#
ede7a09f |
|
26-Dec-2019 |
Herbert Xu <herbert@gondor.apana.org.au> |
fscrypt: Allow modular crypto algorithms The commit 643fa9612bf1 ("fscrypt: remove filesystem specific build config option") removed modular support for fs/crypto. This causes the Crypto API to be built-in whenever fscrypt is enabled. This makes it very difficult for me to test modular builds of the Crypto API without disabling fscrypt which is a pain. As fscrypt is still evolving and it's developing new ties with the fs layer, it's hard to build it as a module for now. However, the actual algorithms are not required until a filesystem is mounted. Therefore we can allow them to be built as modules. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Link: https://lore.kernel.org/r/20191227024700.7vrzuux32uyfdgum@gondor.apana.org.au Signed-off-by: Eric Biggers <ebiggers@google.com>
|
#
eeabb986 |
|
15-May-2019 |
Michele Dionisio <michele.dionisio@gmail.com> |
ubifs: Add support for zstd compression. zstd shows a good compression rate and is faster than lzo, also on slow ARM cores. Cc: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Michele Dionisio <michele.dionisio@gmail.com> [rw: rewrote commit message] Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
817aa094 |
|
14-May-2019 |
Sascha Hauer <s.hauer@pengutronix.de> |
ubifs: support offline signed images HMACs can only be generated on the system the UBIFS image is running on. To support offline signed images we add a PKCS#7 signature to the UBIFS image which can be created by mkfs.ubifs. Both the master node and the superblock need to be authenticated, during normal runtime both are protected with HMACs. For offline signature support however only a single signature is desired. We add a signature covering the superblock node directly behind it. To protect the master node a hash of the master node is added to the superblock which is used when the master node doesn't contain a HMAC. Transition to a read/write filesystem is also supported. During transition first the master node is rewritten with a HMAC (implicitly, it is written anyway as the FS is marked dirty). Afterwards the superblock is rewritten with a HMAC. Once after the image has been mounted read/write it is HMAC only, the signature is no longer required or even present on the filesystem. In an offline signed image the master node is authenticated by the superblock. In a transition to r/w we have to make sure that the master node is rewritten before the superblock node. In this case the master node gets a HMAC and its authenticity no longer depends on the superblock node. There are some cases in which the current code first writes the superblock node though, so with this patch writing of the superblock node is delayed until the master node is written. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
ec8f24b7 |
|
19-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Add SPDX license identifier - Makefile/Kconfig Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
643fa961 |
|
12-Dec-2018 |
Chandan Rajendra <chandan@linux.vnet.ibm.com> |
fscrypt: remove filesystem specific build config option In order to have a common code base for fscrypt "post read" processing for all filesystems which support encryption, this commit removes filesystem specific build config option (e.g. CONFIG_EXT4_FS_ENCRYPTION) and replaces it with a build option (i.e. CONFIG_FS_ENCRYPTION) whose value affects all the filesystems making use of fscrypt. Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com> Signed-off-by: Eric Biggers <ebiggers@google.com>
|
#
60eb5da2 |
|
01-Nov-2018 |
Arnd Bergmann <arnd@arndb.de> |
ubifs: auth: Add CONFIG_KEYS dependency The new authentication support causes a build failure when CONFIG_KEYS is disabled, so add a dependency. fs/ubifs/auth.c: In function 'ubifs_init_authentication': fs/ubifs/auth.c:249:16: error: implicit declaration of function 'request_key'; did you mean 'request_irq'? [-Werror=implicit-function-declaration] keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL); Fixes: d8a22773a12c ("ubifs: Enable authentication support") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
aa3d31e0 |
|
05-Nov-2018 |
Geert Uytterhoeven <geert@linux-m68k.org> |
ubifs: CONFIG_UBIFS_FS_AUTHENTICATION should depend on UBIFS_FS Instead of adding yet another dependency on UBIFS_FS, wrap the whole block of ubifs config options in a single "if UBIFS_FS". Fixes: d8a22773a12c6d78 ("ubifs: Enable authentication support") Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
d8a22773 |
|
07-Sep-2018 |
Sascha Hauer <s.hauer@pengutronix.de> |
ubifs: Enable authentication support With the preparations all being done this patch now enables authentication support for UBIFS. Authentication is enabled when the newly introduced auth_key and auth_hash_name mount options are passed. auth_key provides the key which is used for authentication whereas auth_hash_name provides the hashing algorithm used for this FS. Passing these options make authentication mandatory and only UBIFS images that can be authenticated with the given key are allowed. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
49525e5e |
|
07-Sep-2018 |
Sascha Hauer <s.hauer@pengutronix.de> |
ubifs: Add helper functions for authentication support This patch adds the various helper functions needed for authentication support. We need functions to hash nodes, to embed HMACs into a node and to compare hashes and HMACs. Most functions first check if this filesystem is authenticated and bail out early if not, which makes the functions safe to be called with disabled authentication. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
7e5471ce |
|
31-Jul-2018 |
Stefan Agner <stefan@agner.ch> |
ubifs: introduce Kconfig symbol for xattr support Allow to disable extended attribute support. This aids in reliability testing, especially since some xattr related bugs have surfaced. Also an embedded system might not need it, so this allows for a slightly smaller kernel (about 4KiB). Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
8326c1ee |
|
03-Mar-2017 |
Hyunchul Lee <cheol.lee@lge.com> |
ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels When write syscall is called, every time security label is searched to determine that file's privileges should be changed. If LSM(Linux Security Model) is not used, this is useless. So introduce CONFIG_UBIFS_SECURITY to disable security labels. it's default value is "y". Signed-off-by: Hyunchul Lee <cheol.lee@lge.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
404e0b63 |
|
16-Dec-2016 |
Arnd Bergmann <arnd@arndb.de> |
ubifs: add CONFIG_BLOCK dependency for encryption This came up during the v4.10 merge window: warning: (UBIFS_FS_ENCRYPTION) selects FS_ENCRYPTION which has unmet direct dependencies (BLOCK) fs/crypto/crypto.c: In function 'fscrypt_zeroout_range': fs/crypto/crypto.c:355:9: error: implicit declaration of function 'bio_alloc';did you mean 'd_alloc'? [-Werror=implicit-function-declaration] bio = bio_alloc(GFP_NOWAIT, 1); The easiest way out is to limit UBIFS_FS_ENCRYPTION to configurations that also enable BLOCK. Fixes: d475a507457b ("ubifs: Add skeleton for fscrypto") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
d475a507 |
|
20-Oct-2016 |
Richard Weinberger <richard@nod.at> |
ubifs: Add skeleton for fscrypto This is the first building block to provide file level encryption on UBIFS. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
8c1c5f26 |
|
06-Nov-2015 |
Dongsheng Yang <yangds.fnst@cn.fujitsu.com> |
ubifs: introduce UBIFS_ATIME_SUPPORT to ubifs To make ubifs support atime flexily, this commit introduces a Kconfig option named as UBIFS_ATIME_SUPPORT. With UBIFS_ATIME_SUPPORT=n: ubifs keeps the full compatibility to no_atime from the start of ubifs. =================UBIFS_ATIME_SUPPORT=n======================= -o - no atime -o atime - no atime -o noatime - no atime -o relatime - no atime -o strictatime - no atime -o lazyatime - no atime With UBIFS_ATIME_SUPPORT=y: ubifs supports the atime same with other main stream file systems. =================UBIFS_ATIME_SUPPORT=y======================= -o - default behavior (relatime currently) -o atime - atime support -o noatime - no atime support -o relatime - relative atime support -o strictatime - strict atime support -o lazyatime - lazy atime support Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com> Reviewed-by: Richard Weinberger <richard@nod.at> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
f70b7e52 |
|
