1. 13 8月, 2019 13 次提交
    • E
      fscrypt: move v1 policy key setup to keysetup_v1.c · 0109ce76
      Eric Biggers 提交于
      In preparation for introducing v2 encryption policies which will find
      and derive encryption keys differently from the current v1 encryption
      policies, move the v1 policy-specific key setup code from keyinfo.c into
      keysetup_v1.c.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      0109ce76
    • E
      fscrypt: refactor key setup code in preparation for v2 policies · 3ec4f2a6
      Eric Biggers 提交于
      Do some more refactoring of the key setup code, in preparation for
      introducing a filesystem-level keyring and v2 encryption policies:
      
      - Now that ci_inode exists, don't pass around the inode unnecessarily.
      
      - Define a function setup_file_encryption_key() which handles the crypto
        key setup given an under-construction fscrypt_info.  Don't pass the
        fscrypt_context, since everything is in the fscrypt_info.
        [This will be extended for v2 policies and the fs-level keyring.]
      
      - Define a function fscrypt_set_derived_key() which sets the per-file
        key, without depending on anything specific to v1 policies.
        [This will also be used for v2 policies.]
      
      - Define a function fscrypt_setup_v1_file_key() which takes the raw
        master key, thus separating finding the key from using it.
        [This will also be used if the key is found in the fs-level keyring.]
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      3ec4f2a6
    • E
      fscrypt: rename fscrypt_master_key to fscrypt_direct_key · a828daab
      Eric Biggers 提交于
      In preparation for introducing a filesystem-level keyring which will
      contain fscrypt master keys, rename the existing 'struct
      fscrypt_master_key' to 'struct fscrypt_direct_key'.  This is the
      structure in the existing table of master keys that's maintained to
      deduplicate the crypto transforms for v1 DIRECT_KEY policies.
      
      I've chosen to keep this table as-is rather than make it automagically
      add/remove the keys to/from the filesystem-level keyring, since that
      would add a lot of extra complexity to the filesystem-level keyring.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      a828daab
    • E
      fscrypt: add ->ci_inode to fscrypt_info · 59dc6a8e
      Eric Biggers 提交于
      Add an inode back-pointer to 'struct fscrypt_info', such that
      inode->i_crypt_info->ci_inode == inode.
      
      This will be useful for:
      
      1. Evicting the inodes when a fscrypt key is removed, since we'll track
         the inodes using a given key by linking their fscrypt_infos together,
         rather than the inodes directly.  This avoids bloating 'struct inode'
         with a new list_head.
      
      2. Simplifying the per-file key setup, since the inode pointer won't
         have to be passed around everywhere just in case something goes wrong
         and it's needed for fscrypt_warn().
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      59dc6a8e
    • E
      fscrypt: use FSCRYPT_* definitions, not FS_* · 3b6df59b
      Eric Biggers 提交于
      Update fs/crypto/ to use the new names for the UAPI constants rather
      than the old names, then make the old definitions conditional on
      !__KERNEL__.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      3b6df59b
    • E
      fscrypt: use FSCRYPT_ prefix for uapi constants · 2336d0de
      Eric Biggers 提交于
      Prefix all filesystem encryption UAPI constants except the ioctl numbers
      with "FSCRYPT_" rather than with "FS_".  This namespaces the constants
      more appropriately and makes it clear that they are related specifically
      to the filesystem encryption feature, and to the 'fscrypt_*' structures.
      With some of the old names like "FS_POLICY_FLAGS_VALID", it was not
      immediately clear that the constant had anything to do with encryption.
      
      This is also useful because we'll be adding more encryption-related
      constants, e.g. for the policy version, and we'd otherwise have to
      choose whether to use unclear names like FS_POLICY_V1 or inconsistent
      names like FS_ENCRYPTION_POLICY_V1.
      
      For source compatibility with existing userspace programs, keep the old
      names defined as aliases to the new names.
      
      Finally, as long as new names are being defined anyway, I skipped
      defining new names for the fscrypt mode numbers that aren't actually
      used: INVALID (0), AES_256_GCM (2), AES_256_CBC (3), SPECK128_256_XTS
      (7), and SPECK128_256_CTS (8).
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      2336d0de
    • E
      fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h> · 7af0ab0d
      Eric Biggers 提交于
      More fscrypt definitions are being added, and we shouldn't use a
      disproportionate amount of space in <linux/fs.h> for fscrypt stuff.
      So move the fscrypt definitions to a new header <linux/fscrypt.h>.
      
      For source compatibility with existing userspace programs, <linux/fs.h>
      still includes the new header.
      Reviewed-by: NTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      7af0ab0d
    • E
      fscrypt: use ENOPKG when crypto API support missing · 29a98c1c
      Eric Biggers 提交于
      Return ENOPKG rather than ENOENT when trying to open a file that's
      encrypted using algorithms not available in the kernel's crypto API.
      
