This reverts commit 5fa9472bc2.
Reason for revert: <INSERT REASONING HERE>
OP9R kernel code separate from OP8 kernel code
Change-Id: If1a8b9197a0323f9dd0929e73998e1ebe66297d6
In case of legaacy data encryption mode, block crypto key allocated
for file encryption was not freed when inode is evicted or destroyed
as crypto data do not own the key. So free the blk crpto key
explicitly in case legacy data encryption mode is used.
Change-Id: Ia860edc7c67516bf8fa47b6e3241ce068a09492b
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
There could be a potential race between these two paths below,
leading to use-after-free when accessing bio->bi_crypt_context.
f2fs_write_cache_pages
->f2fs_do_write_data_page on page#1
->f2fs_inplace_write_data
->f2fs_merge_page_bio
->add_bio_entry
->f2fs_do_write_data_page on page#2
->f2fs_inplace_write_data
->f2fs_merge_page_bio
->f2fs_crypt_mergeable_bio
->fscrypt_mergeable_bio
f2fs_write_begin on page#1
->f2fs_wait_on_page_writeback
->f2fs_submit_merged_ipu_write
->__submit_bio
The bio gets completed, calling
bio_endio
->bio_uninit
->bio_crypt_free_ctx
->use-after-free issue
Fix this by moving f2fs_crypt_mergeable_bio() check within
add_ipu_page() so that it's done under bio_list_lock to prevent
the above race.
Change-Id: I0ea667d6c749f2db9aefd85924eb347504495ef0
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
With the existing fscrypt IV generation methods, each file's data blocks
have contiguous DUNs. Therefore the direct I/O code "just worked"
because it only submits logically contiguous bios. But with
IV_INO_LBLK_32, the direct I/O code breaks because the DUN can wrap from
0xffffffff to 0. We can't submit bios across such boundaries.
This is especially difficult to handle when block_size != PAGE_SIZE,
since in that case the DUN can wrap in the middle of a page. Punt on
this case for now and just handle block_size == PAGE_SIZE.
Add and use a new function fscrypt_dio_supported() to check whether a
direct I/O request is unsupported due to encryption constraints.
Then, update fs/direct-io.c (used by f2fs, and by ext4 in kernel v5.4
and earlier) and fs/iomap/direct-io.c (used by ext4 in kernel v5.5 and
later) to avoid submitting I/O across a DUN discontinuity.
(This is needed in ACK now because ACK already supports direct I/O with
inline crypto. I'll be sending this upstream along with the encrypted
direct I/O support itself once its prerequisites are closer to landing.)
(cherry picked from android-mainline commit
8d6c90c9d68b985fa809626d12f8c9aff3c9dcb1)
Conflicts:
fs/ext4/file.c
fs/iomap/direct-io.c
(Dropped the iomap changes because in kernel v5.4 and earlier,
ext4 doesn't use iomap for direct I/O)
Test: For now, just manually tested direct I/O on ext4 and f2fs in the
DUN discontinuity case.
Bug: 144046242
Change-Id: I0c0b0b20a73ade35c3660cc6f9c09d49d3853ba5
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: cfc3461a042917428d07b10cea65de860d30a046
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: Back port the change]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
The eMMC inline crypto standard will only specify 32 DUN bits (a.k.a. IV
bits), unlike UFS's 64. IV_INO_LBLK_64 is therefore not applicable, but
an encryption format which uses one key per policy and permits the
moving of encrypted file contents (as f2fs's garbage collector requires)
is still desirable.
To support such hardware, add a new encryption format IV_INO_LBLK_32
that makes the best use of the 32 bits: the IV is set to
'SipHash-2-4(inode_number) + file_logical_block_number mod 2^32', where
the SipHash key is derived from the fscrypt master key. We hash only
the inode number and not also the block number, because we need to
maintain contiguity of DUNs to merge bios.
Unlike with IV_INO_LBLK_64, with this format IV reuse is possible; this
is unavoidable given the size of the DUN. This means this format should
only be used where the requirements of the first paragraph apply.
However, the hash spreads out the IVs in the whole usable range, and the
use of a keyed hash makes it difficult for an attacker to determine
which files use which IVs.
