9848856fe1
* refs/heads/tmp-3f51ea2
Linux 4.4.133
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
hfsplus: stop workqueue when fill_super() failed
cfg80211: limit wiphy names to 128 bytes
gpio: rcar: Add Runtime PM handling for interrupts
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
dmaengine: ensure dmaengine helpers check valid callback
scsi: zfcp: fix infinite iteration on ERP ready list
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
scsi: libsas: defer ata device eh commands to libata
s390: use expoline thunks in the BPF JIT
s390: extend expoline to BC instructions
s390: move spectre sysfs attribute code
s390/kernel: use expoline for indirect branches
s390/lib: use expoline for indirect branches
s390: move expoline assembler macros to a header
s390: add assembler macros for CPU alternatives
ext2: fix a block leak
tcp: purge write queue in tcp_connect_init()
sock_diag: fix use-after-free read in __sk_free
packet: in packet_snd start writing at link layer allocation
net: test tailroom before appending to linear skb
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: fix crash when trying to resume balance without the resume flag
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
mm: don't allow deferred pages with NEED_PER_CPU_KM
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
procfs: fix pthread cross-thread naming if !PR_DUMPABLE
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
cpufreq: intel_pstate: Enable HWP by default
signals: avoid unnecessary taking of sighand->siglock
mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
mm: filemap: remove redundant code in do_read_cache_page
proc: meminfo: estimate available memory more conservatively
vmscan: do not force-scan file lru if its absolute size is small
powerpc: Don't preempt_disable() in show_cpuinfo()
cpuidle: coupled: remove unused define cpuidle_coupled_lock
powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
powerpc/powernv: Remove OPALv2 firmware define and references
powerpc/powernv: panic() on OPAL < V3
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
kernel/exit.c: avoid undefined behaviour when calling wait4()
futex: futex_wake_op, fix sign_extend32 sign bits
pipe: cap initial pipe capacity according to pipe-max-size limit
l2tp: revert "l2tp: fix missing print session offset info"
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
lockd: lost rollback of set_grace_period() in lockd_down_net()
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
futex: Remove duplicated code and fix undefined behaviour
futex: Remove unnecessary warning from get_futex_key
arm64: Add work around for Arm Cortex-A55 Erratum 1024718
arm64: introduce mov_q macro to move a constant into a 64-bit register
audit: move calcs after alloc and check when logging set loginuid
ALSA: timer: Call notifier in the same spinlock
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
tcp: ignore Fast Open on repair mode
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net/mlx4_en: Verify coalescing parameters are in range
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
cgroup: Disable IRQs while holding css_set_lock
Revert "cgroup: Disable IRQs while holding css_set_lock"
cgroup: Disable IRQs while holding css_set_lock
ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
x86: vdso: Fix leaky vdso linker with CC=clang.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Fix path to clang.
UPSTREAM: dm bufio: avoid sleeping while holding the dm_bufio lock
ANDROID: sdcardfs: Don't d_drop in d_revalidate
Conflicts:
arch/arm64/include/asm/cputype.h
fs/ext4/crypto.c
fs/ext4/ext4.h
kernel/cgroup.c
mm/vmscan.c
Change-Id: Ic10c5722b6439af1cf423fd949c493f786764d7e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
173 lines
4.4 KiB
C
173 lines
4.4 KiB
C
/*
|
|
* linux/fs/ext4/ext4_crypto.h
|
|
*
|
|
* Copyright (C) 2015, Google, Inc.
|
|
*
|
|
* This contains encryption header content for ext4
|
|
*
|
|
* Written by Michael Halcrow, 2015.
|
|
*/
|
|
|
|
#ifndef _EXT4_CRYPTO_H
|
|
#define _EXT4_CRYPTO_H
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/pfk.h>
|
|
|
|
#define EXT4_KEY_DESCRIPTOR_SIZE 8
|
|
|
|
/* Policy provided via an ioctl on the topmost directory */
|
|
struct ext4_encryption_policy {
|
|
char version;
|
|
char contents_encryption_mode;
|
|
char filenames_encryption_mode;
|
|
char flags;
|
|
char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
|
|
} __attribute__((__packed__));
|
|
|
|
#define EXT4_ENCRYPTION_CONTEXT_FORMAT_V1 1
|
|
#define EXT4_KEY_DERIVATION_NONCE_SIZE 16
|
|
|
|
#define EXT4_POLICY_FLAGS_PAD_4 0x00
|
|
#define EXT4_POLICY_FLAGS_PAD_8 0x01
|
|
#define EXT4_POLICY_FLAGS_PAD_16 0x02
|
|
#define EXT4_POLICY_FLAGS_PAD_32 0x03
|
|
#define EXT4_POLICY_FLAGS_PAD_MASK 0x03
|
|
#define EXT4_POLICY_FLAGS_VALID 0x03
|
|
|
|
/**
|
|
* Encryption context for inode
|
|
*
|
|
* Protector format:
|
|
* 1 byte: Protector format (1 = this version)
|
|
* 1 byte: File contents encryption mode
|
|
* 1 byte: File names encryption mode
|
|
* 1 byte: Reserved
|
|
* 8 bytes: Master Key descriptor
|
|
* 16 bytes: Encryption Key derivation nonce
|
|
*/
|
|
struct ext4_encryption_context {
|
|
char format;
|
|
char contents_encryption_mode;
|
|
char filenames_encryption_mode;
|
|
char flags;
|
|
char master_key_descriptor[EXT4_KEY_DESCRIPTOR_SIZE];
|
|
char nonce[EXT4_KEY_DERIVATION_NONCE_SIZE];
|
|
} __attribute__((__packed__));
|
|
|
|
/* Encryption parameters */
|
|
#define EXT4_XTS_TWEAK_SIZE 16
|
|
#define EXT4_AES_128_ECB_KEY_SIZE 16
|
|
#define EXT4_AES_256_GCM_KEY_SIZE 32
|
|
#define EXT4_AES_256_ECB_KEY_SIZE 32
|
|
#define EXT4_AES_256_CBC_KEY_SIZE 32
|
|
#define EXT4_AES_256_CTS_KEY_SIZE 32
|
|
#define EXT4_AES_256_HEH_KEY_SIZE 32
|
|
#define EXT4_AES_256_XTS_KEY_SIZE 64
|
|
#define EXT4_PRIVATE_KEY_SIZE 64
|
|
#define EXT4_MAX_KEY_SIZE 64
|
|
|
|
#define EXT4_KEY_DESC_PREFIX "ext4:"
|
|
#define EXT4_KEY_DESC_PREFIX_SIZE 5
|
|
|
|
/* This is passed in from userspace into the kernel keyring */
|
|
struct ext4_encryption_key {
|
|
__u32 mode;
|
|
char raw[EXT4_MAX_KEY_SIZE];
|
|
__u32 size;
|
|
} __attribute__((__packed__));
|
|
|
|
struct ext4_crypt_info {
|
|
char ci_data_mode;
|
|
char ci_filename_mode;
|
|
char ci_flags;
|
|
struct crypto_ablkcipher *ci_ctfm;
|
|
struct key *ci_keyring_key;
|
|
char ci_master_key[EXT4_KEY_DESCRIPTOR_SIZE];
|
|
char ci_raw_key[EXT4_MAX_KEY_SIZE];
|
|
};
|
|
|
|
|
|
|
|
#define EXT4_CTX_REQUIRES_FREE_ENCRYPT_FL 0x00000001
|
|
#define EXT4_WRITE_PATH_FL 0x00000002
|
|
|
|
struct ext4_crypto_ctx {
|
|
union {
|
|
struct {
|
|
struct page *bounce_page; /* Ciphertext page */
|
|
struct page *control_page; /* Original page */
|
|
} w;
|
|
struct {
|
|
struct bio *bio;
|
|
struct work_struct work;
|
|
} r;
|
|
struct list_head free_list; /* Free list */
|
|
};
|
|
char flags; /* Flags */
|
|
char mode; /* Encryption mode for tfm */
|
|
};
|
|
|
|
struct ext4_completion_result {
|
|
struct completion completion;
|
|
int res;
|
|
};
|
|
|
|
#define DECLARE_EXT4_COMPLETION_RESULT(ecr) \
|
|
struct ext4_completion_result ecr = { \
|
|
COMPLETION_INITIALIZER((ecr).completion), 0 }
|
|
|
|
static inline int ext4_encryption_key_size(int mode)
|
|
{
|
|
switch (mode) {
|
|
case EXT4_ENCRYPTION_MODE_AES_256_XTS:
|
|
case EXT4_ENCRYPTION_MODE_PRIVATE:
|
|
return EXT4_AES_256_XTS_KEY_SIZE;
|
|
case EXT4_ENCRYPTION_MODE_AES_256_GCM:
|
|
return EXT4_AES_256_GCM_KEY_SIZE;
|
|
case EXT4_ENCRYPTION_MODE_AES_256_CBC:
|
|
return EXT4_AES_256_CBC_KEY_SIZE;
|
|
case EXT4_ENCRYPTION_MODE_AES_256_CTS:
|
|
return EXT4_AES_256_CTS_KEY_SIZE;
|
|
case EXT4_ENCRYPTION_MODE_AES_256_HEH:
|
|
return EXT4_AES_256_HEH_KEY_SIZE;
|
|
case EXT4_ENCRYPTION_MODE_SPECK128_256_XTS:
|
|
return 64;
|
|
case EXT4_ENCRYPTION_MODE_SPECK128_256_CTS:
|
|
return 32;
|
|
default:
|
|
BUG();
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
#define EXT4_FNAME_NUM_SCATTER_ENTRIES 4
|
|
#define EXT4_CRYPTO_BLOCK_SIZE 16
|
|
#define EXT4_FNAME_CRYPTO_DIGEST_SIZE 32
|
|
|
|
struct ext4_str {
|
|
unsigned char *name;
|
|
u32 len;
|
|
};
|
|
|
|
/**
|
|
* For encrypted symlinks, the ciphertext length is stored at the beginning
|
|
* of the string in little-endian format.
|
|
*/
|
|
struct ext4_encrypted_symlink_data {
|
|
__le16 len;
|
|
char encrypted_path[1];
|
|
} __attribute__((__packed__));
|
|
|
|
/**
|
|
* This function is used to calculate the disk space required to
|
|
* store a filename of length l in encrypted symlink format.
|
|
*/
|
|
static inline u32 encrypted_symlink_data_len(u32 l)
|
|
{
|
|
if (l < EXT4_CRYPTO_BLOCK_SIZE)
|
|
l = EXT4_CRYPTO_BLOCK_SIZE;
|
|
return (l + sizeof(struct ext4_encrypted_symlink_data) - 1);
|
|
}
|
|
|
|
#endif /* _EXT4_CRYPTO_H */
|