      This avoids an ambiguity, since ENOENT is also returned when the file
      doesn't exist.
      
      Note: this is the same approach I'm taking for fs-verity.
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      29a98c1c
    • E
      fscrypt: improve warnings for missing crypto API support · a4d14e91
      Eric Biggers 提交于
      Users of fscrypt with non-default algorithms will encounter an error
      like the following if they fail to include the needed algorithms into
      the crypto API when configuring the kernel (as per the documentation):
      
          Error allocating 'adiantum(xchacha12,aes)' transform: -2
      
      This requires that the user figure out what the "-2" error means.
      Make it more friendly by printing a warning like the following instead:
      
          Missing crypto API support for Adiantum (API name: "adiantum(xchacha12,aes)")
      
      Also upgrade the log level for *other* errors to KERN_ERR.
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      a4d14e91
    • E
      fscrypt: improve warning messages for unsupported encryption contexts · 63f668f0
      Eric Biggers 提交于
      When fs/crypto/ encounters an inode with an invalid encryption context,
      currently it prints a warning if the pair of encryption modes are
      unrecognized, but it's silent if there are other problems such as
      unsupported context size, format, or flags.  To help people debug such
      situations, add more warning messages.
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      63f668f0
    • E
      fscrypt: make fscrypt_msg() take inode instead of super_block · 886da8b3
      Eric Biggers 提交于
      Most of the warning and error messages in fs/crypto/ are for situations
      related to a specific inode, not merely to a super_block.  So to make
      things easier, make fscrypt_msg() take an inode rather than a
      super_block, and make it print the inode number.
      
      Note: This is the same approach I'm taking for fsverity_msg().
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      886da8b3
    • E
      fscrypt: clean up base64 encoding/decoding · 1c5100a2
      Eric Biggers 提交于
      Some minor cleanups for the code that base64 encodes and decodes
      encrypted filenames and long name digests:
      
      - Rename "digest_{encode,decode}()" => "base64_{encode,decode}()" since
        they are used for filenames too, not just for long name digests.
      - Replace 'while' loops with more conventional 'for' loops.
      - Use 'u8' for binary data.  Keep 'char' for string data.
      - Fully constify the lookup table (pointer was not const).
      - Improve comment.
      
      No actual change in behavior.
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      1c5100a2
    • E
      fscrypt: remove loadable module related code · 75798f85
      Eric Biggers 提交于
      Since commit 643fa961 ("fscrypt: remove filesystem specific build
      config option"), fs/crypto/ can no longer be built as a loadable module.
      Thus it no longer needs a module_exit function, nor a MODULE_LICENSE.
      So remove them, and change module_init to late_initcall.
      Reviewed-by: NChandan Rajendra <chandan@linux.ibm.com>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      75798f85
  2. 05 8月, 2019 9 次提交
  3. 04 8月, 2019 8 次提交
    • M
      kconfig: Clear "written" flag to avoid data loss · 0c5b6c28
      M. Vefa Bicakci 提交于
      Prior to this commit, starting nconfig, xconfig or gconfig, and saving
      the .config file more than once caused data loss, where a .config file
      that contained only comments would be written to disk starting from the
      second save operation.
      
      This bug manifests itself because the SYMBOL_WRITTEN flag is never
      cleared after the first call to conf_write, and subsequent calls to
      conf_write then skip all of the configuration symbols due to the
      SYMBOL_WRITTEN flag being set.
      
      This commit resolves this issue by clearing the SYMBOL_WRITTEN flag
      from all symbols before conf_write returns.
      
      Fixes: 8e2442a5 ("kconfig: fix missing choice values in auto.conf")
      Cc: linux-stable <stable@vger.kernel.org> # 4.19+
      Signed-off-by: NM. Vefa Bicakci <m.v.b@runbox.com>
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      0c5b6c28
    • L
      Merge tag 'xtensa-20190803' of git://github.com/jcmvbkbc/linux-xtensa · d8778f13
      Linus Torvalds 提交于
      Pull Xtensa fix from Max Filippov:
       "Fix build for xtensa cores with coprocessors that was broken by
        entry/return abstraction patch"
      
      * tag 'xtensa-20190803' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: fix build for cores with coprocessors
      d8778f13
    • L
      Merge branch 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · cf6c8aef
      Linus Torvalds 提交于
      Pull i2c fixes from Wolfram Sang:
       "A set of driver fixes for the I2C subsystem"
      
      * 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: s3c2410: Mark expected switch fall-through
        i2c: at91: fix clk_offset for sama5d2
        i2c: at91: disable TXRDY interrupt after sending data
        i2c: iproc: Fix i2c master read more than 63 bytes
        eeprom: at24: make spd world-readable again
      cf6c8aef
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8b7fd679
      Linus Torvalds 提交于
      Pull perf tooling fixes from Thomas Gleixner:
       "A set of updates for perf tools and documentation:
      
        perf header:
          - Prevent a division by zero
          - Deal with an uninitialized warning proper
      
        libbpf:
          - Fix the missiong __WORDSIZE definition for musl & al
      
        UAPI headers:
          - Synchronize kernel headers
      
        Documentation:
          - Fix the memory units for perf.data size"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        libbpf: fix missing __WORDSIZE definition
        perf tools: Fix perf.data documentation units for memory size
        perf header: Fix use of unitialized value warning
        perf header: Fix divide by zero error if f_header.attr_size==0
        tools headers UAPI: Sync if_link.h with the kernel
        tools headers UAPI: Sync sched.h with the kernel
        tools headers UAPI: Sync usbdevice_fs.h with the kernels to get new ioctl
        tools perf beauty: Fix usbdevfs_ioctl table generator to handle _IOC()
        tools headers UAPI: Update tools's copy of drm.h headers
        tools headers UAPI: Update tools's copy of mman.h headers
        tools headers UAPI: Update tools's copy of kvm.h headers
        tools include UAPI: Sync x86's syscalls_64.tbl and generic unistd.h to pick up clone3 and pidfd_open
      8b7fd679
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0432a0a0
      Linus Torvalds 提交于
      Pull vdso timer fixes from Thomas Gleixner:
       "A series of commits to deal with the regression caused by the generic
        VDSO implementation.
      
        The usage of clock_gettime64() for 32bit compat fallback syscalls
        caused seccomp filters to kill innocent processes because they only
        allow clock_gettime().
      
        Handle the compat syscalls with clock_gettime() as before, which is
        not a functional problem for the VDSO as the legacy compat application
        interface is not y2038 safe anyway. It's just extra fallback code
        which needs to be implemented on every architecture.
      
        It's opt in for now so that it does not break the compile of already
        converted architectures in linux-next. Once these are fixed, the
        #ifdeffery goes away.
      
        So much for trying to be smart and reuse code..."
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        arm64: compat: vdso: Use legacy syscalls as fallback
        x86/vdso/32: Use 32bit syscall fallback
        lib/vdso/32: Provide legacy syscall fallbacks
        lib/vdso: Move fallback invocation to the callers
        lib/vdso/32: Remove inconsistent NULL pointer checks
      0432a0a0
    • L
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · af42e745
      Linus Torvalds 提交于
      Pull irq fixes from Thomas Gleixner:
       "A small bunch of fixes from the irqchip department:
      
         - Fix a couple of UAF on error paths (RZA1, GICv3 ITS)
      
         - Fix iMX GPCv2 trigger setting
      
         - Add missing of_node_put() on error path in MBIGEN
      
         - Add another bunch of /* fall-through */ to silence warnings"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/renesas-rza1: Fix an use-after-free in rza1_irqc_probe()
        irqchip/irq-imx-gpcv2: Forward irq type to parent
        irqchip/irq-mbigen: Add of_node_put() before return
        irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail
        irqchip/gic-v3: Mark expected switch fall-through
      af42e745
    • L
      Merge tag 'xfs-5.3-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · e12b243d
      Linus Torvalds 提交于
      Pull xfs fixes from Darrick Wong:
      
       - Avoid leaking kernel stack contents to userspace
      
       - Fix a potential null pointer dereference in the dabtree scrub code
      
      * tag 'xfs-5.3-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: Fix possible null-pointer dereferences in xchk_da_btree_block_check_sibling()
        xfs: fix stack contents leakage in the v1 inumber ioctls
      e12b243d
    • L
      Merge branch 'akpm' (patches from Andrew) · b7aea68a
      Linus Torvalds 提交于
      Merge misc fixes from Andrew Morton:
       "17 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        drivers/acpi/scan.c: document why we don't need the device_hotplug_lock
        memremap: move from kernel/ to mm/
        lib/test_meminit.c: use GFP_ATOMIC in RCU critical section
        asm-generic: fix -Wtype-limits compiler warnings
        cgroup: kselftest: relax fs_spec checks
        mm/memory_hotplug.c: remove unneeded return for void function
        mm/migrate.c: initialize pud_entry in migrate_vma()
        coredump: split pipe command whitespace before expanding template
        page flags: prioritize kasan bits over last-cpuid
        ubsan: build ubsan.c more conservatively
        kasan: remove clang version check for KASAN_STACK
        mm: compaction: avoid 100% CPU usage during compaction when a task is killed
        mm: migrate: fix reference check race between __find_get_block() and migration
        mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab shrinker
        ocfs2: remove set but not used variable 'last_hash'
        Revert "kmemleak: allow to coexist with fault injection"
        kernel/signal.c: fix a kernel-doc markup
      b7aea68a
  4. 03 8月, 2019 10 次提交