Besides the above differences, this flag works like IV_INO_LBLK_64 in
that on ext4 it is only allowed if the stable_inodes feature has been
enabled to prevent inode numbers and the filesystem UUID from changing.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20200515204141.251098-1-ebiggers@kernel.org
(Resolved conflicts with inline encryption support. Besides the
necessary "straightforward" merge resolutions, also made
fscrypt_get_dun_bytes() aware of IV_INO_LBLK_32 and made IV_INO_LBLK_32
usable with wrapped keys.)
Test: 'atest vts_kernel_encryption_test' on Cuttlefish with
the IV_INO_LBLK_32 test added (http://aosp/1315024).
Also tested enabling this in the fstab for Cuttlefish
(using http://aosp/1315886).
Also ran 'kvm-xfstests -c ext4,f2fs -g encrypt', including my
work-in-progress xfstest for IV_INO_LBLK_32.
Bug: 144046242
Change-Id: I57df71d502bde0475efc906a0812102063ff2f2a
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: 4286f44beab330d7b4b64238568a14bfd49c9ac6
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: back ported and fixed the merged conflict]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Make fscrypt set dun_bytes to only what it actually needs, so that it
can make use of inline crypto hardware in more cases.
Bug: 144046242
Bug: 153512828
Change-Id: I36f90ea6b64ef51a9d58ffb069d2cba74965c239
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: 4dfb761caea026f9ef4f0616f95cdb9d72bc1e39
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: Back port the change]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Backport a fix from the v7 inline crypto patchset which ensures that the
block layer knows the number of DUN bytes the inline encryption hardware
supports, so that hardware isn't used when it shouldn't be.
(This unfortunately means introducing some increasing long argument
lists; this was all already fixed up in later versions of the patchset.)
To avoid breaking the KMI for drivers, don't add a dun_bytes argument to
keyslot_manager_create() but rather allow drivers to call
keyslot_manager_set_max_dun_bytes() to override the default. Also,
don't add dun_bytes as a new field in 'struct blk_crypto_key' but rather
pack it into the existing 'hash' field which is for block layer use.
Bug: 144046242
Bug: 153512828
Change-Id: I285f36557fb3eafc5f2f64727ef1740938b59dd7
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: 5da8f890a91beddfa809a3c39333d59586c30424
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: back port the changes]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
* refs/heads/tmp-248555d:
Linux 4.19.113
staging: greybus: loopback_test: fix potential path truncations
staging: greybus: loopback_test: fix potential path truncation
drm/bridge: dw-hdmi: fix AVI frame colorimetry
arm64: smp: fix crash_smp_send_stop() behaviour
arm64: smp: fix smp_send_stop() behaviour
ALSA: hda/realtek: Fix pop noise on ALC225
Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF"
Revert "vrf: mark skb for multicast or link-local as enslaved to VRF"
futex: Unbreak futex hashing
futex: Fix inode life-time issue
kbuild: Disable -Wpointer-to-enum-cast
iio: light: vcnl4000: update sampling periods for vcnl4200
USB: cdc-acm: fix rounding error in TIOCSSERIAL
USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
x86/mm: split vmalloc_sync_all()
page-flags: fix a crash at SetPageError(THP_SWAP)
mm, slub: prevent kmalloc_node crashes and memory leaks
mm: slub: be more careful about the double cmpxchg of freelist
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
drm/lease: fix WARNING in idr_destroy
drm/amd/amdgpu: Fix GPR read from debugfs (v2)
btrfs: fix log context list corruption after rename whiteout error
xhci: Do not open code __print_symbolic() in xhci trace events
rtc: max8907: add missing select REGMAP_IRQ
intel_th: pci: Add Elkhart Lake CPU support
intel_th: Fix user-visible error codes
staging/speakup: fix get_word non-space look-ahead
staging: greybus: loopback_test: fix poll-mask build breakage
staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
mmc: rtsx_pci: Fix support for speed-modes that relies on tuning
iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
iio: magnetometer: ak8974: Fix negative raw values in sysfs
iio: trigger: stm32-timer: disable master mode when stopping
iio: st_sensors: remap SMO8840 to LIS2DH12
