diff mbox series

[RFC,3/4] fs: make fscrypt support a f2fs config option

Message ID 20221110141225.2308856-4-ndevos@redhat.com (mailing list archive)
State Rejected
Headers show
Series fs: provide per-filesystem options to disable fscrypt | expand

Commit Message

Niels de Vos Nov. 10, 2022, 2:12 p.m. UTC
Add CONFIG_F2FS_FS_ENCRYPTION as a config option, which depends on the
global CONFIG_FS_ENCRYPTION setting. This makes it possible to opt-out
of fscrypt for f2fs, while enabling it for others.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 fs/crypto/Kconfig |  1 +
 fs/f2fs/Kconfig   | 15 +++++++++++++--
 fs/f2fs/data.c    |  2 +-
 fs/f2fs/dir.c     |  6 +++---
 fs/f2fs/f2fs.h    |  6 +++---
 fs/f2fs/super.c   |  6 +++---
 fs/f2fs/sysfs.c   |  8 ++++----
 7 files changed, 28 insertions(+), 16 deletions(-)
diff mbox series

Patch

diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
index 7e1267deee51..a809847e820d 100644
--- a/fs/crypto/Kconfig
+++ b/fs/crypto/Kconfig
@@ -7,6 +7,7 @@  config FS_ENCRYPTION
 	select CRYPTO_LIB_SHA256
 	select KEYS
 	imply EXT4_FS_ENCRYPTION
+	imply F2FS_FS_ENCRYPTION
 	help
 	  Enable encryption of files and directories.  This
 	  feature is similar to ecryptfs, but it is more memory
diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
index 03ef087537c7..801ade82d5c6 100644
--- a/fs/f2fs/Kconfig
+++ b/fs/f2fs/Kconfig
@@ -5,8 +5,6 @@  config F2FS_FS
 	select NLS
 	select CRYPTO
 	select CRYPTO_CRC32
-	select F2FS_FS_XATTR if FS_ENCRYPTION
-	select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
 	select FS_IOMAP
 	select LZ4_COMPRESS if F2FS_FS_LZ4
 	select LZ4_DECOMPRESS if F2FS_FS_LZ4
@@ -76,6 +74,19 @@  config F2FS_FS_SECURITY
 
 	  If you are not using a security module, say N.
 
+config F2FS_FS_ENCRYPTION
+	bool "F2FS with support for filesystem encryption"
+	depends on F2FS_FS
+	depends on FS_ENCRYPTION
+	select F2FS_FS_XATTR
+	select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
+	help
+	  Enable encryption of files and directories. This feature is similar
+	  to ecryptfs, but it is more memory efficient since it avoids caching
+          the encrypted and decrypted pages in the page cache.
+
+	  If unsure, say N.
+
 config F2FS_CHECK_FS
 	bool "F2FS consistency checking feature"
 	depends on F2FS_FS
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index a71e818cd67b..446d2eba964e 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -94,7 +94,7 @@  static enum count_type __read_io_type(struct page *page)
 
 /* postprocessing steps for read bios */
 enum bio_post_read_step {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	STEP_DECRYPT	= 1 << 0,
 #else
 	STEP_DECRYPT	= 0,	/* compile out the decryption-related code */
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 21960a899b6a..206580b312fb 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -114,7 +114,7 @@  static int __f2fs_setup_filename(const struct inode *dir,
 
 	fname->usr_fname = crypt_name->usr_fname;
 	fname->disk_name = crypt_name->disk_name;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	fname->crypto_buf = crypt_name->crypto_buf;
 #endif
 	if (crypt_name->is_nokey_name) {
@@ -171,7 +171,7 @@  int f2fs_prepare_lookup(struct inode *dir, struct dentry *dentry,
 
 void f2fs_free_filename(struct f2fs_filename *fname)
 {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	kfree(fname->crypto_buf.name);
 	fname->crypto_buf.name = NULL;
 #endif
@@ -276,7 +276,7 @@  static inline int f2fs_match_name(const struct inode *dir,
 #endif
 	f.usr_fname = fname->usr_fname;
 	f.disk_name = fname->disk_name;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	f.crypto_buf = fname->crypto_buf;
 #endif
 	return fscrypt_match_name(&f, de_name, de_name_len);
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 194844029633..fd0da8ce6108 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -26,7 +26,7 @@ 
 #include <linux/part_stat.h>
 #include <crypto/hash.h>
 
