@@ -7,6 +7,7 @@ config FS_ENCRYPTION
select CRYPTO_LIB_SHA256
select KEYS
imply EXT4_FS_ENCRYPTION
+ imply F2FS_FS_ENCRYPTION
help
Enable encryption of files and directories. This
feature is similar to ecryptfs, but it is more memory
@@ -5,8 +5,6 @@ config F2FS_FS
select NLS
select CRYPTO
select CRYPTO_CRC32
- select F2FS_FS_XATTR if FS_ENCRYPTION
- select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
select FS_IOMAP
select LZ4_COMPRESS if F2FS_FS_LZ4
select LZ4_DECOMPRESS if F2FS_FS_LZ4
@@ -76,6 +74,19 @@ config F2FS_FS_SECURITY
If you are not using a security module, say N.
+config F2FS_FS_ENCRYPTION
+ bool "F2FS with support for filesystem encryption"
+ depends on F2FS_FS
+ depends on FS_ENCRYPTION
+ select F2FS_FS_XATTR
+ select FS_ENCRYPTION_ALGS if FS_ENCRYPTION
+ help
+ Enable encryption of files and directories. This feature is similar
+ to ecryptfs, but it is more memory efficient since it avoids caching
+ the encrypted and decrypted pages in the page cache.
+
+ If unsure, say N.
+
config F2FS_CHECK_FS
bool "F2FS consistency checking feature"
depends on F2FS_FS
@@ -94,7 +94,7 @@ static enum count_type __read_io_type(struct page *page)
/* postprocessing steps for read bios */
enum bio_post_read_step {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
STEP_DECRYPT = 1 << 0,
#else
STEP_DECRYPT = 0, /* compile out the decryption-related code */
@@ -114,7 +114,7 @@ static int __f2fs_setup_filename(const struct inode *dir,
fname->usr_fname = crypt_name->usr_fname;
fname->disk_name = crypt_name->disk_name;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
fname->crypto_buf = crypt_name->crypto_buf;
#endif
if (crypt_name->is_nokey_name) {
@@ -171,7 +171,7 @@ int f2fs_prepare_lookup(struct inode *dir, struct dentry *dentry,
void f2fs_free_filename(struct f2fs_filename *fname)
{
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
kfree(fname->crypto_buf.name);
fname->crypto_buf.name = NULL;
#endif
@@ -276,7 +276,7 @@ static inline int f2fs_match_name(const struct inode *dir,
#endif
f.usr_fname = fname->usr_fname;
f.disk_name = fname->disk_name;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
f.crypto_buf = fname->crypto_buf;
#endif
return fscrypt_match_name(&f, de_name, de_name_len);
@@ -26,7 +26,7 @@
#include <linux/part_stat.h>
#include <crypto/hash.h>
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
#define USE_FS_ENCRYPTION
#endif
#include <linux/fscrypt.h>
@@ -507,7 +507,7 @@ struct f2fs_filename {
/* The dirhash of this filename */
f2fs_hash_t hash;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
/*
* For lookups in encrypted directories: either the buffer backing
* disk_name, or a buffer that holds the decoded no-key name.
@@ -4194,7 +4194,7 @@ static inline bool f2fs_encrypted_file(struct inode *inode)
static inline void f2fs_set_encrypted_inode(struct inode *inode)
{
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
file_set_encrypt(inode);
f2fs_set_inode_flags(inode);
#endif
@@ -503,7 +503,7 @@ static int f2fs_set_test_dummy_encryption(struct super_block *sb,
&F2FS_OPTION(sbi).dummy_enc_policy;
int err;
- if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) {
+ if (!IS_ENABLED(CONFIG_F2FS_FS_ENCRYPTION)) {
f2fs_warn(sbi, "test_dummy_encryption option not supported");
return -EINVAL;
}
@@ -2997,7 +2997,7 @@ static const struct super_operations f2fs_sops = {
.remount_fs = f2fs_remount,
};
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
static int f2fs_get_context(struct inode *inode, void *ctx, size_t len)
{
return f2fs_getxattr(inode, F2FS_XATTR_INDEX_ENCRYPTION,
@@ -4157,7 +4157,7 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
#endif
sb->s_op = &f2fs_sops;
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
sb->s_cop = &f2fs_cryptops;
#endif
#ifdef CONFIG_FS_VERITY
@@ -848,13 +848,13 @@ F2FS_GENERAL_RO_ATTR(moved_blocks_foreground);
F2FS_GENERAL_RO_ATTR(avg_vblocks);
#endif
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
F2FS_FEATURE_RO_ATTR(encryption);
F2FS_FEATURE_RO_ATTR(test_dummy_encryption_v2);
#if IS_ENABLED(CONFIG_UNICODE)
F2FS_FEATURE_RO_ATTR(encrypted_casefold);
#endif
-#endif /* CONFIG_FS_ENCRYPTION */
+#endif /* CONFIG_F2FS_FS_ENCRYPTION */
#ifdef CONFIG_BLK_DEV_ZONED
F2FS_FEATURE_RO_ATTR(block_zoned);
F2FS_RO_ATTR(F2FS_SBI, f2fs_sb_info, unusable_blocks_per_sec,
@@ -1000,13 +1000,13 @@ static struct attribute *f2fs_attrs[] = {
ATTRIBUTE_GROUPS(f2fs);
static struct attribute *f2fs_feat_attrs[] = {
-#ifdef CONFIG_FS_ENCRYPTION
+#ifdef CONFIG_F2FS_FS_ENCRYPTION
ATTR_LIST(encryption),
ATTR_LIST(test_dummy_encryption_v2),
#if IS_ENABLED(CONFIG_UNICODE)
ATTR_LIST(encrypted_casefold),
#endif
-#endif /* CONFIG_FS_ENCRYPTION */
+#endif /* CONFIG_F2FS_FS_ENCRYPTION */
#ifdef CONFIG_BLK_DEV_ZONED
ATTR_LIST(block_zoned),
#endif
Add CONFIG_F2FS_FS_ENCRYPTION as a config option, which depends on the global CONFIG_FS_ENCRYPTION setting. This makes it possible to opt-out of fscrypt for f2fs, while enabling it for others. Signed-off-by: Niels de Vos <ndevos@redhat.com> --- fs/crypto/Kconfig | 1 + fs/f2fs/Kconfig | 15 +++++++++++++-- fs/f2fs/data.c | 2 +- fs/f2fs/dir.c | 6 +++--- fs/f2fs/f2fs.h | 6 +++--- fs/f2fs/super.c | 6 +++--- fs/f2fs/sysfs.c | 8 ++++---- 7 files changed, 28 insertions(+), 16 deletions(-)