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
ALSA: pcm: oss: Avoid plugin buffer overflow
ALSA: seq: oss: Fix running status after receiving sysex
ALSA: seq: virmidi: Fix running status after receiving sysex
ALSA: line6: Fix endless MIDI read loop
usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
USB: serial: pl2303: add device-id for HP LD381
usb: host: xhci-plat: add a shutdown
USB: serial: option: add ME910G1 ECM composition 0x110b
usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
USB: Disable LPM on WD19's Realtek Hub
parse-maintainers: Mark as executable
block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
xenbus: req->err should be updated before req->state
xenbus: req->body should be updated before req->state
drm/amd/display: fix dcc swath size calculations on dcn1
drm/amd/display: Clear link settings on MST disable connector
riscv: avoid the PIC offset of static percpu data in module beyond 2G limits
dm integrity: use dm_bio_record and dm_bio_restore
dm bio record: save/restore bi_end_io and bi_integrity
altera-stapl: altera_get_note: prevent write beyond end of 'key'
drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
drm/exynos: dsi: fix workaround for the legacy clock name
drm/exynos: dsi: propagate error value and silence meaningless warning
spi/zynqmp: remove entry that causes a cs glitch
spi: pxa2xx: Add CS control clock quirk
ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
powerpc: Include .BTF section
spi: qup: call spi_qup_pm_resume_runtime before suspending
drm/mediatek: Find the cursor plane instead of hard coding it
ANDROID: ABI: Update ABI with CONFIG_SOC_BUS enabled
ANDROID: GKI: Add CONFIG_SOC_BUS to gki_defconfig
ANDROID: kbuild: do not merge .section..* into .section in modules
ANDROID: scsi: ufs: add ->map_sg_crypto() variant op
ANDROID: GKI: Update ABI after fixing vm_event_item diffs
ANDROID: GKI: mm: vmstat: add pageoutclean
ANDROID: GKI: mm: add struct/enum fields for SPECULATIVE_PAGE_FAULTS
ANDROID: GKI: Update ABI after fixing mm diffs
ANDROID: GKI: Add write_pending and max_writes fields to swap_info_struct
ANDROID: GKI: memblock: Add memblock_overlaps_memory() to fix ABI diff
ANDROID: GKI: net: remove conditional members causing ABI diffs
ANDROID: GKI: mm: introduce NR_UNRECLAIMABLE_PAGES
ANDROID: GKI: Update ABI
ANDROID: GKI: sound: soc: Resolve ABI diff for struct snd_compr_stream
ANDROID: GKI: sound: pcm: Add field hw_no_buffer to snd_pcm_substream
ANDROID: GKI: ALSA: core: Add snd_soc_card_change_online_state() API
ANDROID: GKI: SoC: core: Introduce macro SOC_SINGLE_MULTI_EXT
ANDROID: GKI: ALSA: PCM: User control API implementation
ANDROID: GKI: ALSA: PCM: volume API implementation
ANDROID: GKI: kernel: tick-sched: Add API to get the next wakeup for a CPU
ANDROID: GKI: extcon: Add extcon_register_blocking_notifier API.
UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
ANDROID: ABI: Update abi after enabling CONFIG_USB_PHY
ANDROID: GKI: Enable CONFIG_USB_PHY for usb drivers like dwc3
UPSTREAM: driver core: Add device link support for SYNC_STATE_ONLY flag
ANDROID: Conflict fix for merging 4.19.112
Conflicts:
arch/arm64/kernel/smp.c
drivers/extcon/extcon.c
include/linux/extcon.h
include/linux/mm.h
include/linux/mm_types.h
include/linux/vm_event_item.h
include/sound/core.h
kernel/time/tick-sched.c
mm/vmstat.c
sound/core/init.c
sound/soc/soc-core.c
Change-Id: Ibffc219e0859b7d5c9580c930664eea5b822a704
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-417d28a:
Reverting rmnet, incrementalfs changes from android-4.19.112
UPSTREAM: driver core: Add device link support for SYNC_STATE_ONLY flag
Revert "ANDROID: driver core: Add device link support for SYNC_STATE_ONLY flag"
ANDROID: update the ABI xml representation
ANDROID: GKI: Enable V4L2 hidden configs
Linux 4.19.112
ipv4: ensure rcu_read_lock() in cipso_v4_error()
efi: Fix debugobjects warning on 'efi_rts_work'
HID: google: add moonball USB id
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
ARM: 8958/1: rename missed uaccess .fixup section
ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
driver core: Fix creation of device links with PM-runtime flags
driver core: Remove device link creation limitation
driver core: Add device link flag DL_FLAG_AUTOPROBE_CONSUMER
driver core: Make driver core own stateful device links
driver core: Fix adding device links to probing suppliers
