokey_name { - u32 dirhash[2]; - u8 bytes[149]; - u8 sha256[SHA256_DIGEST_SIZE]; -}; /* 189 bytes => 252 bytes base64url-encoded, which is <= NAME_MAX (255) */ - -/* - * Decoded size of max-size no-key name, i.e. a name that was abbreviated using + * Decoded size of max-size nokey name, i.e. a name that was abbreviated using * the strong hash and thus includes the 'sha256' field. This isn't simply * sizeof(struct fscrypt_nokey_name), as the padding at the end isn't included. */ diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 7d2f1e0f23b1..a236d8c6d0da 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -16,6 +16,7 @@ #include #include #include +#include #include /* @@ -54,6 +55,42 @@ struct fscrypt_name { #define fname_name(p) ((p)->disk_name.name) #define fname_len(p) ((p)->disk_name.len) +/* + * struct fscrypt_nokey_name - identifier for directory entry when key is absent + * + * When userspace lists an encrypted directory without access to the key, the + * filesystem must present a unique "no-key name" for each filename that allows + * it to find the directory entry again if requested. Naively, that would just + * mean using the ciphertext filenames. However, since the ciphertext filenames + * can contain illegal characters ('\0' and '/'), they must be encoded in some + * way. We use base64url. But that can cause names to exceed NAME_MAX (255 + * bytes), so we also need to use a strong hash to abbreviate long names. + * + * The filesystem may also need another kind of hash, the "dirhash", to quickly + * find the directory entry. Since filesystems normally compute the dirhash + * over the on-disk filename (i.e. the ciphertext), it's not computable from + * no-key names that abbreviate the ciphertext using the strong hash to fit in + * NAME_MAX. It's also not computable if it's a keyed hash taken over the + * plaintext (but it may still be available in the on-disk directory entry); + * casefolded directories use this type of dirhash. At least in these cases, + * each no-key name must include the name's dirhash too. + * + * To meet all these requirements, we base64url-encode the following + * variable-length structure. It contains the dirhash, or 0's if the filesystem + * didn't provide one; up to 149 bytes of the ciphertext name; and for + * ciphertexts longer than 149 bytes, also the SHA-256 of the remaining bytes. + * + * This ensures that each no-key name contains everything needed to find the + * directory entry again, contains only legal characters, doesn't exceed + * NAME_MAX, is unambiguous unless there's a SHA-256 collision, and that we only + * take the performance hit of SHA-256 on very long filenames (which are rare). + */ +struct fscrypt_nokey_name { + u32 dirhash[2]; + u8 bytes[149]; + u8 sha256[SHA256_DIGEST_SIZE]; +}; /* 189 bytes => 252 bytes base64url-encoded, which is <= NAME_MAX (255) */ + /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 From patchwork Tue Sep 6 00:35:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966697 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8DB4FECAAA1 for ; Tue, 6 Sep 2022 00:35:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232419AbiIFAfr (ORCPT ); Mon, 5 Sep 2022 20:35:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229575AbiIFAfp (ORCPT ); Mon, 5 Sep 2022 20:35:45 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A5C269F73; Mon, 5 Sep 2022 17:35:43 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 39A37810F2; Mon, 5 Sep 2022 20:35:43 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424543; bh=J9xEJcGuisIywcmBd5rr30DtjcJrVtrqQjsjYA+j1YU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Esp7J6Tgm0RMzFOQAgPzd5SO0FTrT5N5GZMJzx2uygPAw5py4uCVwWYcJksOinWJi 5TFkw/Ecr/DKfZBgZFExlUwyi3H8Jxs7KkgdItb8tMwzYvr+xKDHVlizrg72HIX+5k 9yvK7eHVtQoOcsg0Xsnk8IiGr16xpnV6QnwC9ObO2axVZv/W4tCm8+6r+E4CLnXUN+ 9KYHBnTpl+0zeNLbdFkg6v/KRfdrTCOh8FSgBfExi9DYD3nerssnXoEWcP72OlNs9d bA57vxSb2Nq/5rY1B3f4X1jo02tUtV3HBrzkl/qikTRbL990D5vYjLG9yo5yYrzqea FGNzh+i9MYgWQ== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 02/20] fscrypt: add flag allowing partially-encrypted directories Date: Mon, 5 Sep 2022 20:35:17 -0400 Message-Id: <5e762e300535cbb9f04b25a97e1d13fd082f5b0e.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval Creating several new subvolumes out of snapshots of another subvolume, each for a different VM's storage, is a important usecase for btrfs. We would like to give each VM a unique encryption key to use for new writes to its subvolume, so that secure deletion of the VM's data is as simple as securely deleting the key; to avoid needing multiple keys in each VM, we envision the initial subvolume being unencrypted. However, this means that the snapshot's directories would have a mix of encrypted and unencrypted files. During lookup with a key, both unencrypted and encrypted forms of the desired name must be queried. To allow this, add another FS_CFLG to allow filesystems to opt into partially encrypted directories. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Reviewed-by: Josef Bacik --- fs/crypto/fname.c | 17 ++++++++++++++++- include/linux/fscrypt.h | 2 ++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 6c092a1533f7..3bdece33e14d 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -414,6 +414,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, fname->usr_fname = iname; if (!IS_ENCRYPTED(dir) || fscrypt_is_dot_dotdot(iname)) { +unencrypted: fname->disk_name.name = (unsigned char *)iname->name; fname->disk_name.len = iname->len; return 0; @@ -448,8 +449,16 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, * user-supplied name */ - if (iname->len > FSCRYPT_NOKEY_NAME_MAX_ENCODED) + if (iname->len > FSCRYPT_NOKEY_NAME_MAX_ENCODED) { + /* + * This isn't a valid nokey name, but it could be an unencrypted + * name if the filesystem allows partially encrypted + * directories. + */ + if (dir->i_sb->s_cop->flags & FS_CFLG_ALLOW_PARTIAL) + goto unencrypted; return -ENOENT; + } fname->crypto_buf.name = kmalloc(FSCRYPT_NOKEY_NAME_MAX, GFP_KERNEL); if (fname->crypto_buf.name == NULL) @@ -460,6 +469,12 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, if (ret < (int)offsetof(struct fscrypt_nokey_name, bytes[1]) || (ret > offsetof(struct fscrypt_nokey_name, sha256) && ret != FSCRYPT_NOKEY_NAME_MAX)) { + /* Again, this could be an unencrypted name. */ + if (dir->i_sb->s_cop->flags & FS_CFLG_ALLOW_PARTIAL) { + kfree(fname->crypto_buf.name); + fname->crypto_buf.name = NULL; + goto unencrypted; + } ret = -ENOENT; goto errout; } diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index a236d8c6d0da..a4e00314c91b 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -102,6 +102,8 @@ struct fscrypt_nokey_name { * pages for writes and therefore won't need the fscrypt bounce page pool. */ #define FS_CFLG_OWN_PAGES (1U << 1) +/* The filesystem allows partially encrypted directories/files. */ +#define FS_CFLG_ALLOW_PARTIAL (1U << 2) /* Crypto operations for filesystems */ struct fscrypt_operations { From patchwork Tue Sep 6 00:35:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F326ECAAD3 for ; Tue, 6 Sep 2022 00:35:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232602AbiIFAfu (ORCPT ); Mon, 5 Sep 2022 20:35:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232204AbiIFAfq (ORCPT ); Mon, 5 Sep 2022 20:35:46 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8457267C97; Mon, 5 Sep 2022 17:35:45 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id E716F81041; Mon, 5 Sep 2022 20:35:44 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424545; bh=31tak+bQ7sOpodTtj1F9GEdWxgKjOvfSzMwGFTIcn7g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MmowLzgV+u+yd1LjLrWPbLXKZHegJX25ISzMSxcXNcQwWXZiDdTyJETqcxxEGzaoW p6QfM9QVZs3V2JWjHGbIkWDDus/hxcnCqBPVnGJvo7d/lrcHb6CYq7C2hy0F1f7kCf kNbg08PFe26HCBrESL5k6imDM/WIPU0rlsqsG+7/U817TH4oCSSxmqj+T9zrdmsSFu J86IqfDingkEBb0SrwDnxFvhZVaozYqFU+EgqgxW1qPg9k+D76Psl5WKC/CC3JIKNg 3kPHbTZIfaAIwbwH4/KOjD8/rhQyETRekPRQTDxL2hQ0SGSi5KvpFflPKMw4xACeBC D4uS9yIfxgTVg== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 03/20] fscrypt: add fscrypt_have_same_policy() to check inode compatibility Date: Mon, 5 Sep 2022 20:35:18 -0400 Message-Id: <59fe9cb2916e7bad3bc57abc211a35f0a85990bc.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval Btrfs will need to check whether inode policies are identical for various purposes: if two inodes want to share an extent, they must have the same policy, including key identifier; symlinks must not span the encrypted/unencrypted border; and certain encryption policies will allow btrfs to store one fscrypt_context for multiple objects. Therefore, add a function which allows checking the encryption policies of two inodes to ensure they are identical. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/crypto/policy.c | 26 ++++++++++++++++++++++++++ include/linux/fscrypt.h | 1 + 2 files changed, 27 insertions(+) diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 80b8ca0f340b..ed8b7b6531e5 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -415,6 +415,32 @@ static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy) return fscrypt_policy_from_context(policy, &ctx, ret); } +/** + * fscrypt_have_same_policy() - check whether two inodes have the same policy + * @inode1: the first inode + * @inode2: the second inode + * + * Return: %true if equal, else %false + */ +int fscrypt_have_same_policy(struct inode *inode1, struct inode *inode2) +{ + union fscrypt_policy policy1, policy2; + int err; + + if (!IS_ENCRYPTED(inode1) && !IS_ENCRYPTED(inode2)) + return true; + else if (!IS_ENCRYPTED(inode1) || !IS_ENCRYPTED(inode2)) + return false; + err = fscrypt_get_policy(inode1, &policy1); + if (err) + return err; + err = fscrypt_get_policy(inode2, &policy2); + if (err) + return err; + return fscrypt_policies_equal(&policy1, &policy2); +} +EXPORT_SYMBOL(fscrypt_have_same_policy); + static int set_encryption_policy(struct inode *inode, const union fscrypt_policy *policy) { diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index a4e00314c91b..16d2252d5562 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -318,6 +318,7 @@ static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) void fscrypt_free_bounce_page(struct page *bounce_page); /* policy.c */ +int fscrypt_have_same_policy(struct inode *inode1, struct inode *inode2); int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg); int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); From patchwork Tue Sep 6 00:35:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966699 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9FE9C6FA86 for ; Tue, 6 Sep 2022 00:35:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232540AbiIFAfw (ORCPT ); Mon, 5 Sep 2022 20:35:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232486AbiIFAfs (ORCPT ); Mon, 5 Sep 2022 20:35:48 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70B2967C97; Mon, 5 Sep 2022 17:35:47 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id D0F468110B; Mon, 5 Sep 2022 20:35:46 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424547; bh=FHQb/jBsuApS00FJLWrCuzmPZJWToYiV0GtCBqAspI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nmVKeEMxOk1Nwbh91WG58zWiiTQgXqdMJAtYOd/qvjJxA8aZhXz9L2VhhX7/B35D2 hpY0/cRAExHs8m2nVO3Pc6UDfBIVTugaRqDte409nLwR3vmxjlk4ArpS7CbPN4+ZKc hsPPgjlkM1SRWxh/IcCIlfshSo82X71w99oKbu5ShNNcx7nCU4Gc38AR64rE4vu+UM dp8WjWjLEJl4B2/M8MGUJXs5BgBj3K6VOw144KQg54HqFIZ/QQ02ialCh2XTHUea6c bB/Gz0uU63DoY32ZikKVexj+7cM/84Lb0PT1nXvtiOZ6niHVYPIU0EFiTa0xA3invN zU5UIFIsI1XlA== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 04/20] fscrypt: allow fscrypt_generate_iv() to distinguish filenames Date: Mon, 5 Sep 2022 20:35:19 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org With the introduction of extent-based file content encryption, filenames and file contents might no longer use the same IV generation scheme, and so should not upass the same logical block number to fscrypt_generate_iv(). In preparation, start passing U64_MAX as the block number for filename IV generation, and make fscrypt_generate_iv() translate this to 0 if extent-based encryption is not being used. Signed-off-by: Sweet Tea Dorminy --- fs/crypto/crypto.c | 9 ++++++++- fs/crypto/fname.c | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index e78be66bbf01..7fe5979fbea2 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -71,7 +71,7 @@ EXPORT_SYMBOL(fscrypt_free_bounce_page); /* * Generate the IV for the given logical block number within the given file. - * For filenames encryption, lblk_num == 0. + * For filenames encryption, lblk_num == U64_MAX. * * Keep this in sync with fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() * needs to know about any IV generation methods where the low bits of IV don't @@ -84,6 +84,13 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, memset(iv, 0, ci->ci_mode->ivsize); + /* + * Filename encryption. For inode-based policies, filenames are + * encrypted as though they are lblk 0. + */ + if (lblk_num == U64_MAX) + lblk_num = 0; + if (flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) { WARN_ON_ONCE(lblk_num > U32_MAX); WARN_ON_ONCE(ci->ci_inode->i_ino > U32_MAX); diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 3bdece33e14d..16b64e0589e4 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -79,7 +79,7 @@ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname, memset(out + iname->len, 0, olen - iname->len); /* Initialize the IV */ - fscrypt_generate_iv(&iv, 0, ci); + fscrypt_generate_iv(&iv, U64_MAX, ci); /* Set up the encryption request */ req = skcipher_request_alloc(tfm, GFP_NOFS); @@ -134,7 +134,7 @@ static int fname_decrypt(const struct inode *inode, crypto_req_done, &wait); /* Initialize IV */ - fscrypt_generate_iv(&iv, 0, ci); + fscrypt_generate_iv(&iv, U64_MAX, ci); /* Create decryption request */ sg_init_one(&src_sg, iname->name, iname->len); From patchwork Tue Sep 6 00:35:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F72FC6FA89 for ; Tue, 6 Sep 2022 00:35:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232614AbiIFAfx (ORCPT ); Mon, 5 Sep 2022 20:35:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232204AbiIFAfu (ORCPT ); Mon, 5 Sep 2022 20:35:50 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 824A769F6D; Mon, 5 Sep 2022 17:35:49 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id D783481041; Mon, 5 Sep 2022 20:35:48 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424549; bh=Gb5EIPbFWADVMM/ClXb2+o6eUDbIJIkKlb/W1XKHrsY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nWvLMPYm/b5tAYcl3b5Ey3pjzXQq3vSU3kRnDgNBER6FRFbWCg2AbksA1fAAyZSLr 3nJ6ariwbdWvEIX7euNvEZsStg0Z1IvPYpurdKVjxwgJG/8O927ffpLM14bg4dz8MO lECxuNk0id4FC3bfhP3JL/V86NC3+RGSAdUVttlnRgx56hJAG5ZnWHsTuUzc8PdCWH 6OvTrKSkmeEpK/YZ0Reb0i48HG7e1Thrj7t8hOo9+AAfGPo7wVgQkt2zYVvw+mPKxr mtAQss1NpZl9qrW2jnYBmtLezfBzasVUZ4+pxl5B63xLvG6RRzvptW+x1h1+evDUnD ydmR310xXW//A== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 05/20] fscrypt: add extent-based encryption Date: Mon, 5 Sep 2022 20:35:20 -0400 Message-Id: <48d09d4905d0c6e5e72d37535eb852487f1bd9cb.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org Some filesystems need to encrypt data based on extents, rather than on inodes, due to features incompatible with inode-based encryption. For instance, btrfs can have multiple inodes referencing a single block of data, and moves logical data blocks to different physical locations on disk in the background; these two features mean inode or physical-location-based policies will not work for btrfs. This change introduces fscrypt_extent_context objects, in analogy to existing context objects based on inodes. For a filesystem which uses extents, a new hook provides a new fscrypt_extent_context. During file content encryption/decryption, the existing fscrypt_context object provides key information, while the new fscrypt_extent_context provides IV information. For filename encryption, the existing IV generation methods are still used, since filenames are not stored in extents. As individually keyed inodes prevent sharing of extents, such policies are forbidden for filesystems with extent-based encryption. Signed-off-by: Sweet Tea Dorminy Reported-by: kernel test robot --- fs/crypto/crypto.c | 15 +++++++- fs/crypto/fscrypt_private.h | 26 ++++++++++++- fs/crypto/inline_crypt.c | 29 +++++++++++--- fs/crypto/policy.c | 77 +++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 41 ++++++++++++++++++++ 5 files changed, 178 insertions(+), 10 deletions(-) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 7fe5979fbea2..77537736096b 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -81,8 +81,19 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { u8 flags = fscrypt_policy_flags(&ci->ci_policy); + struct inode *inode = ci->ci_inode; + const struct fscrypt_operations *s_cop = inode->i_sb->s_cop; memset(iv, 0, ci->ci_mode->ivsize); + if (s_cop->get_extent_context && lblk_num != U64_MAX) { + size_t extent_offset; + union fscrypt_extent_context ctx; + int ret = fscrypt_get_extent_context(inode, lblk_num, &ctx, &extent_offset, NULL); + WARN_ON_ONCE(ret != 0); + memcpy(iv->raw, ctx.v1.iv, ci->ci_mode->ivsize); + iv->lblk_num = iv->lblk_num + cpu_to_le64(extent_offset); + return; + } /* * Filename encryption. For inode-based policies, filenames are @@ -93,8 +104,8 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, if (flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64) { WARN_ON_ONCE(lblk_num > U32_MAX); - WARN_ON_ONCE(ci->ci_inode->i_ino > U32_MAX); - lblk_num |= (u64)ci->ci_inode->i_ino << 32; + WARN_ON_ONCE(inode->i_ino > U32_MAX); + lblk_num |= (u64)inode->i_ino << 32; } else if (flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) { WARN_ON_ONCE(lblk_num > U32_MAX); lblk_num = (u32)(ci->ci_hashed_ino + lblk_num); diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 3afdaa084773..2092ef63c80a 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -165,6 +165,27 @@ fscrypt_policy_flags(const union fscrypt_policy *policy) BUG(); } +#define FSCRYPT_MAX_IV_SIZE 32 + +/* + * fscrypt_extent_context - the encryption context for an extent + * + * For filesystems that support extent encryption, this context provides the + * necessary randomly-initialized IV in order to encrypt/decrypt the data + * stored in the extent. It is stored alongside each extent, and is + * insufficient to decrypt the extent: the extent's owning inode(s) provide the + * policy information (including key identifier) necessary to decrypt. + */ +struct fscrypt_extent_context_v1 { + u8 version; + u8 iv[FSCRYPT_MAX_IV_SIZE]; +}; + +union fscrypt_extent_context { + u8 version; + struct fscrypt_extent_context_v1 v1; +}; + /* * For encrypted symlinks, the ciphertext length is stored at the beginning * of the string in little-endian format. @@ -279,8 +300,6 @@ fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...); #define fscrypt_err(inode, fmt, ...) \ fscrypt_msg((inode), KERN_ERR, fmt, ##__VA_ARGS__) -#define FSCRYPT_MAX_IV_SIZE 32 - union fscrypt_iv { struct { /* logical block number within the file */ @@ -628,5 +647,8 @@ int fscrypt_policy_from_context(union fscrypt_policy *policy_u, const union fscrypt_context *ctx_u, int ctx_size); const union fscrypt_policy *fscrypt_policy_to_inherit(struct inode *dir); +int fscrypt_get_extent_context(const struct inode *inode, u64 lblk_num, + union fscrypt_extent_context *ctx, + size_t *extent_offset, size_t *extent_length); #endif /* _FSCRYPT_PRIVATE_H */ diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 90f3e68f166e..0537f710047e 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -1,3 +1,4 @@ + // SPDX-License-Identifier: GPL-2.0 /* * Inline encryption support for fscrypt @@ -466,6 +467,7 @@ EXPORT_SYMBOL_GPL(fscrypt_dio_supported); */ u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks) { + const struct fscrypt_operations *s_cop = inode->i_sb->s_cop; const struct fscrypt_info *ci; u32 dun; @@ -476,14 +478,29 @@ u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks) return nr_blocks; ci = inode->i_crypt_info; - if (!(fscrypt_policy_flags(&ci->ci_policy) & - FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) - return nr_blocks; - /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + if (s_cop->get_extent_context) { + size_t extent_offset, extent_length; + int ret = fscrypt_get_extent_context(inode, lblk, NULL, + &extent_offset, + &extent_length); + if (ret < 0) { + WARN_ON_ONCE(ret < 0); + return 1; + } + return extent_length - extent_offset; + } - dun = ci->ci_hashed_ino + lblk; + if ((fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) { + /* + * With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to + * 0. + */ + dun = ci->ci_hashed_ino + lblk; + return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); + } - return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); + return nr_blocks; } EXPORT_SYMBOL_GPL(fscrypt_limit_io_blocks); diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index ed8b7b6531e5..2a92500e1e08 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -175,6 +175,13 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, return false; } + if (inode->i_sb->s_cop->get_extent_context && + !(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY)) { + fscrypt_warn(inode, + "v1 with direct key required for this filesystem"); + return false; + } + if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && !supported_direct_key_modes(inode, policy->contents_encryption_mode, policy->filenames_encryption_mode)) @@ -222,6 +229,13 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, return false; } + if (inode->i_sb->s_cop->get_extent_context && + !(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY)) { + fscrypt_warn(inode, + "Direct key policy required for this filesystem using extent-based encryption"); + return false; + } + if ((policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) && !supported_direct_key_modes(inode, policy->contents_encryption_mode, policy->filenames_encryption_mode)) @@ -781,6 +795,69 @@ int fscrypt_set_context(struct inode *inode, void *fs_data) } EXPORT_SYMBOL_GPL(fscrypt_set_context); +/** + * fscrypt_get_extent_context() - Get the fscrypt extent context for a location + * @inode: an inode associated with the extent + * @lblk_num: a logical block number within the inode owned by the extent + * @ctx: a pointer to return the context found (may be NULL) + * @extent_offset: a pointer to return the offset of @lblk_num within the + * extent (may be NULL) + * @extent_length: a pointer to return the length of the extent found (may be + * NULL) + * + * Return: 0 on success, -errno on failure + */ +int fscrypt_get_extent_context(const struct inode *inode, u64 lblk_num, + union fscrypt_extent_context *ctx, + size_t *extent_offset, size_t *extent_length) +{ + int ret; + int ctxsize = (ctx == NULL ? 0 : sizeof(*ctx)); + + if (!IS_ENCRYPTED(inode)) + return -ENODATA; + + ret = inode->i_sb->s_cop->get_extent_context(inode, lblk_num, ctx, + ctxsize, extent_offset, + extent_length); + if (ret == ctxsize && (!ctx || ctx->version == 1)) + return 0; + if (ret > 0) + return -EINVAL; + return ret; +} +EXPORT_SYMBOL_GPL(fscrypt_get_extent_context); + +/** + * fscrypt_set_extent_context() - Set an extent's fscrypt context + * + * @inode: an inode to which the extent belongs + * @extent: private data referring to the extent, given by the FS and passed + * to ->set_extent_context() + * + * This should be called after fscrypt_prepare_new_inode(), generally during a + * filesystem transaction. Everything here must be %GFP_NOFS-safe. + * + * Return: 0 on success, -errno on failure + */ +int fscrypt_set_extent_context(struct inode *inode, void *extent) +{ + struct fscrypt_info *ci = inode->i_crypt_info; + union fscrypt_extent_context ctx; + int ivsize; + + if (!IS_ENCRYPTED(inode)) + return -ENODATA; + + ivsize = ci->ci_mode->ivsize; + ctx.v1.version = 1; + get_random_bytes(ctx.v1.iv, ivsize); + + return inode->i_sb->s_cop->set_extent_context(extent, + &ctx, ivsize + 1); +} +EXPORT_SYMBOL_GPL(fscrypt_set_extent_context); + /** * fscrypt_parse_test_dummy_encryption() - parse the test_dummy_encryption mount option * @param: the mount option diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 16d2252d5562..136395f4d82d 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -94,6 +94,13 @@ struct fscrypt_nokey_name { /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 +/* + * Maximum value for the third parameter of + * fscrypt_operations.set_extent_context(). Update if fscrypt_private.h: + * FSCRYPT_MAX_IVSIZE changes + */ +#define FSCRYPT_EXTENT_CONTEXT_MAX_SIZE 33 + #ifdef CONFIG_FS_ENCRYPTION /* @@ -152,6 +159,39 @@ struct fscrypt_operations { int (*set_context)(struct inode *inode, const void *ctx, size_t len, void *fs_data); + /* + * Get the fscrypt extent context for a given inode and lblk number. + * + * @inode: the inode to which the extent belongs + * @lblk_num: the block number within the file whose extent is being + * queried + * @ctx: the buffer into which to get the context (may be NULL) + * @len: the length of the @ctx buffer in bytes + * @extent_offset: a pointer to return the offset of @lblk_num within + * the extent whose context is returned (may be NULL) + * @extent_length: a pointer to return the total length of the extent + * whose context was found (may be NULL) + * + * Return: On success, returns the length of the context in bytes, + * which may be less than @len. On failure, returns -ENODATA if the + * extent doesn't have a context, -ERANGE if the context is longer + * than @len, or another -errno code. + */ + int (*get_extent_context)(const struct inode *inode, u64 lblk_num, + void *ctx, size_t len, + size_t *extent_offset, size_t *extent_length); + + /* + * Set the fscrypt extent context for an extent. + * + * @extent: an opaque pointer to the filesystem's extent object + * @ctx: the buffer containing the extent context to set + * @len: the length of the @ctx buffer in bytes + * + * Return: 0 on success, -errno on failure. + */ + int (*set_extent_context)(void *extent, void *ctx, size_t len); + /* * Get the dummy fscrypt policy in use on the filesystem (if any). * @@ -326,6 +366,7 @@ int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); int fscrypt_context_for_new_inode(void *ctx, struct inode *inode); int fscrypt_set_context(struct inode *inode, void *fs_data); +int fscrypt_set_extent_context(struct inode *inode, void *extent); struct fscrypt_dummy_policy { const union fscrypt_policy *policy; From patchwork Tue Sep 6 00:35:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966701 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C555ECAAA1 for ; Tue, 6 Sep 2022 00:35:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232775AbiIFAfy (ORCPT ); Mon, 5 Sep 2022 20:35:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232486AbiIFAfx (ORCPT ); Mon, 5 Sep 2022 20:35:53 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A3FF696E5; Mon, 5 Sep 2022 17:35:51 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id BFD2A807FE; Mon, 5 Sep 2022 20:35:50 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424551; bh=+thUT6Cq6999iUqrVM0TWGw5+/2kA0ydzokSIPEYGbs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CcnTHF6F03sZ/rApjqbg2Ai2QMBh2l3krFtZrjWD0gN/45dH7MJcM9Ds/XUCtDRci 9nXBeT1uFloVxTp7y+DvUe1jwgHwD9gB6Cm3GFkfPkwEBsz8ve38niiYGVPSQUN3/5 Vl/N0mXbnNOfWG0woIFAYg8919xn8LUWKDEQbHzJtJXInMHYwJCZMENJS8GNnkm6mi fsW8J/On8now+9BtX13x+9wIBX8H96RptGWnq8oiy06CuOJBIQ3G/VMmgkTTbpbufM zKEDC/McDdtIF3EOkZHfgJqweF4WMkH8iUDVWfuX6tSi9MIFo49AHLRfMF21gCkXM+ Oc7CDS3sOYWjw== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 06/20] fscrypt: document btrfs' fscrypt quirks. Date: Mon, 5 Sep 2022 20:35:21 -0400 Message-Id: <162ee6895a7d5060d1cd1ce9b2cff885eec9a062.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org As btrfs has a couple of quirks in its encryption compared to other filesystems, they should be documented like ext4's quirks. Additionally, extent-based contents encryption, being wholly new, deserves its own section to compare against file-based contents encryption. Signed-off-by: Sweet Tea Dorminy Reviewed-by: Josef Bacik --- Documentation/filesystems/fscrypt.rst | 62 +++++++++++++++++++-------- 1 file changed, 45 insertions(+), 17 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index 5ba5817c17c2..9dd7e8c0090a 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -31,7 +31,7 @@ However, except for filenames, fscrypt does not encrypt filesystem metadata. Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated -directly into supported filesystems --- currently ext4, F2FS, and +directly into supported filesystems --- currently btrfs, ext4, F2FS, and UBIFS. This allows encrypted files to be read and written without caching both the decrypted and encrypted pages in the pagecache, thereby nearly halving the memory used and bringing it in line with @@ -41,10 +41,10 @@ causing application compatibility issues; fscrypt allows the full 255 bytes (NAME_MAX). Finally, unlike eCryptfs, the fscrypt API can be used by unprivileged users, with no need to mount anything. -fscrypt does not support encrypting files in-place. Instead, it -supports marking an empty directory as encrypted. Then, after -userspace provides the key, all regular files, directories, and -symbolic links created in that directory tree are transparently +For most filesystems, fscrypt does not support encrypting files +in-place. Instead, it supports marking an empty directory as encrypted. +Then, after userspace provides the key, all regular files, directories, +and symbolic links created in that directory tree are transparently encrypted. Threat model @@ -280,6 +280,11 @@ included in the IV. Moreover: key derived using the KDF. Users may use the same master key for other v2 encryption policies. +For filesystems with extent-based content encryption (e.g. btrfs), +this is the only choice. Data shared among multiple inodes must share +the exact same key, therefore necessitating inodes using the same key +for contents encryption. + IV_INO_LBLK_64 policies ----------------------- @@ -374,12 +379,12 @@ to individual filesystems. However, authenticated encryption (AE) modes are not currently supported because of the difficulty of dealing with ciphertext expansion. -Contents encryption -------------------- +File-based contents encryption +------------------------------ -For file contents, each filesystem block is encrypted independently. -Starting from Linux kernel 5.5, encryption of filesystems with block -size less than system's page size is supported. +For most filesystems, each filesystem block within each file is +encrypted independently. Starting from Linux kernel 5.5, encryption of +filesystems with block size less than system's page size is supported. Each block's IV is set to the logical block number within the file as a little endian number, except that: @@ -403,6 +408,20 @@ Note that because file logical block numbers are included in the IVs, filesystems must enforce that blocks are never shifted around within encrypted files, e.g. via "collapse range" or "insert range". +Extent-based contents encryption +-------------------------------- + +For certain filesystems (currently only btrfs), data is encrypted on a +per-extent basis. Each filesystem block in a data extent is encrypted +independently. Multiple files may refer to the extent, as long as they +all share the same key. The filesystem may relocate the extent on disk, +as long as the encrypted data within the extent retains its offset +within the data extent. + +Each extent stores a random starting IV; each block's IV within this is +set to the logical block number within the extent as a little endian +number. + Filenames encryption -------------------- @@ -525,13 +544,14 @@ This structure must be initialized as follows: struct fscrypt_policy_v2. If the file is not yet encrypted, then FS_IOC_SET_ENCRYPTION_POLICY -verifies that the file is an empty directory. If so, the specified -encryption policy is assigned to the directory, turning it into an -encrypted directory. After that, and after providing the -corresponding master key as described in `Adding keys`_, all regular -files, directories (recursively), and symlinks created in the -directory will be encrypted, inheriting the same encryption policy. -The filenames in the directory's entries will be encrypted as well. +verifies that the file is an empty directory, unless btrfs is being +used. If so, the specified encryption policy is assigned to the +directory, turning it into an encrypted directory. After that, and +after providing the corresponding master key as described in `Adding +keys`_, all regular files, directories (recursively), and symlinks +created in the directory will be encrypted, inheriting the same +encryption policy. The filenames in the directory's entries will be +encrypted as well. Alternatively, if the file is already encrypted, then FS_IOC_SET_ENCRYPTION_POLICY validates that the specified encryption @@ -552,6 +572,14 @@ Note that the ext4 filesystem does not allow the root directory to be encrypted, even if it is empty. Users who want to encrypt an entire filesystem with one key should consider using dm-crypt instead. +Note that btrfs permits setting a currently unencrypted 'subvolume' to +encrypted. This means all newly written data, and files, will be +encrypted, but existing data and filenames will remain unencrypted. This +is intended for use in containers: initially identical unencrypted +snapshot volumes provide the base for multiple containers' filesystems, +but after each encrypts their volume with a different key, any new +sensitive data written by the container will be encrypted. + FS_IOC_SET_ENCRYPTION_POLICY can fail with the following errors: - ``EACCES``: the file is not owned by the process's uid, nor does the From patchwork Tue Sep 6 00:35:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15641C6FA89 for ; Tue, 6 Sep 2022 00:35:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232719AbiIFAf5 (ORCPT ); Mon, 5 Sep 2022 20:35:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233039AbiIFAfz (ORCPT ); Mon, 5 Sep 2022 20:35:55 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A74569F70; Mon, 5 Sep 2022 17:35:53 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 64F9F81041; Mon, 5 Sep 2022 20:35:52 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424552; bh=n69YniK5C4oBa6FlS2JRw/vhppGaHJxIJbf1S21aP8o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=atpmnnKZkyB4ze3BhRLlirqP2oZJlR2fZcXFcEID1b+V+hdNUeryZTYkqN569fiqn BmdnjEtuvS9xIyCM2ash4iZBpVwhZSY9uS295w1aVszl3oA4FNuFtlJwbVCjgZUO7G QwRKLQm6qXPNP5vWmtd2FaFNMf4hTx4T7HTXnhXuMRBHShBWIWQIUkknVxdvq168yV xx8CEpxvzGAdowwjkIiD9wtG1bAxxJWVRVtf+PDnNNZSyK02gV+eejGSEdQ25YvDYN fFspeN6aIZYUcvPt9Ied9qgo8GkftMi1GXsgR6gV3Sp/Ag2iB7xFmGLY+Z8ivvRlET IUk0ZjYyanMUw== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 07/20] btrfs: store directory's encryption state Date: Mon, 5 Sep 2022 20:35:22 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval For directories with encrypted files/filenames, we need to store a flag indicating this fact. There's no room in other fields, so we'll need to borrow a bit from dir_type. Since it's now a combination of type and flags, we rename it to dir_flags to reflect its new usage. The new flag, FT_FSCRYPT, indicates a (perhaps partially) encrypted directory, which is orthogonal to file type; therefore, add the new flag, and make conversion from directory type to file type strip the flag. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 15 +++++++++++++-- fs/btrfs/delayed-inode.c | 6 +++--- fs/btrfs/delayed-inode.h | 2 +- fs/btrfs/dir-item.c | 4 ++-- fs/btrfs/inode.c | 15 +++++++++------ fs/btrfs/print-tree.c | 4 ++-- fs/btrfs/send.c | 2 +- fs/btrfs/tree-checker.c | 2 +- fs/btrfs/tree-log.c | 20 ++++++++++---------- include/uapi/linux/btrfs_tree.h | 7 +++++++ 10 files changed, 49 insertions(+), 28 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 7007c7974a2e..1793b0e16a14 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -2184,10 +2184,10 @@ BTRFS_SETGET_FUNCS(root_ref_name_len, struct btrfs_root_ref, name_len, 16); /* struct btrfs_dir_item */ BTRFS_SETGET_FUNCS(dir_data_len, struct btrfs_dir_item, data_len, 16); -BTRFS_SETGET_FUNCS(dir_type, struct btrfs_dir_item, type, 8); +BTRFS_SETGET_FUNCS(dir_flags, struct btrfs_dir_item, type, 8); BTRFS_SETGET_FUNCS(dir_name_len, struct btrfs_dir_item, name_len, 16); BTRFS_SETGET_FUNCS(dir_transid, struct btrfs_dir_item, transid, 64); -BTRFS_SETGET_STACK_FUNCS(stack_dir_type, struct btrfs_dir_item, type, 8); +BTRFS_SETGET_STACK_FUNCS(stack_dir_flags, struct btrfs_dir_item, type, 8); BTRFS_SETGET_STACK_FUNCS(stack_dir_data_len, struct btrfs_dir_item, data_len, 16); BTRFS_SETGET_STACK_FUNCS(stack_dir_name_len, struct btrfs_dir_item, @@ -2195,6 +2195,17 @@ BTRFS_SETGET_STACK_FUNCS(stack_dir_name_len, struct btrfs_dir_item, BTRFS_SETGET_STACK_FUNCS(stack_dir_transid, struct btrfs_dir_item, transid, 64); +static inline u8 btrfs_dir_ftype(const struct extent_buffer *eb, + const struct btrfs_dir_item *item) +{ + return btrfs_dir_flags_to_ftype(btrfs_dir_flags(eb, item)); +} + +static inline u8 btrfs_stack_dir_ftype(const struct btrfs_dir_item *item) +{ + return btrfs_dir_flags_to_ftype(btrfs_stack_dir_flags(item)); +} + static inline void btrfs_dir_item_key(const struct extent_buffer *eb, const struct btrfs_dir_item *item, struct btrfs_disk_key *key) diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c index cac5169eaf8d..7e405aafab86 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -1412,7 +1412,7 @@ void btrfs_balance_delayed_items(struct btrfs_fs_info *fs_info) int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, const char *name, int name_len, struct btrfs_inode *dir, - struct btrfs_disk_key *disk_key, u8 type, + struct btrfs_disk_key *disk_key, u8 flags, u64 index) { struct btrfs_fs_info *fs_info = trans->fs_info; @@ -1443,7 +1443,7 @@ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, btrfs_set_stack_dir_transid(dir_item, trans->transid); btrfs_set_stack_dir_data_len(dir_item, 0); btrfs_set_stack_dir_name_len(dir_item, name_len); - btrfs_set_stack_dir_type(dir_item, type); + btrfs_set_stack_dir_flags(dir_item, flags); memcpy((char *)(dir_item + 1), name, name_len); data_len = delayed_item->data_len + sizeof(struct btrfs_item); @@ -1753,7 +1753,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, name = (char *)(di + 1); name_len = btrfs_stack_dir_name_len(di); - d_type = fs_ftype_to_dtype(di->type); + d_type = fs_ftype_to_dtype(btrfs_dir_flags_to_ftype(di->type)); btrfs_disk_key_to_cpu(&location, &di->location); over = !dir_emit(ctx, name, name_len, diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h index 0163ca637a96..4f21daa3dbc7 100644 --- a/fs/btrfs/delayed-inode.h +++ b/fs/btrfs/delayed-inode.h @@ -113,7 +113,7 @@ static inline void btrfs_init_delayed_root( int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, const char *name, int name_len, struct btrfs_inode *dir, - struct btrfs_disk_key *disk_key, u8 type, + struct btrfs_disk_key *disk_key, u8 flags, u64 index); int btrfs_delete_delayed_dir_index(struct btrfs_trans_handle *trans, diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index 72fb2c518a2b..e37b075afa96 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -81,7 +81,7 @@ int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, leaf = path->nodes[0]; btrfs_cpu_key_to_disk(&disk_key, &location); btrfs_set_dir_item_key(leaf, dir_item, &disk_key); - btrfs_set_dir_type(leaf, dir_item, BTRFS_FT_XATTR); + btrfs_set_dir_flags(leaf, dir_item, BTRFS_FT_XATTR); btrfs_set_dir_name_len(leaf, dir_item, name_len); btrfs_set_dir_transid(leaf, dir_item, trans->transid); btrfs_set_dir_data_len(leaf, dir_item, data_len); @@ -140,7 +140,7 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, leaf = path->nodes[0]; btrfs_set_dir_item_key(leaf, dir_item, &disk_key); - btrfs_set_dir_type(leaf, dir_item, type); + btrfs_set_dir_flags(leaf, dir_item, type); btrfs_set_dir_data_len(leaf, dir_item, 0); btrfs_set_dir_name_len(leaf, dir_item, name_len); btrfs_set_dir_transid(leaf, dir_item, trans->transid); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e5284f2686c8..97e17b9bd34f 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5563,7 +5563,7 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, location->objectid, location->type, location->offset); } if (!ret) - *type = btrfs_dir_type(path->nodes[0], di); + *type = btrfs_dir_ftype(path->nodes[0], di); out: btrfs_free_path(path); return ret; @@ -6001,6 +6001,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) btrfs_for_each_slot(root, &key, &found_key, path, ret) { struct dir_entry *entry; struct extent_buffer *leaf = path->nodes[0]; + u8 di_flags; if (found_key.objectid != key.objectid) break; @@ -6024,13 +6025,15 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) goto again; } + di_flags = btrfs_dir_flags(leaf, di); entry = addr; - put_unaligned(name_len, &entry->name_len); name_ptr = (char *)(entry + 1); - read_extent_buffer(leaf, name_ptr, (unsigned long)(di + 1), - name_len); - put_unaligned(fs_ftype_to_dtype(btrfs_dir_type(leaf, di)), - &entry->type); + read_extent_buffer(leaf, name_ptr, + (unsigned long)(di + 1), name_len); + put_unaligned(name_len, &entry->name_len); + put_unaligned( + fs_ftype_to_dtype(btrfs_dir_flags_to_ftype(di_flags)), + &entry->type); btrfs_dir_item_key_to_cpu(leaf, di, &location); put_unaligned(location.objectid, &entry->ino); put_unaligned(found_key.offset, &entry->offset); diff --git a/fs/btrfs/print-tree.c b/fs/btrfs/print-tree.c index dd8777872143..6d9d99bf3536 100644 --- a/fs/btrfs/print-tree.c +++ b/fs/btrfs/print-tree.c @@ -240,9 +240,9 @@ void btrfs_print_leaf(struct extent_buffer *l) case BTRFS_DIR_ITEM_KEY: di = btrfs_item_ptr(l, i, struct btrfs_dir_item); btrfs_dir_item_key_to_cpu(l, di, &found_key); - pr_info("\t\tdir oid %llu type %u\n", + pr_info("\t\tdir oid %llu flags %u\n", found_key.objectid, - btrfs_dir_type(l, di)); + btrfs_dir_flags(l, di)); break; case BTRFS_ROOT_ITEM_KEY: ri = btrfs_item_ptr(l, i, struct btrfs_root_item); diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 4ef4167072b8..127673c81a02 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -1092,7 +1092,7 @@ static int iterate_dir_item(struct btrfs_root *root, struct btrfs_path *path, data_len = btrfs_dir_data_len(eb, di); btrfs_dir_item_key_to_cpu(eb, di, &di_key); - if (btrfs_dir_type(eb, di) == BTRFS_FT_XATTR) { + if (btrfs_dir_ftype(eb, di) == BTRFS_FT_XATTR) { if (name_len > XATTR_NAME_MAX) { ret = -ENAMETOOLONG; goto out; diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 43f905ab0a18..77c53a7491cf 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -528,7 +528,7 @@ static int check_dir_item(struct extent_buffer *leaf, } /* dir type check */ - dir_type = btrfs_dir_type(leaf, di); + dir_type = btrfs_dir_ftype(leaf, di); if (unlikely(dir_type >= BTRFS_FT_MAX)) { dir_item_err(leaf, slot, "invalid dir item type, have %u expect [0, %u)", diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 020e01ea44bc..8467fadd6a23 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1809,7 +1809,7 @@ static int delete_conflicting_dir_entry(struct btrfs_trans_handle *trans, struct btrfs_path *path, struct btrfs_dir_item *dst_di, const struct btrfs_key *log_key, - u8 log_type, + u8 log_flags, bool exists) { struct btrfs_key found_key; @@ -1819,7 +1819,7 @@ static int delete_conflicting_dir_entry(struct btrfs_trans_handle *trans, if (found_key.objectid == log_key->objectid && found_key.type == log_key->type && found_key.offset == log_key->offset && - btrfs_dir_type(path->nodes[0], dst_di) == log_type) + btrfs_dir_flags(path->nodes[0], dst_di) == log_flags) return 1; /* @@ -1864,7 +1864,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, struct btrfs_key log_key; struct btrfs_key search_key; struct inode *dir; - u8 log_type; + u8 log_flags; bool exists; int ret; bool update_size = true; @@ -1881,7 +1881,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, goto out; } - log_type = btrfs_dir_type(eb, di); + log_flags = btrfs_dir_flags(eb, di); read_extent_buffer(eb, name, (unsigned long)(di + 1), name_len); @@ -1900,8 +1900,8 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, goto out; } else if (dir_dst_di) { ret = delete_conflicting_dir_entry(trans, BTRFS_I(dir), path, - dir_dst_di, &log_key, log_type, - exists); + dir_dst_di, &log_key, + log_flags, exists); if (ret < 0) goto out; dir_dst_matches = (ret == 1); @@ -1918,7 +1918,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, } else if (index_dst_di) { ret = delete_conflicting_dir_entry(trans, BTRFS_I(dir), path, index_dst_di, &log_key, - log_type, exists); + log_flags, exists); if (ret < 0) goto out; index_dst_matches = (ret == 1); @@ -2028,7 +2028,7 @@ static noinline int replay_one_dir_item(struct btrfs_trans_handle *trans, * to ever delete the parent directory has it would result in stale * dentries that can never be deleted. */ - if (ret == 1 && btrfs_dir_type(eb, di) != BTRFS_FT_DIR) { + if (ret == 1 && btrfs_dir_ftype(eb, di) != BTRFS_FT_DIR) { struct btrfs_path *fixup_path; struct btrfs_key di_key; @@ -5422,7 +5422,7 @@ static int log_new_dir_dentries(struct btrfs_trans_handle *trans, } di = btrfs_item_ptr(leaf, i, struct btrfs_dir_item); - type = btrfs_dir_type(leaf, di); + type = btrfs_dir_ftype(leaf, di); if (btrfs_dir_transid(leaf, di) < trans->transid) continue; btrfs_dir_item_key_to_cpu(leaf, di, &di_key); @@ -6262,7 +6262,7 @@ static int log_new_delayed_dentries(struct btrfs_trans_handle *trans, continue; } - if (btrfs_stack_dir_type(dir_item) == BTRFS_FT_DIR) + if (btrfs_stack_dir_ftype(dir_item) == BTRFS_FT_DIR) log_mode = LOG_INODE_ALL; ctx->log_new_dentries = false; diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index 5f32a2a495dc..e6031d18d521 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -359,6 +359,13 @@ enum btrfs_csum_type { #define BTRFS_FT_SYMLINK 7 #define BTRFS_FT_XATTR 8 #define BTRFS_FT_MAX 9 +/* Name is encrypted. */ +#define BTRFS_FT_FSCRYPT_NAME 0x80 + +static inline __u8 btrfs_dir_flags_to_ftype(__u8 flags) +{ + return flags & ~BTRFS_FT_FSCRYPT_NAME; +} /* * The key defines the order in the tree, and so it also defines (optimal) From patchwork Tue Sep 6 00:35:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966705 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FAFEC6FA89 for ; Tue, 6 Sep 2022 00:36:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233140AbiIFAgC (ORCPT ); Mon, 5 Sep 2022 20:36:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233043AbiIFAgA (ORCPT ); Mon, 5 Sep 2022 20:36:00 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 194376A487; Mon, 5 Sep 2022 17:35:55 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 329E681106; Mon, 5 Sep 2022 20:35:54 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424554; bh=LTExQlSQr7/m/oGbh9qeXgB5mFwgu32iYwIHtXnMg1k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NYl5ELiRlb1OmK6DFdua3G2MRf47EHV3qV3ajIo1ZaIBXu+oLtckNs93QshptUiNN WIJkheV05n+roqr+imyDa3iIREMD6k+ByGQD+4LV8AJZjaUwK1oTXkNtvyNEKY3qGd HVG8uDaD13SAplCiqZKW9Mc6sbvwUldIXbW6LtbBtGNvLKK/mBJuapk3gUVzbVwuoE tOW6l3wSgD3ACuT+JZuwfUiU5CDFZaCqdtYEFZQuD3c+1n1yc1CEh+4BD5GU0QSkTT ldCKJN1mG7I7Qc8oWjmx+7aFOFh79jLSTK/8PiCQLlwJUiuFG82TawbyhtAatsteaz H5XqPzLA90A9A== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 08/20] btrfs: use fscrypt_names instead of name/len everywhere. Date: Mon, 5 Sep 2022 20:35:23 -0400 Message-Id: <2b32b14368c67eb8591ccc4b0cf9d19358dfae23.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org For encryption, the plaintext filenames provided by the VFS will need to be translated to ciphertext filenames on disk. Fscrypt provides a struct to encapsulate a potentially encrypted filename, struct fscrypt_name. This change converts every (name, len) pair to be a struct fscrypt_name, statically initialized, for ease of review and uniformity. Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 49 +++++----- fs/btrfs/delayed-inode.c | 12 ++- fs/btrfs/delayed-inode.h | 3 +- fs/btrfs/dir-item.c | 87 ++++++++--------- fs/btrfs/inode-item.c | 82 ++++++++-------- fs/btrfs/inode-item.h | 14 +-- fs/btrfs/inode.c | 197 +++++++++++++++++++++----------------- fs/btrfs/ioctl.c | 29 +++--- fs/btrfs/props.c | 11 ++- fs/btrfs/root-tree.c | 19 ++-- fs/btrfs/send.c | 139 ++++++++++++++++----------- fs/btrfs/super.c | 5 +- fs/btrfs/transaction.c | 25 ++--- fs/btrfs/tree-checker.c | 6 +- fs/btrfs/tree-log.c | 202 ++++++++++++++++++++++----------------- fs/btrfs/tree-log.h | 4 +- fs/btrfs/xattr.c | 21 ++-- 17 files changed, 518 insertions(+), 387 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 1793b0e16a14..230537a007b6 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -21,11 +21,13 @@ #include #include #include +#include #include #include #include #include #include +#include #include #include #include "extent-io-tree.h" @@ -2803,18 +2805,19 @@ static inline void btrfs_crc32c_final(u32 crc, u8 *result) put_unaligned_le32(~crc, result); } -static inline u64 btrfs_name_hash(const char *name, int len) +static inline u64 btrfs_name_hash(const struct fscrypt_name *name) { - return crc32c((u32)~1, name, len); + return crc32c((u32)~1, fname_name(name), fname_len(name)); } /* * Figure the key offset of an extended inode ref */ -static inline u64 btrfs_extref_hash(u64 parent_objectid, const char *name, - int len) +static inline u64 btrfs_extref_hash(u64 parent_objectid, + const struct fscrypt_name *name) { - return (u64) crc32c(parent_objectid, name, len); + return (u64) crc32c(parent_objectid, fname_name(name), + fname_len(name)); } static inline gfp_t btrfs_alloc_write_mask(struct address_space *mapping) @@ -3250,11 +3253,11 @@ static inline void btrfs_clear_sb_rdonly(struct super_block *sb) /* root-item.c */ int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, - u64 ref_id, u64 dirid, u64 sequence, const char *name, - int name_len); + u64 ref_id, u64 dirid, u64 sequence, + const struct fscrypt_name *fname); int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, - u64 ref_id, u64 dirid, u64 *sequence, const char *name, - int name_len); + u64 ref_id, u64 dirid, u64 *sequence, + const struct fscrypt_name *fname); int btrfs_del_root(struct btrfs_trans_handle *trans, const struct btrfs_key *key); int btrfs_insert_root(struct btrfs_trans_handle *trans, struct btrfs_root *root, @@ -3283,25 +3286,26 @@ int btrfs_uuid_tree_iterate(struct btrfs_fs_info *fs_info); /* dir-item.c */ int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, - const char *name, int name_len); -int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, - int name_len, struct btrfs_inode *dir, - struct btrfs_key *location, u8 type, u64 index); + const struct fscrypt_name *fname); +int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, + const struct fscrypt_name *fname, + struct btrfs_inode *dir, struct btrfs_key *location, + u8 type, u64 index); struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - const char *name, int name_len, + const struct fscrypt_name *fname, int mod); struct btrfs_dir_item * btrfs_lookup_dir_index_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - u64 index, const char *name, int name_len, + u64 index, const struct fscrypt_name *fname, int mod); struct btrfs_dir_item * btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, u64 dirid, - const char *name, int name_len); + const struct fscrypt_name *fname); int btrfs_delete_one_dir_name(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, @@ -3309,17 +3313,16 @@ int btrfs_delete_one_dir_name(struct btrfs_trans_handle *trans, int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 objectid, - const char *name, u16 name_len, + const struct fscrypt_name *fname, const void *data, u16 data_len); struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - const char *name, u16 name_len, + const struct fscrypt_name *fname, int mod); struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, struct btrfs_path *path, - const char *name, - int name_len); + const struct fscrypt_name *name); /* orphan.c */ int btrfs_insert_orphan_item(struct btrfs_trans_handle *trans, @@ -3383,10 +3386,11 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry); int btrfs_set_inode_index(struct btrfs_inode *dir, u64 *index); int btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const char *name, int name_len); + const struct fscrypt_name *fname); int btrfs_add_link(struct btrfs_trans_handle *trans, struct btrfs_inode *parent_inode, struct btrfs_inode *inode, - const char *name, int name_len, int add_backref, u64 index); + const struct fscrypt_name *fname, int add_backref, + u64 index); int btrfs_delete_subvolume(struct inode *dir, struct dentry *dentry); int btrfs_truncate_block(struct btrfs_inode *inode, loff_t from, loff_t len, int front); @@ -3402,6 +3406,7 @@ struct btrfs_new_inode_args { struct inode *dir; struct dentry *dentry; struct inode *inode; + struct fscrypt_name fname; bool orphan; bool subvol; diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c index 7e405aafab86..069326654074 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -1410,7 +1410,7 @@ void btrfs_balance_delayed_items(struct btrfs_fs_info *fs_info) /* Will return 0 or -ENOMEM */ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, - const char *name, int name_len, + const struct fscrypt_name *fname, struct btrfs_inode *dir, struct btrfs_disk_key *disk_key, u8 flags, u64 index) @@ -1428,7 +1428,8 @@ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, if (IS_ERR(delayed_node)) return PTR_ERR(delayed_node); - delayed_item = btrfs_alloc_delayed_item(sizeof(*dir_item) + name_len, + delayed_item = btrfs_alloc_delayed_item(sizeof(*dir_item) + + fname_len(fname), delayed_node, BTRFS_DELAYED_INSERTION_ITEM); if (!delayed_item) { @@ -1442,9 +1443,9 @@ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, dir_item->location = *disk_key; btrfs_set_stack_dir_transid(dir_item, trans->transid); btrfs_set_stack_dir_data_len(dir_item, 0); - btrfs_set_stack_dir_name_len(dir_item, name_len); + btrfs_set_stack_dir_name_len(dir_item, fname_len(fname)); btrfs_set_stack_dir_flags(dir_item, flags); - memcpy((char *)(dir_item + 1), name, name_len); + memcpy((char *)(dir_item + 1), fname_name(fname), fname_len(fname)); data_len = delayed_item->data_len + sizeof(struct btrfs_item); @@ -1494,7 +1495,8 @@ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, if (unlikely(ret)) { btrfs_err(trans->fs_info, "err add delayed dir index item(name: %.*s) into the insertion tree of the delayed node(root id: %llu, inode id: %llu, errno: %d)", - name_len, name, delayed_node->root->root_key.objectid, + fname_len(fname), fname_name(fname), + delayed_node->root->root_key.objectid, delayed_node->inode_id, ret); BUG(); } diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h index 4f21daa3dbc7..8abeb78af14e 100644 --- a/fs/btrfs/delayed-inode.h +++ b/fs/btrfs/delayed-inode.h @@ -13,6 +13,7 @@ #include #include #include +#include #include #include "ctree.h" @@ -111,7 +112,7 @@ static inline void btrfs_init_delayed_root( } int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, - const char *name, int name_len, + const struct fscrypt_name *fname, struct btrfs_inode *dir, struct btrfs_disk_key *disk_key, u8 flags, u64 index); diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index e37b075afa96..b4c1e2a40401 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -21,8 +21,7 @@ static struct btrfs_dir_item *insert_with_overflow(struct btrfs_trans_handle struct btrfs_path *path, struct btrfs_key *cpu_key, u32 data_size, - const char *name, - int name_len) + const struct fscrypt_name *fname) { struct btrfs_fs_info *fs_info = root->fs_info; int ret; @@ -32,7 +31,7 @@ static struct btrfs_dir_item *insert_with_overflow(struct btrfs_trans_handle ret = btrfs_insert_empty_item(trans, root, path, cpu_key, data_size); if (ret == -EEXIST) { struct btrfs_dir_item *di; - di = btrfs_match_dir_item_name(fs_info, path, name, name_len); + di = btrfs_match_dir_item_name(fs_info, path, fname); if (di) return ERR_PTR(-EEXIST); btrfs_extend_item(path, data_size); @@ -53,7 +52,7 @@ static struct btrfs_dir_item *insert_with_overflow(struct btrfs_trans_handle int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 objectid, - const char *name, u16 name_len, + const struct fscrypt_name *fname, const void *data, u16 data_len) { int ret = 0; @@ -64,16 +63,16 @@ int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, struct extent_buffer *leaf; u32 data_size; - if (name_len + data_len > BTRFS_MAX_XATTR_SIZE(root->fs_info)) + if (fname_len(fname) + data_len > BTRFS_MAX_XATTR_SIZE(root->fs_info)) return -ENOSPC; key.objectid = objectid; key.type = BTRFS_XATTR_ITEM_KEY; - key.offset = btrfs_name_hash(name, name_len); + key.offset = btrfs_name_hash(fname); - data_size = sizeof(*dir_item) + name_len + data_len; + data_size = sizeof(*dir_item) + fname_len(fname) + data_len; dir_item = insert_with_overflow(trans, root, path, &key, data_size, - name, name_len); + fname); if (IS_ERR(dir_item)) return PTR_ERR(dir_item); memset(&location, 0, sizeof(location)); @@ -82,13 +81,14 @@ int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, btrfs_cpu_key_to_disk(&disk_key, &location); btrfs_set_dir_item_key(leaf, dir_item, &disk_key); btrfs_set_dir_flags(leaf, dir_item, BTRFS_FT_XATTR); - btrfs_set_dir_name_len(leaf, dir_item, name_len); + btrfs_set_dir_name_len(leaf, dir_item, fname_len(fname)); btrfs_set_dir_transid(leaf, dir_item, trans->transid); btrfs_set_dir_data_len(leaf, dir_item, data_len); name_ptr = (unsigned long)(dir_item + 1); - data_ptr = (unsigned long)((char *)name_ptr + name_len); + data_ptr = (unsigned long)((char *)name_ptr + fname_len(fname)); - write_extent_buffer(leaf, name, name_ptr, name_len); + write_extent_buffer(leaf, fname_name(fname), name_ptr, + fname_len(fname)); write_extent_buffer(leaf, data, data_ptr, data_len); btrfs_mark_buffer_dirty(path->nodes[0]); @@ -103,9 +103,10 @@ int btrfs_insert_xattr_item(struct btrfs_trans_handle *trans, * to use for the second index (if one is created). * Will return 0 or -ENOMEM */ -int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, - int name_len, struct btrfs_inode *dir, - struct btrfs_key *location, u8 type, u64 index) +int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, + const struct fscrypt_name *fname, + struct btrfs_inode *dir, struct btrfs_key *location, + u8 type, u64 index) { int ret = 0; int ret2 = 0; @@ -120,7 +121,7 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, key.objectid = btrfs_ino(dir); key.type = BTRFS_DIR_ITEM_KEY; - key.offset = btrfs_name_hash(name, name_len); + key.offset = btrfs_name_hash(fname); path = btrfs_alloc_path(); if (!path) @@ -128,9 +129,9 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, btrfs_cpu_key_to_disk(&disk_key, location); - data_size = sizeof(*dir_item) + name_len; + data_size = sizeof(*dir_item) + fname_len(fname); dir_item = insert_with_overflow(trans, root, path, &key, data_size, - name, name_len); + fname); if (IS_ERR(dir_item)) { ret = PTR_ERR(dir_item); if (ret == -EEXIST) @@ -142,11 +143,12 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, btrfs_set_dir_item_key(leaf, dir_item, &disk_key); btrfs_set_dir_flags(leaf, dir_item, type); btrfs_set_dir_data_len(leaf, dir_item, 0); - btrfs_set_dir_name_len(leaf, dir_item, name_len); + btrfs_set_dir_name_len(leaf, dir_item, fname_len(fname)); btrfs_set_dir_transid(leaf, dir_item, trans->transid); name_ptr = (unsigned long)(dir_item + 1); - write_extent_buffer(leaf, name, name_ptr, name_len); + write_extent_buffer(leaf, fname_name(fname), name_ptr, + fname_len(fname)); btrfs_mark_buffer_dirty(leaf); second_insert: @@ -157,7 +159,7 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, } btrfs_release_path(path); - ret2 = btrfs_insert_delayed_dir_index(trans, name, name_len, dir, + ret2 = btrfs_insert_delayed_dir_index(trans, fname, dir, &disk_key, type, index); out_free: btrfs_free_path(path); @@ -171,8 +173,8 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, const char *name, static struct btrfs_dir_item *btrfs_lookup_match_dir( struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, - struct btrfs_key *key, const char *name, - int name_len, int mod) + struct btrfs_key *key, const struct fscrypt_name *fname, + int mod) { const int ins_len = (mod < 0 ? -1 : 0); const int cow = (mod != 0); @@ -184,7 +186,7 @@ static struct btrfs_dir_item *btrfs_lookup_match_dir( if (ret > 0) return ERR_PTR(-ENOENT); - return btrfs_match_dir_item_name(root->fs_info, path, name, name_len); + return btrfs_match_dir_item_name(root->fs_info, path, fname); } /* @@ -206,7 +208,7 @@ static struct btrfs_dir_item *btrfs_lookup_match_dir( struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - const char *name, int name_len, + const struct fscrypt_name *fname, int mod) { struct btrfs_key key; @@ -214,9 +216,9 @@ struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, key.objectid = dir; key.type = BTRFS_DIR_ITEM_KEY; - key.offset = btrfs_name_hash(name, name_len); + key.offset = btrfs_name_hash(fname); - di = btrfs_lookup_match_dir(trans, root, path, &key, name, name_len, mod); + di = btrfs_lookup_match_dir(trans, root, path, &key, fname, mod); if (IS_ERR(di) && PTR_ERR(di) == -ENOENT) return NULL; @@ -224,7 +226,7 @@ struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, } int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, - const char *name, int name_len) + const struct fscrypt_name *fname) { int ret; struct btrfs_key key; @@ -240,9 +242,9 @@ int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, key.objectid = dir; key.type = BTRFS_DIR_ITEM_KEY; - key.offset = btrfs_name_hash(name, name_len); + key.offset = btrfs_name_hash(fname); - di = btrfs_lookup_match_dir(NULL, root, path, &key, name, name_len, 0); + di = btrfs_lookup_match_dir(NULL, root, path, &key, fname, 0); if (IS_ERR(di)) { ret = PTR_ERR(di); /* Nothing found, we're safe */ @@ -266,7 +268,7 @@ int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, * see if there is room in the item to insert this * name */ - data_size = sizeof(*di) + name_len; + data_size = sizeof(*di) + fname_len(fname); leaf = path->nodes[0]; slot = path->slots[0]; if (data_size + btrfs_item_size(leaf, slot) + @@ -303,7 +305,7 @@ struct btrfs_dir_item * btrfs_lookup_dir_index_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - u64 index, const char *name, int name_len, + u64 index, const struct fscrypt_name *fname, int mod) { struct btrfs_dir_item *di; @@ -313,7 +315,7 @@ btrfs_lookup_dir_index_item(struct btrfs_trans_handle *trans, key.type = BTRFS_DIR_INDEX_KEY; key.offset = index; - di = btrfs_lookup_match_dir(trans, root, path, &key, name, name_len, mod); + di = btrfs_lookup_match_dir(trans, root, path, &key, fname, mod); if (di == ERR_PTR(-ENOENT)) return NULL; @@ -323,7 +325,7 @@ btrfs_lookup_dir_index_item(struct btrfs_trans_handle *trans, struct btrfs_dir_item * btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, u64 dirid, - const char *name, int name_len) + const struct fscrypt_name *fname) { struct btrfs_dir_item *di; struct btrfs_key key; @@ -337,8 +339,7 @@ btrfs_search_dir_index_item(struct btrfs_root *root, if (key.objectid != dirid || key.type != BTRFS_DIR_INDEX_KEY) break; - di = btrfs_match_dir_item_name(root->fs_info, path, - name, name_len); + di = btrfs_match_dir_item_name(root->fs_info, path, fname); if (di) return di; } @@ -352,7 +353,7 @@ btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, - const char *name, u16 name_len, + const struct fscrypt_name *fname, int mod) { struct btrfs_key key; @@ -360,9 +361,9 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, key.objectid = dir; key.type = BTRFS_XATTR_ITEM_KEY; - key.offset = btrfs_name_hash(name, name_len); + key.offset = btrfs_name_hash(fname); - di = btrfs_lookup_match_dir(trans, root, path, &key, name, name_len, mod); + di = btrfs_lookup_match_dir(trans, root, path, &key, fname, mod); if (IS_ERR(di) && PTR_ERR(di) == -ENOENT) return NULL; @@ -376,10 +377,9 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, */ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, struct btrfs_path *path, - const char *name, int name_len) + const struct fscrypt_name *fname) { struct btrfs_dir_item *dir_item; - unsigned long name_ptr; u32 total_len; u32 cur = 0; u32 this_len; @@ -390,13 +390,14 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, total_len = btrfs_item_size(leaf, path->slots[0]); while (cur < total_len) { + unsigned long name_ptr = (unsigned long)(dir_item + 1); this_len = sizeof(*dir_item) + btrfs_dir_name_len(leaf, dir_item) + btrfs_dir_data_len(leaf, dir_item); - name_ptr = (unsigned long)(dir_item + 1); - if (btrfs_dir_name_len(leaf, dir_item) == name_len && - memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0) + if (btrfs_dir_name_len(leaf, dir_item) == fname_len(fname) && + memcmp_extent_buffer(leaf, fname_name(fname), name_ptr, + fname_len(fname)) == 0) return dir_item; cur += this_len; diff --git a/fs/btrfs/inode-item.c b/fs/btrfs/inode-item.c index 0eeb5ea87894..78053eb9589c 100644 --- a/fs/btrfs/inode-item.c +++ b/fs/btrfs/inode-item.c @@ -3,15 +3,16 @@ * Copyright (C) 2007 Oracle. All rights reserved. */ +#include #include "ctree.h" #include "inode-item.h" #include "disk-io.h" #include "transaction.h" #include "print-tree.h" -struct btrfs_inode_ref *btrfs_find_name_in_backref(struct extent_buffer *leaf, - int slot, const char *name, - int name_len) +struct btrfs_inode_ref * +btrfs_find_name_in_backref(struct extent_buffer *leaf, int slot, + const struct fscrypt_name *fname) { struct btrfs_inode_ref *ref; unsigned long ptr; @@ -27,9 +28,10 @@ struct btrfs_inode_ref *btrfs_find_name_in_backref(struct extent_buffer *leaf, len = btrfs_inode_ref_name_len(leaf, ref); name_ptr = (unsigned long)(ref + 1); cur_offset += len + sizeof(*ref); - if (len != name_len) + if (len != fname_len(fname)) continue; - if (memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0) + if (memcmp_extent_buffer(leaf, fname_name(fname), name_ptr, + fname_len(fname)) == 0) return ref; } return NULL; @@ -37,7 +39,7 @@ struct btrfs_inode_ref *btrfs_find_name_in_backref(struct extent_buffer *leaf, struct btrfs_inode_extref *btrfs_find_name_in_ext_backref( struct extent_buffer *leaf, int slot, u64 ref_objectid, - const char *name, int name_len) + const struct fscrypt_name *fname) { struct btrfs_inode_extref *extref; unsigned long ptr; @@ -60,9 +62,10 @@ struct btrfs_inode_extref *btrfs_find_name_in_ext_backref( name_ptr = (unsigned long)(&extref->name); ref_name_len = btrfs_inode_extref_name_len(leaf, extref); - if (ref_name_len == name_len && + if (ref_name_len == fname_len(fname) && btrfs_inode_extref_parent(leaf, extref) == ref_objectid && - (memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0)) + (memcmp_extent_buffer(leaf, fname_name(fname), name_ptr, + fname_len(fname)) == 0)) return extref; cur_offset += ref_name_len + sizeof(*extref); @@ -75,7 +78,7 @@ struct btrfs_inode_extref * btrfs_lookup_inode_extref(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, int ins_len, int cow) { @@ -84,7 +87,7 @@ btrfs_lookup_inode_extref(struct btrfs_trans_handle *trans, key.objectid = inode_objectid; key.type = BTRFS_INODE_EXTREF_KEY; - key.offset = btrfs_extref_hash(ref_objectid, name, name_len); + key.offset = btrfs_extref_hash(ref_objectid, fname); ret = btrfs_search_slot(trans, root, &key, path, ins_len, cow); if (ret < 0) @@ -92,13 +95,12 @@ btrfs_lookup_inode_extref(struct btrfs_trans_handle *trans, if (ret > 0) return NULL; return btrfs_find_name_in_ext_backref(path->nodes[0], path->slots[0], - ref_objectid, name, name_len); - + ref_objectid, fname); } static int btrfs_del_inode_extref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 *index) { @@ -107,14 +109,14 @@ static int btrfs_del_inode_extref(struct btrfs_trans_handle *trans, struct btrfs_inode_extref *extref; struct extent_buffer *leaf; int ret; - int del_len = name_len + sizeof(*extref); + int del_len = fname_len(fname) + sizeof(*extref); unsigned long ptr; unsigned long item_start; u32 item_size; key.objectid = inode_objectid; key.type = BTRFS_INODE_EXTREF_KEY; - key.offset = btrfs_extref_hash(ref_objectid, name, name_len); + key.offset = btrfs_extref_hash(ref_objectid, fname); path = btrfs_alloc_path(); if (!path) @@ -132,7 +134,7 @@ static int btrfs_del_inode_extref(struct btrfs_trans_handle *trans, * readonly. */ extref = btrfs_find_name_in_ext_backref(path->nodes[0], path->slots[0], - ref_objectid, name, name_len); + ref_objectid, fname); if (!extref) { btrfs_handle_fs_error(root->fs_info, -ENOENT, NULL); ret = -EROFS; @@ -169,7 +171,7 @@ static int btrfs_del_inode_extref(struct btrfs_trans_handle *trans, int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 *index) { struct btrfs_path *path; @@ -182,7 +184,7 @@ int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, u32 sub_item_len; int ret; int search_ext_refs = 0; - int del_len = name_len + sizeof(*ref); + int del_len = fname_len(fname) + sizeof(*ref); key.objectid = inode_objectid; key.offset = ref_objectid; @@ -201,8 +203,8 @@ int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, goto out; } - ref = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], name, - name_len); + ref = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + fname); if (!ref) { ret = -ENOENT; search_ext_refs = 1; @@ -219,7 +221,7 @@ int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, goto out; } ptr = (unsigned long)ref; - sub_item_len = name_len + sizeof(*ref); + sub_item_len = fname_len(fname) + sizeof(*ref); item_start = btrfs_item_ptr_offset(leaf, path->slots[0]); memmove_extent_buffer(leaf, ptr, ptr + sub_item_len, item_size - (ptr + sub_item_len - item_start)); @@ -233,8 +235,9 @@ int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, * name in our ref array. Find and remove the extended * inode ref then. */ - return btrfs_del_inode_extref(trans, root, name, name_len, - inode_objectid, ref_objectid, index); + return btrfs_del_inode_extref(trans, root, fname, + inode_objectid, ref_objectid, + index); } return ret; @@ -247,12 +250,12 @@ int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, */ static int btrfs_insert_inode_extref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 index) { struct btrfs_inode_extref *extref; int ret; - int ins_len = name_len + sizeof(*extref); + int ins_len = fname_len(fname) + sizeof(*extref); unsigned long ptr; struct btrfs_path *path; struct btrfs_key key; @@ -260,7 +263,7 @@ static int btrfs_insert_inode_extref(struct btrfs_trans_handle *trans, key.objectid = inode_objectid; key.type = BTRFS_INODE_EXTREF_KEY; - key.offset = btrfs_extref_hash(ref_objectid, name, name_len); + key.offset = btrfs_extref_hash(ref_objectid, fname); path = btrfs_alloc_path(); if (!path) @@ -272,7 +275,7 @@ static int btrfs_insert_inode_extref(struct btrfs_trans_handle *trans, if (btrfs_find_name_in_ext_backref(path->nodes[0], path->slots[0], ref_objectid, - name, name_len)) + fname)) goto out; btrfs_extend_item(path, ins_len); @@ -286,12 +289,13 @@ static int btrfs_insert_inode_extref(struct btrfs_trans_handle *trans, ptr += btrfs_item_size(leaf, path->slots[0]) - ins_len; extref = (struct btrfs_inode_extref *)ptr; - btrfs_set_inode_extref_name_len(path->nodes[0], extref, name_len); + btrfs_set_inode_extref_name_len(path->nodes[0], extref, fname_len(fname)); btrfs_set_inode_extref_index(path->nodes[0], extref, index); btrfs_set_inode_extref_parent(path->nodes[0], extref, ref_objectid); ptr = (unsigned long)&extref->name; - write_extent_buffer(path->nodes[0], name, ptr, name_len); + write_extent_buffer(path->nodes[0], fname_name(fname), ptr, + fname_len(fname)); btrfs_mark_buffer_dirty(path->nodes[0]); out: @@ -302,7 +306,7 @@ static int btrfs_insert_inode_extref(struct btrfs_trans_handle *trans, /* Will return 0, -ENOMEM, -EMLINK, or -EEXIST or anything from the CoW path */ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 index) { struct btrfs_fs_info *fs_info = root->fs_info; @@ -311,7 +315,7 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_inode_ref *ref; unsigned long ptr; int ret; - int ins_len = name_len + sizeof(*ref); + int ins_len = fname_len(fname) + sizeof(*ref); key.objectid = inode_objectid; key.offset = ref_objectid; @@ -327,7 +331,7 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, if (ret == -EEXIST) { u32 old_size; ref = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], - name, name_len); + fname); if (ref) goto out; @@ -336,7 +340,8 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, ref = btrfs_item_ptr(path->nodes[0], path->slots[0], struct btrfs_inode_ref); ref = (struct btrfs_inode_ref *)((unsigned long)ref + old_size); - btrfs_set_inode_ref_name_len(path->nodes[0], ref, name_len); + btrfs_set_inode_ref_name_len(path->nodes[0], ref, + fname_len(fname)); btrfs_set_inode_ref_index(path->nodes[0], ref, index); ptr = (unsigned long)(ref + 1); ret = 0; @@ -344,7 +349,7 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, if (ret == -EOVERFLOW) { if (btrfs_find_name_in_backref(path->nodes[0], path->slots[0], - name, name_len)) + fname)) ret = -EEXIST; else ret = -EMLINK; @@ -353,11 +358,13 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, } else { ref = btrfs_item_ptr(path->nodes[0], path->slots[0], struct btrfs_inode_ref); - btrfs_set_inode_ref_name_len(path->nodes[0], ref, name_len); + btrfs_set_inode_ref_name_len(path->nodes[0], ref, + fname_len(fname)); btrfs_set_inode_ref_index(path->nodes[0], ref, index); ptr = (unsigned long)(ref + 1); } - write_extent_buffer(path->nodes[0], name, ptr, name_len); + write_extent_buffer(path->nodes[0], fname_name(fname), ptr, + fname_len(fname)); btrfs_mark_buffer_dirty(path->nodes[0]); out: @@ -369,8 +376,7 @@ int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, * add an extended ref. */ if (btrfs_super_incompat_flags(disk_super) & BTRFS_FEATURE_INCOMPAT_EXTENDED_IREF) - ret = btrfs_insert_inode_extref(trans, root, name, - name_len, + ret = btrfs_insert_inode_extref(trans, root, fname, inode_objectid, ref_objectid, index); } diff --git a/fs/btrfs/inode-item.h b/fs/btrfs/inode-item.h index a8fc16d0147f..d55f9d6f17dd 100644 --- a/fs/btrfs/inode-item.h +++ b/fs/btrfs/inode-item.h @@ -65,11 +65,11 @@ int btrfs_truncate_inode_items(struct btrfs_trans_handle *trans, struct btrfs_truncate_control *control); int btrfs_insert_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 index); int btrfs_del_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, u64 *index); int btrfs_insert_empty_inode(struct btrfs_trans_handle *trans, struct btrfs_root *root, @@ -82,15 +82,15 @@ struct btrfs_inode_extref *btrfs_lookup_inode_extref( struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 inode_objectid, u64 ref_objectid, int ins_len, int cow); -struct btrfs_inode_ref *btrfs_find_name_in_backref(struct extent_buffer *leaf, - int slot, const char *name, - int name_len); +struct btrfs_inode_ref * +btrfs_find_name_in_backref(struct extent_buffer *leaf, int slot, + const struct fscrypt_name *fname); struct btrfs_inode_extref *btrfs_find_name_in_ext_backref( struct extent_buffer *leaf, int slot, u64 ref_objectid, - const char *name, int name_len); + const struct fscrypt_name *fname); #endif diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 97e17b9bd34f..3e513ce5bb08 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3863,11 +3863,19 @@ static noinline int acls_after_inode_item(struct extent_buffer *leaf, static u64 xattr_default = 0; int scanned = 0; + struct fscrypt_name name_access = { + .disk_name = FSTR_INIT(XATTR_NAME_POSIX_ACL_ACCESS, + strlen(XATTR_NAME_POSIX_ACL_ACCESS)) + }; + + struct fscrypt_name name_default = { + .disk_name = FSTR_INIT(XATTR_NAME_POSIX_ACL_DEFAULT, + strlen(XATTR_NAME_POSIX_ACL_DEFAULT)) + }; + if (!xattr_access) { - xattr_access = btrfs_name_hash(XATTR_NAME_POSIX_ACL_ACCESS, - strlen(XATTR_NAME_POSIX_ACL_ACCESS)); - xattr_default = btrfs_name_hash(XATTR_NAME_POSIX_ACL_DEFAULT, - strlen(XATTR_NAME_POSIX_ACL_DEFAULT)); + xattr_access = btrfs_name_hash(&name_access); + xattr_default = btrfs_name_hash(&name_default); } slot++; @@ -4254,7 +4262,7 @@ int btrfs_update_inode_fallback(struct btrfs_trans_handle *trans, static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const char *name, int name_len, + const struct fscrypt_name *fname, struct btrfs_rename_ctx *rename_ctx) { struct btrfs_root *root = dir->root; @@ -4272,8 +4280,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, goto out; } - di = btrfs_lookup_dir_item(trans, root, path, dir_ino, - name, name_len, -1); + di = btrfs_lookup_dir_item(trans, root, path, dir_ino, fname, -1); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto err; @@ -4301,12 +4308,11 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, } } - ret = btrfs_del_inode_ref(trans, root, name, name_len, ino, - dir_ino, &index); + ret = btrfs_del_inode_ref(trans, root, fname, ino, dir_ino, &index); if (ret) { btrfs_info(fs_info, "failed to delete reference to %.*s, inode %llu parent %llu", - name_len, name, ino, dir_ino); + fname_len(fname), fname_name(fname), ino, dir_ino); btrfs_abort_transaction(trans, ret); goto err; } @@ -4327,10 +4333,8 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, * operations on the log tree, increasing latency for applications. */ if (!rename_ctx) { - btrfs_del_inode_ref_in_log(trans, root, name, name_len, inode, - dir_ino); - btrfs_del_dir_entries_in_log(trans, root, name, name_len, dir, - index); + btrfs_del_inode_ref_in_log(trans, root, fname, inode, dir_ino); + btrfs_del_dir_entries_in_log(trans, root, fname, dir, index); } /* @@ -4348,7 +4352,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, if (ret) goto out; - btrfs_i_size_write(dir, dir->vfs_inode.i_size - name_len * 2); + btrfs_i_size_write(dir, dir->vfs_inode.i_size - fname_len(fname) * 2); inode_inc_iversion(&inode->vfs_inode); inode_inc_iversion(&dir->vfs_inode); inode->vfs_inode.i_ctime = current_time(&inode->vfs_inode); @@ -4361,10 +4365,10 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, int btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const char *name, int name_len) + const struct fscrypt_name *fname) { int ret; - ret = __btrfs_unlink_inode(trans, dir, inode, name, name_len, NULL); + ret = __btrfs_unlink_inode(trans, dir, inode, fname, NULL); if (!ret) { drop_nlink(&inode->vfs_inode); ret = btrfs_update_inode(trans, inode->root, inode); @@ -4400,6 +4404,10 @@ static int btrfs_unlink(struct inode *dir, struct dentry *dentry) struct btrfs_trans_handle *trans; struct inode *inode = d_inode(dentry); int ret; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((unsigned char *)dentry->d_name.name, dentry->d_name.len) + }; + trans = __unlink_start_trans(dir); if (IS_ERR(trans)) @@ -4409,8 +4417,7 @@ static int btrfs_unlink(struct inode *dir, struct dentry *dentry) 0); ret = btrfs_unlink_inode(trans, BTRFS_I(dir), - BTRFS_I(d_inode(dentry)), dentry->d_name.name, - dentry->d_name.len); + BTRFS_I(d_inode(dentry)), &fname); if (ret) goto out; @@ -4435,12 +4442,14 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, struct extent_buffer *leaf; struct btrfs_dir_item *di; struct btrfs_key key; - const char *name = dentry->d_name.name; - int name_len = dentry->d_name.len; u64 index; int ret; u64 objectid; u64 dir_ino = btrfs_ino(BTRFS_I(dir)); + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) dentry->d_name.name, + dentry->d_name.len) + }; if (btrfs_ino(inode) == BTRFS_FIRST_FREE_OBJECTID) { objectid = inode->root->root_key.objectid; @@ -4455,8 +4464,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, if (!path) return -ENOMEM; - di = btrfs_lookup_dir_item(trans, root, path, dir_ino, - name, name_len, -1); + di = btrfs_lookup_dir_item(trans, root, path, dir_ino, &fname, -1); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto out; @@ -4482,8 +4490,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, * call btrfs_del_root_ref, and it _shouldn't_ fail. */ if (btrfs_ino(inode) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) { - di = btrfs_search_dir_index_item(root, path, dir_ino, - name, name_len); + di = btrfs_search_dir_index_item(root, path, dir_ino, &fname); if (IS_ERR_OR_NULL(di)) { if (!di) ret = -ENOENT; @@ -4500,7 +4507,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, } else { ret = btrfs_del_root_ref(trans, objectid, root->root_key.objectid, dir_ino, - &index, name, name_len); + &index, &fname); if (ret) { btrfs_abort_transaction(trans, ret); goto out; @@ -4513,7 +4520,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, goto out; } - btrfs_i_size_write(BTRFS_I(dir), dir->i_size - name_len * 2); + btrfs_i_size_write(BTRFS_I(dir), dir->i_size - fname_len(&fname) * 2); inode_inc_iversion(dir); dir->i_mtime = current_time(dir); dir->i_ctime = dir->i_mtime; @@ -4537,6 +4544,10 @@ static noinline int may_destroy_subvol(struct btrfs_root *root) struct btrfs_key key; u64 dir_id; int ret; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT("default", 7) + }; + path = btrfs_alloc_path(); if (!path) @@ -4545,7 +4556,7 @@ static noinline int may_destroy_subvol(struct btrfs_root *root) /* Make sure this root isn't set as the default subvol */ dir_id = btrfs_super_root_dir(fs_info->super_copy); di = btrfs_lookup_dir_item(NULL, fs_info->tree_root, path, - dir_id, "default", 7, 0); + dir_id, &fname, 0); if (di && !IS_ERR(di)) { btrfs_dir_item_key_to_cpu(path->nodes[0], di, &key); if (key.objectid == root->root_key.objectid) { @@ -4784,6 +4795,9 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) int err = 0; struct btrfs_trans_handle *trans; u64 last_unlink_trans; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((unsigned char *)dentry->d_name.name, dentry->d_name.len) + }; if (inode->i_size > BTRFS_EMPTY_DIR_SIZE) return -ENOTEMPTY; @@ -4813,8 +4827,7 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) /* now the directory is empty */ err = btrfs_unlink_inode(trans, BTRFS_I(dir), - BTRFS_I(d_inode(dentry)), dentry->d_name.name, - dentry->d_name.len); + BTRFS_I(d_inode(dentry)), &fname); if (!err) { btrfs_i_size_write(BTRFS_I(inode), 0); /* @@ -5535,19 +5548,21 @@ void btrfs_evict_inode(struct inode *inode) static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, struct btrfs_key *location, u8 *type) { - const char *name = dentry->d_name.name; - int namelen = dentry->d_name.len; struct btrfs_dir_item *di; struct btrfs_path *path; struct btrfs_root *root = BTRFS_I(dir)->root; int ret = 0; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) dentry->d_name.name, + dentry->d_name.len) + }; path = btrfs_alloc_path(); if (!path) return -ENOMEM; di = btrfs_lookup_dir_item(NULL, root, path, btrfs_ino(BTRFS_I(dir)), - name, namelen, 0); + &fname, 0); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto out; @@ -5559,7 +5574,7 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, ret = -EUCLEAN; btrfs_warn(root->fs_info, "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))", - __func__, name, btrfs_ino(BTRFS_I(dir)), + __func__, fname_name(&fname), btrfs_ino(BTRFS_I(dir)), location->objectid, location->type, location->offset); } if (!ret) @@ -6243,6 +6258,14 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, if (ret) return ret; + if (!args->orphan) { + char *name = (char *) args->dentry->d_name.name; + int name_len = args->dentry->d_name.len; + args->fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, name_len), + }; + } + /* 1 to add inode item */ *trans_num_items = 1; /* 1 to add compression property */ @@ -6316,8 +6339,6 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, { struct inode *dir = args->dir; struct inode *inode = args->inode; - const char *name = args->orphan ? NULL : args->dentry->d_name.name; - int name_len = args->orphan ? 0 : args->dentry->d_name.len; struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb); struct btrfs_root *root; struct btrfs_inode_item *inode_item; @@ -6418,7 +6439,7 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, sizes[1] = 2 + sizeof(*ref); } else { key[1].offset = btrfs_ino(BTRFS_I(dir)); - sizes[1] = name_len + sizeof(*ref); + sizes[1] = fname_len(&args->fname) + sizeof(*ref); } } @@ -6457,10 +6478,13 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, btrfs_set_inode_ref_index(path->nodes[0], ref, 0); write_extent_buffer(path->nodes[0], "..", ptr, 2); } else { - btrfs_set_inode_ref_name_len(path->nodes[0], ref, name_len); + btrfs_set_inode_ref_name_len(path->nodes[0], ref, + fname_len(&args->fname)); btrfs_set_inode_ref_index(path->nodes[0], ref, BTRFS_I(inode)->dir_index); - write_extent_buffer(path->nodes[0], name, ptr, name_len); + write_extent_buffer(path->nodes[0], + fname_name(&args->fname), ptr, + fname_len(&args->fname)); } } @@ -6520,8 +6544,9 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, if (args->orphan) { ret = btrfs_orphan_add(trans, BTRFS_I(inode)); } else { - ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), name, - name_len, 0, BTRFS_I(inode)->dir_index); + ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), + &args->fname, 0, + BTRFS_I(inode)->dir_index); } if (ret) { btrfs_abort_transaction(trans, ret); @@ -6550,7 +6575,7 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, */ int btrfs_add_link(struct btrfs_trans_handle *trans, struct btrfs_inode *parent_inode, struct btrfs_inode *inode, - const char *name, int name_len, int add_backref, u64 index) + const struct fscrypt_name *fname, int add_backref, u64 index) { int ret = 0; struct btrfs_key key; @@ -6569,17 +6594,17 @@ int btrfs_add_link(struct btrfs_trans_handle *trans, if (unlikely(ino == BTRFS_FIRST_FREE_OBJECTID)) { ret = btrfs_add_root_ref(trans, key.objectid, root->root_key.objectid, parent_ino, - index, name, name_len); + index, fname); } else if (add_backref) { - ret = btrfs_insert_inode_ref(trans, root, name, name_len, ino, - parent_ino, index); + ret = btrfs_insert_inode_ref(trans, root, fname, ino, parent_ino, + index); } /* Nothing to clean up yet */ if (ret) return ret; - ret = btrfs_insert_dir_item(trans, name, name_len, parent_inode, &key, + ret = btrfs_insert_dir_item(trans, fname, parent_inode, &key, btrfs_inode_type(&inode->vfs_inode), index); if (ret == -EEXIST || ret == -EOVERFLOW) goto fail_dir_item; @@ -6589,7 +6614,7 @@ int btrfs_add_link(struct btrfs_trans_handle *trans, } btrfs_i_size_write(parent_inode, parent_inode->vfs_inode.i_size + - name_len * 2); + fname_len(fname) * 2); inode_inc_iversion(&parent_inode->vfs_inode); /* * If we are replaying a log tree, we do not want to update the mtime @@ -6612,17 +6637,18 @@ int btrfs_add_link(struct btrfs_trans_handle *trans, if (unlikely(ino == BTRFS_FIRST_FREE_OBJECTID)) { u64 local_index; int err; + err = btrfs_del_root_ref(trans, key.objectid, root->root_key.objectid, parent_ino, - &local_index, name, name_len); + &local_index, fname); if (err) btrfs_abort_transaction(trans, err); } else if (add_backref) { u64 local_index; int err; - err = btrfs_del_inode_ref(trans, root, name, name_len, - ino, parent_ino, &local_index); + err = btrfs_del_inode_ref(trans, root, fname, ino, + parent_ino, &local_index); if (err) btrfs_abort_transaction(trans, err); } @@ -6705,6 +6731,10 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, struct btrfs_root *root = BTRFS_I(dir)->root; struct inode *inode = d_inode(old_dentry); struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) dentry->d_name.name, + dentry->d_name.len) + }; u64 index; int err; int drop_inode = 0; @@ -6741,8 +6771,8 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, ihold(inode); set_bit(BTRFS_INODE_COPY_EVERYTHING, &BTRFS_I(inode)->runtime_flags); - err = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), - dentry->d_name.name, dentry->d_name.len, 1, index); + err = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), &fname, 1, + index); if (err) { drop_inode = 1; @@ -9151,6 +9181,14 @@ static int btrfs_rename_exchange(struct inode *old_dir, int ret; int ret2; bool need_abort = false; + struct fscrypt_name old_name = { + .disk_name = FSTR_INIT((char *) old_dentry->d_name.name, + old_dentry->d_name.len) + }; + struct fscrypt_name new_name = { + .disk_name = FSTR_INIT((char *) new_dentry->d_name.name, + new_dentry->d_name.len) + }; /* * For non-subvolumes allow exchange only within one subvolume, in the @@ -9229,10 +9267,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, /* force full log commit if subvolume involved. */ btrfs_set_log_full_commit(trans); } else { - ret = btrfs_insert_inode_ref(trans, dest, - new_dentry->d_name.name, - new_dentry->d_name.len, - old_ino, + ret = btrfs_insert_inode_ref(trans, dest, &new_name, old_ino, btrfs_ino(BTRFS_I(new_dir)), old_idx); if (ret) @@ -9245,10 +9280,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, /* force full log commit if subvolume involved. */ btrfs_set_log_full_commit(trans); } else { - ret = btrfs_insert_inode_ref(trans, root, - old_dentry->d_name.name, - old_dentry->d_name.len, - new_ino, + ret = btrfs_insert_inode_ref(trans, root, &old_name, new_ino, btrfs_ino(BTRFS_I(old_dir)), new_idx); if (ret) { @@ -9282,9 +9314,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, ret = btrfs_unlink_subvol(trans, old_dir, old_dentry); } else { /* src is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(old_dir), - BTRFS_I(old_dentry->d_inode), - old_dentry->d_name.name, - old_dentry->d_name.len, + BTRFS_I(old_dentry->d_inode), &old_name, &old_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, root, BTRFS_I(old_inode)); @@ -9299,9 +9329,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, ret = btrfs_unlink_subvol(trans, new_dir, new_dentry); } else { /* dest is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(new_dir), - BTRFS_I(new_dentry->d_inode), - new_dentry->d_name.name, - new_dentry->d_name.len, + BTRFS_I(new_dentry->d_inode), &new_name, &new_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, dest, BTRFS_I(new_inode)); @@ -9312,16 +9340,14 @@ static int btrfs_rename_exchange(struct inode *old_dir, } ret = btrfs_add_link(trans, BTRFS_I(new_dir), BTRFS_I(old_inode), - new_dentry->d_name.name, - new_dentry->d_name.len, 0, old_idx); + &new_name, 0, old_idx); if (ret) { btrfs_abort_transaction(trans, ret); goto out_fail; } ret = btrfs_add_link(trans, BTRFS_I(old_dir), BTRFS_I(new_inode), - old_dentry->d_name.name, - old_dentry->d_name.len, 0, new_idx); + &old_name, 0, new_idx); if (ret) { btrfs_abort_transaction(trans, ret); goto out_fail; @@ -9403,6 +9429,14 @@ static int btrfs_rename(struct user_namespace *mnt_userns, int ret; int ret2; u64 old_ino = btrfs_ino(BTRFS_I(old_inode)); + struct fscrypt_name old_fname = { + .disk_name = FSTR_INIT((char *)old_dentry->d_name.name, + old_dentry->d_name.len) + }; + struct fscrypt_name new_fname = { + .disk_name = FSTR_INIT((char *)new_dentry->d_name.name, + new_dentry->d_name.len) + }; if (btrfs_ino(BTRFS_I(new_dir)) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) return -EPERM; @@ -9419,11 +9453,8 @@ static int btrfs_rename(struct user_namespace *mnt_userns, new_inode->i_size > BTRFS_EMPTY_DIR_SIZE) return -ENOTEMPTY; - /* check for collisions, even if the name isn't there */ - ret = btrfs_check_dir_item_collision(dest, new_dir->i_ino, - new_dentry->d_name.name, - new_dentry->d_name.len); + ret = btrfs_check_dir_item_collision(dest, new_dir->i_ino, &new_fname); if (ret) { if (ret == -EEXIST) { @@ -9517,11 +9548,9 @@ static int btrfs_rename(struct user_namespace *mnt_userns, /* force full log commit if subvolume involved. */ btrfs_set_log_full_commit(trans); } else { - ret = btrfs_insert_inode_ref(trans, dest, - new_dentry->d_name.name, - new_dentry->d_name.len, - old_ino, - btrfs_ino(BTRFS_I(new_dir)), index); + ret = btrfs_insert_inode_ref(trans, dest, &new_fname, old_ino, + btrfs_ino(BTRFS_I(new_dir)), + index); if (ret) goto out_fail; } @@ -9544,9 +9573,7 @@ static int btrfs_rename(struct user_namespace *mnt_userns, } else { ret = __btrfs_unlink_inode(trans, BTRFS_I(old_dir), BTRFS_I(d_inode(old_dentry)), - old_dentry->d_name.name, - old_dentry->d_name.len, - &rename_ctx); + &old_fname, &rename_ctx); if (!ret) ret = btrfs_update_inode(trans, root, BTRFS_I(old_inode)); } @@ -9565,8 +9592,7 @@ static int btrfs_rename(struct user_namespace *mnt_userns, } else { ret = btrfs_unlink_inode(trans, BTRFS_I(new_dir), BTRFS_I(d_inode(new_dentry)), - new_dentry->d_name.name, - new_dentry->d_name.len); + &new_fname); } if (!ret && new_inode->i_nlink == 0) ret = btrfs_orphan_add(trans, @@ -9578,8 +9604,7 @@ static int btrfs_rename(struct user_namespace *mnt_userns, } ret = btrfs_add_link(trans, BTRFS_I(new_dir), BTRFS_I(old_inode), - new_dentry->d_name.name, - new_dentry->d_name.len, 0, index); + &new_fname, 0, index); if (ret) { btrfs_abort_transaction(trans, ret); goto out_fail; diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index fe0cc816b4eb..10b8db56edda 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -941,7 +941,7 @@ static inline int btrfs_may_create(struct user_namespace *mnt_userns, */ static noinline int btrfs_mksubvol(const struct path *parent, struct user_namespace *mnt_userns, - const char *name, int namelen, + struct fscrypt_name *fname, struct btrfs_root *snap_src, bool readonly, struct