Skip to content

Commit 17b9e38

Browse files
committed
Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux
Pull fscrypt updates from Eric Biggers: "Adjust the timing of the fscrypt keyring destruction, to prepare for btrfs's fscrypt support. Also document that CephFS supports fscrypt now" * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux: fs: move fscrypt keyring destruction to after ->put_super f2fs: move release of block devices to after kill_block_super() fscrypt: document that CephFS supports fscrypt now fscrypt: update comment for do_remove_key() fscrypt.rst: update definition of struct fscrypt_context_v2
2 parents 49f4810 + 2a0e857 commit 17b9e38

File tree

5 files changed

+29
-25
lines changed

5 files changed

+29
-25
lines changed

Documentation/filesystems/fscrypt.rst

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,15 @@ However, except for filenames, fscrypt does not encrypt filesystem
3131
metadata.
3232

3333
Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated
34-
directly into supported filesystems --- currently ext4, F2FS, and
35-
UBIFS. This allows encrypted files to be read and written without
36-
caching both the decrypted and encrypted pages in the pagecache,
37-
thereby nearly halving the memory used and bringing it in line with
38-
unencrypted files. Similarly, half as many dentries and inodes are
39-
needed. eCryptfs also limits encrypted filenames to 143 bytes,
40-
causing application compatibility issues; fscrypt allows the full 255
41-
bytes (NAME_MAX). Finally, unlike eCryptfs, the fscrypt API can be
42-
used by unprivileged users, with no need to mount anything.
34+
directly into supported filesystems --- currently ext4, F2FS, UBIFS,
35+
and CephFS. This allows encrypted files to be read and written
36+
without caching both the decrypted and encrypted pages in the
37+
pagecache, thereby nearly halving the memory used and bringing it in
38+
line with unencrypted files. Similarly, half as many dentries and
39+
inodes are needed. eCryptfs also limits encrypted filenames to 143
40+
bytes, causing application compatibility issues; fscrypt allows the
41+
full 255 bytes (NAME_MAX). Finally, unlike eCryptfs, the fscrypt API
42+
can be used by unprivileged users, with no need to mount anything.
4343

4444
fscrypt does not support encrypting files in-place. Instead, it
4545
supports marking an empty directory as encrypted. Then, after
@@ -1382,7 +1382,8 @@ directory.) These structs are defined as follows::
13821382
u8 contents_encryption_mode;
13831383
u8 filenames_encryption_mode;
13841384
u8 flags;
1385-
u8 __reserved[4];
1385+
u8 log2_data_unit_size;
1386+
u8 __reserved[3];
13861387
u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
13871388
u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
13881389
};

fs/crypto/Kconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ config FS_ENCRYPTION
1111
feature is similar to ecryptfs, but it is more memory
1212
efficient since it avoids caching the encrypted and
1313
decrypted pages in the page cache. Currently Ext4,
14-
F2FS and UBIFS make use of this feature.
14+
F2FS, UBIFS, and CephFS make use of this feature.
1515

1616
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
1717
# allows the algorithms to be built as modules when all the filesystems are,

fs/crypto/keyring.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1002,9 +1002,9 @@ static int try_to_lock_encrypted_files(struct super_block *sb,
10021002
* FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the
10031003
* key itself.
10041004
*
1005-
* To "remove the key itself", first we wipe the actual master key secret, so
1006-
* that no more inodes can be unlocked with it. Then we try to evict all cached
1007-
* inodes that had been unlocked with the key.
1005+
* To "remove the key itself", first we transition the key to the "incompletely
1006+
* removed" state, so that no more inodes can be unlocked with it. Then we try
1007+
* to evict all cached inodes that had been unlocked with the key.
10081008
*
10091009
* If all inodes were evicted, then we unlink the fscrypt_master_key from the
10101010
* keyring. Otherwise it remains in the keyring in the "incompletely removed"

fs/f2fs/super.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,12 +1717,10 @@ static void f2fs_put_super(struct super_block *sb)
17171717

17181718
kvfree(sbi->ckpt);
17191719

1720-
sb->s_fs_info = NULL;
17211720
if (sbi->s_chksum_driver)
17221721
crypto_free_shash(sbi->s_chksum_driver);
17231722
kfree(sbi->raw_super);
17241723

1725-
destroy_device_list(sbi);
17261724
f2fs_destroy_page_array_cache(sbi);
17271725
f2fs_destroy_xattr_caches(sbi);
17281726
mempool_destroy(sbi->write_io_dummy);
@@ -1738,7 +1736,6 @@ static void f2fs_put_super(struct super_block *sb)
17381736
#if IS_ENABLED(CONFIG_UNICODE)
17391737
utf8_unload(sb->s_encoding);
17401738
#endif
1741-
kfree(sbi);
17421739
}
17431740

17441741
int f2fs_sync_fs(struct super_block *sb, int sync)
@@ -4902,9 +4899,9 @@ static struct dentry *f2fs_mount(struct file_system_type *fs_type, int flags,
49024899

49034900
static void kill_f2fs_super(struct super_block *sb)
49044901
{
4905-
if (sb->s_root) {
4906-
struct f2fs_sb_info *sbi = F2FS_SB(sb);
4902+
struct f2fs_sb_info *sbi = F2FS_SB(sb);
49074903

4904+
if (sb->s_root) {
49084905
set_sbi_flag(sbi, SBI_IS_CLOSE);
49094906
f2fs_stop_gc_thread(sbi);
49104907
f2fs_stop_discard_thread(sbi);
@@ -4931,6 +4928,12 @@ static void kill_f2fs_super(struct super_block *sb)
49314928
sb->s_flags &= ~SB_RDONLY;
49324929
}
49334930
kill_block_super(sb);
4931+
/* Release block devices last, after fscrypt_destroy_keyring(). */
4932+
if (sbi) {
4933+
destroy_device_list(sbi);
4934+
kfree(sbi);
4935+
sb->s_fs_info = NULL;
4936+
}
49344937
}
49354938

49364939
static struct file_system_type f2fs_fs_type = {

fs/super.c

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -637,12 +637,6 @@ void generic_shutdown_super(struct super_block *sb)
637637
fsnotify_sb_delete(sb);
638638
security_sb_delete(sb);
639639

640-
/*
641-
* Now that all potentially-encrypted inodes have been evicted,
642-
* the fscrypt keyring can be destroyed.
643-
*/
644-
fscrypt_destroy_keyring(sb);
645-
646640
if (sb->s_dio_done_wq) {
647641
destroy_workqueue(sb->s_dio_done_wq);
648642
sb->s_dio_done_wq = NULL;
@@ -651,6 +645,12 @@ void generic_shutdown_super(struct super_block *sb)
651645
if (sop->put_super)
652646
sop->put_super(sb);
653647

648+
/*
649+
* Now that all potentially-encrypted inodes have been evicted,
650+
* the fscrypt keyring can be destroyed.
651+
*/
652+
fscrypt_destroy_keyring(sb);
653+
654654
if (CHECK_DATA_CORRUPTION(!list_empty(&sb->s_inodes),
655655
"VFS: Busy inodes after unmount of %s (%s)",
656656
sb->s_id, sb->s_type->name)) {

0 commit comments

Comments
 (0)