driver core: Remove the link if there is no driver with AUTO flag
mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning
wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
wimax: i2400: fix memory leak
jbd2: fix data races at struct journal_head
sfc: fix timestamp reconstruction at 16-bit rollover points
net: rmnet: fix packet forwarding in rmnet bridge mode
net: rmnet: fix bridge mode bugs
net: rmnet: use upper/lower device infrastructure
net: rmnet: do not allow to change mux id if mux id is duplicated
net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device()
net: rmnet: fix suspicious RCU usage
net: rmnet: fix NULL pointer dereference in rmnet_changelink()
net: rmnet: fix NULL pointer dereference in rmnet_newlink()
hinic: fix a bug of setting hw_ioctxt
hinic: fix a irq affinity bug
slip: not call free_netdev before rtnl_unlock in slip_open
signal: avoid double atomic counter increments for user accounting
mac80211: rx: avoid RCU list traversal under mutex
net: ks8851-ml: Fix IRQ handling and locking
net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
scsi: libfc: free response frame from GPN_ID
cfg80211: check reg_rule for NULL in handle_channel_custom()
HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override
HID: apple: Add support for recent firmware on Magic Keyboards
ACPI: watchdog: Allow disabling WDAT at boot
mmc: host: Fix Kconfig warnings on keystone_defconfig
mmc: sdhci-omap: Workaround errata regarding SDR104/HS200 tuning failures (i929)
mmc: sdhci-omap: Add platform specific reset callback
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
ANDROID: GKI: Enable CONFIG_BACKLIGHT_CLASS_DEVICE in gki_defconfig
ANDROID: Incremental fs: Add INCFS_IOC_PERMIT_FILL
ANDROID: Incremental fs: Remove signature checks from kernel
ANDROID: Incremental fs: Pad hash blocks
ANDROID: Incremental fs: Make fill block an ioctl
ANDROID: Incremental fs: Remove all access_ok checks
Conflicts:
net/qrtr/qrtr.c
Change-Id: I8148fa8ed43dfc13b2ee6333573df1d93b14db87
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-bfe2901:
Linux 4.19.111
batman-adv: Avoid free/alloc race when handling OGM2 buffer
efi: Add a sanity check to efivar_store_raw()
net/smc: cancel event worker during device removal
net/smc: check for valid ib_client_data
ipv6: restrict IPV6_ADDRFORM operation
i2c: acpi: put device when verifying client fails
iommu/vt-d: Ignore devices with out-of-spec domain number
iommu/vt-d: Fix the wrong printing in RHSA parsing
netfilter: nft_tunnel: add missing attribute validation for tunnels
netfilter: nft_payload: add missing attribute validation for payload csum flags
netfilter: cthelper: add missing attribute validation for cthelper
perf bench futex-wake: Restore thread count default to online CPU count
nl80211: add missing attribute validation for channel switch
nl80211: add missing attribute validation for beacon report scanning
nl80211: add missing attribute validation for critical protocol indication
i2c: gpio: suppress error on probe defer
drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
pinctrl: core: Remove extra kref_get which blocks hogs being freed
pinctrl: meson-gxl: fix GPIOX sdio pins
batman-adv: Don't schedule OGM for disabled interface
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/dma: Fix MSI reservation allocation
x86/mce: Fix logic and comments around MSR_PPIN_CTL
mt76: fix array overflow on receiving too many fragments for a packet
efi: Make efi_rts_work accessible to efi page fault handler
efi: Fix a race and a buffer overflow while reading efivars via sysfs
macintosh: windfarm: fix MODINFO regression
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
KVM: x86: clear stale x86_emulate_ctxt->intercept value
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
cifs_atomic_open(): fix double-put on late allocation failure
ktest: Add timeout for ssh sync testing
drm/amd/display: remove duplicated assignment to grph_obj_type
workqueue: don't use wq_select_unbound_cpu() for bound works
netfilter: x_tables: xt_mttg_seq_next should increase position index
netfilter: xt_recent: recent_seq_next should increase position index
netfilter: synproxy: synproxy_cpu_seq_next should increase position index
netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
virtio-blk: fix hw_queue stopped on arbitrary error
iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
cgroup: Iterate tasks that did not finish do_exit()
cgroup: cgroup_procs_next should increase position index
macvlan: add cond_resched() during multicast processing
net: fec: validate the new settings in fec_enet_set_coalesce()
slip: make slhc_compress() more robust against malicious packets
bonding/alb: make sure arp header is pulled before accessing it
devlink: validate length of region addr/len
tipc: add missing attribute validation for MTU property
net/ipv6: remove the old peer route if change it to a new one
net/ipv6: need update peer route when modify metric
selftests/net/fib_tests: update addr_metric_test for peer route testing
net: phy: fix MDIO bus PM PHY resuming
nfc: add missing attribute validation for vendor subcommand
nfc: add missing attribute validation for deactivate target
nfc: add missing attribute validation for SE API
team: add missing attribute validation for array index
team: add missing attribute validation for port ifindex
net: fq: add missing attribute validation for orphan mask
macsec: add missing attribute validation for port
can: add missing attribute validation for termination
nl802154: add missing attribute validation for dev_type
nl802154: add missing attribute validation
fib: add missing attribute validation for tun_id
devlink: validate length of param values
net: memcg: fix lockdep splat in inet_csk_accept()
net: memcg: late association of sock to memcg
cgroup: memcg: net: do not associate sock with unrelated cgroup
bnxt_en: reinitialize IRQs when MTU is modified
sfc: detach from cb_page in efx_copy_channel()
r8152: check disconnect status after long sleep
net: systemport: fix index check to avoid an array out of bounds access
net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used
net/packet: tpacket_rcv: do not increment ring index on drop
net: nfc: fix bounds checking bugs on "pipe"
net: macsec: update SCI upon MAC address change.
netlink: Use netlink header as base to calculate bad attribute offset
net/ipv6: use configured metric when add peer route
ipvlan: don't deref eth hdr before checking it's set
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: do not add hardware address of master to its unicast filter list
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
inet_diag: return classid for all socket types
gre: fix uninit-value in __iptunnel_pull_header
cgroup, netclassid: periodically release file_lock on classid updating
net: phy: Avoid multiple suspends
phy: Revert toggling reset changes.
ANDROID: kbuild: fix module linker script flags for LTO
ANDROID: kbuild: avoid excessively long argument lists
UPSTREAM: cgroup: Iterate tasks that did not finish do_exit()
ANDROID: update the ABI xml representation
Revert "ANDROID: gki_defconfig: Temporarily disable CFI"
ANDROID: GKI: dma-buf: Add support for XXX_cpu_access_umapped ops
ANDROID: GKI: dma-buf: Add support to set a destructor on a dma-buf
ANDROID: GKI: dma-buf: use spinlock to protect set/get name operation
ANDROID: GKI: dma-buf: Add support to get flags associated with a buffer
ANDROID: GKI: dma-buf: Add support for mapping buffers with DMA attributes
ANDROID: GKI: dma-buf: Add support for partial cache maintenance
ANDROID: GKI: arm64: mm: Support setting removed_dma_ops in arch_setup_dma_ops
ANDROID: GKI: drivers: Add dma removed ops
ANDROID: GKI: add dma_map_ops remap/unremap operations
ANDROID: Add build.config files for ARM 32-bit
ANDROID: GKI: update abi due to CONFIG_JUMP_LABEL being enabled
ANDROID: GKI: enable CONFIG_JUMP_LABEL
ANDROID: Add build.config.gki-debug.x86_64
ANDROID: Add build.config.gki-debug.aarch64
Conflicts:
arch/arm64/mm/dma-mapping.c
drivers/dma-buf/dma-buf.c
include/linux/dma-buf.h
include/linux/dma-mapping.h
kernel/dma/removed.c
Change-Id: Ib51bde74d4edba43447c670e9a8d5f9fd3691db2
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This change is for general scheduler improvements.
Change-Id: Iaefb893a84055748be7f2108179e3b869ac00318
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
When the filesystem is mounted with '-o inlinecrypt', make fscrypt fall
back to filesystem-layer crypto when inline crypto won't work, e.g. due
to the hardware not supporting the encryption algorithm.
When blk-crypto-fallback is disabled, this fixes '-o inlinecrypt' to not
break any fscrypt policies that would otherwise work.
This is needed for VtsKernelEncryptionTest to pass on some devices.
Bug: 137270441
Bug: 151100202
Test: 'atest vts_kernel_encryption_test' on Pixel 4 with the
inline crypto patches backported, and also on Cuttlefish.
Change-Id: I3e730df4608efb12d7126d1a85faddcccb566764
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: b30501efe96dcd05211d7fc9daf64400dd9cc32b
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: Back port the change]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
We need a way to tell which type of keys the inline crypto hardware
supports (standard, wrapped, or both), so that fallbacks can be used
when needed (either blk-crypto-fallback, or fscrypt fs-layer crypto).
We can't simply assume that
keyslot_mgmt_ll_ops::derive_raw_secret == NULL
means only standard keys are supported and that
keyslot_mgmt_ll_ops::derive_raw_secret != NULL
means that only wrapped keys are supported, because device-mapper
devices always implement this method. Also, hardware might support both
types of keys.
Therefore, add a field keyslot_manager::features which contains a
bitmask of flags which indicate the supported types of keys. Drivers
will need to fill this in. This patch makes the UFS standard crypto
code set BLK_CRYPTO_FEATURE_STANDARD_KEYS, but UFS variant drivers may
need to set BLK_CRYPTO_FEATURE_WRAPPED_KEYS instead.
Then, make keyslot_manager_crypto_mode_supported() take the key type
into account.
Bug: 137270441
Bug: 151100202
Test: 'atest vts_kernel_encryption_test' on Pixel 4 with the
inline crypto patches backported, and also on Cuttlefish.
Change-Id: Ied846c2767c1fd2f438792dcfd3649157e68b005
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: 8f078b1b3aae280f240a75d27457e5e76dd0a92a
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.19
[neersoni@codeaurora.org: key capability parameter added for ufs and emmc]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
This new ioctl retrieves a file's encryption nonce, which is useful for
testing. See the corresponding fs/crypto/ patch for more details.
Link: https://lore.kernel.org/r/20200314205052.93294-4-ebiggers@kernel.org
Bug: 151100202
Change-Id: I26037efc77774c04951da887d8557a15ce6a23ed
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: ee446e1af4ff90945e2273ae0af322b8b745b8cc
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[neersoni@codeaurora.org: Back port the change]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
This new ioctl retrieves a file's encryption nonce, which is useful for
testing. See the corresponding fs/crypto/ patch for more details.
Link: https://lore.kernel.org/r/20200314205052.93294-3-ebiggers@kernel.org
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Bug: 151100202
Change-Id: I85350aed66285b92444d37c8cd840fb03d2ca25d
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: 7ec9f3b47aba0fe715bf3472ed80e91c37970363
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[neersoni@codeaurora.org: Back port the change]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Add an ioctl FS_IOC_GET_ENCRYPTION_NONCE which retrieves the nonce from
an encrypted file or directory. The nonce is the 16-byte random value
stored in the inode's encryption xattr. It is normally used together
with the master key to derive the inode's actual encryption key.
The nonces are needed by automated tests that verify the correctness of
the ciphertext on-disk. Except for the IV_INO_LBLK_64 case, there's no
way to replicate a file's ciphertext without knowing that file's nonce.
The nonces aren't secret, and the existing ciphertext verification tests
in xfstests retrieve them from disk using debugfs or dump.f2fs. But in
environments that lack these debugging tools, getting the nonces by
manually parsing the filesystem structure would be very hard.
To make this important type of testing much easier, let's just add an
ioctl that retrieves the nonce.
Link: https://lore.kernel.org/r/20200314205052.93294-2-ebiggers@kernel.org
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Bug: 151100202
Change-Id: Ieef2c57b9257ae38eb2e5c1a018ca6f325bb62dd
Signed-off-by: Eric Biggers <ebiggers@google.com>
Git-commit: e98ad464750c0894bc560d10503dae8ff90ccdac
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[neersoni@codeaurora.org: Back port the changes]
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
f2fs_inode_info.flags is unsigned long variable, it has 32 bits
in 32bit architecture, since we introduced FI_MMAP_FILE flag
when we support data compression, we may access memory cross
the border of .flags field, corrupting .i_sem field, result in
below deadlock.
To fix this issue, let's expand .flags as an array to grab enough
space to store new flags.