btrfs_qgroup_inherit *inherit) @@ -955,7 +955,8 @@ static noinline int btrfs_mksubvol(const struct path *parent, if (error == -EINTR) return error; - dentry = lookup_one(mnt_userns, name, parent->dentry, namelen); + dentry = lookup_one(mnt_userns, fname_name(fname), parent->dentry, + fname_len(fname)); error = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_unlock; @@ -969,8 +970,7 @@ static noinline int btrfs_mksubvol(const struct path *parent, * check for them now when we can safely fail */ error = btrfs_check_dir_item_collision(BTRFS_I(dir)->root, - dir->i_ino, name, - namelen); + dir->i_ino, fname); if (error) goto out_dput; @@ -997,7 +997,7 @@ static noinline int btrfs_mksubvol(const struct path *parent, static noinline int btrfs_mksnapshot(const struct path *parent, struct user_namespace *mnt_userns, - const char *name, int namelen, + struct fscrypt_name *fname, struct btrfs_root *root, bool readonly, struct btrfs_qgroup_inherit *inherit) @@ -1026,7 +1026,7 @@ static noinline int btrfs_mksnapshot(const struct path *parent, btrfs_wait_ordered_extents(root, U64_MAX, 0, (u64)-1); - ret = btrfs_mksubvol(parent, mnt_userns, name, namelen, + ret = btrfs_mksubvol(parent, mnt_userns, fname, root, readonly, inherit); out: if (snapshot_force_cow) @@ -2138,6 +2138,7 @@ static noinline int __btrfs_ioctl_snap_create(struct file *file, { int namelen; int ret = 0; + struct fscrypt_name fname; if (!S_ISDIR(file_inode(file)->i_mode)) return -ENOTDIR; @@ -2158,9 +2159,12 @@ static noinline int __btrfs_ioctl_snap_create(struct file *file, goto out_drop_write; } + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT((char *) name, namelen) + }; if (subvol) { - ret = btrfs_mksubvol(&file->f_path, mnt_userns, name, - namelen, NULL, readonly, inherit); + ret = btrfs_mksubvol(&file->f_path, mnt_userns, &fname, + NULL, readonly, inherit); } else { struct fd src = fdget(fd); struct inode *src_inode; @@ -2182,8 +2186,7 @@ static noinline int __btrfs_ioctl_snap_create(struct file *file, ret = -EPERM; } else { ret = btrfs_mksnapshot(&file->f_path, mnt_userns, - name, namelen, - BTRFS_I(src_inode)->root, + &fname, BTRFS_I(src_inode)->root, readonly, inherit); } fdput(src); @@ -3777,6 +3780,10 @@ static long btrfs_ioctl_default_subvol(struct file *file, void __user *argp) u64 objectid = 0; u64 dir_id; int ret; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT("default", 7) + }; + if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -3817,7 +3824,7 @@ static long btrfs_ioctl_default_subvol(struct file *file, void __user *argp) dir_id = btrfs_super_root_dir(fs_info->super_copy); di = btrfs_lookup_dir_item(trans, fs_info->tree_root, path, - dir_id, "default", 7, 1); + dir_id, &fname, 1); if (IS_ERR_OR_NULL(di)) { btrfs_release_path(path); btrfs_end_transaction(trans); diff --git a/fs/btrfs/props.c b/fs/btrfs/props.c index 055a631276ce..21ae776cbe86 100644 --- a/fs/btrfs/props.c +++ b/fs/btrfs/props.c @@ -43,7 +43,10 @@ find_prop_handler(const char *name, struct prop_handler *h; if (!handlers) { - u64 hash = btrfs_name_hash(name, strlen(name)); + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) name, strlen(name)), + }; + u64 hash = btrfs_name_hash(&fname); handlers = find_prop_handlers_by_hash(hash); if (!handlers) @@ -459,7 +462,11 @@ void __init btrfs_props_init(void) for (i = 0; i < ARRAY_SIZE(prop_handlers); i++) { struct prop_handler *p = &prop_handlers[i]; - u64 h = btrfs_name_hash(p->xattr_name, strlen(p->xattr_name)); + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *)p->xattr_name, + strlen(p->xattr_name)), + }; + u64 h = btrfs_name_hash(&fname); hash_add(prop_handlers_ht, &p->node, h); } diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c index e1f599d7a916..f44f02c22027 100644 --- a/fs/btrfs/root-tree.c +++ b/fs/btrfs/root-tree.c @@ -327,8 +327,8 @@ int btrfs_del_root(struct btrfs_trans_handle *trans, } int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, - u64 ref_id, u64 dirid, u64 *sequence, const char *name, - int name_len) + u64 ref_id, u64 dirid, u64 *sequence, + const struct fscrypt_name *fname) { struct btrfs_root *tree_root = trans->fs_info->tree_root; @@ -356,8 +356,9 @@ int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, struct btrfs_root_ref); ptr = (unsigned long)(ref + 1); if ((btrfs_root_ref_dirid(leaf, ref) != dirid) || - (btrfs_root_ref_name_len(leaf, ref) != name_len) || - memcmp_extent_buffer(leaf, name, ptr, name_len)) { + (btrfs_root_ref_name_len(leaf, ref) != fname_len(fname)) || + memcmp_extent_buffer(leaf, fname_name(fname), ptr, + fname_len(fname))) { ret = -ENOENT; goto out; } @@ -400,8 +401,8 @@ int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, * Will return 0, -ENOMEM, or anything from the CoW path */ int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, - u64 ref_id, u64 dirid, u64 sequence, const char *name, - int name_len) + u64 ref_id, u64 dirid, u64 sequence, + const struct fscrypt_name *fname) { struct btrfs_root *tree_root = trans->fs_info->tree_root; struct btrfs_key key; @@ -420,7 +421,7 @@ int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, key.offset = ref_id; again: ret = btrfs_insert_empty_item(trans, tree_root, path, &key, - sizeof(*ref) + name_len); + sizeof(*ref) + fname_len(fname)); if (ret) { btrfs_abort_transaction(trans, ret); btrfs_free_path(path); @@ -431,9 +432,9 @@ int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, ref = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_root_ref); btrfs_set_root_ref_dirid(leaf, ref, dirid); btrfs_set_root_ref_sequence(leaf, ref, sequence); - btrfs_set_root_ref_name_len(leaf, ref, name_len); + btrfs_set_root_ref_name_len(leaf, ref, fname_len(fname)); ptr = (unsigned long)(ref + 1); - write_extent_buffer(leaf, name, ptr, name_len); + write_extent_buffer(leaf, fname_name(fname), ptr, fname_len(fname)); btrfs_mark_buffer_dirty(leaf); if (key.type == BTRFS_ROOT_BACKREF_KEY) { diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 127673c81a02..910af5f25a90 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include "send.h" @@ -1038,7 +1039,7 @@ static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path, } typedef int (*iterate_dir_item_t)(int num, struct btrfs_key *di_key, - const char *name, int name_len, + struct fscrypt_name *fname, const char *data, int data_len, void *ctx); @@ -1088,6 +1089,7 @@ static int iterate_dir_item(struct btrfs_root *root, struct btrfs_path *path, num = 0; while (cur < total) { + struct fscrypt_name fname; name_len = btrfs_dir_name_len(eb, di); data_len = btrfs_dir_data_len(eb, di); btrfs_dir_item_key_to_cpu(eb, di, &di_key); @@ -1140,8 +1142,11 @@ static int iterate_dir_item(struct btrfs_root *root, struct btrfs_path *path, len = sizeof(*di) + name_len + data_len; di = (struct btrfs_dir_item *)((char *)di + len); cur += len; + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(buf, name_len) + }; - ret = iterate(num, &di_key, buf, name_len, buf + name_len, + ret = iterate(num, &di_key, &fname, buf + name_len, data_len, ctx); if (ret < 0) goto out; @@ -1595,13 +1600,17 @@ static int gen_unique_name(struct send_ctx *sctx, return -ENOMEM; while (1) { + struct fscrypt_name fname; len = snprintf(tmp, sizeof(tmp), "o%llu-%llu-%llu", ino, gen, idx); ASSERT(len < sizeof(tmp)); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(tmp, strlen(tmp)),//len) + }; di = btrfs_lookup_dir_item(NULL, sctx->send_root, path, BTRFS_FIRST_FREE_OBJECTID, - tmp, strlen(tmp), 0); + &fname, 0); btrfs_release_path(path); if (IS_ERR(di)) { ret = PTR_ERR(di); @@ -1621,7 +1630,7 @@ static int gen_unique_name(struct send_ctx *sctx, di = btrfs_lookup_dir_item(NULL, sctx->parent_root, path, BTRFS_FIRST_FREE_OBJECTID, - tmp, strlen(tmp), 0); + &fname, 0); btrfs_release_path(path); if (IS_ERR(di)) { ret = PTR_ERR(di); @@ -1744,7 +1753,7 @@ static int is_inode_existent(struct send_ctx *sctx, u64 ino, u64 gen) * Helper function to lookup a dir item in a dir. */ static int lookup_dir_item_inode(struct btrfs_root *root, - u64 dir, const char *name, int name_len, + u64 dir, struct fscrypt_name *fname, u64 *found_inode) { int ret = 0; @@ -1757,7 +1766,7 @@ static int lookup_dir_item_inode(struct btrfs_root *root, return -ENOMEM; di = btrfs_lookup_dir_item(NULL, root, path, - dir, name, name_len, 0); + dir, fname, 0); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto out; @@ -1846,7 +1855,7 @@ static int get_first_ref(struct btrfs_root *root, u64 ino, static int is_first_ref(struct btrfs_root *root, u64 ino, u64 dir, - const char *name, int name_len) + struct fscrypt_name *fname) { int ret; struct fs_path *tmp_name; @@ -1860,12 +1869,12 @@ static int is_first_ref(struct btrfs_root *root, if (ret < 0) goto out; - if (dir != tmp_dir || name_len != fs_path_len(tmp_name)) { + if (dir != tmp_dir || fname_len(fname) != fs_path_len(tmp_name)) { ret = 0; goto out; } - ret = !memcmp(tmp_name->start, name, name_len); + ret = !memcmp(tmp_name->start, fname_name(fname), fname_len(fname)); out: fs_path_free(tmp_name); @@ -1883,7 +1892,7 @@ static int is_first_ref(struct btrfs_root *root, * orphanizing is really required. */ static int will_overwrite_ref(struct send_ctx *sctx, u64 dir, u64 dir_gen, - const char *name, int name_len, + struct fscrypt_name *fname, u64 *who_ino, u64 *who_gen, u64 *who_mode) { int ret = 0; @@ -1915,7 +1924,7 @@ static int will_overwrite_ref(struct send_ctx *sctx, u64 dir, u64 dir_gen, goto out; } - ret = lookup_dir_item_inode(sctx->parent_root, dir, name, name_len, + ret = lookup_dir_item_inode(sctx->parent_root, dir, fname, &other_inode); if (ret < 0 && ret != -ENOENT) goto out; @@ -1957,7 +1966,7 @@ static int will_overwrite_ref(struct send_ctx *sctx, u64 dir, u64 dir_gen, static int did_overwrite_ref(struct send_ctx *sctx, u64 dir, u64 dir_gen, u64 ino, u64 ino_gen, - const char *name, int name_len) + struct fscrypt_name *fname) { int ret = 0; u64 gen; @@ -1983,7 +1992,7 @@ static int did_overwrite_ref(struct send_ctx *sctx, } /* check if the ref was overwritten by another ref */ - ret = lookup_dir_item_inode(sctx->send_root, dir, name, name_len, + ret = lookup_dir_item_inode(sctx->send_root, dir, fname, &ow_inode); if (ret < 0 && ret != -ENOENT) goto out; @@ -2030,7 +2039,7 @@ static int did_overwrite_first_ref(struct send_ctx *sctx, u64 ino, u64 gen) struct fs_path *name = NULL; u64 dir; u64 dir_gen; - + struct fscrypt_name fname; if (!sctx->parent_root) goto out; @@ -2042,8 +2051,12 @@ static int did_overwrite_first_ref(struct send_ctx *sctx, u64 ino, u64 gen) if (ret < 0) goto out; + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name->start, fs_path_len(name)) + }; + ret = did_overwrite_ref(sctx, dir, dir_gen, ino, gen, - name->start, fs_path_len(name)); + &fname); out: fs_path_free(name); @@ -2176,6 +2189,7 @@ static int __get_cur_name_and_parent(struct send_ctx *sctx, int ret; int nce_ret; struct name_cache_entry *nce = NULL; + struct fscrypt_name fname; /* * First check if we already did a call to this function with the same @@ -2240,8 +2254,11 @@ static int __get_cur_name_and_parent(struct send_ctx *sctx, * Check if the ref was overwritten by an inode's ref that was processed * earlier. If yes, treat as orphan and return 1. */ + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(dest->start, fs_path_len(dest)) + }; ret = did_overwrite_ref(sctx, *parent_ino, *parent_gen, ino, gen, - dest->start, dest->end - dest->start); + &fname); if (ret < 0) goto out; if (ret) { @@ -3510,6 +3527,9 @@ static int wait_for_dest_dir_move(struct send_ctx *sctx, u64 right_gen; int ret = 0; struct waiting_dir_move *wdm; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT(parent_ref->name, parent_ref->name_len) + }; if (RB_EMPTY_ROOT(&sctx->waiting_dir_moves)) return 0; @@ -3520,7 +3540,7 @@ static int wait_for_dest_dir_move(struct send_ctx *sctx, key.objectid = parent_ref->dir; key.type = BTRFS_DIR_ITEM_KEY; - key.offset = btrfs_name_hash(parent_ref->name, parent_ref->name_len); + key.offset = btrfs_name_hash(&fname); ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); if (ret < 0) { @@ -3530,8 +3550,7 @@ static int wait_for_dest_dir_move(struct send_ctx *sctx, goto out; } - di = btrfs_match_dir_item_name(fs_info, path, parent_ref->name, - parent_ref->name_len); + di = btrfs_match_dir_item_name(fs_info, path, &fname); if (!di) { ret = 0; goto out; @@ -4007,6 +4026,10 @@ static int process_recorded_refs(struct send_ctx *sctx, int *pending_move) * "testdir_2". */ list_for_each_entry(cur, &sctx->new_refs, list) { + struct fscrypt_name fname = { + .disk_name = FSTR_INIT(cur->name, cur->name_len) + }; + ret = get_cur_inode_state(sctx, cur->dir, cur->dir_gen); if (ret < 0) goto out; @@ -4020,14 +4043,12 @@ static int process_recorded_refs(struct send_ctx *sctx, int *pending_move) * simply unlink it. */ ret = will_overwrite_ref(sctx, cur->dir, cur->dir_gen, - cur->name, cur->name_len, - &ow_inode, &ow_gen, &ow_mode); + &fname, &ow_inode, &ow_gen, &ow_mode); if (ret < 0) goto out; if (ret) { ret = is_first_ref(sctx->parent_root, - ow_inode, cur->dir, cur->name, - cur->name_len); + ow_inode, cur->dir, &fname); if (ret < 0) goto out; if (ret) { @@ -4273,9 +4294,13 @@ static int process_recorded_refs(struct send_ctx *sctx, int *pending_move) * inodes. */ list_for_each_entry(cur, &sctx->deleted_refs, list) { + struct fscrypt_name fname = { + .disk_name = FSTR_INIT(cur->name, cur->name_len) + }; + ret = did_overwrite_ref(sctx, cur->dir, cur->dir_gen, sctx->cur_ino, sctx->cur_inode_gen, - cur->name, cur->name_len); + &fname); if (ret < 0) goto out; if (!ret) { @@ -4615,7 +4640,7 @@ static int process_all_refs(struct send_ctx *sctx, static int send_set_xattr(struct send_ctx *sctx, struct fs_path *path, - const char *name, int name_len, + struct fscrypt_name *fname, const char *data, int data_len) { int ret = 0; @@ -4625,7 +4650,8 @@ static int send_set_xattr(struct send_ctx *sctx, goto out; TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path); - TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, name, name_len); + TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, fname_name(fname), + fname_len(fname)); TLV_PUT(sctx, BTRFS_SEND_A_XATTR_DATA, data, data_len); ret = send_cmd(sctx); @@ -4637,7 +4663,7 @@ static int send_set_xattr(struct send_ctx *sctx, static int send_remove_xattr(struct send_ctx *sctx, struct fs_path *path, - const char *name, int name_len) + struct fscrypt_name *fname) { int ret = 0; @@ -4646,7 +4672,8 @@ static int send_remove_xattr(struct send_ctx *sctx, goto out; TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path); - TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, name, name_len); + TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, fname_name(fname), + fname_len(fname)); ret = send_cmd(sctx); @@ -4656,7 +4683,7 @@ static int send_remove_xattr(struct send_ctx *sctx, } static int __process_new_xattr(int num, struct btrfs_key *di_key, - const char *name, int name_len, const char *data, + struct fscrypt_name *fname, const char *data, int data_len, void *ctx) { int ret; @@ -4665,7 +4692,7 @@ static int __process_new_xattr(int num, struct btrfs_key *di_key, struct posix_acl_xattr_header dummy_acl; /* Capabilities are emitted by finish_inode_if_needed */ - if (!strncmp(name, XATTR_NAME_CAPS, name_len)) + if (!strncmp(fname_name(fname), XATTR_NAME_CAPS, fname_len(fname))) return 0; p = fs_path_alloc(); @@ -4678,8 +4705,10 @@ static int __process_new_xattr(int num, struct btrfs_key *di_key, * acls will fail later. To fix this, we send a dummy acl list that * only contains the version number and no entries. */ - if (!strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, name_len) || - !strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, name_len)) { + if (!strncmp(fname_name(fname), XATTR_NAME_POSIX_ACL_ACCESS, + fname_len(fname)) || + !strncmp(fname_name(fname), XATTR_NAME_POSIX_ACL_DEFAULT, + fname_len(fname))) { if (data_len == 0) { dummy_acl.a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); @@ -4692,7 +4721,7 @@ static int __process_new_xattr(int num, struct btrfs_key *di_key, if (ret < 0) goto out; - ret = send_set_xattr(sctx, p, name, name_len, data, data_len); + ret = send_set_xattr(sctx, p, fname, data, data_len); out: fs_path_free(p); @@ -4700,7 +4729,7 @@ static int __process_new_xattr(int num, struct btrfs_key *di_key, } static int __process_deleted_xattr(int num, struct btrfs_key *di_key, - const char *name, int name_len, + struct fscrypt_name *fname, const char *data, int data_len, void *ctx) { int ret; @@ -4715,7 +4744,7 @@ static int __process_deleted_xattr(int num, struct btrfs_key *di_key, if (ret < 0) goto out; - ret = send_remove_xattr(sctx, p, name, name_len); + ret = send_remove_xattr(sctx, p, fname); out: fs_path_free(p); @@ -4739,20 +4768,21 @@ static int process_deleted_xattr(struct send_ctx *sctx) } struct find_xattr_ctx { - const char *name; - int name_len; + struct fscrypt_name *fname; int found_idx; char *found_data; int found_data_len; }; -static int __find_xattr(int num, struct btrfs_key *di_key, const char *name, - int name_len, const char *data, int data_len, void *vctx) +static int __find_xattr(int num, struct btrfs_key *di_key, + struct fscrypt_name *fname, + const char *data, int data_len, void *vctx) { struct find_xattr_ctx *ctx = vctx; - if (name_len == ctx->name_len && - strncmp(name, ctx->name, name_len) == 0) { + if (fname_len(fname) == fname_len(ctx->fname) && + strncmp(fname_name(fname), fname_name(ctx->fname), + fname_len(fname)) == 0) { ctx->found_idx = num; ctx->found_data_len = data_len; ctx->found_data = kmemdup(data, data_len, GFP_KERNEL); @@ -4766,14 +4796,13 @@ static int __find_xattr(int num, struct btrfs_key *di_key, const char *name, static int find_xattr(struct btrfs_root *root, struct btrfs_path *path, struct btrfs_key *key, - const char *name, int name_len, + struct fscrypt_name *fname, char **data, int *data_len) { int ret; struct find_xattr_ctx ctx; - ctx.name = name; - ctx.name_len = name_len; + ctx.fname = fname; ctx.found_idx = -1; ctx.found_data = NULL; ctx.found_data_len = 0; @@ -4795,7 +4824,7 @@ static int find_xattr(struct btrfs_root *root, static int __process_changed_new_xattr(int num, struct btrfs_key *di_key, - const char *name, int name_len, + struct fscrypt_name *fname, const char *data, int data_len, void *ctx) { @@ -4805,15 +4834,15 @@ static int __process_changed_new_xattr(int num, struct btrfs_key *di_key, int found_data_len = 0; ret = find_xattr(sctx->parent_root, sctx->right_path, - sctx->cmp_key, name, name_len, &found_data, + sctx->cmp_key, fname, &found_data, &found_data_len); if (ret == -ENOENT) { - ret = __process_new_xattr(num, di_key, name, name_len, data, + ret = __process_new_xattr(num, di_key, fname, data, data_len, ctx); } else if (ret >= 0) { if (data_len != found_data_len || memcmp(data, found_data, data_len)) { - ret = __process_new_xattr(num, di_key, name, name_len, + ret = __process_new_xattr(num, di_key, fname, data, data_len, ctx); } else { ret = 0; @@ -4825,7 +4854,7 @@ static int __process_changed_new_xattr(int num, struct btrfs_key *di_key, } static int __process_changed_deleted_xattr(int num, struct btrfs_key *di_key, - const char *name, int name_len, + struct fscrypt_name *fname, const char *data, int data_len, void *ctx) { @@ -4833,9 +4862,9 @@ static int __process_changed_deleted_xattr(int num, struct btrfs_key *di_key, struct send_ctx *sctx = ctx; ret = find_xattr(sctx->send_root, sctx->left_path, sctx->cmp_key, - name, name_len, NULL, NULL); + fname, NULL, NULL); if (ret == -ENOENT) - ret = __process_deleted_xattr(num, di_key, name, name_len, data, + ret = __process_deleted_xattr(num, di_key, fname, data, data_len, ctx); else if (ret >= 0) ret = 0; @@ -5574,13 +5603,16 @@ static int send_capabilities(struct send_ctx *sctx) char *buf = NULL; int buf_len; int ret = 0; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT(XATTR_NAME_CAPS, strlen(XATTR_NAME_CAPS)) + }; path = alloc_path_for_send(); if (!path) return -ENOMEM; di = btrfs_lookup_xattr(NULL, sctx->send_root, path, sctx->cur_ino, - XATTR_NAME_CAPS, strlen(XATTR_NAME_CAPS), 0); + &fname, 0); if (!di) { /* There is no xattr for this inode */ goto out; @@ -5606,8 +5638,7 @@ static int send_capabilities(struct send_ctx *sctx) data_ptr = (unsigned long)(di + 1) + btrfs_dir_name_len(leaf, di); read_extent_buffer(leaf, buf, data_ptr, buf_len); - ret = send_set_xattr(sctx, fspath, XATTR_NAME_CAPS, - strlen(XATTR_NAME_CAPS), buf, buf_len); + ret = send_set_xattr(sctx, fspath, &fname, buf, buf_len); out: kfree(buf); fs_path_free(fspath); diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index eb0ae7e396ef..b7118345c6f7 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1395,6 +1395,9 @@ static int get_default_subvol_objectid(struct btrfs_fs_info *fs_info, u64 *objec struct btrfs_path *path; struct btrfs_key location; u64 dir_id; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT("default", 7), + }; path = btrfs_alloc_path(); if (!path) @@ -1406,7 +1409,7 @@ static int get_default_subvol_objectid(struct btrfs_fs_info *fs_info, u64 *objec * to mount. */ dir_id = btrfs_super_root_dir(fs_info->super_copy); - di = btrfs_lookup_dir_item(NULL, root, path, dir_id, "default", 7, 0); + di = btrfs_lookup_dir_item(NULL, root, path, dir_id, &fname, 0); if (IS_ERR(di)) { btrfs_free_path(path); return PTR_ERR(di); diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index d9e608935e64..b83e618a255d 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1596,8 +1596,9 @@ static int qgroup_account_snapshot(struct btrfs_trans_handle *trans, * happens, we should return the error number. If the error which just affect * the creation of the pending snapshots, just return 0. */ -static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, - struct btrfs_pending_snapshot *pending) +static noinline int +create_pending_snapshot(struct btrfs_trans_handle *trans, + struct btrfs_pending_snapshot *pending) { struct btrfs_fs_info *fs_info = trans->fs_info; @@ -1607,10 +1608,9 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, struct btrfs_root *root = pending->root; struct btrfs_root *parent_root; struct btrfs_block_rsv *rsv; - struct inode *parent_inode; + struct inode *parent_inode = pending->dir; struct btrfs_path *path; struct btrfs_dir_item *dir_item; - struct dentry *dentry; struct extent_buffer *tmp; struct extent_buffer *old; struct timespec64 cur_time; @@ -1619,6 +1619,10 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, u64 index = 0; u64 objectid; u64 root_flags; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) pending->dentry->d_name.name, + pending->dentry->d_name.len) + }; ASSERT(pending->path); path = pending->path; @@ -1657,7 +1661,6 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, trace_btrfs_space_reservation(fs_info, "transaction", trans->transid, trans->bytes_reserved, 1); - dentry = pending->dentry; parent_inode = pending->dir; parent_root = BTRFS_I(parent_inode)->root; ret = record_root_in_trans(trans, parent_root, 0); @@ -1674,8 +1677,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, /* check if there is a file/dir which has the same name. */ dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, btrfs_ino(BTRFS_I(parent_inode)), - dentry->d_name.name, - dentry->d_name.len, 0); + &fname, 0); if (dir_item != NULL && !IS_ERR(dir_item)) { pending->error = -EEXIST; goto dir_item_existed; @@ -1770,7 +1772,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, ret = btrfs_add_root_ref(trans, objectid, parent_root->root_key.objectid, btrfs_ino(BTRFS_I(parent_inode)), index, - dentry->d_name.name, dentry->d_name.len); + &fname); if (ret) { btrfs_abort_transaction(trans, ret); goto fail; @@ -1802,8 +1804,7 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, if (ret < 0) goto fail; - ret = btrfs_insert_dir_item(trans, dentry->d_name.name, - dentry->d_name.len, BTRFS_I(parent_inode), + ret = btrfs_insert_dir_item(trans, &fname, BTRFS_I(parent_inode), &key, BTRFS_FT_DIR, index); /* We have check then name at the beginning, so it is impossible. */ BUG_ON(ret == -EEXIST || ret == -EOVERFLOW); @@ -1812,8 +1813,8 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, goto fail; } - btrfs_i_size_write(BTRFS_I(parent_inode), parent_inode->i_size + - dentry->d_name.len * 2); + btrfs_i_size_write(BTRFS_I(parent_inode), + parent_inode->i_size + fname_len(&fname) * 2); parent_inode->i_mtime = current_time(parent_inode); parent_inode->i_ctime = parent_inode->i_mtime; ret = btrfs_update_inode_fallback(trans, parent_root, BTRFS_I(parent_inode)); diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 77c53a7491cf..2c6d48af1d2a 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -595,10 +595,14 @@ static int check_dir_item(struct extent_buffer *leaf, if (key->type == BTRFS_DIR_ITEM_KEY || key->type == BTRFS_XATTR_ITEM_KEY) { char namebuf[max(BTRFS_NAME_LEN, XATTR_NAME_MAX)]; + struct fscrypt_name fname; read_extent_buffer(leaf, namebuf, (unsigned long)(di + 1), name_len); - name_hash = btrfs_name_hash(namebuf, name_len); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(namebuf, name_len) + }; + name_hash = btrfs_name_hash(&fname); if (unlikely(key->offset != name_hash)) { dir_item_err(leaf, slot, "name hash mismatch with key, have 0x%016x expect 0x%016llx", diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 8467fadd6a23..40cfaa9feff3 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -901,12 +901,11 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, static int unlink_inode_for_log_replay(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const char *name, - int name_len) + const struct fscrypt_name *fname) { int ret; - ret = btrfs_unlink_inode(trans, dir, inode, name, name_len); + ret = btrfs_unlink_inode(trans, dir, inode, fname); if (ret) return ret; /* @@ -938,6 +937,7 @@ static noinline int drop_one_dir_item(struct btrfs_trans_handle *trans, struct extent_buffer *leaf; struct btrfs_key location; int ret; + struct fscrypt_name fname; leaf = path->nodes[0]; @@ -950,6 +950,10 @@ static noinline int drop_one_dir_item(struct btrfs_trans_handle *trans, read_extent_buffer(leaf, name, (unsigned long)(di + 1), name_len); btrfs_release_path(path); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, name_len) + }; + inode = read_one_inode(root, location.objectid); if (!inode) { ret = -EIO; @@ -960,8 +964,7 @@ static noinline int drop_one_dir_item(struct btrfs_trans_handle *trans, if (ret) goto out; - ret = unlink_inode_for_log_replay(trans, dir, BTRFS_I(inode), name, - name_len); + ret = unlink_inode_for_log_replay(trans, dir, BTRFS_I(inode), &fname); out: kfree(name); iput(inode); @@ -978,14 +981,14 @@ static noinline int drop_one_dir_item(struct btrfs_trans_handle *trans, static noinline int inode_in_dir(struct btrfs_root *root, struct btrfs_path *path, u64 dirid, u64 objectid, u64 index, - const char *name, int name_len) + const struct fscrypt_name *fname) { struct btrfs_dir_item *di; struct btrfs_key location; int ret = 0; di = btrfs_lookup_dir_index_item(NULL, root, path, dirid, - index, name, name_len, 0); + index, fname, 0); if (IS_ERR(di)) { ret = PTR_ERR(di); goto out; @@ -998,7 +1001,7 @@ static noinline int inode_in_dir(struct btrfs_root *root, } btrfs_release_path(path); - di = btrfs_lookup_dir_item(NULL, root, path, dirid, name, name_len, 0); + di = btrfs_lookup_dir_item(NULL, root, path, dirid, fname, 0); if (IS_ERR(di)) { ret = PTR_ERR(di); goto out; @@ -1025,7 +1028,7 @@ static noinline int inode_in_dir(struct btrfs_root *root, static noinline int backref_in_log(struct btrfs_root *log, struct btrfs_key *key, u64 ref_objectid, - const char *name, int namelen) + struct fscrypt_name *fname) { struct btrfs_path *path; int ret; @@ -1046,11 +1049,11 @@ static noinline int backref_in_log(struct btrfs_root *log, ret = !!btrfs_find_name_in_ext_backref(path->nodes[0], path->slots[0], ref_objectid, - name, namelen); + fname); else ret = !!btrfs_find_name_in_backref(path->nodes[0], path->slots[0], - name, namelen); + fname); out: btrfs_free_path(path); return ret; @@ -1063,7 +1066,8 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, u64 inode_objectid, u64 parent_objectid, - u64 ref_index, char *name, int namelen) + u64 ref_index, + struct fscrypt_name *fname) { int ret; char *victim_name; @@ -1099,6 +1103,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); ptr_end = ptr + btrfs_item_size(leaf, path->slots[0]); while (ptr < ptr_end) { + struct fscrypt_name victim_fname; victim_ref = (struct btrfs_inode_ref *)ptr; victim_name_len = btrfs_inode_ref_name_len(leaf, victim_ref); @@ -1109,10 +1114,12 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, read_extent_buffer(leaf, victim_name, (unsigned long)(victim_ref + 1), victim_name_len); + victim_fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(victim_name, victim_name_len) + }; ret = backref_in_log(log_root, &search_key, - parent_objectid, victim_name, - victim_name_len); + parent_objectid, &victim_fname); if (ret < 0) { kfree(victim_name); return ret; @@ -1120,8 +1127,8 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, inc_nlink(&inode->vfs_inode); btrfs_release_path(path); - ret = unlink_inode_for_log_replay(trans, dir, inode, - victim_name, victim_name_len); + ret = unlink_inode_for_log_replay(trans, + dir, inode, &victim_fname); kfree(victim_name); if (ret) return ret; @@ -1135,7 +1142,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, btrfs_release_path(path); /* Same search but for extended refs */ - extref = btrfs_lookup_inode_extref(NULL, root, path, name, namelen, + extref = btrfs_lookup_inode_extref(NULL, root, path, fname, inode_objectid, parent_objectid, 0, 0); if (IS_ERR(extref)) { @@ -1152,6 +1159,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, base = btrfs_item_ptr_offset(leaf, path->slots[0]); while (cur_offset < item_size) { + struct fscrypt_name victim_fname; extref = (struct btrfs_inode_extref *)(base + cur_offset); victim_name_len = btrfs_inode_extref_name_len(leaf, extref); @@ -1165,14 +1173,15 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, read_extent_buffer(leaf, victim_name, (unsigned long)&extref->name, victim_name_len); + victim_fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(victim_name, victim_name_len), + }; + search_key.objectid = inode_objectid; search_key.type = BTRFS_INODE_EXTREF_KEY; - search_key.offset = btrfs_extref_hash(parent_objectid, - victim_name, - victim_name_len); + search_key.offset = btrfs_extref_hash(parent_objectid, &victim_fname); ret = backref_in_log(log_root, &search_key, - parent_objectid, victim_name, - victim_name_len); + parent_objectid, &victim_fname); if (ret < 0) { kfree(victim_name); return ret; @@ -1186,9 +1195,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, ret = unlink_inode_for_log_replay(trans, BTRFS_I(victim_parent), - inode, - victim_name, - victim_name_len); + inode, &victim_fname); } iput(victim_parent); kfree(victim_name); @@ -1205,7 +1212,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, /* look for a conflicting sequence number */ di = btrfs_lookup_dir_index_item(trans, root, path, btrfs_ino(dir), - ref_index, name, namelen, 0); + ref_index, fname, 