lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 30 Apr 2022 22:08:50 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net
Cc:     Lukas Czerner <lczerner@...hat.com>, Theodore Ts'o <tytso@....edu>,
        Jaegeuk Kim <jaegeuk@...nel.org>,
        Jeff Layton <jlayton@...nel.org>
Subject: [PATCH v2 0/7] test_dummy_encryption fixes and cleanups

This series cleans up and fixes the way that ext4 and f2fs handle the
test_dummy_encryption mount option:

- Patches 1-2 make test_dummy_encryption consistently require that the
  'encrypt' feature flag already be enabled and that
  CONFIG_FS_ENCRYPTION be enabled.  Note, this will cause xfstest
  ext4/053 to start failing; my xfstests patch "ext4/053: update the
  test_dummy_encryption tests" will fix that.

- Patches 3-7 replace the fscrypt_set_test_dummy_encryption() helper
  function with new functions that work properly with the new mount API,
  by splitting up the parsing, checking, and applying steps.  These fix
  bugs that were introduced when ext4 started using the new mount API.

We can either take all these patches through the fscrypt tree, or we can
take them in multiple cycles as follows:

    1. patch 1 via ext4, patch 2 via f2fs, patch 3-4 via fscrypt
    2. patch 5 via ext4, patch 6 via f2fs
    3. patch 7 via fscrypt

Ted and Jaegeuk, let me know what you prefer.

Changed v1 => v2:
    - Added patches 2-7
    - Also reject test_dummy_encryption when !CONFIG_FS_ENCRYPTION

Eric Biggers (7):
  ext4: only allow test_dummy_encryption when supported
  f2fs: reject test_dummy_encryption when !CONFIG_FS_ENCRYPTION
  fscrypt: factor out fscrypt_policy_to_key_spec()
  fscrypt: add new helper functions for test_dummy_encryption
  ext4: fix up test_dummy_encryption handling for new mount API
  f2fs: use the updated test_dummy_encryption helper functions
  fscrypt: remove fscrypt_set_test_dummy_encryption()

 fs/crypto/fscrypt_private.h |   6 +-
 fs/crypto/keyring.c         |  64 +++++++++++---
 fs/crypto/keysetup.c        |  20 +----
 fs/crypto/policy.c          | 121 +++++++++++++------------
 fs/ext4/ext4.h              |   6 --
 fs/ext4/super.c             | 172 ++++++++++++++++++++----------------
 fs/f2fs/super.c             |  28 ++++--
 include/linux/fscrypt.h     |  41 ++++++++-
 8 files changed, 280 insertions(+), 178 deletions(-)


base-commit: 8013d1d3d2e33236dee13a133fba49ad55045e79
-- 
2.36.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