Call Trace:
__schedule+0x8d0/0x13fc
? mark_held_locks+0xac/0x100
schedule+0xcc/0x260
rwsem_down_write_slowpath+0x3ab/0x65d
down_write+0xc7/0xe0
f2fs_drop_nlink+0x3d/0x600 [f2fs]
f2fs_delete_inline_entry+0x300/0x440 [f2fs]
f2fs_delete_entry+0x3a1/0x7f0 [f2fs]
f2fs_unlink+0x500/0x790 [f2fs]
vfs_unlink+0x211/0x490
do_unlinkat+0x483/0x520
sys_unlink+0x4a/0x70
do_fast_syscall_32+0x12b/0x683
entry_SYSENTER_32+0xaa/0x102.
Fixes: 4c8ff7095bef ("f2fs: support data compression")
Change-Id: Ie5ca85763a81cc95ff261863b85958ce6ffbac48
Tested-by: Ondrej Jirman <megous@megous.com>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Git-commit: 7653b9d87516ed65e112d2273c65eca6f97d0a27
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Incremental fs appears to not depend on pkcs7 anymore.
Bug: 151584760
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Change-Id: I809b4b5651d84ca70fd8bf837765e33df8547418
Signed-off-by: Paul Lawrence <paullawrence@google.com>
(cherry picked from commit 83c1d9116ec0d695b02f36cda51f305257718e09)
Git-commit: fbc40a92dd99e60b4ebd6197844497d6ca4afb2d
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
This reverts commit ab185e45f637ba0b0239268f1130890c8837981d.
This change used the PageChecked flag to mark the Merkle tree as
checked. However, f2fs uses this internally. This caused file system
hangs on devices after installs.
Test: incfs_test passes, installs no longer hang
Bug: 157589629
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I980a700d65eb4f4a77434715d61dda4b8e80658c
Git-commit: e2ca3e718475d1c9f5f33bfe00b85c85d92a141b
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
Waking up the waiters accounts for 80+% of the total logging
time, and about 40% of overall read_single_page() with no
signature verification. By throttling it to once every 16ms
we get back all read performance, reduce the waiter's CPU
usage and still leave it enough time to pull the logs out.
Bug: 155996534
Test: adb install megacity.apk & dd from the installed apk
Signed-off-by: Yurii Zubrytskyi <zyy@google.com>
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I4a118dc226d7ca318cf099ba3e239f0120bb23c2
Git-commit: 66e25802074e9c43cc6335e6b7ec594c107e0690
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
If an incfs file is created, then the file system is sync'd,on opening
the incfs file inode_set reads the size from the backing file from
within iget5_locked, causing this error.
Test: incfs_test passes, this no longer occurs
Bug: 156413528
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I8939c4afa514d39d251c044d7680cfc69272669e
Git-commit: c92446c89fbca55c7d15fcc37cd47c4d218c4a35
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
With a verified file (use incfs_perf to create a verified file), throughput
measured using dd after dropping caches increases from 200M/s to 290M/s
Test: incfs_test passes
Bug: 155996534
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I7abb5ad92e4167f82f3452acc9db322fec8307dd
Git-commit: adb33b84e30e8027026d2aa1a2136d013b115d31
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
As was, chmod would change the cached inode's mode, which would
persist until the inode was uncached.
Fix to change mode of backing file, but make sure mount files
are read only, backing files are always writeable.
Test: App no longer fails with incfs errors
Bug: 154972299
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I40517331f24329484387c6b880f1517f887b29f6
(cherry picked from commit fe4fae35fe307a15cacc5e6693a98bf5140e643b)
Git-commit: c7c8c61370be22f6308ac7c8707ce53c91ebeb10
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
incfs only syncs at createfile time. This was making createfile take
a very long time. It also appears to offer little actual value -
whether we flush or no, if the device crashes the header will be
partial.
Bug: 15356649
Test: incfs_test passes, createfile takes less than half the time
Change-Id: I8f1fa138226868ebfb4a6a41254444af453070c8
Signed-off-by: Paul Lawrence <paullawrence@google.com>
(cherry picked from commit 4cc78c93ada6d0d8744c5b1ae12fddb50ea6a620)
Git-commit: 298fe8e641251176a4ef0e531be13f7d0d09738b
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