0); if (IS_ERR(di)) { return PTR_ERR(di); } else if (di) { @@ -1217,7 +1224,7 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, /* look for a conflicting name */ di = btrfs_lookup_dir_item(trans, root, path, btrfs_ino(dir), - name, namelen, 0); + fname, 0); if (IS_ERR(di)) { return PTR_ERR(di); } else if (di) { @@ -1231,20 +1238,24 @@ static inline int __add_inode_ref(struct btrfs_trans_handle *trans, } static int extref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr, - u32 *namelen, char **name, u64 *index, + struct fscrypt_name *fname, u64 *index, u64 *parent_objectid) { struct btrfs_inode_extref *extref; - + u32 namelen; + char *name; extref = (struct btrfs_inode_extref *)ref_ptr; - *namelen = btrfs_inode_extref_name_len(eb, extref); - *name = kmalloc(*namelen, GFP_NOFS); - if (*name == NULL) + namelen = btrfs_inode_extref_name_len(eb, extref); + name = kmalloc(namelen, GFP_NOFS); + if (name == NULL) return -ENOMEM; - read_extent_buffer(eb, *name, (unsigned long)&extref->name, - *namelen); + read_extent_buffer(eb, name, (unsigned long)&extref->name, + namelen); + *fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, namelen) + }; if (index) *index = btrfs_inode_extref_index(eb, extref); @@ -1255,18 +1266,22 @@ static int extref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr, } static int ref_get_fields(struct extent_buffer *eb, unsigned long ref_ptr, - u32 *namelen, char **name, u64 *index) + struct fscrypt_name *fname, u64 *index) { struct btrfs_inode_ref *ref; - + u32 namelen; + char *name; ref = (struct btrfs_inode_ref *)ref_ptr; - *namelen = btrfs_inode_ref_name_len(eb, ref); - *name = kmalloc(*namelen, GFP_NOFS); - if (*name == NULL) + namelen = btrfs_inode_ref_name_len(eb, ref); + name = kmalloc(namelen, GFP_NOFS); + if (name == NULL) return -ENOMEM; - read_extent_buffer(eb, *name, (unsigned long)(ref + 1), *namelen); + read_extent_buffer(eb, name, (unsigned long)(ref + 1), namelen); + *fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, namelen) + }; if (index) *index = btrfs_inode_ref_index(eb, ref); @@ -1308,16 +1323,15 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, ref_ptr = btrfs_item_ptr_offset(eb, path->slots[0]); ref_end = ref_ptr + btrfs_item_size(eb, path->slots[0]); while (ref_ptr < ref_end) { - char *name = NULL; - int namelen; u64 parent_id; + struct fscrypt_name fname; if (key->type == BTRFS_INODE_EXTREF_KEY) { - ret = extref_get_fields(eb, ref_ptr, &namelen, &name, + ret = extref_get_fields(eb, ref_ptr, &fname, NULL, &parent_id); } else { parent_id = key->offset; - ret = ref_get_fields(eb, ref_ptr, &namelen, &name, + ret = ref_get_fields(eb, ref_ptr, &fname, NULL); } if (ret) @@ -1325,11 +1339,11 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, if (key->type == BTRFS_INODE_EXTREF_KEY) ret = !!btrfs_find_name_in_ext_backref(log_eb, log_slot, - parent_id, name, - namelen); + parent_id, + &fname); else ret = !!btrfs_find_name_in_backref(log_eb, log_slot, - name, namelen); + &fname); if (!ret) { struct inode *dir; @@ -1338,20 +1352,20 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, dir = read_one_inode(root, parent_id); if (!dir) { ret = -ENOENT; - kfree(name); + kfree(fname_name(&fname)); goto out; } ret = unlink_inode_for_log_replay(trans, BTRFS_I(dir), - inode, name, namelen); - kfree(name); + inode, &fname); + kfree(fname_name(&fname)); iput(dir); if (ret) goto out; goto again; } - kfree(name); - ref_ptr += namelen; + kfree(fname_name(&fname)); + ref_ptr += fname_len(&fname); if (key->type == BTRFS_INODE_EXTREF_KEY) ref_ptr += sizeof(struct btrfs_inode_extref); else @@ -1380,8 +1394,6 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, struct inode *inode = NULL; unsigned long ref_ptr; unsigned long ref_end; - char *name = NULL; - int namelen; int ret; int log_ref_ver = 0; u64 parent_objectid; @@ -1424,8 +1436,9 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } while (ref_ptr < ref_end) { + struct fscrypt_name fname; if (log_ref_ver) { - ret = extref_get_fields(eb, ref_ptr, &namelen, &name, + ret = extref_get_fields(eb, ref_ptr, &fname, &ref_index, &parent_objectid); /* * parent object can change from one array @@ -1438,7 +1451,7 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, goto out; } } else { - ret = ref_get_fields(eb, ref_ptr, &namelen, &name, + ret = ref_get_fields(eb, ref_ptr, &fname, &ref_index); } if (ret) @@ -1446,7 +1459,7 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, ret = inode_in_dir(root, path, btrfs_ino(BTRFS_I(dir)), btrfs_ino(BTRFS_I(inode)), ref_index, - name, namelen); + &fname); if (ret < 0) { goto out; } else if (ret == 0) { @@ -1460,7 +1473,7 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, ret = __add_inode_ref(trans, root, path, log, BTRFS_I(dir), BTRFS_I(inode), inode_objectid, parent_objectid, - ref_index, name, namelen); + ref_index, &fname); if (ret) { if (ret == 1) ret = 0; @@ -1469,7 +1482,7 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), - name, namelen, 0, ref_index); + &fname, 0, ref_index); if (ret) goto out; @@ -1479,9 +1492,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } /* Else, ret == 1, we already have a perfect match, we're done. */ - ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + namelen; - kfree(name); - name = NULL; + ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + fname_len(&fname); + kfree(fname_name(&fname)); if (log_ref_ver) { iput(dir); dir = NULL; @@ -1505,7 +1517,6 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, ret = overwrite_item(trans, root, path, eb, slot, key); out: btrfs_release_path(path); - kfree(name); iput(dir); iput(inode); return ret; @@ -1777,7 +1788,7 @@ static noinline int link_to_fixup_dir(struct btrfs_trans_handle *trans, static noinline int insert_one_name(struct btrfs_trans_handle *trans, struct btrfs_root *root, u64 dirid, u64 index, - char *name, int name_len, + struct fscrypt_name *fname, struct btrfs_key *location) { struct inode *inode; @@ -1794,8 +1805,8 @@ static noinline int insert_one_name(struct btrfs_trans_handle *trans, return -EIO; } - ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), name, - name_len, 1, index); + ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode), fname, 1, + index); /* FIXME, put inode into FIXUP list */ @@ -1869,6 +1880,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, int ret; bool update_size = true; bool name_added = false; + struct fscrypt_name fname; dir = read_one_inode(root, key->objectid); if (!dir) @@ -1884,6 +1896,9 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, log_flags = btrfs_dir_flags(eb, di); read_extent_buffer(eb, name, (unsigned long)(di + 1), name_len); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, name_len) + }; btrfs_dir_item_key_to_cpu(eb, di, &log_key); ret = btrfs_lookup_inode(trans, root, path, &log_key, 0); @@ -1894,7 +1909,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, ret = 0; dir_dst_di = btrfs_lookup_dir_item(trans, root, path, key->objectid, - name, name_len, 1); + &fname, 1); if (IS_ERR(dir_dst_di)) { ret = PTR_ERR(dir_dst_di); goto out; @@ -1911,7 +1926,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, index_dst_di = btrfs_lookup_dir_index_item(trans, root, path, key->objectid, key->offset, - name, name_len, 1); + &fname, 1); if (IS_ERR(index_dst_di)) { ret = PTR_ERR(index_dst_di); goto out; @@ -1939,7 +1954,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, search_key.objectid = log_key.objectid; search_key.type = BTRFS_INODE_REF_KEY; search_key.offset = key->objectid; - ret = backref_in_log(root->log_root, &search_key, 0, name, name_len); + ret = backref_in_log(root->log_root, &search_key, 0, &fname); if (ret < 0) { goto out; } else if (ret) { @@ -1952,8 +1967,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, search_key.objectid = log_key.objectid; search_key.type = BTRFS_INODE_EXTREF_KEY; search_key.offset = key->objectid; - ret = backref_in_log(root->log_root, &search_key, key->objectid, name, - name_len); + ret = backref_in_log(root->log_root, &search_key, key->objectid, &fname); if (ret < 0) { goto out; } else if (ret) { @@ -1964,7 +1978,7 @@ static noinline int replay_one_name(struct btrfs_trans_handle *trans, } btrfs_release_path(path); ret = insert_one_name(trans, root, key->objectid, key->offset, - name, name_len, &log_key); + &fname, &log_key); if (ret && ret != -ENOENT && ret != -EEXIST) goto out; if (!ret) @@ -2147,6 +2161,7 @@ static noinline int check_item_in_log(struct btrfs_trans_handle *trans, char *name; struct inode *inode = NULL; struct btrfs_key location; + struct fscrypt_name fname; /* * Currently we only log dir index keys. Even if we replay a log created @@ -2167,6 +2182,9 @@ static noinline int check_item_in_log(struct btrfs_trans_handle *trans, } read_extent_buffer(eb, name, (unsigned long)(di + 1), name_len); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, name_len) + }; if (log) { struct btrfs_dir_item *log_di; @@ -2174,7 +2192,7 @@ static noinline int check_item_in_log(struct btrfs_trans_handle *trans, log_di = btrfs_lookup_dir_index_item(trans, log, log_path, dir_key->objectid, dir_key->offset, - name, name_len, 0); + &fname, 0); if (IS_ERR(log_di)) { ret = PTR_ERR(log_di); goto out; @@ -2199,8 +2217,8 @@ static noinline int check_item_in_log(struct btrfs_trans_handle *trans, goto out; inc_nlink(inode); - ret = unlink_inode_for_log_replay(trans, BTRFS_I(dir), BTRFS_I(inode), - name, name_len); + ret = unlink_inode_for_log_replay(trans, BTRFS_I(dir), + BTRFS_I(inode), &fname); /* * Unlike dir item keys, dir index keys can only have one name (entry) in * them, as there are no key collisions since each key has a unique offset @@ -2260,6 +2278,7 @@ static int replay_xattr_deletes(struct btrfs_trans_handle *trans, u16 data_len = btrfs_dir_data_len(path->nodes[0], di); u32 this_len = sizeof(*di) + name_len + data_len; char *name; + struct fscrypt_name fname; name = kmalloc(name_len, GFP_NOFS); if (!name) { @@ -2268,15 +2287,18 @@ static int replay_xattr_deletes(struct btrfs_trans_handle *trans, } read_extent_buffer(path->nodes[0], name, (unsigned long)(di + 1), name_len); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, name_len) + }; log_di = btrfs_lookup_xattr(NULL, log, log_path, ino, - name, name_len, 0); + &fname, 0); btrfs_release_path(log_path); if (!log_di) { /* Doesn't exist in log tree, so delete it. */ btrfs_release_path(path); di = btrfs_lookup_xattr(trans, root, path, ino, - name, name_len, -1); + &fname, -1); kfree(name); if (IS_ERR(di)) { ret = PTR_ERR(di); @@ -3448,7 +3470,7 @@ static int del_logged_dentry(struct btrfs_trans_handle *trans, struct btrfs_root *log, struct btrfs_path *path, u64 dir_ino, - const char *name, int name_len, + const struct fscrypt_name *fname, u64 index) { struct btrfs_dir_item *di; @@ -3458,7 +3480,7 @@ static int del_logged_dentry(struct btrfs_trans_handle *trans, * for dir item keys. */ di = btrfs_lookup_dir_index_item(trans, log, path, dir_ino, - index, name, name_len, -1); + index, fname, -1); if (IS_ERR(di)) return PTR_ERR(di); else if (!di) @@ -3495,7 +3517,7 @@ static int del_logged_dentry(struct btrfs_trans_handle *trans, */ void btrfs_del_dir_entries_in_log(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, struct btrfs_inode *dir, u64 index) { struct btrfs_path *path; @@ -3522,7 +3544,7 @@ void btrfs_del_dir_entries_in_log(struct btrfs_trans_handle *trans, } ret = del_logged_dentry(trans, root->log_root, path, btrfs_ino(dir), - name, name_len, index); + fname, index); btrfs_free_path(path); out_unlock: mutex_unlock(&dir->log_mutex); @@ -3534,7 +3556,7 @@ void btrfs_del_dir_entries_in_log(struct btrfs_trans_handle *trans, /* see comments for btrfs_del_dir_entries_in_log */ void btrfs_del_inode_ref_in_log(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *fname, struct btrfs_inode *inode, u64 dirid) { struct btrfs_root *log; @@ -3555,7 +3577,7 @@ void btrfs_del_inode_ref_in_log(struct btrfs_trans_handle *trans, log = root->log_root; mutex_lock(&inode->log_mutex); - ret = btrfs_del_inode_ref(trans, log, name, name_len, btrfs_ino(inode), + ret = btrfs_del_inode_ref(trans, log, fname, btrfs_ino(inode), dirid, &index); mutex_unlock(&inode->log_mutex); if (ret < 0 && ret != -ENOENT) @@ -5218,6 +5240,7 @@ static int btrfs_check_ref_name_override(struct extent_buffer *eb, u32 this_len; unsigned long name_ptr; struct btrfs_dir_item *di; + struct fscrypt_name fname; if (key->type == BTRFS_INODE_REF_KEY) { struct btrfs_inode_ref *iref; @@ -5251,8 +5274,12 @@ static int btrfs_check_ref_name_override(struct extent_buffer *eb, } read_extent_buffer(eb, name, name_ptr, this_name_len); + fname = (struct fscrypt_name) { + .disk_name = FSTR_INIT(name, this_name_len) + }; + di = btrfs_lookup_dir_item(NULL, inode->root, search_path, - parent, name, this_name_len, 0); + parent, &fname, 0); if (di && !IS_ERR(di)) { struct btrfs_key di_key; @@ -7416,6 +7443,10 @@ void btrfs_log_new_name(struct btrfs_trans_handle *trans, if (old_dir && old_dir->logged_trans == trans->transid) { struct btrfs_root *log = old_dir->root->log_root; struct btrfs_path *path; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) old_dentry->d_name.name, + old_dentry->d_name.len) + }; ASSERT(old_dir_index >= BTRFS_DIR_START_INDEX); @@ -7453,8 +7484,7 @@ void btrfs_log_new_name(struct btrfs_trans_handle *trans, */ mutex_lock(&old_dir->log_mutex); ret = del_logged_dentry(trans, log, path, btrfs_ino(old_dir), - old_dentry->d_name.name, - old_dentry->d_name.len, old_dir_index); + &fname, old_dir_index); if (ret > 0) { /* * The dentry does not exist in the log, so record its diff --git a/fs/btrfs/tree-log.h b/fs/btrfs/tree-log.h index aed1e05e9879..acea5da43284 100644 --- a/fs/btrfs/tree-log.h +++ b/fs/btrfs/tree-log.h @@ -86,11 +86,11 @@ int btrfs_log_dentry_safe(struct btrfs_trans_handle *trans, struct btrfs_log_ctx *ctx); void btrfs_del_dir_entries_in_log(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *name, struct btrfs_inode *dir, u64 index); void btrfs_del_inode_ref_in_log(struct btrfs_trans_handle *trans, struct btrfs_root *root, - const char *name, int name_len, + const struct fscrypt_name *name, struct btrfs_inode *inode, u64 dirid); void btrfs_end_log_trans(struct btrfs_root *root); void btrfs_pin_log_trans(struct btrfs_root *root); diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c index 5bb8d8c86311..9bb45e230d35 100644 --- a/fs/btrfs/xattr.c +++ b/fs/btrfs/xattr.c @@ -21,7 +21,7 @@ #include "locking.h" int btrfs_getxattr(struct inode *inode, const char *name, - void *buffer, size_t size) + void *buffer, size_t size) { struct btrfs_dir_item *di; struct btrfs_root *root = BTRFS_I(inode)->root; @@ -29,6 +29,9 @@ int btrfs_getxattr(struct inode *inode, const char *name, struct extent_buffer *leaf; int ret = 0; unsigned long data_ptr; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) name, strlen(name)) + }; path = btrfs_alloc_path(); if (!path) @@ -36,7 +39,7 @@ int btrfs_getxattr(struct inode *inode, const char *name, /* lookup the xattr by name */ di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(BTRFS_I(inode)), - name, strlen(name), 0); + &fname, 0); if (!di) { ret = -ENODATA; goto out; @@ -85,6 +88,10 @@ int btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, struct btrfs_path *path; size_t name_len = strlen(name); int ret = 0; + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) name, name_len) + }; + ASSERT(trans); @@ -98,7 +105,7 @@ int btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, if (!value) { di = btrfs_lookup_xattr(trans, root, path, - btrfs_ino(BTRFS_I(inode)), name, name_len, -1); + btrfs_ino(BTRFS_I(inode)), &fname, -1); if (!di && (flags & XATTR_REPLACE)) ret = -ENODATA; else if (IS_ERR(di)) @@ -118,7 +125,7 @@ int btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, if (flags & XATTR_REPLACE) { ASSERT(inode_is_locked(inode)); di = btrfs_lookup_xattr(NULL, root, path, - btrfs_ino(BTRFS_I(inode)), name, name_len, 0); + btrfs_ino(BTRFS_I(inode)), &fname, 0); if (!di) ret = -ENODATA; else if (IS_ERR(di)) @@ -130,7 +137,7 @@ int btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, } ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(BTRFS_I(inode)), - name, name_len, value, size); + &fname, value, size); if (ret == -EOVERFLOW) { /* * We have an existing item in a leaf, split_leaf couldn't @@ -139,14 +146,14 @@ int btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, */ ret = 0; btrfs_assert_tree_write_locked(path->nodes[0]); - di = btrfs_match_dir_item_name(fs_info, path, name, name_len); + di = btrfs_match_dir_item_name(fs_info, path, &fname); if (!di && !(flags & XATTR_REPLACE)) { ret = -ENOSPC; goto out; } } else if (ret == -EEXIST) { ret = 0; - di = btrfs_match_dir_item_name(fs_info, path, name, name_len); + di = btrfs_match_dir_item_name(fs_info, path, &fname); ASSERT(di); /* logic error */ } else if (ret) { goto out; From patchwork Tue Sep 6 00:35:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966703 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA58DC6FA86 for ; Tue, 6 Sep 2022 00:36:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233148AbiIFAgB (ORCPT ); Mon, 5 Sep 2022 20:36:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232858AbiIFAf7 (ORCPT ); Mon, 5 Sep 2022 20:35:59 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AAE46A494; Mon, 5 Sep 2022 17:35:57 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 3606E810F2; Mon, 5 Sep 2022 20:35:56 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424556; bh=0kyiQXNK5TlpwDNrslfC0aTar+RBgAgJ0JUs3Hl/m+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nkYlndZ+IFpOpSODY+N38SUTPM9/0qa1ijlNtwaMWDk0DGEa25yOKxBRnBAwE6Hs+ XcrndlrHHPl+rhZhwP69MUAS7ITTblN4+WdgCNqiY8+mAgGx5qU8tZ//8SfH0KDenn WF3fDERp8y3ATxYk5h87V7bYPEeZJVv6fZyujyoW1qmR8PUD2cua4+5Mzi9ZXBqQfn 0FsYQ+q+COkde5LsV5TtywEk1uycgsfCuVKJAqQV/Wba582Wn72FAlzGq4ITrya7Nc 1B95XYD1kAC9fXWLrsLbjvd72U/qn3bweVmTmMjTF+GLolVRbZdAy9iX0srvlBmEki nSz0SuXio2eAg== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 09/20] btrfs: setup fscrypt_names from dentrys using helper Date: Mon, 5 Sep 2022 20:35:24 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org Most places that we create fscrypt_names, we are doing so from a dentry. Fscrypt provides a helper for this common pattern: fscrypt_setup_filename() initializes a filename to search for from a dentry, performing encryption of the plaintext if it can and should be done. This converts each setup of a fscrypt_name from a dentry to use this helper; at present, since there are no encrypted directories, nothing goes down the filename encryption paths. Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/inode.c | 153 ++++++++++++++++++++++++++--------------- fs/btrfs/transaction.c | 26 +++++-- fs/btrfs/tree-log.c | 12 ++-- 3 files changed, 123 insertions(+), 68 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 3e513ce5bb08..761293d763b6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -4404,14 +4404,17 @@ static int btrfs_unlink(struct inode *dir, struct dentry *dentry) struct btrfs_trans_handle *trans; struct inode *inode = d_inode(dentry); int ret; - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((unsigned char *)dentry->d_name.name, dentry->d_name.len) - }; + struct fscrypt_name fname; + ret = fscrypt_setup_filename(dir, &dentry->d_name, 1, &fname); + if (ret) + return ret; trans = __unlink_start_trans(dir); - if (IS_ERR(trans)) - return PTR_ERR(trans); + if (IS_ERR(trans)) { + ret = PTR_ERR(trans); + goto out; + } btrfs_record_unlink_dir(trans, BTRFS_I(dir), BTRFS_I(d_inode(dentry)), 0); @@ -4428,6 +4431,7 @@ static int btrfs_unlink(struct inode *dir, struct dentry *dentry) } out: + fscrypt_free_filename(&fname); btrfs_end_transaction(trans); btrfs_btree_balance_dirty(BTRFS_I(dir)->root->fs_info); return ret; @@ -4446,10 +4450,11 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, int ret; u64 objectid; u64 dir_ino = btrfs_ino(BTRFS_I(dir)); - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((char *) dentry->d_name.name, - dentry->d_name.len) - }; + struct fscrypt_name fname; + + ret = fscrypt_setup_filename(dir, &dentry->d_name, 1, &fname); + if (ret) + return ret; if (btrfs_ino(inode) == BTRFS_FIRST_FREE_OBJECTID) { objectid = inode->root->root_key.objectid; @@ -4457,12 +4462,15 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, objectid = inode->location.objectid; } else { WARN_ON(1); + fscrypt_free_filename(&fname); return -EINVAL; } path = btrfs_alloc_path(); - if (!path) - return -ENOMEM; + if (!path) { + ret = -ENOMEM; + goto out; + } di = btrfs_lookup_dir_item(trans, root, path, dir_ino, &fname, -1); if (IS_ERR_OR_NULL(di)) { @@ -4529,6 +4537,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, btrfs_abort_transaction(trans, ret); out: btrfs_free_path(path); + fscrypt_free_filename(&fname); return ret; } @@ -4795,9 +4804,7 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) int err = 0; struct btrfs_trans_handle *trans; u64 last_unlink_trans; - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((unsigned char *)dentry->d_name.name, dentry->d_name.len) - }; + struct fscrypt_name fname; if (inode->i_size > BTRFS_EMPTY_DIR_SIZE) return -ENOTEMPTY; @@ -4810,9 +4817,15 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) return btrfs_delete_subvolume(dir, dentry); } + err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &fname); + if (err) + return err; + trans = __unlink_start_trans(dir); - if (IS_ERR(trans)) - return PTR_ERR(trans); + if (IS_ERR(trans)) { + err = PTR_ERR(trans); + goto out_notrans; + } if (unlikely(btrfs_ino(BTRFS_I(inode)) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID)) { err = btrfs_unlink_subvol(trans, dir, dentry); @@ -4846,7 +4859,9 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) } out: btrfs_end_transaction(trans); +out_notrans: btrfs_btree_balance_dirty(fs_info); + fscrypt_free_filename(&fname); return err; } @@ -5540,7 +5555,7 @@ void btrfs_evict_inode(struct inode *inode) /* * Return the key found in the dir entry in the location pointer, fill @type - * with BTRFS_FT_*, and return 0. + * with BTRFS_FT_*, and return 0. Used only for lookups, not removals. * * If no dir entries were found, returns -ENOENT. * If found a corrupted location in dir entry, returns -EUCLEAN. @@ -5552,15 +5567,16 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, struct btrfs_path *path; struct btrfs_root *root = BTRFS_I(dir)->root; int ret = 0; - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((char *) dentry->d_name.name, - dentry->d_name.len) - }; + struct fscrypt_name fname; path = btrfs_alloc_path(); if (!path) return -ENOMEM; + ret = fscrypt_setup_filename(dir, &dentry->d_name, 1, &fname); + if (ret) + goto out; + di = btrfs_lookup_dir_item(NULL, root, path, btrfs_ino(BTRFS_I(dir)), &fname, 0); if (IS_ERR_OR_NULL(di)) { @@ -5580,6 +5596,7 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, if (!ret) *type = btrfs_dir_ftype(path->nodes[0], di); out: + fscrypt_free_filename(&fname); btrfs_free_path(path); return ret; } @@ -5600,9 +5617,15 @@ static int fixup_tree_root_location(struct btrfs_fs_info *fs_info, struct btrfs_root_ref *ref; struct extent_buffer *leaf; struct btrfs_key key; + struct fscrypt_name fname; int ret; int err = 0; + ret = fscrypt_setup_filename(dir, &dentry->d_name, 0, + &fname); + if (ret) + return ret; + path = btrfs_alloc_path(); if (!path) { err = -ENOMEM; @@ -5648,6 +5671,7 @@ static int fixup_tree_root_location(struct btrfs_fs_info *fs_info, err = 0; out: btrfs_free_path(path); + fscrypt_free_filename(&fname); return err; } @@ -6254,16 +6278,17 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, struct inode *inode = args->inode; int ret; + if (!args->orphan) { + ret = fscrypt_setup_filename(dir, &args->dentry->d_name, 0, + &args->fname); + if (ret) + return ret; + } + ret = posix_acl_create(dir, &inode->i_mode, &args->default_acl, &args->acl); - if (ret) + if (ret) { + fscrypt_free_filename(&args->fname); return ret; - - if (!args->orphan) { - char *name = (char *) args->dentry->d_name.name; - int name_len = args->dentry->d_name.len; - args->fname = (struct fscrypt_name) { - .disk_name = FSTR_INIT(name, name_len), - }; } /* 1 to add inode item */ @@ -6304,6 +6329,7 @@ void btrfs_new_inode_args_destroy(struct btrfs_new_inode_args *args) { posix_acl_release(args->acl); posix_acl_release(args->default_acl); + fscrypt_free_filename(&args->fname); } /* @@ -6731,10 +6757,7 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, struct btrfs_root *root = BTRFS_I(dir)->root; struct inode *inode = d_inode(old_dentry); struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((char *) dentry->d_name.name, - dentry->d_name.len) - }; + struct fscrypt_name fname; u64 index; int err; int drop_inode = 0; @@ -6746,6 +6769,10 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, if (inode->i_nlink >= BTRFS_LINK_MAX) return -EMLINK; + err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &fname); + if (err) + goto fail; + err = btrfs_set_inode_index(BTRFS_I(dir), &index); if (err) goto fail; @@ -6796,6 +6823,7 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, } fail: + fscrypt_free_filename(&fname); if (trans) btrfs_end_transaction(trans); if (drop_inode) { @@ -9181,14 +9209,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, int ret; int ret2; bool need_abort = false; - struct fscrypt_name old_name = { - .disk_name = FSTR_INIT((char *) old_dentry->d_name.name, - old_dentry->d_name.len) - }; - struct fscrypt_name new_name = { - .disk_name = FSTR_INIT((char *) new_dentry->d_name.name, - new_dentry->d_name.len) - }; + struct fscrypt_name old_fname, new_fname; /* * For non-subvolumes allow exchange only within one subvolume, in the @@ -9200,6 +9221,16 @@ static int btrfs_rename_exchange(struct inode *old_dir, new_ino != BTRFS_FIRST_FREE_OBJECTID)) return -EXDEV; + ret = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_fname); + if (ret) + return ret; + + ret = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_fname); + if (ret) { + fscrypt_free_filename(&old_fname); + return ret; + } + /* close the race window with snapshot create/destroy ioctl */ if (old_ino == BTRFS_FIRST_FREE_OBJECTID || new_ino == BTRFS_FIRST_FREE_OBJECTID) @@ -9267,7 +9298,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, /* force full log commit if subvolume involved. */ btrfs_set_log_full_commit(trans); } else { - ret = btrfs_insert_inode_ref(trans, dest, &new_name, old_ino, + ret = btrfs_insert_inode_ref(trans, dest, &new_fname, old_ino, btrfs_ino(BTRFS_I(new_dir)), old_idx); if (ret) @@ -9280,7 +9311,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, /* force full log commit if subvolume involved. */ btrfs_set_log_full_commit(trans); } else { - ret = btrfs_insert_inode_ref(trans, root, &old_name, new_ino, + ret = btrfs_insert_inode_ref(trans, root, &old_fname, new_ino, btrfs_ino(BTRFS_I(old_dir)), new_idx); if (ret) { @@ -9314,7 +9345,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, ret = btrfs_unlink_subvol(trans, old_dir, old_dentry); } else { /* src is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(old_dir), - BTRFS_I(old_dentry->d_inode), &old_name, + BTRFS_I(old_dentry->d_inode), &old_fname, &old_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, root, BTRFS_I(old_inode)); @@ -9329,7 +9360,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, ret = btrfs_unlink_subvol(trans, new_dir, new_dentry); } else { /* dest is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(new_dir), - BTRFS_I(new_dentry->d_inode), &new_name, + BTRFS_I(new_dentry->d_inode), &new_fname, &new_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, dest, BTRFS_I(new_inode)); @@ -9340,14 +9371,14 @@ static int btrfs_rename_exchange(struct inode *old_dir, } ret = btrfs_add_link(trans, BTRFS_I(new_dir), BTRFS_I(old_inode), - &new_name, 0, old_idx); + &new_fname, 0, old_idx); if (ret) { btrfs_abort_transaction(trans, ret); goto out_fail; } ret = btrfs_add_link(trans, BTRFS_I(old_dir), BTRFS_I(new_inode), - &old_name, 0, new_idx); + &old_fname, 0, new_idx); if (ret) { btrfs_abort_transaction(trans, ret); goto out_fail; @@ -9390,6 +9421,8 @@ static int btrfs_rename_exchange(struct inode *old_dir, old_ino == BTRFS_FIRST_FREE_OBJECTID) up_read(&fs_info->subvol_sem); + fscrypt_free_filename(&new_fname); + fscrypt_free_filename(&old_fname); return ret; } @@ -9429,14 +9462,7 @@ static int btrfs_rename(struct user_namespace *mnt_userns, int ret; int ret2; u64 old_ino = btrfs_ino(BTRFS_I(old_inode)); - struct fscrypt_name old_fname = { - .disk_name = FSTR_INIT((char *)old_dentry->d_name.name, - old_dentry->d_name.len) - }; - struct fscrypt_name new_fname = { - .disk_name = FSTR_INIT((char *)new_dentry->d_name.name, - new_dentry->d_name.len) - }; + struct fscrypt_name old_fname, new_fname; if (btrfs_ino(BTRFS_I(new_dir)) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) return -EPERM; @@ -9453,6 +9479,16 @@ static int btrfs_rename(struct user_namespace *mnt_userns, new_inode->i_size > BTRFS_EMPTY_DIR_SIZE) return -ENOTEMPTY; + ret = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_fname); + if (ret) + return ret; + + ret = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_fname); + if (ret) { + fscrypt_free_filename(&old_fname); + return ret; + } + /* check for collisions, even if the name isn't there */ ret = btrfs_check_dir_item_collision(dest, new_dir->i_ino, &new_fname); @@ -9461,11 +9497,11 @@ static int btrfs_rename(struct user_namespace *mnt_userns, /* we shouldn't get * eexist without a new_inode */ if (WARN_ON(!new_inode)) { - return ret; + goto out_fscrypt_names; } } else { /* maybe -EOVERFLOW */ - return ret; + goto out_fscrypt_names; } } ret = 0; @@ -9639,6 +9675,9 @@ static int btrfs_rename(struct user_namespace *mnt_userns, out_whiteout_inode: if (flags & RENAME_WHITEOUT) iput(whiteout_args.inode); +out_fscrypt_names: + fscrypt_free_filename(&old_fname); + fscrypt_free_filename(&new_fname); return ret; } diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index b83e618a255d..873366d3c314 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -1619,10 +1620,8 @@ create_pending_snapshot(struct btrfs_trans_handle *trans, u64 index = 0; u64 objectid; u64 root_flags; - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((char *) pending->dentry->d_name.name, - pending->dentry->d_name.len) - }; + unsigned int mem_flags; + struct fscrypt_name fname; ASSERT(pending->path); path = pending->path; @@ -1630,9 +1629,22 @@ create_pending_snapshot(struct btrfs_trans_handle *trans, ASSERT(pending->root_item); new_root_item = pending->root_item; + /* + * Since this is during btrfs_commit_transaction() and more items + * joining the transaction at this point would be bad, use NOFS + * allocations so that no new writes are kicked off. + */ + mem_flags = memalloc_nofs_save(); + pending->error = fscrypt_setup_filename(parent_inode, + &pending->dentry->d_name, 0, + &fname); + memalloc_nofs_restore(mem_flags); + if (pending->error) + goto free_pending; + pending->error = btrfs_get_free_objectid(tree_root, &objectid); if (pending->error) - goto no_free_objectid; + goto free_fname; /* * Make qgroup to skip current new snapshot's qgroupid, as it is @@ -1846,7 +1858,9 @@ create_pending_snapshot(struct btrfs_trans_handle *trans, trans->bytes_reserved = 0; clear_skip_qgroup: btrfs_clear_skip_qgroup(trans); -no_free_objectid: +free_fname: + fscrypt_free_filename(&fname); +free_pending: kfree(new_root_item); pending->root_item = NULL; btrfs_free_path(path); diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 40cfaa9feff3..53195cfe6a3d 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -7443,13 +7443,13 @@ void btrfs_log_new_name(struct btrfs_trans_handle *trans, if (old_dir && old_dir->logged_trans == trans->transid) { struct btrfs_root *log = old_dir->root->log_root; struct btrfs_path *path; - struct fscrypt_name fname = { - .disk_name = FSTR_INIT((char *) old_dentry->d_name.name, - old_dentry->d_name.len) - }; - + struct fscrypt_name fname; ASSERT(old_dir_index >= BTRFS_DIR_START_INDEX); + ret = fscrypt_setup_filename(&old_dir->vfs_inode, + &old_dentry->d_name, 0, &fname); + if (ret) + goto out; /* * We have two inodes to update in the log, the old directory and * the inode that got renamed, so we must pin the log to prevent @@ -7469,6 +7469,7 @@ void btrfs_log_new_name(struct btrfs_trans_handle *trans, path = btrfs_alloc_path(); if (!path) { ret = -ENOMEM; + fscrypt_free_filename(&fname); goto out; } @@ -7498,6 +7499,7 @@ void btrfs_log_new_name(struct btrfs_trans_handle *trans, mutex_unlock(&old_dir->log_mutex); btrfs_free_path(path); + fscrypt_free_filename(&fname); if (ret < 0) goto out; } From patchwork Tue Sep 6 00:35:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966704 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23F04C6FA86 for ; Tue, 6 Sep 2022 00:36:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230425AbiIFAgF (ORCPT ); Mon, 5 Sep 2022 20:36:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233097AbiIFAgA (ORCPT ); Mon, 5 Sep 2022 20:36:00 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B68A86A4BB; Mon, 5 Sep 2022 17:35:58 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 30CCC803C8; Mon, 5 Sep 2022 20:35:58 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424558; bh=bKQghyockW23MJt5AmVdKo0ILd5SU33XjJm9hP50Lcg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W2aIypND8kYrF574nXvtLulEVfSpwbJ412NF/KFcXuD9eI+psge3UuoorwmpObMeF jidcD3d2a6edbevTYqNG0vhgXXQThC6LEHxMCcQemSQZykJYdgoV9BnwUvSwqh9159 JuOqk1KC3l6jF/Sf97BbJW6XS0S05wYaUfLrAsGxn0exij8poUd5ygglA9kOE2zQwf dXrw9aR/z9mWR5pO7NEConIWH8R1GjTKZebZ6BAeCC1ev5Gysxdl3RdAeG5Jo7/RnG tikhYwtJAt4MxjYP8G2GvHq/UeT4AktnRPtnUQNZ7/81vTytvO/7V8aiUSaqKYuiFr G/XeutaH+2ygw== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 10/20] btrfs: factor a fscrypt_name matching method Date: Mon, 5 Sep 2022 20:35:25 -0400 Message-Id: <685c8abce7bdb110bc306752314b4fb0e7867290.