16-May-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBIFS: remove Kconfig debugging option Have the debugging stuff always compiled-in instead. It simplifies maintanance a lot. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
1bdcc631 |
|
14-Apr-2012 |
Subodh Nijsure <subodh.nijsure@gmail.com> |
UBIFS: remove xattr Kconnfig option Remove CONFIG_UBIFS_FS_XATTR configuration option and associated UBIFS_FS_XATTR ifdefs. Testing: Tested using integck while using nandsim on x86 & MX28 based platform with Micron MT29F2G08ABAEAH4 nand. Signed-off-by: Subodh Nijsure <snijsure@grid-net.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
81354de3 |
|
30-Mar-2011 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBIFS: do not select KALLSYMS_ALL All UBIFS needs is to make sure we stacktraces when UBIFS debugging is enabled. It is enough to select KALLSYMS for this, KALLSYMS_ALL is not necessary. Moreover, Randy Dunlap reported that UBIFS causes the following Kconfig dependency warning: warning: (UBIFS_FS_DEBUG && LOCKDEP && LATENCYTOP) selects KALLSYMS_ALL which has unmet direct dependencies (DEBUG_KERNEL && KALLSYMS) The reason is that KALLSYMS_ALL requires DEBUG_KERNEL and KALLSYMS, so ideally, to select KALLSYMS_ALL we'd need to select DEBUG_KERNEL and KALLSYMS first. This seems to be too much to select. The easiest way to go is to forget about KALLSYMS_ALL and just select KALLSYMS when UBIFS debugging is enabled - that should be enough for stackdumps. Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
|
#
9d523caf |
|
21-Mar-2011 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBIFS: kill CONFIG_UBIFS_FS_DEBUG_CHKS Simplify UBIFS configuration menu and kill the option to enable self-check compile-time. We do not really need this because we can do this run-time using the module parameters or the corresponding sysfs interfaces. And there is a value in simplifying the kernel configuration menu which becomes increasingly large. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
cce3f612 |
|
09-Mar-2011 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBIFS: simplify UBIFS Kconfig menu Remove debug message level and debug checks Kconfig options as they proved to be useless anyway. We have sysfs interface which we can use for fine-grained debugging messages and checks selection, see Documentation/filesystems/ubifs.txt for mode details. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
b8fa0571 |
|
07-Mar-2010 |
Linus Torvalds <torvalds@linux-foundation.org> |
Revert "lib: build list_sort() only if needed" This reverts commit a069c266ae5fdfbf5b4aecf2c672413aa33b2504. It turns ou that not only was it missing a case (XFS) that needed it, but perhaps more importantly, people sometimes want to enable new modules that they hadn't had enabled before, and if such a module uses list_sort(), it can't easily be inserted any more. So rather than add a "select LIST_SORT" to the XFS case, just leave it compiled in. It's not all _that_ big, after all, and the inconvenience isn't worth it. Requested-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Don Mullis <don.mullis@gmail.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Dave Chinner <david@fromorbit.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
a069c266 |
|
05-Mar-2010 |
Don Mullis <don.mullis@gmail.com> |
lib: build list_sort() only if needed Build list_sort() only for configs that need it -- those that don't save ~581 bytes (i386). Signed-off-by: Don Mullis <don.mullis@gmail.com> Cc: Dave Airlie <airlied@redhat.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Dave Chinner <david@fromorbit.com> Cc: Artem Bityutskiy <dedekind@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
692105b8 |
|
26-Jan-2009 |
Matt LaPlante <kernel1@cyberdogtech.com> |
trivial: fix typos/grammar errors in Kconfig texts Signed-off-by: Matt LaPlante <kernel1@cyberdogtech.com> Acked-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
025dfdaf |
|
16-Oct-2008 |
Frederik Schwarzer <schwarzerf@gmail.com> |
trivial: fix then -> than typos in comments and documentation - (better, more, bigger ...) then -> (...) than Signed-off-by: Frederik Schwarzer <schwarzerf@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
0d7eff87 |
|
14-Jul-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBIFS: include to compilation Add UBIFS to Makefile and Kbuild. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
|