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 #define USE_FS_ENCRYPTION
 #endif
 #include <linux/fscrypt.h>
@@ -507,7 +507,7 @@  struct f2fs_filename {
 	/* The dirhash of this filename */
 	f2fs_hash_t hash;
 
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	/*
 	 * For lookups in encrypted directories: either the buffer backing
 	 * disk_name, or a buffer that holds the decoded no-key name.
@@ -4194,7 +4194,7 @@  static inline bool f2fs_encrypted_file(struct inode *inode)
 
 static inline void f2fs_set_encrypted_inode(struct inode *inode)
 {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	file_set_encrypt(inode);
 	f2fs_set_inode_flags(inode);
 #endif
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 3834ead04620..224f80bb7eed 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -503,7 +503,7 @@  static int f2fs_set_test_dummy_encryption(struct super_block *sb,
 		&F2FS_OPTION(sbi).dummy_enc_policy;
 	int err;
 
-	if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) {
+	if (!IS_ENABLED(CONFIG_F2FS_FS_ENCRYPTION)) {
 		f2fs_warn(sbi, "test_dummy_encryption option not supported");
 		return -EINVAL;
 	}
@@ -2997,7 +2997,7 @@  static const struct super_operations f2fs_sops = {
 	.remount_fs	= f2fs_remount,
 };
 
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 static int f2fs_get_context(struct inode *inode, void *ctx, size_t len)
 {
 	return f2fs_getxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
@@ -4157,7 +4157,7 @@  static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
 #endif
 
 	sb->s_op = &f2fs_sops;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	sb->s_cop = &f2fs_cryptops;
 #endif
 #ifdef CONFIG_FS_VERITY
diff --git a/fs/f2fs/sysfs.c b/fs/f2fs/sysfs.c
index df27afd71ef4..65e135a84d57 100644
--- a/fs/f2fs/sysfs.c
+++ b/fs/f2fs/sysfs.c
@@ -848,13 +848,13 @@  F2FS_GENERAL_RO_ATTR(moved_blocks_foreground);
 F2FS_GENERAL_RO_ATTR(avg_vblocks);
 #endif
 
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 F2FS_FEATURE_RO_ATTR(encryption);
 F2FS_FEATURE_RO_ATTR(test_dummy_encryption_v2);
 #if IS_ENABLED(CONFIG_UNICODE)
 F2FS_FEATURE_RO_ATTR(encrypted_casefold);
 #endif
-#endif /* CONFIG_FS_ENCRYPTION */
+#endif /* CONFIG_F2FS_FS_ENCRYPTION */
 #ifdef CONFIG_BLK_DEV_ZONED
 F2FS_FEATURE_RO_ATTR(block_zoned);
 F2FS_RO_ATTR(F2FS_SBI, f2fs_sb_info, unusable_blocks_per_sec,
@@ -1000,13 +1000,13 @@  static struct attribute *f2fs_attrs[] = {
 ATTRIBUTE_GROUPS(f2fs);
 
 static struct attribute *f2fs_feat_attrs[] = {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
 	ATTR_LIST(encryption),
 	ATTR_LIST(test_dummy_encryption_v2),
 #if IS_ENABLED(CONFIG_UNICODE)
 	ATTR_LIST(encrypted_casefold),
 #endif
-#endif /* CONFIG_FS_ENCRYPTION */
+#endif /* CONFIG_F2FS_FS_ENCRYPTION */
 #ifdef CONFIG_BLK_DEV_ZONED
 	ATTR_LIST(block_zoned),
 #endif