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval Now that everything in btrfs is dealing in fscrypt_names, fscrypt has a useful function, fscrypt_match_name(), to check whether a fscrypt_name matches a provided buffer. However, btrfs buffers are struct extent_buffer rather than a raw char array, so we need to implement our own imitation of fscrypt_match_name() that deals in extent_buffers, falling back to a simple memcpy if fscrypt isn't compiled. We can then use this matching method in btrfs_match_dir_item_name() and other locations. This also provides a useful occasion to introduce the new fscrypt file for btrfs, handling the fscrypt-specific functions needed. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/Makefile | 1 + fs/btrfs/dir-item.c | 13 +++++++------ fs/btrfs/extent_io.c | 37 +++++++++++++++++++++++++++++++++++++ fs/btrfs/extent_io.h | 2 ++ fs/btrfs/fscrypt.c | 32 ++++++++++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 25 +++++++++++++++++++++++++ fs/btrfs/inode-item.c | 8 ++++---- fs/btrfs/inode.c | 11 ++++------- fs/btrfs/root-tree.c | 7 ++++--- 9 files changed, 116 insertions(+), 20 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h diff --git a/fs/btrfs/Makefile b/fs/btrfs/Makefile index 99f9995670ea..b6444490cdbc 100644 --- a/fs/btrfs/Makefile +++ b/fs/btrfs/Makefile @@ -38,6 +38,7 @@ btrfs-$(CONFIG_BTRFS_FS_CHECK_INTEGRITY) += check-integrity.o btrfs-$(CONFIG_BTRFS_FS_REF_VERIFY) += ref-verify.o btrfs-$(CONFIG_BLK_DEV_ZONED) += zoned.o btrfs-$(CONFIG_FS_VERITY) += verity.o +btrfs-$(CONFIG_FS_ENCRYPTION) += fscrypt.o btrfs-$(CONFIG_BTRFS_FS_RUN_SANITY_TESTS) += tests/free-space-tests.o \ tests/extent-buffer-tests.o tests/btrfs-tests.o \ diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index b4c1e2a40401..8d7c3c32ed8e 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -5,6 +5,7 @@ #include "ctree.h" #include "disk-io.h" +#include "fscrypt.h" #include "transaction.h" /* @@ -390,15 +391,15 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, total_len = btrfs_item_size(leaf, path->slots[0]); while (cur < total_len) { - unsigned long name_ptr = (unsigned long)(dir_item + 1); - this_len = sizeof(*dir_item) + - btrfs_dir_name_len(leaf, dir_item) + + int dir_name_len = btrfs_dir_name_len(leaf, dir_item); + this_len = sizeof(*dir_item) + dir_name_len + btrfs_dir_data_len(leaf, dir_item); - if (btrfs_dir_name_len(leaf, dir_item) == fname_len(fname) && - memcmp_extent_buffer(leaf, fname_name(fname), name_ptr, - fname_len(fname)) == 0) + if (btrfs_fscrypt_match_name(fname, leaf, + (unsigned long)(dir_item + 1), + dir_name_len)) { return dir_item; + } cur += this_len; dir_item = (struct btrfs_dir_item *)((char *)dir_item + diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 591c191a58bc..a467a7553bd9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1,5 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include #include #include @@ -6892,6 +6893,42 @@ void memzero_extent_buffer(const struct extent_buffer *eb, unsigned long start, } } +void extent_buffer_sha256(const struct extent_buffer *eb, unsigned long start, + unsigned long len, u8 *out) +{ + size_t cur; + size_t offset; + struct page *page; + char *kaddr; + unsigned long i = get_eb_page_index(start); + struct sha256_state sctx; + + if (check_eb_range(eb, start, len)) + return; + + offset = get_eb_offset_in_page(eb, start); + + /* + * TODO: This should maybe be using the crypto API, not the fallback, + * but fscrypt uses the fallback and this is only used in emulation of + * fscrypt's buffer sha256 method. + */ + sha256_init(&sctx); + while (len > 0) { + page = eb->pages[i]; + assert_eb_page_uptodate(eb, page); + + cur = min(len, PAGE_SIZE - offset); + kaddr = page_address(page); + sha256_update(&sctx, (u8 *)(kaddr + offset), cur); + + len -= cur; + offset = 0; + i++; + } + sha256_final(&sctx, out); +} + void copy_extent_buffer_full(const struct extent_buffer *dst, const struct extent_buffer *src) { diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h index 69a86ae6fd50..d6c1b91cd690 100644 --- a/fs/btrfs/extent_io.h +++ b/fs/btrfs/extent_io.h @@ -222,6 +222,8 @@ void memmove_extent_buffer(const struct extent_buffer *dst, unsigned long len); void memzero_extent_buffer(const struct extent_buffer *eb, unsigned long start, unsigned long len); +void extent_buffer_sha256(const struct extent_buffer *eb, unsigned long start, + unsigned long len, u8 *out); int extent_buffer_test_bit(const struct extent_buffer *eb, unsigned long start, unsigned long pos); void extent_buffer_bitmap_set(const struct extent_buffer *eb, unsigned long start, diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c new file mode 100644 index 000000000000..2ed844dd61d0 --- /dev/null +++ b/fs/btrfs/fscrypt.c @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020 Facebook + */ + +#include "ctree.h" +#include "fscrypt.h" + +/* fscrypt_match_name() but for an extent_buffer. */ +bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, + struct extent_buffer *leaf, unsigned long de_name, + u32 de_name_len) +{ + const struct fscrypt_nokey_name *nokey_name = + (const void *)fname->crypto_buf.name; + u8 digest[SHA256_DIGEST_SIZE]; + + if (likely(fname->disk_name.name)) { + if (de_name_len != fname->disk_name.len) + return false; + return !memcmp_extent_buffer(leaf, fname->disk_name.name, + de_name, de_name_len); + } + if (de_name_len <= sizeof(nokey_name->bytes)) + return false; + if (memcmp_extent_buffer(leaf, nokey_name->bytes, de_name, + sizeof(nokey_name->bytes))) + return false; + extent_buffer_sha256(leaf, de_name + sizeof(nokey_name->bytes), + de_name_len - sizeof(nokey_name->bytes), digest); + return !memcmp(digest, nokey_name->sha256, sizeof(digest)); +} diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h new file mode 100644 index 000000000000..7f24d12e6ee0 --- /dev/null +++ b/fs/btrfs/fscrypt.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef BTRFS_FSCRYPT_H +#define BTRFS_FSCRYPT_H + +#include + +#ifdef CONFIG_FS_ENCRYPTION +bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, + struct extent_buffer *leaf, + unsigned long de_name, u32 de_name_len); + +#else +static bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, + struct extent_buffer *leaf, + unsigned long de_name, u32 de_name_len) +{ + if (de_name_len != fname->disk_name.len) + return false; + return !memcmp_extent_buffer(leaf, fname->disk_name.name, + de_name, de_name_len); +} +#endif + +#endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode-item.c b/fs/btrfs/inode-item.c index 78053eb9589c..4ad75f9573aa 100644 --- a/fs/btrfs/inode-item.c +++ b/fs/btrfs/inode-item.c @@ -7,6 +7,7 @@ #include "ctree.h" #include "inode-item.h" #include "disk-io.h" +#include "fscrypt.h" #include "transaction.h" #include "print-tree.h" @@ -62,10 +63,9 @@ struct btrfs_inode_extref *btrfs_find_name_in_ext_backref( name_ptr = (unsigned long)(&extref->name); ref_name_len = btrfs_inode_extref_name_len(leaf, extref); - if (ref_name_len == fname_len(fname) && - btrfs_inode_extref_parent(leaf, extref) == ref_objectid && - (memcmp_extent_buffer(leaf, fname_name(fname), name_ptr, - fname_len(fname)) == 0)) + if (btrfs_inode_extref_parent(leaf, extref) == ref_objectid && + btrfs_fscrypt_match_name(fname, leaf, name_ptr, + ref_name_len)) return extref; cur_offset += ref_name_len + sizeof(*extref); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 761293d763b6..482c5b3d9e70 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -55,6 +55,7 @@ #include "zoned.h" #include "subpage.h" #include "inode-item.h" +#include "fscrypt.h" struct btrfs_iget_args { u64 ino; @@ -5646,14 +5647,10 @@ static int fixup_tree_root_location(struct btrfs_fs_info *fs_info, leaf = path->nodes[0]; ref = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_root_ref); - if (btrfs_root_ref_dirid(leaf, ref) != btrfs_ino(BTRFS_I(dir)) || - btrfs_root_ref_name_len(leaf, ref) != dentry->d_name.len) + if (btrfs_root_ref_dirid(leaf, ref) != btrfs_ino(BTRFS_I(dir))) goto out; - - ret = memcmp_extent_buffer(leaf, dentry->d_name.name, - (unsigned long)(ref + 1), - dentry->d_name.len); - if (ret) + if (!btrfs_fscrypt_match_name(&fname, leaf, (unsigned long)(ref + 1), + btrfs_root_ref_name_len(leaf, ref))) goto out; btrfs_release_path(path); diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c index f44f02c22027..bbb215007896 100644 --- a/fs/btrfs/root-tree.c +++ b/fs/btrfs/root-tree.c @@ -8,6 +8,7 @@ #include "ctree.h" #include "transaction.h" #include "disk-io.h" +#include "fscrypt.h" #include "print-tree.h" #include "qgroup.h" #include "space-info.h" @@ -351,14 +352,14 @@ int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, if (ret < 0) { goto out; } else if (ret == 0) { + u32 name_len; leaf = path->nodes[0]; ref = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_root_ref); ptr = (unsigned long)(ref + 1); + name_len = btrfs_root_ref_name_len(leaf, ref); if ((btrfs_root_ref_dirid(leaf, ref) != dirid) || - (btrfs_root_ref_name_len(leaf, ref) != fname_len(fname)) || - memcmp_extent_buffer(leaf, fname_name(fname), ptr, - fname_len(fname))) { + !btrfs_fscrypt_match_name(fname, leaf, ptr, name_len)) { ret = -ENOENT; goto out; } From patchwork Tue Sep 6 00:35:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966706 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F12E1ECAAA1 for ; Tue, 6 Sep 2022 00:36:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232880AbiIFAgH (ORCPT ); Mon, 5 Sep 2022 20:36:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235444AbiIFAgB (ORCPT ); Mon, 5 Sep 2022 20:36:01 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B49746AA0E; Mon, 5 Sep 2022 17:36:00 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id C04988110B; Mon, 5 Sep 2022 20:35:59 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424560; bh=TSnH1AvkQlEh4dSfg/qC9KaSCmkgkY7apfI9jUsA8Qc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nbmvOBw2sXhl+Osf3toazBbdB4SoT1SEkf/N+J3tvUcEoEmy1UcGkowwBCbIZtqNd m5OJONjhe5sXKFdWiJ+Z/6vM7hndqJrGiJ/56L1u6Nk1eznwACHkF7qGWYPapwDxdF RR8QeTDQvY/hgWP7REjRDPkc4ynd00Ah2HR8NYRnklYyBFsNYikMDIA59ftNhoucJP 5AXXMFgkwuwmj+IqlbjZsQ2tehD38uaTAvA1SY0eJ+v8XaeDVFMBnsVoQOgABPthDG 4+SU+L/h1nhrbdxZaAYXctTYBIFLk5DBNwZEpVcvVGnl33+fYb0B1XfA9aRz0dXoXt fXpYNs80atKTA== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 11/20] btrfs: disable various operations on encrypted inodes Date: Mon, 5 Sep 2022 20:35:26 -0400 Message-Id: <927dbeab576537ac0e4c954a8c3d13b148cd6a26.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval Initially, only normal data extents, using the normal (non-direct) IO path, will be encrypted. This change forbids various other bits: - allows reflinking only if both inodes have the same encryption status - disables compressing encrypted inodes - disables direct IO on encrypted inodes - disable inline data on encrypted inodes Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Reported-by: kernel test robot --- fs/btrfs/btrfs_inode.h | 3 +++ fs/btrfs/file.c | 4 ++-- fs/btrfs/inode.c | 3 ++- fs/btrfs/reflink.c | 7 +++++++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h index b160b8e124e0..ff668686717b 100644 --- a/fs/btrfs/btrfs_inode.h +++ b/fs/btrfs/btrfs_inode.h @@ -400,6 +400,9 @@ static inline bool btrfs_inode_in_log(struct btrfs_inode *inode, u64 generation) */ static inline bool btrfs_inode_can_compress(const struct btrfs_inode *inode) { + if (IS_ENCRYPTED(&inode->vfs_inode)) + return false; + if (inode->flags & BTRFS_INODE_NODATACOW || inode->flags & BTRFS_INODE_NODATASUM) return false; diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 0a76ae8b8e96..7216ac1f860c 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -1895,7 +1895,7 @@ static ssize_t btrfs_direct_write(struct kiocb *iocb, struct iov_iter *from) goto relock; } - if (check_direct_IO(fs_info, from, pos)) { + if (IS_ENCRYPTED(inode) || check_direct_IO(fs_info, from, pos)) { btrfs_inode_unlock(inode, ilock_flags); goto buffered; } @@ -3729,7 +3729,7 @@ static ssize_t btrfs_direct_read(struct kiocb *iocb, struct iov_iter *to) ssize_t read = 0; ssize_t ret; - if (fsverity_active(inode)) + if (IS_ENCRYPTED(inode) || fsverity_active(inode)) return 0; if (check_direct_read(btrfs_sb(inode->i_sb), to, iocb->ki_pos)) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 482c5b3d9e70..fea48c12a33a 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -409,7 +409,8 @@ static noinline int cow_file_range_inline(struct btrfs_inode *inode, u64 size, * compressed) data fits in a leaf and the configured maximum inline * size. */ - if (size < i_size_read(&inode->vfs_inode) || + if (IS_ENCRYPTED(&inode->vfs_inode) || + size < i_size_read(&inode->vfs_inode) || size > fs_info->sectorsize || data_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info) || data_len > fs_info->max_inline) diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c index 9acf47b11fe6..d22086e1cbc8 100644 --- a/fs/btrfs/reflink.c +++ b/fs/btrfs/reflink.c @@ -805,6 +805,13 @@ static int btrfs_remap_file_range_prep(struct file *file_in, loff_t pos_in, ASSERT(inode_in->i_sb == inode_out->i_sb); } + /* + * Can only reflink encrypted files if both files are encrypted. + */ + if (!fscrypt_have_same_policy(inode_in, inode_out)) { + return -EINVAL; + } + /* Don't make the dst file partly checksummed */ if ((BTRFS_I(inode_in)->flags & BTRFS_INODE_NODATASUM) != (BTRFS_I(inode_out)->flags & BTRFS_INODE_NODATASUM)) { From patchwork Tue Sep 6 00:35:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966707 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF856C6FA8B for ; Tue, 6 Sep 2022 00:36:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235444AbiIFAgJ (ORCPT ); Mon, 5 Sep 2022 20:36:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233097AbiIFAgH (ORCPT ); Mon, 5 Sep 2022 20:36:07 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F7336A4A3; Mon, 5 Sep 2022 17:36:02 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 8E86381041; Mon, 5 Sep 2022 20:36:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424561; bh=Eys7VWo8MU14uwl1XQhv0/N2YTlFuNEsTzLwSdchzQI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=po4cwcRX6mEEeDrioh0Z0VRIPJRVKExRoxdxyC4zfx5DqwIAKxxuBrhXIYCKwUMPm 78gAVPne3FFlw/gZu8mTbfXBKEv7kee9YPfAvnuDD/NxAzpO3/fIs41SypuW2aeTR7 L0CvknigAsgHH48/ysUJe9eoSC8UO6a2syA7fm1aA9JwtrQ4FNXwimMxlSQQYyWvC8 eNyGBDehuJGfvCMM78BJIjdJW3CZdxpJAESzVyx/ev3z3I1BvBhyLISaPqJxaS0dbO 0Mhymrxc+kz0Ms0I+tSXATo/HBRGueNB2f5cxVLcmnNn2sne2SNodTJlJNjsn5F3ZX 1EZnu8nccvNZg== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 12/20] btrfs: start using fscrypt hooks. Date: Mon, 5 Sep 2022 20:35:27 -0400 Message-Id: <4b27b127a4048a58af965634436b562ec1217c82.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval In order to appropriately encrypt, create, open, rename, and various symlink operations must call fscrypt hooks. These determine whether the inode should be encrypted and do other preparatory actions. The superblock must have fscrypt operations registered, so implement the minimal set also. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 1 + fs/btrfs/file.c | 3 ++ fs/btrfs/fscrypt.c | 3 ++ fs/btrfs/fscrypt.h | 1 + fs/btrfs/inode.c | 91 ++++++++++++++++++++++++++++++++++++++++------ fs/btrfs/super.c | 3 ++ 6 files changed, 90 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 230537a007b6..2b9ba8d77861 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -3416,6 +3416,7 @@ struct btrfs_new_inode_args { */ struct posix_acl *default_acl; struct posix_acl *acl; + bool encrypt; }; int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, unsigned int *trans_num_items); diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 7216ac1f860c..929a0308676c 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3695,6 +3695,9 @@ static int btrfs_file_open(struct inode *inode, struct file *filp) int ret; filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC; + ret = fscrypt_file_open(inode, filp); + if (ret) + return ret; ret = fsverity_file_open(inode, filp); if (ret) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 2ed844dd61d0..9829d280a6bc 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -30,3 +30,6 @@ bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, de_name_len - sizeof(nokey_name->bytes), digest); return !memcmp(digest, nokey_name->sha256, sizeof(digest)); } + +const struct fscrypt_operations btrfs_fscrypt_ops = { +}; diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 7f24d12e6ee0..07884206c8a1 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -22,4 +22,5 @@ static bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, } #endif +extern const struct fscrypt_operations btrfs_fscrypt_ops; #endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index fea48c12a33a..eb42e4bf55b9 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5450,6 +5450,7 @@ void btrfs_evict_inode(struct inode *inode) trace_btrfs_inode_evict(inode); if (!root) { + fscrypt_put_encryption_info(inode); fsverity_cleanup_inode(inode); clear_inode(inode); return; @@ -5551,6 +5552,7 @@ void btrfs_evict_inode(struct inode *inode) * to retry these periodically in the future. */ btrfs_remove_delayed_node(BTRFS_I(inode)); + fscrypt_put_encryption_info(inode); fsverity_cleanup_inode(inode); clear_inode(inode); } @@ -6289,6 +6291,10 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, return ret; } + ret = fscrypt_prepare_new_inode(dir, inode, &args->encrypt); + if (ret) + return ret; + /* 1 to add inode item */ *trans_num_items = 1; /* 1 to add compression property */ @@ -6767,9 +6773,13 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, if (inode->i_nlink >= BTRFS_LINK_MAX) return -EMLINK; + err = fscrypt_prepare_link(old_dentry, dir, dentry); + if (err) + return err; + err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &fname); if (err) - goto fail; + return err; err = btrfs_set_inode_index(BTRFS_I(dir), &index); if (err) @@ -7050,6 +7060,7 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, unsigned long ptr; char *map; size_t size; + size_t inline_size; size_t extent_offset; size_t copy_size; @@ -7057,9 +7068,13 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, goto out; size = btrfs_file_extent_ram_bytes(leaf, item); + inline_size = btrfs_file_extent_inline_item_len(leaf, path->slots[0]); + ASSERT(btrfs_file_extent_encryption(leaf, item) || + btrfs_file_extent_compression(leaf, item) || + (size == inline_size)); extent_offset = page_offset(page) + pg_offset - extent_start; copy_size = min_t(u64, PAGE_SIZE - pg_offset, - size - extent_offset); + inline_size - extent_offset); em->start = extent_start + extent_offset; em->len = ALIGN(copy_size, fs_info->sectorsize); em->orig_block_len = em->len; @@ -9003,6 +9018,7 @@ void btrfs_test_destroy_inode(struct inode *inode) void btrfs_free_inode(struct inode *inode) { + fscrypt_free_inode(inode); kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode)); } @@ -9073,8 +9089,7 @@ int btrfs_drop_inode(struct inode *inode) /* the snap/subvol tree is on deleting */ if (btrfs_root_refs(&root->root_item) == 0) return 1; - else - return generic_drop_inode(inode); + return generic_drop_inode(inode) || fscrypt_drop_inode(inode); } static void init_once(void *foo) @@ -9688,6 +9703,11 @@ static int btrfs_rename2(struct user_namespace *mnt_userns, struct inode *old_di if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) return -EINVAL; + ret = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry, + flags); + if (ret) + return ret; + if (flags & RENAME_EXCHANGE) ret = btrfs_rename_exchange(old_dir, old_dentry, new_dir, new_dentry); @@ -9907,15 +9927,22 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, }; unsigned int trans_num_items; int err; - int name_len; int datasize; unsigned long ptr; struct btrfs_file_extent_item *ei; struct extent_buffer *leaf; + struct fscrypt_str disk_link; + u32 name_len = strlen(symname); - name_len = strlen(symname); - if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) - return -ENAMETOOLONG; + /* + * fscrypt sets disk_link.len to be len + 1, including a NULL terminator, but we + * don't store that NULL. + */ + err = fscrypt_prepare_symlink(dir, symname, name_len, + BTRFS_MAX_INLINE_DATA_SIZE(fs_info) + 1, + &disk_link); + if (err) + return err; inode = new_inode(dir->i_sb); if (!inode) @@ -9924,7 +9951,7 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, inode->i_op = &btrfs_symlink_inode_operations; inode_nohighmem(inode); inode->i_mapping->a_ops = &btrfs_aops; - btrfs_i_size_write(BTRFS_I(inode), name_len); + btrfs_i_size_write(BTRFS_I(inode), disk_link.len - 1); inode_set_bytes(inode, name_len); new_inode_args.inode = inode; @@ -9952,10 +9979,23 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, inode = NULL; goto out; } + + if (IS_ENCRYPTED(inode)) { + err = fscrypt_encrypt_symlink(inode, symname, name_len, + &disk_link); + if (err) { + btrfs_abort_transaction(trans, err); + btrfs_free_path(path); + discard_new_inode(inode); + inode = NULL; + goto out; + } + } + key.objectid = btrfs_ino(BTRFS_I(inode)); key.offset = 0; key.type = BTRFS_EXTENT_DATA_KEY; - datasize = btrfs_file_extent_calc_inline_size(name_len); + datasize = btrfs_file_extent_calc_inline_size(disk_link.len - 1); err = btrfs_insert_empty_item(trans, root, path, &key, datasize); if (err) { @@ -9974,10 +10014,11 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, btrfs_set_file_extent_encryption(leaf, ei, 0); btrfs_set_file_extent_compression(leaf, ei, 0); btrfs_set_file_extent_other_encoding(leaf, ei, 0); + /* ram size is the unencoded size */ btrfs_set_file_extent_ram_bytes(leaf, ei, name_len); ptr = btrfs_file_extent_inline_start(ei); - write_extent_buffer(leaf, symname, ptr, name_len); + write_extent_buffer(leaf, disk_link.name, ptr, disk_link.len - 1); btrfs_mark_buffer_dirty(leaf); btrfs_free_path(path); @@ -9994,6 +10035,29 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, return err; } +static const char *btrfs_get_link(struct dentry *dentry, struct inode *inode, + struct delayed_call *done) +{ + struct page *cpage; + const char *paddr; + struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); + + if (!IS_ENCRYPTED(inode)) + return page_get_link(dentry, inode, done); + + if (!dentry) + return ERR_PTR(-ECHILD); + + cpage = read_mapping_page(inode->i_mapping, 0, NULL); + if (IS_ERR(cpage)) + return ERR_CAST(cpage); + + paddr = fscrypt_get_symlink(inode, page_address(cpage), + BTRFS_MAX_INLINE_DATA_SIZE(fs_info), done); + put_page(cpage); + return paddr; +} + static struct btrfs_trans_handle *insert_prealloc_file_extent( struct btrfs_trans_handle *trans_in, struct btrfs_inode *inode, @@ -11576,7 +11640,7 @@ static const struct inode_operations btrfs_special_inode_operations = { .update_time = btrfs_update_time, }; static const struct inode_operations btrfs_symlink_inode_operations = { - .get_link = page_get_link, + .get_link = btrfs_get_link, .getattr = btrfs_getattr, .setattr = btrfs_setattr, .permission = btrfs_permission, @@ -11586,4 +11650,7 @@ static const struct inode_operations btrfs_symlink_inode_operations = { const struct dentry_operations btrfs_dentry_operations = { .d_delete = btrfs_dentry_delete, +#ifdef CONFIG_FS_ENCRYPTION + .d_revalidate = fscrypt_d_revalidate, +#endif }; diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index b7118345c6f7..ba7008108bbb 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -47,6 +47,8 @@ #include "tests/btrfs-tests.h" #include "block-group.h" #include "discard.h" +#include "fscrypt.h" + #include "qgroup.h" #include "raid56.h" #define CREATE_TRACE_POINTS @@ -1448,6 +1450,7 @@ static int btrfs_fill_super(struct super_block *sb, sb->s_vop = &btrfs_verityops; #endif sb->s_xattr = btrfs_xattr_handlers; + fscrypt_set_ops(sb, &btrfs_fscrypt_ops); sb->s_time_gran = 1; #ifdef CONFIG_BTRFS_FS_POSIX_ACL sb->s_flags |= SB_POSIXACL; From patchwork Tue Sep 6 00:35:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966708 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 035F9C6FA89 for ; Tue, 6 Sep 2022 00:36:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231515AbiIFAgL (ORCPT ); Mon, 5 Sep 2022 20:36:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233149AbiIFAgH (ORCPT ); Mon, 5 Sep 2022 20:36:07 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 911126AA08; Mon, 5 Sep 2022 17:36:04 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 221D881109; Mon, 5 Sep 2022 20:36:03 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424564; bh=q63CYwVhx2cwP842m4THT6lu7DvWoe0H1pTfhLdjykw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r4+l544pf4EuzrycykhNqmQhIwX3B/fkQrrtEmWJJaVD3VCrxVJcrD905LVy6KOXH vadJZGX7Z/CYemzQUmS8fk1zuhhlsU0U7VHDCbD0T44VUy6w0LhjfODvBkRkx8QZT9 NDoyqD9pv0Aeiw/iL1XUFlyH/+ZBdv2sgLRX9KxUqtoX1PLVvIhUrqGAX2V9L9HAOT zBwiV3guuHQPwCxmTQHjwegM2EJar4tkpQirIDNwYr4iHgOk/i13XddLhJhYUgydPl mknt7VQV1PazkswrmpQ4jGqzVyElpXRamwIkg29wWCE9QDbRCDlgaI1kh2F+oVwBYG bY25psQhznjmg== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 13/20] btrfs: add fscrypt_context items. Date: Mon, 5 Sep 2022 20:35:28 -0400 Message-Id: <827a00815cb4a9a91ff3977d71f40ff765728f04.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval In order to store per-inode information such as the inode nonce and the key identifier, fscrypt stores a context item with each encrypted inode. This can be implemented as a new item type, as fscrypt provides an arbitrary blob for the filesystem to store. This also provides a good place to implement full-subvolume encryption: a subvolume flag permits setting one context for the whole subvolume. However, since an unencrypted subvolume would be unable to read encrypted data, encrypted subvolumes should only be snapshottable to other encrypted subvolumes. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 3 + fs/btrfs/fscrypt.c | 167 ++++++++++++++++++++++++++++++++ fs/btrfs/inode.c | 38 ++++++++ fs/btrfs/ioctl.c | 10 +- fs/btrfs/tree-checker.c | 1 + include/uapi/linux/btrfs_tree.h | 10 ++ 6 files changed, 228 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 2b9ba8d77861..f0a16c32110d 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -33,6 +33,7 @@ #include "extent-io-tree.h" #include "extent_io.h" #include "extent_map.h" +#include "fscrypt.h" #include "async-thread.h" #include "block-rsv.h" #include "locking.h" @@ -1667,6 +1668,7 @@ do { \ #define BTRFS_INODE_NOATIME (1U << 9) #define BTRFS_INODE_DIRSYNC (1U << 10) #define BTRFS_INODE_COMPRESS (1U << 11) +#define BTRFS_INODE_FSCRYPT_CONTEXT (1U << 12) #define BTRFS_INODE_ROOT_ITEM_INIT (1U << 31) @@ -1683,6 +1685,7 @@ do { \ BTRFS_INODE_NOATIME | \ BTRFS_INODE_DIRSYNC | \ BTRFS_INODE_COMPRESS | \ + BTRFS_INODE_FSCRYPT_CONTEXT | \ BTRFS_INODE_ROOT_ITEM_INIT) #define BTRFS_INODE_RO_VERITY (1U << 0) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 9829d280a6bc..b824bbd964bc 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -3,8 +3,13 @@ * Copyright (C) 2020 Facebook */ +#include #include "ctree.h" +#include "btrfs_inode.h" +#include "disk-io.h" #include "fscrypt.h" +#include "transaction.h" +#include "xattr.h" /* fscrypt_match_name() but for an extent_buffer. */ bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, @@ -31,5 +36,167 @@ bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, return !memcmp(digest, nokey_name->sha256, sizeof(digest)); } +static int btrfs_fscrypt_get_context(struct inode *inode, void *ctx, size_t len) +{ + struct btrfs_root *root = BTRFS_I(inode)->root; + struct inode *put_inode = NULL; + struct btrfs_key key; + struct btrfs_path *path; + struct extent_buffer *leaf; + unsigned long ptr; + int ret; + + if (btrfs_root_flags(&root->root_item) & BTRFS_ROOT_SUBVOL_FSCRYPT) { + inode = btrfs_iget(inode->i_sb, BTRFS_FIRST_FREE_OBJECTID, + root); + if (IS_ERR(inode)) + return PTR_ERR(inode); + put_inode = inode; + } + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key = (struct btrfs_key) { + .objectid = btrfs_ino(BTRFS_I(inode)), + .type = BTRFS_FSCRYPT_CTXT_ITEM_KEY, + .offset = 0, + }; + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret) { + len = -EINVAL; + goto out; + } + + leaf = path->nodes[0]; + ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); + /* fscrypt provides max context length, but it could be less */ + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0])); + read_extent_buffer(leaf, ctx, ptr, len); + +out: + btrfs_free_path(path); + iput(put_inode); + return len; +} + +static int btrfs_fscrypt_set_context(struct inode *inode, const void *ctx, + size_t len, void *fs_data) +{ + struct btrfs_root *root = BTRFS_I(inode)->root; + struct btrfs_trans_handle *trans; + int is_subvolume = inode->i_ino == BTRFS_FIRST_FREE_OBJECTID; + int ret; + struct btrfs_path *path; + struct btrfs_key key = { + .objectid = btrfs_ino(BTRFS_I(inode)), + .type = BTRFS_FSCRYPT_CTXT_ITEM_KEY, + .offset = 0, + }; + + /* + * If the whole subvolume is encrypted, we expect that all children + * have the same policy. + */ + if (btrfs_root_flags(&root->root_item) & BTRFS_ROOT_SUBVOL_FSCRYPT) { + bool same_policy; + struct inode *root_inode = NULL; + root_inode = btrfs_iget(inode->i_sb, BTRFS_FIRST_FREE_OBJECTID, + root); + if (IS_ERR(inode)) + return PTR_ERR(inode); + same_policy = fscrypt_have_same_policy(inode, root_inode); + iput(root_inode); + if (same_policy) + return 0; + } + + if (fs_data) { + /* + * We are setting the context as part of an existing + * transaction. This happens when we are inheriting the context + * for a new inode. + */ + trans = fs_data; + } else { + /* + * 1 for the inode item + * 1 for the fscrypt item + * 1 for the root item if the inode is a subvolume + */ + trans = btrfs_start_transaction(root, 2 + is_subvolume); + if (IS_ERR(trans)) + return PTR_ERR(trans); + } + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + ret = btrfs_search_slot(trans, BTRFS_I(inode)->root, &key, path, 0, 1); + if (ret == 0) { + struct extent_buffer *leaf = path->nodes[0]; + unsigned long ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0])); + write_extent_buffer(leaf, ctx, ptr, len); + btrfs_mark_buffer_dirty(leaf); + btrfs_free_path(path); + goto out; + } else if (ret < 0) { + goto out; + } + btrfs_free_path(path); + + ret = btrfs_insert_item(trans, BTRFS_I(inode)->root, &key, (void *) ctx, len); + if (ret) + goto out; + + BTRFS_I(inode)->flags |= BTRFS_INODE_FSCRYPT_CONTEXT; + btrfs_sync_inode_flags_to_i_flags(inode); + inode_inc_iversion(inode); + inode->i_ctime = current_time(inode); + ret = btrfs_update_inode(trans, root, BTRFS_I(inode)); + if (ret) + goto out; + + /* + * For new subvolumes, the root item is already initialized with + * the BTRFS_ROOT_SUBVOL_FSCRYPT flag. + */ + if (!fs_data && is_subvolume) { + u64 root_flags = btrfs_root_flags(&root->root_item); + + btrfs_set_root_flags(&root->root_item, + root_flags | + BTRFS_ROOT_SUBVOL_FSCRYPT); + ret = btrfs_update_root(trans, root->fs_info->tree_root, + &root->root_key, + &root->root_item); + } +out: + if (fs_data) + return ret; + + if (ret) + btrfs_abort_transaction(trans, ret); + else + btrfs_end_transaction(trans); + return ret; +} + +static bool btrfs_fscrypt_empty_dir(struct inode *inode) +{ + /* + * We don't care about turning on encryption on a non-empty directory + * so we always return true. + */ + return true; +} + const struct fscrypt_operations btrfs_fscrypt_ops = { + .key_prefix = "btrfs:", + .get_context = btrfs_fscrypt_get_context, + .set_context = btrfs_fscrypt_set_context, + .empty_dir = btrfs_fscrypt_empty_dir, }; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index eb42e4bf55b9..007abdf6de93 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6278,6 +6278,34 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, struct inode *inode = args->inode; int ret; + if (fscrypt_is_nokey_name(args->dentry)) + return -ENOKEY; + + if (IS_ENCRYPTED(dir) && + !(BTRFS_I(dir)->flags & BTRFS_INODE_FSCRYPT_CONTEXT)) { + struct inode *root_inode; + bool encrypt; + + root_inode = btrfs_iget(inode->i_sb, BTRFS_FIRST_FREE_OBJECTID, + BTRFS_I(dir)->root); + if (IS_ERR(root_inode)) + return PTR_ERR(root_inode); + /* + * TODO: perhaps instead of faking making a new dir to get a + * new context, it would be better to expose + * fscrypt_setup_encryption_info() for our use. + */ + ret = fscrypt_prepare_new_inode(root_inode, dir, &encrypt); + if (!ret) { + ret = fscrypt_set_context(dir, NULL); + if (ret) + fscrypt_put_encryption_info(dir); + } + iput(root_inode); + if (ret) + return ret; + } + if (!args->orphan) { ret = fscrypt_setup_filename(dir, &args->dentry->d_name, 0, &args->fname); @@ -6311,6 +6339,8 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, if (dir->i_security) (*trans_num_items)++; #endif + if (args->encrypt) + (*trans_num_items)++; /* 1 to add fscrypt item */ if (args->orphan) { /* 1 to add orphan item */ (*trans_num_items)++; @@ -6564,6 +6594,14 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, } } + if (args->encrypt) { + ret = fscrypt_set_context(inode, trans); + if (ret) { + btrfs_abort_transaction(trans, ret); + goto discard; + } + } + inode_tree_add(inode); trace_btrfs_inode_new(inode); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 10b8db56edda..8f5b65c43c8d 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -658,7 +658,8 @@ static noinline int create_subvol(struct user_namespace *mnt_userns, fs_info->nodesize); btrfs_set_stack_inode_mode(inode_item, S_IFDIR | 0755); - btrfs_set_root_flags(root_item, 0); + btrfs_set_root_flags(root_item, new_inode_args.encrypt ? + BTRFS_ROOT_SUBVOL_FSCRYPT : 0); btrfs_set_root_limit(root_item, 0); btrfs_set_stack_inode_flags(inode_item, BTRFS_INODE_ROOT_ITEM_INIT); @@ -787,6 +788,13 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir, return -ETXTBSY; } + if ((btrfs_root_flags(&root->root_item) & BTRFS_ROOT_SUBVOL_FSCRYPT) && + !IS_ENCRYPTED(dir)) { + btrfs_warn(fs_info, + "cannot snapshot encrypted volume to unencrypted destination"); + return -EXDEV; + } + pending_snapshot = kzalloc(sizeof(*pending_snapshot), GFP_KERNEL); if (!pending_snapshot) return -ENOMEM; diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 2c6d48af1d2a..05f404c7498e 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -1124,6 +1124,7 @@ static int check_root_item(struct extent_buffer *leaf, struct btrfs_key *key, struct btrfs_fs_info *fs_info = leaf->fs_info; struct btrfs_root_item ri = { 0 }; const u64 valid_root_flags = BTRFS_ROOT_SUBVOL_RDONLY | + BTRFS_ROOT_SUBVOL_FSCRYPT | BTRFS_ROOT_SUBVOL_DEAD; int ret; diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index e6031d18d521..061aabca56f3 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -144,6 +144,8 @@ #define BTRFS_VERITY_DESC_ITEM_KEY 36 #define BTRFS_VERITY_MERKLE_ITEM_KEY 37 +#define BTRFS_FSCRYPT_CTXT_ITEM_KEY 41 + #define BTRFS_ORPHAN_ITEM_KEY 48 /* reserve 2-15 close to the inode for later flexibility */ @@ -633,6 +635,8 @@ struct btrfs_dir_item { } __attribute__ ((__packed__)); #define BTRFS_ROOT_SUBVOL_RDONLY (1ULL << 0) +/* Top-level subvolume directory is encrypted with fscrypt. */ +#define BTRFS_ROOT_SUBVOL_FSCRYPT (1ULL << 1) /* * Internal in-memory flag that a subvolume has been marked for deletion but @@ -788,6 +792,12 @@ enum { BTRFS_NR_FILE_EXTENT_TYPES = 3, }; +enum { + BTRFS_ENCRYPTION_NONE, + BTRFS_ENCRYPTION_FSCRYPT, + BTRFS_NR_ENCRYPTION_TYPES, +}; + struct btrfs_file_extent_item { /* * transaction id that created this extent From patchwork Tue Sep 6 00:35:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966709 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01499ECAAD3 for ; Tue, 6 Sep 2022 00:36:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232642AbiIFAgM (ORCPT ); Mon, 5 Sep 2022 20:36:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236207AbiIFAgH (ORCPT ); Mon, 5 Sep 2022 20:36:07 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E6EA6AA30; Mon, 5 Sep 2022 17:36:06 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 8BC8381041; Mon, 5 Sep 2022 20:36:05 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424565; bh=AgDYp0BiOtfI423w4RuFeYp4IwenEY64iE6iTJOoayc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZJih04pUi6+UyQZ8VDKfOrftp/6XNoA1VuMA1kVLZvZRb6GSKxGdh3ytzPZGOtcc8 iGBwxFz+9RgKrbMnl+Ug06k57ZsmqVZUqXxfptnAHUJg1ttSHOzlBQnWbP+HwKoCw8 LvKz1XZ5oYT9XArOM4Q2H34jWseocSSDHj1tC2/ZO3yH6IWs7uA0eh0NsSrUPPBkAj EFYEFJ3NAnQlBp/I+Eu3GEpMCAeTJ8IRyS1zP1paHdIC3PKuOBZZw09KWaseURugo1 5S2AziW3Tqny+QaOQrD0p/amh0VLKjhY+S/2+G7l97dvv8akkuOL6/Lonbxrsq2Brj zYmVoX5qHtmqA== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 14/20] btrfs: translate btrfs encryption flags and encrypted inode flag. Date: Mon, 5 Sep 2022 20:35:29 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval In btrfs, a file can be encrypted either if its directory is encrypted or its root subvolume is encrypted, so translate both to the standard flags. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Reviewed-by: Josef Bacik --- fs/btrfs/ioctl.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 8f5b65c43c8d..708e514aca25 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -147,6 +148,10 @@ static unsigned int btrfs_inode_flags_to_fsflags(struct btrfs_inode *binode) iflags |= FS_NOCOW_FL; if (ro_flags & BTRFS_INODE_RO_VERITY) iflags |= FS_VERITY_FL; + if ((binode->flags & BTRFS_INODE_FSCRYPT_CONTEXT) || + (btrfs_root_flags(&binode->root->root_item) & + BTRFS_ROOT_SUBVOL_FSCRYPT)) + iflags |= FS_ENCRYPT_FL; if (flags & BTRFS_INODE_NOCOMPRESS) iflags |= FS_NOCOMP_FL; @@ -176,10 +181,14 @@ void btrfs_sync_inode_flags_to_i_flags(struct inode *inode) new_fl |= S_DIRSYNC; if (binode->ro_flags & BTRFS_INODE_RO_VERITY) new_fl |= S_VERITY; + if ((binode->flags & BTRFS_INODE_FSCRYPT_CONTEXT) || + (btrfs_root_flags(&binode->root->root_item) & + BTRFS_ROOT_SUBVOL_FSCRYPT)) + new_fl |= S_ENCRYPTED; set_mask_bits(&inode->i_flags, S_SYNC | S_APPEND | S_IMMUTABLE | S_NOATIME | S_DIRSYNC | - S_VERITY, new_fl); + S_VERITY | S_ENCRYPTED, new_fl); } /* @@ -192,7 +201,7 @@ static int check_fsflags(unsigned int old_flags, unsigned int flags) FS_NOATIME_FL | FS_NODUMP_FL | \ FS_SYNC_FL | FS_DIRSYNC_FL | \ FS_NOCOMP_FL | FS_COMPR_FL | - FS_NOCOW_FL)) + FS_NOCOW_FL | FS_ENCRYPT_FL)) return -EOPNOTSUPP; /* COMPR and NOCOMP on new/old are valid */ From patchwork Tue Sep 6 00:35:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966712 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59D4BC6FA89 for ; Tue, 6 Sep 2022 00:36:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236361AbiIFAgQ (ORCPT ); Mon, 5 Sep 2022 20:36:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236207AbiIFAgN (ORCPT ); Mon, 5 Sep 2022 20:36:13 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C888F6AA0C; Mon, 5 Sep 2022 17:36:08 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 8F89F81106; Mon, 5 Sep 2022 20:36:07 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424568; bh=OPKHx6Ir+flhWeeiQ5U6xryJu7emgkMTcJ1QAfLD8y4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JCcUhqbKWPKtJArYBpe4Vj7H9lIeEcyVdrF0EJRstbk5ofqbdh5rc6coXmT+cX5P5 eKtHOWLIw5tv3+LuwSmisH7iL1Kr137cI34f3oUABQWA3TW73gX2dceodTv3dhVqAV VqFyPlCnL+YuyaKsAXxQjrnHEE96KQFrbW03M9AREN2YUN/1xfj6vqBq+w2eUVLg69 2AgsIQplhR5uwTdItraUQq+h3eIW0F0ZuaP7vGxXfBVFTg3NdotjdRXY36swhTcADe BAvvzjMrJ3BH5F1NFDSqFj27hiCHi2Qkd2h/Np4PKuY4FQHxmQC1LywdUOj6b7MwHy vUV4VP8W06oDw== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v2 15/20] btrfs: store a fscrypt extent context per normal file extent Date: Mon, 5 Sep 2022 20:35:30 -0400 Message-Id: <460baa45489be139b48e7b152852bda919363b4c.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org In order to encrypt data, each file extent must have its own persistent fscrypt_extent_context, which is then provided to fscrypt upon request. This is only needed for encrypted extents and is of variable size on disk, so file extents must additionally keep track of their actual length. Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 30 +++++++++++ fs/btrfs/extent_map.h | 4 ++ fs/btrfs/file-item.c | 13 +++++ fs/btrfs/file.c | 4 +- fs/btrfs/fscrypt.c | 21 ++++++++ fs/btrfs/fscrypt.h | 23 +++++++++ fs/btrfs/inode.c | 89 +++++++++++++++++++++++++-------- fs/btrfs/ordered-data.c | 9 +++- fs/btrfs/ordered-data.h | 4 +- fs/btrfs/reflink.c | 1 + fs/btrfs/tree-checker.c | 36 ++++++++++--- fs/btrfs/tree-log.c | 11 +++- include/uapi/linux/btrfs_tree.h | 9 ++++ 13 files changed, 220 insertions(+), 34 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index f0a16c32110d..38927a867028 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -37,6 +37,7 @@ #include "async-thread.h" #include "block-rsv.h" #include "locking.h" +#include "fscrypt.h" struct btrfs_trans_handle; struct btrfs_transaction; @@ -1437,6 +1438,7 @@ struct btrfs_replace_extent_info { u64 file_offset; /* Pointer to a file extent item of type regular or prealloc. */ char *extent_buf; + u32 extent_buf_size; /* * Set to true when attempting to replace a file range with a new extent * described by this structure, set to false when attempting to clone an @@ -2659,6 +2661,16 @@ BTRFS_SETGET_STACK_FUNCS(stack_file_extent_disk_num_bytes, struct btrfs_file_extent_item, disk_num_bytes, 64); BTRFS_SETGET_STACK_FUNCS(stack_file_extent_compression, struct btrfs_file_extent_item, compression, 8); +BTRFS_SETGET_STACK_FUNCS(stack_file_extent_encryption, + struct btrfs_file_extent_item, encryption, 8); + +static inline u8 +btrfs_stack_file_extent_encryption_ctxsize(struct btrfs_file_extent_item *e) +{ + u8 ctxsize; + btrfs_unpack_encryption(e->encryption, NULL, &ctxsize); + return ctxsize; +} static inline unsigned long btrfs_file_extent_inline_start(const struct btrfs_file_extent_item *e) @@ -2691,6 +2703,24 @@ BTRFS_SETGET_FUNCS(file_extent_encryption, struct btrfs_file_extent_item, BTRFS_SETGET_FUNCS(file_extent_other_encoding, struct btrfs_file_extent_item, other_encoding, 16); +static inline u8 +btrfs_file_extent_encryption_ctxsize(const struct extent_buffer *eb, + struct btrfs_file_extent_item *e) +{ + u8 ctxsize; + btrfs_unpack_encryption(btrfs_file_extent_encryption(eb, e), + NULL, &ctxsize); + return ctxsize; +} + +static inline u8 +btrfs_file_extent_ctxsize_from_item(const struct extent_buffer *leaf, + const struct btrfs_path *path) +{ + return (btrfs_item_size(leaf, path->slots[0]) - + sizeof(struct btrfs_file_extent_item)); +} + /* * this returns the number of bytes used by the item on disk, minus the * size of any extent headers. If a file is compressed on disk, this is diff --git a/fs/btrfs/extent_map.h b/fs/btrfs/extent_map.h index d2fa32ffe304..21eacab2f325 100644 --- a/fs/btrfs/extent_map.h +++ b/fs/btrfs/extent_map.h @@ -5,6 +5,7 @@ #include #include +#include "fscrypt.h" #define EXTENT_MAP_LAST_BYTE ((u64)-4) #define EXTENT_MAP_HOLE ((u64)-3) @@ -27,6 +28,8 @@ enum { EXTENT_FLAG_FS_MAPPING, /* This em is merged from two or more physically adjacent ems */ EXTENT_FLAG_MERGED, + /* This em has a fscrypt extent context */ + EXTENT_FLAG_ENCRYPTED, }; struct extent_map { @@ -50,6 +53,7 @@ struct extent_map { */ u64 generation; unsigned long flags; + struct btrfs_fscrypt_extent_context fscrypt_context; /* Used for chunk mappings, flag EXTENT_FLAG_FS_MAPPING must be set */ struct map_lookup *map_lookup; refcount_t refs; diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index 29999686d234..ec2950656ddc 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -1216,6 +1216,7 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, em->generation = btrfs_file_extent_generation(leaf, fi); if (type == BTRFS_FILE_EXTENT_REG || type == BTRFS_FILE_EXTENT_PREALLOC) { + u8 ctxsize; em->start = extent_start; em->len = extent_end - extent_start; em->orig_start = extent_start - @@ -1231,6 +1232,10 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, em->compress_type = compress_type; em->block_start = bytenr; em->block_len = em->orig_block_len; + } else if (btrfs_file_extent_encryption(leaf, fi)) { + set_bit(EXTENT_FLAG_ENCRYPTED, &em->flags); + em->block_start = bytenr; + em->block_len = em->orig_block_len; } else { bytenr += btrfs_file_extent_offset(leaf, fi); em->block_start = bytenr; @@ -1238,6 +1243,14 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, if (type == BTRFS_FILE_EXTENT_PREALLOC) set_bit(EXTENT_FLAG_PREALLOC, &em->flags); } + + ctxsize = btrfs_file_extent_ctxsize_from_item(leaf, path); + ASSERT(ctxsize == btrfs_file_extent_encryption_ctxsize(leaf, fi)); + em->fscrypt_context.len = ctxsize; + + read_extent_buffer(leaf, em->fscrypt_context.buffer, + (unsigned long)fi->fscrypt_context, + ctxsize); } else if (type == BTRFS_FILE_EXTENT_INLINE) { em->block_start = EXTENT_MAP_INLINE; em->start = extent_start; diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 929a0308676c..1b464aac9a41 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -2644,14 +2644,14 @@ static int btrfs_insert_replace_extent(struct btrfs_trans_handle *trans, key.type = BTRFS_EXTENT_DATA_KEY; key.offset = extent_info->file_offset; ret = btrfs_insert_empty_item(trans, root, path, &key, - sizeof(struct btrfs_file_extent_item)); + extent_info->extent_buf_size); if (ret) return ret; leaf = path->nodes[0]; slot = path->slots[0]; write_extent_buffer(leaf, extent_info->extent_buf, btrfs_item_ptr_offset(leaf, slot), - sizeof(struct btrfs_file_extent_item)); + extent_info->extent_buf_size); extent = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); ASSERT(btrfs_file_extent_type(leaf, extent) != BTRFS_FILE_EXTENT_INLINE); btrfs_set_file_extent_offset(leaf, extent, extent_info->data_offset); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index b824bbd964bc..c52a5a8788dd 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -194,9 +194,30 @@ static bool btrfs_fscrypt_empty_dir(struct inode *inode) return true; } +static int btrfs_fscrypt_get_extent_context(const struct inode *inode, + u64 lblk_num, void *ctx, + size_t len, + size_t *extent_offset, + size_t *extent_length) +{ + return len; +} + +static int btrfs_fscrypt_set_extent_context(void *extent, void *ctx, + size_t len) +{ + struct btrfs_fscrypt_extent_context *extent_context = extent; + memcpy(extent_context->buffer, ctx, len); + extent_context->len = len; + return 0; +} + const struct fscrypt_operations btrfs_fscrypt_ops = { + .flags = FS_CFLG_ALLOW_PARTIAL, .key_prefix = "btrfs:", .get_context = btrfs_fscrypt_get_context, .set_context = btrfs_fscrypt_set_context, .empty_dir = btrfs_fscrypt_empty_dir, + .get_extent_context = btrfs_fscrypt_get_extent_context, + .set_extent_context = btrfs_fscrypt_set_extent_context, }; diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 07884206c8a1..0b0be3b2d23e 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -5,6 +5,14 @@ #include +#define BTRFS_ENCRYPTION_POLICY_MASK 0x03 +#define BTRFS_ENCRYPTION_CTXSIZE_MASK 0xfc + +struct btrfs_fscrypt_extent_context { + u8 buffer[FSCRYPT_EXTENT_CONTEXT_MAX_SIZE]; + size_t len; +}; + #ifdef CONFIG_FS_ENCRYPTION bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, struct extent_buffer *leaf, @@ -22,5 +30,20 @@ static bool btrfs_fscrypt_match_name(const struct fscrypt_name *fname, } #endif +static inline void btrfs_unpack_encryption(u8 encryption, + u8 *policy, + u8 *ctxsize) +{ + if (policy) + *policy = encryption & BTRFS_ENCRYPTION_POLICY_MASK; + if (ctxsize) + *ctxsize = (encryption & BTRFS_ENCRYPTION_CTXSIZE_MASK) >> 2; +} + +static inline u8 btrfs_pack_encryption(u8 policy, u8 ctxsize) +{ + return policy | (ctxsize << 2); +} + extern const struct fscrypt_operations btrfs_fscrypt_ops; #endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 007abdf6de93..4c134a6486b3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1015,7 +1015,6 @@ static int submit_one_async_extent(struct btrfs_inode *inode, ret = PTR_ERR(em); goto out_free_reserve; } - free_extent_map(em); ret = btrfs_add_ordered_extent(inode, start, /* file_offset */ async_extent->ram_size, /* num_bytes */ @@ -1024,7 +1023,9 @@ static int submit_one_async_extent(struct btrfs_inode *inode, ins.offset, /* disk_num_bytes */ 0, /* offset */ 1 << BTRFS_ORDERED_COMPRESSED, - async_extent->compress_type); + async_extent->compress_type, + &em->fscrypt_context); + free_extent_map(em); if (ret) { btrfs_drop_extent_cache(inode, start, end, 0); goto out_free_reserve; @@ -1297,12 +1298,13 @@ static noinline int cow_file_range(struct btrfs_inode *inode, ret = PTR_ERR(em); goto out_reserve; } - free_extent_map(em); ret = btrfs_add_ordered_extent(inode, start, ram_size, ram_size, ins.objectid, cur_alloc_size, 0, 1 << BTRFS_ORDERED_REGULAR, - BTRFS_COMPRESS_NONE); + BTRFS_COMPRESS_NONE, + &em->fscrypt_context); + free_extent_map(em); if (ret) goto out_drop_extent_cache; @@ -2092,14 +2094,15 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, ret = PTR_ERR(em); goto error; } - free_extent_map(em); ret = btrfs_add_ordered_extent(inode, cur_offset, nocow_args.num_bytes, nocow_args.num_bytes, nocow_args.disk_bytenr, nocow_args.num_bytes, 0, 1 << BTRFS_ORDERED_PREALLOC, - BTRFS_COMPRESS_NONE); + BTRFS_COMPRESS_NONE, + &em->fscrypt_context); + free_extent_map(em); if (ret) { btrfs_drop_extent_cache(inode, cur_offset, nocow_end, 0); @@ -2113,7 +2116,8 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, nocow_args.num_bytes, 0, 1 << BTRFS_ORDERED_NOCOW, - BTRFS_COMPRESS_NONE); + BTRFS_COMPRESS_NONE, + NULL); if (ret) goto error; } @@ -3046,6 +3050,7 @@ int btrfs_writepage_cow_fixup(struct page *page) static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, struct btrfs_inode *inode, u64 file_pos, struct btrfs_file_extent_item *stack_fi, + struct btrfs_fscrypt_extent_context *fscrypt_context, const bool update_inode_bytes, u64 qgroup_reserved) { @@ -3060,6 +3065,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, u64 num_bytes = btrfs_stack_file_extent_num_bytes(stack_fi); u64 ram_bytes = btrfs_stack_file_extent_ram_bytes(stack_fi); struct btrfs_drop_extents_args drop_args = { 0 }; + size_t context_len = fscrypt_context ? fscrypt_context->len : 0; int ret; path = btrfs_alloc_path(); @@ -3079,7 +3085,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, drop_args.start = file_pos; drop_args.end = file_pos + num_bytes; drop_args.replace_extent = true; - drop_args.extent_item_size = sizeof(*stack_fi); + drop_args.extent_item_size = sizeof(*stack_fi) + context_len; ret = btrfs_drop_extents(trans, root, inode, &drop_args); if (ret) goto out; @@ -3090,7 +3096,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, ins.type = BTRFS_EXTENT_DATA_KEY; ret = btrfs_insert_empty_item(trans, root, path, &ins, - sizeof(*stack_fi)); + sizeof(*stack_fi) + context_len); if (ret) goto out; } @@ -3099,6 +3105,11 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, write_extent_buffer(leaf, stack_fi, btrfs_item_ptr_offset(leaf, path->slots[0]), sizeof(struct btrfs_file_extent_item)); + if (context_len) + write_extent_buffer(leaf, fscrypt_context->buffer, + btrfs_item_ptr_offset(leaf, path->slots[0]) + + sizeof(struct btrfs_file_extent_item), + context_len); btrfs_mark_buffer_dirty(leaf); btrfs_release_path(path); @@ -3175,7 +3186,12 @@ static int insert_ordered_extent_file_extent(struct btrfs_trans_handle *trans, btrfs_set_stack_file_extent_num_bytes(&stack_fi, num_bytes); btrfs_set_stack_file_extent_ram_bytes(&stack_fi, ram_bytes); btrfs_set_stack_file_extent_compression(&stack_fi, oe->compress_type); - /* Encryption and other encoding is reserved and all 0 */ + if (IS_ENCRYPTED(oe->inode)) { + u8 encryption = btrfs_pack_encryption(BTRFS_ENCRYPTION_FSCRYPT, + oe->fscrypt_context.len); + btrfs_set_stack_file_extent_encryption(&stack_fi, encryption); + } + /* Other encoding is reserved and always 0 */ /* * For delalloc, when completing an ordered extent we update the inode's @@ -3189,6 +3205,7 @@ static int insert_ordered_extent_file_extent(struct btrfs_trans_handle *trans, return insert_reserved_file_extent(trans, BTRFS_I(oe->inode), oe->file_offset, &stack_fi, + &oe->fscrypt_context, update_inode_bytes, oe->qgroup_rsv); } @@ -7091,8 +7108,23 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, btrfs_extent_item_to_extent_map(inode, path, item, !page, em); - if (extent_type == BTRFS_FILE_EXTENT_REG || - extent_type == BTRFS_FILE_EXTENT_PREALLOC) { + if (extent_type == BTRFS_FILE_EXTENT_REG) { + u8 item_ctxsize = btrfs_file_extent_ctxsize_from_item(leaf, path); + u8 encryption = btrfs_file_extent_encryption(leaf, item); + u8 policy, ctxsize; + btrfs_unpack_encryption(encryption, &policy, &ctxsize); + + if (policy == BTRFS_ENCRYPTION_FSCRYPT) { + if (ctxsize != item_ctxsize) { + btrfs_crit(fs_info, + "invalid encryption context size for inode %llu: itemsize %d item %d", + btrfs_ino(inode), ctxsize, item_ctxsize); + ret = -EUCLEAN; + goto out; + } + } + goto insert; + } else if (extent_type == BTRFS_FILE_EXTENT_PREALLOC) { goto insert; } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { unsigned long ptr; @@ -7324,7 +7356,8 @@ static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, block_len, 0, (1 << type) | (1 << BTRFS_ORDERED_DIRECT), - BTRFS_COMPRESS_NONE); + BTRFS_COMPRESS_NONE, + em ? &em->fscrypt_context : NULL); if (ret) { if (em) { free_extent_map(em); @@ -7625,6 +7658,15 @@ static struct extent_map *create_io_em(struct btrfs_inode *inode, u64 start, em->compress_type = compress_type; } + if (IS_ENCRYPTED(&inode->vfs_inode)) { + ret = fscrypt_set_extent_context(&inode->vfs_inode, + &em->fscrypt_context); + if (ret < 0) { + free_extent_map(em); + return ERR_PTR(ret); + } + } + do { btrfs_drop_extent_cache(inode, em->start, em->start + em->len - 1, 0); @@ -9971,6 +10013,7 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, struct extent_buffer *leaf; struct fscrypt_str disk_link; u32 name_len = strlen(symname); + u8 encryption; /* * fscrypt sets disk_link.len to be len + 1, including a NULL terminator, but we @@ -10049,7 +10092,9 @@ static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir, btrfs_set_file_extent_generation(leaf, ei, trans->transid); btrfs_set_file_extent_type(leaf, ei, BTRFS_FILE_EXTENT_INLINE); - btrfs_set_file_extent_encryption(leaf, ei, 0); + encryption = btrfs_pack_encryption(IS_ENCRYPTED(inode) ? + BTRFS_ENCRYPTION_FSCRYPT : 0, 0); + btrfs_set_file_extent_encryption(leaf, ei, encryption); btrfs_set_file_extent_compression(leaf, ei, 0); btrfs_set_file_extent_other_encoding(leaf, ei, 0); /* ram size is the unencoded size */ @@ -10119,16 +10164,18 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( btrfs_set_stack_file_extent_num_bytes(&stack_fi, len); btrfs_set_stack_file_extent_ram_bytes(&stack_fi, len); btrfs_set_stack_file_extent_compression(&stack_fi, BTRFS_COMPRESS_NONE); - /* Encryption and other encoding is reserved and all 0 */ + btrfs_set_stack_file_extent_encryption(&stack_fi, + BTRFS_ENCRYPTION_NONE); + /* Other encoding is reserved and always 0 */ qgroup_released = btrfs_qgroup_release_data(inode, file_offset, len); if (qgroup_released < 0) return ERR_PTR(qgroup_released); if (trans) { - ret = insert_reserved_file_extent(trans, inode, - file_offset, &stack_fi, - true, qgroup_released); + ret = insert_reserved_file_extent(trans, inode, file_offset, + &stack_fi, NULL, true, + qgroup_released); if (ret) goto free_qgroup; return trans; @@ -10140,6 +10187,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( extent_info.data_len = len; extent_info.file_offset = file_offset; extent_info.extent_buf = (char *)&stack_fi; + extent_info.extent_buf_size = sizeof(stack_fi); extent_info.is_new_extent = true; extent_info.update_times = true; extent_info.qgroup_reserved = qgroup_released; @@ -11081,14 +11129,15 @@ ssize_t btrfs_do_encoded_write(struct kiocb *iocb, struct iov_iter *from, ret = PTR_ERR(em); goto out_free_reserved; } - free_extent_map(em); ret = btrfs_add_ordered_extent(inode, start, num_bytes, ram_bytes, ins.objectid, ins.offset, encoded->unencoded_offset, (1 << BTRFS_ORDERED_ENCODED) | (1 << BTRFS_ORDERED_COMPRESSED), - compression); + compression, + &em->fscrypt_context); + free_extent_map(em); if (ret) { btrfs_drop_extent_cache(inode, start, end, 0); goto out_free_reserved; diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index eb24a6d20ff8..ba06eba5ff27 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -164,7 +164,8 @@ static inline struct rb_node *tree_search(struct btrfs_ordered_inode_tree *tree, int btrfs_add_ordered_extent(struct btrfs_inode *inode, u64 file_offset, u64 num_bytes, u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, u64 offset, unsigned flags, - int compress_type) + int compress_type, + struct btrfs_fscrypt_extent_context *fscrypt_context) { struct btrfs_root *root = inode->root; struct btrfs_fs_info *fs_info = root->fs_info; @@ -199,6 +200,9 @@ int btrfs_add_ordered_extent(struct btrfs_inode *inode, u64 file_offset, entry->disk_bytenr = disk_bytenr; entry->disk_num_bytes = disk_num_bytes; entry->offset = offset; + if (fscrypt_context && fscrypt_context->len) + memcpy(&entry->fscrypt_context, fscrypt_context, + sizeof(*fscrypt_context)); entry->bytes_left = num_bytes; entry->inode = igrab(&inode->vfs_inode); entry->compress_type = compress_type; @@ -1080,7 +1084,8 @@ static int clone_ordered_extent(struct btrfs_ordered_extent *ordered, u64 pos, WARN_ON_ONCE(flags & (1 << BTRFS_ORDERED_COMPRESSED)); return btrfs_add_ordered_extent(BTRFS_I(inode), file_offset, len, len, disk_bytenr, len, 0, flags, - ordered->compress_type); + ordered->compress_type, + &ordered->fscrypt_context); } int btrfs_split_ordered_extent(struct btrfs_ordered_extent *ordered, u64 pre, diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h index 87792f85e2c4..686c4a79bbe9 100644 --- a/fs/btrfs/ordered-data.h +++ b/fs/btrfs/ordered-data.h @@ -99,6 +99,7 @@ struct btrfs_ordered_extent { u64 disk_bytenr; u64 disk_num_bytes; u64 offset; + struct btrfs_fscrypt_extent_context fscrypt_context; /* number of bytes that still need writing */ u64 bytes_left; @@ -194,7 +195,8 @@ bool btrfs_dec_test_ordered_pending(struct btrfs_inode *inode, int btrfs_add_ordered_extent(struct btrfs_inode *inode, u64 file_offset, u64 num_bytes, u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, u64 offset, unsigned flags, - int compress_type); + int compress_type, + struct btrfs_fscrypt_extent_context *fscrypt_context); void btrfs_add_ordered_sum(struct btrfs_ordered_extent *entry, struct btrfs_ordered_sum *sum); struct btrfs_ordered_extent *btrfs_lookup_ordered_extent(struct btrfs_inode *inode, diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c index d22086e1cbc8..466dfccba094 100644 --- a/fs/btrfs/reflink.c +++ b/fs/btrfs/reflink.c @@ -495,6 +495,7 @@ static int btrfs_clone(struct inode *src, struct inode *inode, clone_info.data_len = datal; clone_info.file_offset = new_key.offset; clone_info.extent_buf = buf; + clone_info.extent_buf_size = size; clone_info.is_new_extent = false; clone_info.update_times = !no_time_update; ret = btrfs_replace_file_extents(BTRFS_I(inode), path, diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 05f404c7498e..a78b2882df1b 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -204,6 +204,7 @@ static int check_extent_data_item(struct extent_buffer *leaf, u32 sectorsize = fs_info->sectorsize; u32 item_size = btrfs_item_size(leaf, slot); u64 extent_end; + u8 policy; if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) { file_extent_err(leaf, slot, @@ -255,10 +256,12 @@ static int check_extent_data_item(struct extent_buffer *leaf, BTRFS_NR_COMPRESS_TYPES - 1); return -EUCLEAN; } - if (unlikely(btrfs_file_extent_encryption(leaf, fi))) { + btrfs_unpack_encryption(btrfs_file_extent_encryption(leaf, fi), + &policy, NULL); + if (unlikely(policy >= BTRFS_NR_ENCRYPTION_TYPES)) { file_extent_err(leaf, slot, - "invalid encryption for file extent, have %u expect 0", - btrfs_file_extent_encryption(leaf, fi)); + "invalid encryption for file extent, have %u expect range [0, %u]", + policy, BTRFS_NR_ENCRYPTION_TYPES - 1); return -EUCLEAN; } if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) { @@ -287,12 +290,29 @@ static int check_extent_data_item(struct extent_buffer *leaf, return 0; } - /* Regular or preallocated extent has fixed item size */ - if (unlikely(item_size != sizeof(*fi))) { - file_extent_err(leaf, slot, + if (policy == BTRFS_ENCRYPTION_FSCRYPT) { + u8 ctxsize = btrfs_file_extent_encryption_ctxsize(leaf, fi); + if (unlikely(item_size != sizeof(*fi) + ctxsize)) { + file_extent_err(leaf, slot, + "invalid item size for encrypted file extent, have %u expect = %zu + context of size %u", + item_size, sizeof(*fi), ctxsize); + return -EUCLEAN; + } + /* Only regular extents should be encrypted. */ + if (btrfs_file_extent_type(leaf, fi) != BTRFS_FILE_EXTENT_REG) { + file_extent_err(leaf, slot, + "invalid type for encrypted file extent, have %u expect %u", + btrfs_file_extent_type(leaf, fi), + BTRFS_FILE_EXTENT_REG); + return -EUCLEAN; + } + } else { + if (unlikely(item_size != sizeof(*fi))) { + file_extent_err(leaf, slot, "invalid item size for reg/prealloc file extent, have %u expect %zu", - item_size, sizeof(*fi)); - return -EUCLEAN; + item_size, sizeof(*fi)); + return -EUCLEAN; + } } if (unlikely(CHECK_FE_ALIGNED(leaf, slot, fi, ram_bytes, sectorsize) || CHECK_FE_ALIGNED(leaf, slot, fi, disk_bytenr, sectorsize) || diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 53195cfe6a3d..11b51b591a75 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4651,6 +4651,9 @@ static int log_one_extent(struct btrfs_trans_handle *trans, u64 extent_offset = em->start - em->orig_start; u64 block_len; int ret; + u8 encryption = btrfs_pack_encryption(IS_ENCRYPTED(&inode->vfs_inode) ? + BTRFS_ENCRYPTION_FSCRYPT : 0, + em->fscrypt_context.len); btrfs_set_stack_file_extent_generation(&fi, trans->transid); if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) @@ -4672,6 +4675,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, btrfs_set_stack_file_extent_num_bytes(&fi, em->len); btrfs_set_stack_file_extent_ram_bytes(&fi, em->ram_bytes); btrfs_set_stack_file_extent_compression(&fi, em->compress_type); + btrfs_set_stack_file_extent_encryption(&fi, encryption); ret = log_extent_csums(trans, inode, log, em, ctx); if (ret) @@ -4703,7 +4707,8 @@ static int log_one_extent(struct btrfs_trans_handle *trans, key.offset = em->start; ret = btrfs_insert_empty_item(trans, log, path, &key, - sizeof(fi)); + sizeof(fi) + + em->fscrypt_context.len); if (ret) return ret; } @@ -4711,6 +4716,10 @@ static int log_one_extent(struct btrfs_trans_handle *trans, write_extent_buffer(leaf, &fi, btrfs_item_ptr_offset(leaf, path->slots[0]), sizeof(fi)); + write_extent_buffer(leaf, &em->fscrypt_context.buffer, + btrfs_item_ptr_offset(leaf, path->slots[0]) + + sizeof(fi), em->fscrypt_context.len); + btrfs_mark_buffer_dirty(leaf); btrfs_release_path(path); diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index 061aabca56f3..78e831fdd7c6 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -820,6 +820,10 @@ struct btrfs_file_extent_item { * but not for stat. */ __u8 compression; + /* + * This field contains 4 bits of encryption type in the lower bits, + * 4 bits of ivsize in the upper bits. The unencrypted value is 0. + */ __u8 encryption; __le16 other_encoding; /* spare for later use */ @@ -848,6 +852,11 @@ struct btrfs_file_extent_item { */ __le64 num_bytes; + /* + * Fscrypt extent encryption context. Only present if extent is + * encrypted (stored in the encryption field). + */ + __u8 fscrypt_context[0]; } __attribute__ ((__packed__)); struct btrfs_csum_item { From patchwork Tue Sep 6 00:35:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966710 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52F79C6FA8B for ; Tue, 6 Sep 2022 00:36:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232633AbiIFAgS (ORCPT ); Mon, 5 Sep 2022 20:36:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236239AbiIFAgN (ORCPT ); Mon, 5 Sep 2022 20:36:13 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 541C16AA30; Mon, 5 Sep 2022 17:36:10 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 986568110B; Mon, 5 Sep 2022 20:36:09 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424569; bh=EceWAZs4f45oO7J++Q4kUNytf69nwouRK1bX4k4qds4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RQZalc/TYPFjVhjXJ9qwBAeUpJa8stjGOMKuHHOfRdwIuTgYJnsyxSoSXg9JX/Jhg 3q78x5QPgFRq4mglfF/ffJthHhwcW++wpsYRz1BkTWHi4mubXkYfXR/de31kcQ03kE 6VluU0NlauUBr4x/2VaUqqhD17b7yCKxWqRX0hpindwVtwj3x9K8oJ4GSx6RUqnrDp Zo0HUp+IP8hky8r/RG+Z0v/clzgbKSbH3ONxXPxSf8aV+h9ROP2TrCh8z2Dt52ZB8h wdC1cwRbLymAPJyA+yFLRryQsJ449y6T/uilUjn/xGD5MLpffJQ8ZphEqq6kmwGBEV SVM9uXU+/ukLQ== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 16/20] btrfs: Add new FEATURE_INCOMPAT_FSCRYPT feature flag. Date: Mon, 5 Sep 2022 20:35:31 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval As fscrypt files will be incompatible with older filesystem versions, new filesystems should be created with an incompat flag for fscrypt. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 6 ++++-- include/uapi/linux/btrfs.h | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 38927a867028..e8d000fcc85d 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -330,7 +330,8 @@ static_assert(sizeof(struct btrfs_super_block) == BTRFS_SUPER_INFO_SIZE); BTRFS_FEATURE_INCOMPAT_METADATA_UUID | \ BTRFS_FEATURE_INCOMPAT_RAID1C34 | \ BTRFS_FEATURE_INCOMPAT_ZONED | \ - BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2) + BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2 | \ + BTRFS_FEATURE_INCOMPAT_FSCRYPT) #else #define BTRFS_FEATURE_INCOMPAT_SUPP \ (BTRFS_FEATURE_INCOMPAT_MIXED_BACKREF | \ @@ -345,7 +346,8 @@ static_assert(sizeof(struct btrfs_super_block) == BTRFS_SUPER_INFO_SIZE); BTRFS_FEATURE_INCOMPAT_NO_HOLES | \ BTRFS_FEATURE_INCOMPAT_METADATA_UUID | \ BTRFS_FEATURE_INCOMPAT_RAID1C34 | \ - BTRFS_FEATURE_INCOMPAT_ZONED) + BTRFS_FEATURE_INCOMPAT_ZONED | \ + BTRFS_FEATURE_INCOMPAT_FSCRYPT) #endif #define BTRFS_FEATURE_INCOMPAT_SAFE_SET \ diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h index c413fca6f581..d85587538928 100644 --- a/include/uapi/linux/btrfs.h +++ b/include/uapi/linux/btrfs.h @@ -316,6 +316,7 @@ struct btrfs_ioctl_fs_info_args { #define BTRFS_FEATURE_INCOMPAT_RAID1C34 (1ULL << 11) #define BTRFS_FEATURE_INCOMPAT_ZONED (1ULL << 12) #define BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2 (1ULL << 13) +#define BTRFS_FEATURE_INCOMPAT_FSCRYPT (1ULL << 14) struct btrfs_ioctl_feature_flags { __u64 compat_flags; From patchwork Tue Sep 6 00:35:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966711 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 083A5ECAAA1 for ; Tue, 6 Sep 2022 00:36:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236726AbiIFAgT (ORCPT ); Mon, 5 Sep 2022 20:36:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232772AbiIFAgP (ORCPT ); Mon, 5 Sep 2022 20:36:15 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC9616A4A8; Mon, 5 Sep 2022 17:36:11 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 60AC781158; Mon, 5 Sep 2022 20:36:11 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424571; bh=qs/PbHgqpvuCxRL5lwfqdPPBlbi/vM+biDOAKHz7sn4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DKzy3x6o+19lIA+lYi8qQtQWOXgfDwFIZp+PTVQcddHbhFXfDb9tjGVUFUYhG4ww7 t7jDBHz8tEYBzRb+0yGI7IIvMoI8K+7x1nz13/RZGTGUNurqMn6spgtbYGPG041bLZ V8zeW78NVqRgzL7Iho7+zDrWhtiEidCnD7tT7aFoSilNP4RBWIcpkmRml0plSbUg0C aPj/OxYQqbSSDOCTnWVf/WxRPW6cdnx/whv+Sbv427Q0DLOeS68dCDV2yadkKxJBTV Y/Ncg+PYzmXacbiCKc3zZNV5Rt3Gwu66fAsIV4ZKbjbRqkSrqfY31oWHtr0MT4Hyxn qAxh/HzLaZh/Q== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 17/20] btrfs: reuse encrypted filename hash when possible. Date: Mon, 5 Sep 2022 20:35:32 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval For encrypted fscrypt_names, we can reuse fscrypt's precomputed hash of the encrypted name to generate our own hash, instead of rehashing the unencrypted name (which may not be possible if it's a nokey name). Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ctree.h | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index e8d000fcc85d..aa599518c057 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -2842,7 +2842,10 @@ static inline void btrfs_crc32c_final(u32 crc, u8 *result) static inline u64 btrfs_name_hash(const struct fscrypt_name *name) { - return crc32c((u32)~1, fname_name(name), fname_len(name)); + if (fname_name(name)) + return crc32c((u32)~1, fname_name(name), fname_len(name)); + else + return name->hash | ((u64)name->minor_hash << 32); } /* @@ -2851,8 +2854,20 @@ static inline u64 btrfs_name_hash(const struct fscrypt_name *name) static inline u64 btrfs_extref_hash(u64 parent_objectid, const struct fscrypt_name *name) { - return (u64) crc32c(parent_objectid, fname_name(name), - fname_len(name)); + /* + * If the name is encrypted and we don't have the key, we can use the + * fscrypt-provided hash instead of the normal name, and do the steps + * of crc32c() manually. Else, just hash the name, parent objectid, + * and name length. + */ + if (fname_name(name)) + return (u64) crc32c(parent_objectid, fname_name(name), + fname_len(name)); + else + return (__crc32c_le_combine(parent_objectid, + name->hash, + fname_len(name)) ^ + __crc32c_le_shift(~1, fname_len(name))); } static inline gfp_t btrfs_alloc_write_mask(struct address_space *mapping) From patchwork Tue Sep 6 00:35:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966713 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85669ECAAD3 for ; Tue, 6 Sep 2022 00:36:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232772AbiIFAgU (ORCPT ); Mon, 5 Sep 2022 20:36:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236740AbiIFAgS (ORCPT ); Mon, 5 Sep 2022 20:36:18 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D9936AA1F; Mon, 5 Sep 2022 17:36:14 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 182F3807FE; Mon, 5 Sep 2022 20:36:12 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424574; bh=woOe78FZWyBlgS9Xlz5a1cacI0ewduBxWOi1WAvXejY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xRd0M2WN88WeK60R6Caja2P+1NFmG2udjS3VHQ+YaoZs+q91tJW07XvUngxSg+t4y pdlo6huYx7ZR1RZ12bJm8XNnK/2yPXOC3PUZVuYF0FfSaNb3opIoZKYNpDp+IbhKis LYuMEbAPqXW7qkFeAW94Xr8PO59qAm8xRFvEtQH3q1p+EQAvYMmDlKHWWLgTXHIlMk 8SKi9nLBwruhWz1h3ITlqg1hX5+luGawIY9+aZTUwp2/Ybj8MmPT7C4L/+wglyOAJM pjmc/RoXzNp1mV2reV0jr3aDef3JlMhZVIfh/zF4EXJg8tqChFU29ZKXqpQn+EtCBo orETHg/+4oXCw== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 18/20] btrfs: adapt directory read and lookup to potentially encrypted filenames Date: Mon, 5 Sep 2022 20:35:33 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval When filenames can be encrypted, if we don't initially match a desired filename, we have to try decrypting it with the directory key to see if it matches in plaintext. Similarly, for readdir, we need to read encrypted directory items as well as unencrypted. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/delayed-inode.c | 32 +++++++++++--- fs/btrfs/delayed-inode.h | 4 +- fs/btrfs/dir-item.c | 23 ++++++++++ fs/btrfs/inode.c | 90 ++++++++++++++++++++++++++++++++++++---- 4 files changed, 134 insertions(+), 15 deletions(-) diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c index 069326654074..5eef6f96c6b6 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -1493,9 +1493,9 @@ int btrfs_insert_delayed_dir_index(struct btrfs_trans_handle *trans, ret = __btrfs_add_delayed_item(delayed_node, delayed_item); if (unlikely(ret)) { + // TODO: It would be nice to print the base64encoded name here maybe? btrfs_err(trans->fs_info, - "err add delayed dir index item(name: %.*s) into the insertion tree of the delayed node(root id: %llu, inode id: %llu, errno: %d)", - fname_len(fname), fname_name(fname), + "err add delayed dir index item into the insertion tree of the delayed node (root id: %llu, inode id: %llu, errno: %d)", delayed_node->root->root_key.objectid, delayed_node->inode_id, ret); BUG(); @@ -1721,7 +1721,9 @@ int btrfs_should_delete_dir_index(struct list_head *del_list, * btrfs_readdir_delayed_dir_index - read dir info stored in the delayed tree * */ -int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, +int btrfs_readdir_delayed_dir_index(struct inode *inode, + struct fscrypt_str *fstr, + struct dir_context *ctx, struct list_head *ins_list) { struct btrfs_dir_item *di; @@ -1731,6 +1733,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, int name_len; int over = 0; unsigned char d_type; + size_t fstr_len = fstr->len; if (list_empty(ins_list)) return 0; @@ -1758,8 +1761,27 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, d_type = fs_ftype_to_dtype(btrfs_dir_flags_to_ftype(di->type)); btrfs_disk_key_to_cpu(&location, &di->location); - over = !dir_emit(ctx, name, name_len, - location.objectid, d_type); + if (di->type & BTRFS_FT_FSCRYPT_NAME) { + int ret; + struct fscrypt_str iname = FSTR_INIT(name, name_len); + fstr->len = fstr_len; + /* + * The hash is only used when the encryption key is not + * available. But if we have delayed insertions, then we + * must have the encryption key available or we wouldn't + * have been able to create entries in the directory. + * So, we don't calculate the hash. + */ + ret = fscrypt_fname_disk_to_usr(inode, 0, 0, &iname, + fstr); + if (ret) + return ret; + over = !dir_emit(ctx, fstr->name, fstr->len, + location.objectid, d_type); + } else { + over = !dir_emit(ctx, name, name_len, location.objectid, + d_type); + } if (refcount_dec_and_test(&curr->refs)) kfree(curr); diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h index 8abeb78af14e..9491bf0b7576 100644 --- a/fs/btrfs/delayed-inode.h +++ b/fs/btrfs/delayed-inode.h @@ -156,7 +156,9 @@ void btrfs_readdir_put_delayed_items(struct inode *inode, struct list_head *del_list); int btrfs_should_delete_dir_index(struct list_head *del_list, u64 index); -int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, +int btrfs_readdir_delayed_dir_index(struct inode *inode, + struct fscrypt_str *fstr, + struct dir_context *ctx, struct list_head *ins_list); /* Used during directory logging. */ diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index 8d7c3c32ed8e..6b1ea32419fb 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -120,6 +120,9 @@ int btrfs_insert_dir_item(struct btrfs_trans_handle *trans, struct btrfs_disk_key disk_key; u32 data_size; + if (fname->crypto_buf.name) + type |= BTRFS_FT_FSCRYPT_NAME; + key.objectid = btrfs_ino(dir); key.type = BTRFS_DIR_ITEM_KEY; key.offset = btrfs_name_hash(fname); @@ -385,6 +388,18 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, u32 cur = 0; u32 this_len; struct extent_buffer *leaf; + bool encrypted = (fname->crypto_buf.name != NULL); + struct fscrypt_name unencrypted_fname; + + if (encrypted) { + unencrypted_fname = (struct fscrypt_name){ + .usr_fname = fname->usr_fname, + .disk_name = { + .name = (unsigned char *)fname->usr_fname->name, + .len = fname->usr_fname->len, + }, + }; + } leaf = path->nodes[0]; dir_item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dir_item); @@ -401,6 +416,14 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, return dir_item; } + if (encrypted && + btrfs_dir_name_len(leaf, dir_item) == fname_len(&unencrypted_fname) && + btrfs_fscrypt_match_name(&unencrypted_fname, leaf, + (unsigned long)(dir_item + 1), + dir_name_len)) { + return dir_item; + } + cur += this_len; dir_item = (struct btrfs_dir_item *)((char *)dir_item + this_len); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4c134a6486b3..1c7681d7770c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -4292,6 +4292,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, u64 index; u64 ino = btrfs_ino(inode); u64 dir_ino = btrfs_ino(dir); + u64 di_name_len; path = btrfs_alloc_path(); if (!path) { @@ -4304,6 +4305,13 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, ret = di ? PTR_ERR(di) : -ENOENT; goto err; } + + /* + * We have to read the actual name length off disk -- the fname + * provided may have been a nokey_name with uncertain length. + */ + di_name_len = btrfs_dir_name_len(path->nodes[0], di); + ret = btrfs_delete_one_dir_name(trans, root, path, di); if (ret) goto err; @@ -4371,7 +4379,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, if (ret) goto out; - btrfs_i_size_write(dir, dir->vfs_inode.i_size - fname_len(fname) * 2); + btrfs_i_size_write(dir, dir->vfs_inode.i_size - di_name_len * 2); inode_inc_iversion(&inode->vfs_inode); inode_inc_iversion(&dir->vfs_inode); inode->vfs_inode.i_ctime = current_time(&inode->vfs_inode); @@ -5882,12 +5890,25 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) struct btrfs_root *root = BTRFS_I(dir)->root; struct btrfs_root *sub_root = root; struct btrfs_key location; + struct fscrypt_name fname; u8 di_type = 0; int ret = 0; if (dentry->d_name.len > BTRFS_NAME_LEN) return ERR_PTR(-ENAMETOOLONG); + if (BTRFS_I(dir)->flags & BTRFS_INODE_FSCRYPT_CONTEXT) { + ret = fscrypt_prepare_lookup(dir, dentry, &fname); + if (ret) + return ERR_PTR(ret); + } else { + fname = (struct fscrypt_name) { + .usr_fname = &dentry->d_name, + .disk_name = FSTR_INIT((char *) dentry->d_name.name, + dentry->d_name.len), + }; + } + ret = btrfs_inode_by_name(dir, dentry, &location, &di_type); if (ret < 0) return ERR_PTR(ret); @@ -6029,18 +6050,32 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) struct list_head del_list; int ret; char *name_ptr; - int name_len; + u32 name_len; int entries = 0; int total_len = 0; bool put = false; struct btrfs_key location; + struct fscrypt_str fstr = FSTR_INIT(NULL, 0); + u32 fstr_len = 0; if (!dir_emit_dots(file, ctx)) return 0; + if (BTRFS_I(inode)->flags & BTRFS_INODE_FSCRYPT_CONTEXT) { + ret = fscrypt_prepare_readdir(inode); + if (ret) + return ret; + ret = fscrypt_fname_alloc_buffer(BTRFS_NAME_LEN, &fstr); + if (ret) + return ret; + fstr_len = fstr.len; + } + path = btrfs_alloc_path(); - if (!path) - return -ENOMEM; + if (!path) { + ret = -ENOMEM; + goto err_fstr; + } addr = private->filldir_buf; path->reada = READA_FORWARD; @@ -6058,6 +6093,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) struct dir_entry *entry; struct extent_buffer *leaf = path->nodes[0]; u8 di_flags; + u32 nokey_len; if (found_key.objectid != key.objectid) break; @@ -6069,8 +6105,13 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) continue; di = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dir_item); name_len = btrfs_dir_name_len(leaf, di); - if ((total_len + sizeof(struct dir_entry) + name_len) >= - PAGE_SIZE) { + nokey_len = DIV_ROUND_UP(name_len * 4, 3); + /* + * If name is encrypted, and we don't have the key, we could + * need up to 4/3rds the bytes to print it. + */ + if ((total_len + sizeof(struct dir_entry) + nokey_len) + >= PAGE_SIZE) { btrfs_release_path(path); ret = btrfs_filldir(private->filldir_buf, entries, ctx); if (ret) @@ -6084,8 +6125,36 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) di_flags = btrfs_dir_flags(leaf, di); entry = addr; name_ptr = (char *)(entry + 1); - read_extent_buffer(leaf, name_ptr, - (unsigned long)(di + 1), name_len); + if (di_flags & BTRFS_FT_FSCRYPT_NAME) { + struct fscrypt_str oname = FSTR_INIT(name_ptr, + nokey_len); + u32 hash = 0, minor_hash = 0; + + read_extent_buffer(leaf, fstr.name, + (unsigned long)(di + 1), name_len); + fstr.len = name_len; + /* + * We're iterating through DIR_INDEX items, so we don't + * have the DIR_ITEM hash handy. Only compute it if + * we'll need it. + */ + if (!fscrypt_has_encryption_key(inode)) { + struct fscrypt_name fname = { + .disk_name = fstr, + }; + u64 name_hash = btrfs_name_hash(&fname); + hash = name_hash; + minor_hash = name_hash >> 32; + } + ret = fscrypt_fname_disk_to_usr(inode, hash, minor_hash, + &fstr, &oname); + if (ret) + goto err; + name_len = oname.len; + } else { + read_extent_buffer(leaf, name_ptr, + (unsigned long)(di + 1), name_len); + } put_unaligned(name_len, &entry->name_len); put_unaligned( fs_ftype_to_dtype(btrfs_dir_flags_to_ftype(di_flags)), @@ -6107,7 +6176,8 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (ret) goto nopos; - ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list); + fstr.len = fstr_len; + ret = btrfs_readdir_delayed_dir_index(inode, &fstr, ctx, &ins_list); if (ret) goto nopos; @@ -6138,6 +6208,8 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (put) btrfs_readdir_put_delayed_items(inode, &ins_list, &del_list); btrfs_free_path(path); +err_fstr: + fscrypt_fname_free_buffer(&fstr); return ret; } From patchwork Tue Sep 6 00:35:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966714 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98843C6FA89 for ; Tue, 6 Sep 2022 00:36:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236740AbiIFAgW (ORCPT ); Mon, 5 Sep 2022 20:36:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232443AbiIFAgU (ORCPT ); Mon, 5 Sep 2022 20:36:20 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF84A69F79; Mon, 5 Sep 2022 17:36:16 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id A93ED8110B; Mon, 5 Sep 2022 20:36:15 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424576; bh=7VNVWD57bUAXf7XFVwOtp6xmJqBVUDMudAM7tl6rGpQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sHAmd+qb3wKLZEiqeQxdcEX1aPiTZt5f9qX2sBRGi7CxP6C0AO2LRnPM0a3zSQUxH sjfvgyiugvaiPSZoWKD7q9fl/pikbprN4e63WM+vOsrbwnFI2kpJSm2WHNeWpss/Ie nHXjOtjSR0Iu3pVcTuOmdFGYstpqLeeaXlNwLLo58Gen4RDH09IBYtcebDsZ0P3GPV cDTMzDebTQM760R1WK5scLaAtKyOfIhdIezbMI3O4lKa4Ug0Z4iLDjpAfES0QURMlR q71M6ocmMJ5/+S9Ztdk0TrdBdY1+LmcmiarFL/Nu6+Wb+n+lv54qtlht3WU+vJAnPd kdItrqtd8KhPQ== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 19/20] btrfs: encrypt normal file extent data if appropriate Date: Mon, 5 Sep 2022 20:35:34 -0400 Message-Id: <947e7f9899e2562063034587613c779ff3eac34a.1662420176.git.sweettea-kernel@dorminy.me> In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval Add in the necessary calls to encrypt and decrypt data to achieve encryption of normal data. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/extent_io.c | 56 ++++++++++++++++++++++++++++++++++++----- fs/btrfs/file-item.c | 9 +++++-- fs/btrfs/fscrypt.c | 23 ++++++++++++++++- fs/btrfs/tree-checker.c | 11 +++++--- 4 files changed, 87 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index a467a7553bd9..8adcee599844 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -183,6 +183,7 @@ static void submit_one_bio(struct btrfs_bio_ctrl *bio_ctrl) { struct bio *bio; struct bio_vec *bv; + struct page *first_page; struct inode *inode; int mirror_num; @@ -191,13 +192,17 @@ static void submit_one_bio(struct btrfs_bio_ctrl *bio_ctrl) bio = bio_ctrl->bio; bv = bio_first_bvec_all(bio); - inode = bv->bv_page->mapping->host; + first_page = bio_first_page_all(bio); + if (fscrypt_is_bounce_page(first_page)) + inode = fscrypt_pagecache_page(first_page)->mapping->host; + else + inode = first_page->mapping->host; mirror_num = bio_ctrl->mirror_num; /* Caller should ensure the bio has at least some range added */ ASSERT(bio->bi_iter.bi_size); - btrfs_bio(bio)->file_offset = page_offset(bv->bv_page) + bv->bv_offset; + btrfs_bio(bio)->file_offset = page_offset(first_page) + bv->bv_offset; if (!is_data_inode(inode)) btrfs_submit_metadata_bio(inode, bio, mirror_num); @@ -2810,9 +2815,19 @@ static void end_bio_extent_writepage(struct btrfs_bio *bbio) ASSERT(!bio_flagged(bio, BIO_CLONED)); bio_for_each_segment_all(bvec, bio, iter_all) { struct page *page = bvec->bv_page; - struct inode *inode = page->mapping->host; - struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); - const u32 sectorsize = fs_info->sectorsize; + struct inode *inode; + struct btrfs_fs_info *fs_info; + u32 sectorsize; + struct page *bounce_page = NULL; + + if (fscrypt_is_bounce_page(page)) { + bounce_page = page; + page = fscrypt_pagecache_page(bounce_page); + } + + inode = page->mapping->host; + fs_info = btrfs_sb(inode->i_sb); + sectorsize = fs_info->sectorsize; /* Our read/write should always be sector aligned. */ if (!IS_ALIGNED(bvec->bv_offset, sectorsize)) @@ -2833,7 +2848,7 @@ static void end_bio_extent_writepage(struct btrfs_bio *bbio) } end_extent_writepage(page, error, start, end); - + fscrypt_free_bounce_page(bounce_page); btrfs_page_clear_writeback(fs_info, page, start, bvec->bv_len); } @@ -3029,6 +3044,17 @@ static void end_bio_extent_readpage(struct btrfs_bio *bbio) } } + if (likely(uptodate)) { + if (fscrypt_inode_uses_fs_layer_crypto(inode)) { + int ret = fscrypt_decrypt_pagecache_blocks(page, + bvec->bv_len, + bvec->bv_offset); + if (ret) { + error_bitmap = (unsigned int) -1; + uptodate = false; + } + } + } if (likely(uptodate)) { loff_t i_size = i_size_read(inode); pgoff_t end_index = i_size >> PAGE_SHIFT; @@ -3364,11 +3390,29 @@ static int submit_extent_page(blk_opf_t opf, bool force_bio_submit) { int ret = 0; + struct page *bounce_page = NULL; struct btrfs_inode *inode = BTRFS_I(page->mapping->host); unsigned int cur = pg_offset; ASSERT(bio_ctrl); + if ((opf & REQ_OP_MASK) == REQ_OP_WRITE && + fscrypt_inode_uses_fs_layer_crypto(&inode->vfs_inode)) { + gfp_t gfp_flags = GFP_NOFS; + + if (bio_ctrl->bio) + gfp_flags = GFP_NOWAIT | __GFP_NOWARN; + else + gfp_flags = GFP_NOFS; + bounce_page = fscrypt_encrypt_pagecache_blocks(page, size, + pg_offset, + gfp_flags); + if (IS_ERR(bounce_page)) + return PTR_ERR(bounce_page); + page = bounce_page; + pg_offset = 0; + } + ASSERT(pg_offset < PAGE_SIZE && size <= PAGE_SIZE && pg_offset + size <= PAGE_SIZE); if (force_bio_submit) diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index ec2950656ddc..4a2a5cf73e9b 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -663,8 +663,13 @@ blk_status_t btrfs_csum_one_bio(struct btrfs_inode *inode, struct bio *bio, shash->tfm = fs_info->csum_shash; bio_for_each_segment(bvec, bio, iter) { - if (use_page_offsets) - offset = page_offset(bvec.bv_page) + bvec.bv_offset; + if (use_page_offsets) { + struct page *page = bvec.bv_page; + + if (fscrypt_is_bounce_page(page)) + page = fscrypt_pagecache_page(page); + offset = page_offset(page) + bvec.bv_offset; + } if (!ordered) { ordered = btrfs_lookup_ordered_extent(inode, offset); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index c52a5a8788dd..edde09d22b7a 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -200,7 +200,28 @@ static int btrfs_fscrypt_get_extent_context(const struct inode *inode, size_t *extent_offset, size_t *extent_length) { - return len; + u64 offset = lblk_num << inode->i_blkbits; + struct extent_map *em; + + /* Since IO must be in progress on this extent, this must succeed */ + em = btrfs_get_extent(BTRFS_I(inode), NULL, 0, offset, PAGE_SIZE); + if (em) { + int ret = em->fscrypt_context.len; + if (ctx) + memcpy(ctx, em->fscrypt_context.buffer, + em->fscrypt_context.len); + + if (extent_offset) + *extent_offset + = (offset - em->start) >> inode->i_blkbits; + + if (extent_length) + *extent_length = em->len >> inode->i_blkbits; + + free_extent_map(em); + return ret; + } + return -EINVAL; } static int btrfs_fscrypt_set_extent_context(void *extent, void *ctx, diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index a78b2882df1b..3115acdc360f 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -273,9 +273,14 @@ static int check_extent_data_item(struct extent_buffer *leaf, return -EUCLEAN; } - /* Compressed inline extent has no on-disk size, skip it */ - if (btrfs_file_extent_compression(leaf, fi) != - BTRFS_COMPRESS_NONE) + /* + * Compressed inline extent has no on-disk size; encrypted has + * variable size; skip them + */ + if ((btrfs_file_extent_compression(leaf, fi) != + BTRFS_COMPRESS_NONE) || + (btrfs_file_extent_encryption(leaf, fi) != + BTRFS_ENCRYPTION_NONE)) return 0; /* Uncompressed inline extent size must match item size */ From patchwork Tue Sep 6 00:35:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sweet Tea Dorminy X-Patchwork-Id: 12966715 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 775A2C6FA8B for ; Tue, 6 Sep 2022 00:36:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231345AbiIFAgY (ORCPT ); Mon, 5 Sep 2022 20:36:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232482AbiIFAgU (ORCPT ); Mon, 5 Sep 2022 20:36:20 -0400 Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 171D06A4A8; Mon, 5 Sep 2022 17:36:17 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 6CB93803C8; Mon, 5 Sep 2022 20:36:17 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1662424577; bh=1njMgtLMCKXOazQmPtODjiDRbsI7pkHmvUqzqv2QlzQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QLl6XHHXZEOC7+yXnJk9vm158tW3yVanxuBp90+1t715oUoj3it0Y667AVpqdmZtN KT0OZuqGyKi8qAEI0ZD7+KE6WKqlDaSAGENzlYFZ0p/gxl5AoOAljomNds7Xk452a5 331hJyaq5+lawr/3mA3Iecef46Dq5Q5XOvyRd/se6k8U3Vs69p43ACeOPPOx46D9vO ZmQPOz7n651yHf4U+uuFfrctCjrz7GRPbc6LEAcElpzX/0BFmH3KsbvNkvTRG+Rg7m T8MF3ZypyzNYMgftT+km4+t/zLZpo56sWK6H7VEPkI16xGXI4RYddsWybzKDH4WrTZ OSEqn6uXW7X0Q== From: Sweet Tea Dorminy To: "Theodore Y. Ts'o" , Jaegeuk Kim , Eric Biggers , Chris Mason , Josef Bacik , David Sterba , linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v2 20/20] btrfs: implement fscrypt ioctls Date: Mon, 5 Sep 2022 20:35:35 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org From: Omar Sandoval These ioctls allow encryption to be set up. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy --- fs/btrfs/ioctl.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 708e514aca25..ea1c14b26206 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -5457,6 +5457,34 @@ long btrfs_ioctl(struct file *file, unsigned int return btrfs_ioctl_get_fslabel(fs_info, argp); case FS_IOC_SETFSLABEL: return btrfs_ioctl_set_fslabel(file, argp); + case FS_IOC_SET_ENCRYPTION_POLICY: { + if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) + return -EOPNOTSUPP; + if (sb_rdonly(fs_info->sb)) + return -EROFS; + /* + * If we crash before we commit, nothing encrypted could have + * been written so it doesn't matter whether the encrypted + * state persists. + */ + btrfs_set_fs_incompat(fs_info, FSCRYPT); + return fscrypt_ioctl_set_policy(file, (const void __user *)arg); + } + case FS_IOC_GET_ENCRYPTION_POLICY: + return fscrypt_ioctl_get_policy(file, (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_POLICY_EX: + return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg); + case FS_IOC_ADD_ENCRYPTION_KEY: + return fscrypt_ioctl_add_key(file, (void __user *)arg); + case FS_IOC_REMOVE_ENCRYPTION_KEY: + return fscrypt_ioctl_remove_key(file, (void __user *)arg); + case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: + return fscrypt_ioctl_remove_key_all_users(file, + (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_KEY_STATUS: + return fscrypt_ioctl_get_key_status(file, (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_NONCE: + return fscrypt_ioctl_get_nonce(file, (void __user *)arg); case FITRIM: return btrfs_ioctl_fitrim(fs_info, argp); case BTRFS_IOC_SNAP_CREATE: