[RFC PATCH 04/19] btrfs: allow encrypted volumes to be mounted

From: Mark Harmstone
Date: Tue Jan 08 2019 - 20:27:36 EST


Signed-off-by: Mark Harmstone <mark@xxxxxxxxxxxxx>
---
fs/btrfs/ctree.h | 3 ++-
fs/btrfs/encryption.h | 20 ++++++++++++++++++++
fs/btrfs/tree-checker.c | 39 +++++++++++++++++++++++++++++----------
3 files changed, 51 insertions(+), 11 deletions(-)
create mode 100644 fs/btrfs/encryption.h

diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index bd2e59dd0eba..723e9b38e0aa 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -265,7 +265,8 @@ struct btrfs_super_block {
BTRFS_FEATURE_INCOMPAT_RAID56 | \
BTRFS_FEATURE_INCOMPAT_EXTENDED_IREF | \
BTRFS_FEATURE_INCOMPAT_SKINNY_METADATA | \
- BTRFS_FEATURE_INCOMPAT_NO_HOLES)
+ BTRFS_FEATURE_INCOMPAT_NO_HOLES | \
+ BTRFS_FEATURE_INCOMPAT_ENCRYPTION)

#define BTRFS_FEATURE_INCOMPAT_SAFE_SET \
(BTRFS_FEATURE_INCOMPAT_EXTENDED_IREF)
diff --git a/fs/btrfs/encryption.h b/fs/btrfs/encryption.h
new file mode 100644
index 000000000000..b9a37e76e4a6
--- /dev/null
+++ b/fs/btrfs/encryption.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2019 Mark Harmstone. All rights reserved.
+ */
+
+#ifndef BTRFS_ENCRYPTION_H
+#define BTRFS_ENCRYPTION_H
+
+enum btrfs_encryption_type {
+ BTRFS_ENCRYPTION_NONE = 0,
+ BTRFS_ENCRYPTION_AES256CTR = 1,
+ BTRFS_ENCRYPTION_TYPES = 1,
+};
+
+struct btrfs_encryption_header {
+ u64 key_number;
+ u8 iv[BTRFS_ENCRYPTION_BLOCK_LENGTH];
+};
+
+#endif
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 1a4e2b101ef2..c4fe1cb65d73 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -20,6 +20,7 @@
#include "disk-io.h"
#include "compression.h"
#include "volumes.h"
+#include "encryption.h"

/*
* Error message should follow the following format:
@@ -140,10 +141,11 @@ static int check_extent_data_item(struct btrfs_fs_info *fs_info,
BTRFS_COMPRESS_TYPES);
return -EUCLEAN;
}
- if (btrfs_file_extent_encryption(leaf, fi)) {
+ if (btrfs_file_extent_encryption(leaf, fi) > BTRFS_ENCRYPTION_TYPES) {
file_extent_err(fs_info, leaf, slot,
- "invalid encryption for file extent, have %u expect 0",
- btrfs_file_extent_encryption(leaf, fi));
+ "invalid encryption for file extent, have %u expect range [0, %u]",
+ btrfs_file_extent_encryption(leaf, fi),
+ BTRFS_ENCRYPTION_TYPES);
return -EUCLEAN;
}
if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) {
@@ -155,9 +157,14 @@ static int check_extent_data_item(struct btrfs_fs_info *fs_info,
return -EUCLEAN;
}

- /* Compressed inline extent has no on-disk size, skip it */
+ /*
+ * Compressed or encrypted inline extent has no on-disk size,
+ * skip it
+ */
if (btrfs_file_extent_compression(leaf, fi) !=
- BTRFS_COMPRESS_NONE)
+ BTRFS_COMPRESS_NONE ||
+ btrfs_file_extent_encryption(leaf, fi) !=
+ BTRFS_ENCRYPTION_NONE)
return 0;

/* Uncompressed inline extent size must match item size */
@@ -172,13 +179,25 @@ static int check_extent_data_item(struct btrfs_fs_info *fs_info,
return 0;
}

- /* Regular or preallocated extent has fixed item size */
- if (item_size != sizeof(*fi)) {
- file_extent_err(fs_info, leaf, slot,
+ if (btrfs_file_extent_encryption(leaf, fi) == BTRFS_ENCRYPTION_NONE) {
+ /* Regular or preallocated extent has fixed item size */
+ if (item_size != sizeof(*fi)) {
+ file_extent_err(fs_info, leaf, slot,
"invalid item size for reg/prealloc file extent, have %u expect %zu",
- item_size, sizeof(*fi));
- return -EUCLEAN;
+ item_size, sizeof(*fi));
+ return -EUCLEAN;
+ }
+ } else {
+ if (item_size !=
+ sizeof(*fi) + sizeof(struct btrfs_encryption_header)) {
+ file_extent_err(fs_info, leaf, slot,
+ "invalid item size for encrypted file extent, have %u expect %zu",
+ item_size,
+ sizeof(*fi) + sizeof(struct btrfs_encryption_header));
+ return -EUCLEAN;
+ }
}
+
if (CHECK_FE_ALIGNED(fs_info, leaf, slot, fi, ram_bytes, sectorsize) ||
CHECK_FE_ALIGNED(fs_info, leaf, slot, fi, disk_bytenr, sectorsize) ||
CHECK_FE_ALIGNED(fs_info, leaf, slot, fi, disk_num_bytes, sectorsize) ||
--
2.19.2