Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
block: remove support for cryptoloop and the xor transfer
Support for cyrptoloop has been officially marked broken and deprecated
in favor of dm-crypt (which supports the same broken algorithms if
needed) in Linux 2.6.4 (released in March 2004), and support for it has
been entirely removed from losetup in util-linux 2.23 (released in April
2013). The XOR transfer has never been more than a toy to demonstrate
the transfer in the bad old times of crypto export restrictions.
Remove them as they have some nasty interactions with loop device life
times due to the iteration over all loop devices in
loop_unregister_transfer.
Suggested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20211019075639.2333969-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
authored by
Christoph Hellwig
and committed by
Jens Axboe
47e96246
83b863f4
+26
-610
-23
drivers/block/Kconfig
-23
drivers/block/Kconfig
···
180
180
bits of, say, a sound file). This is also safe if the file resides
181
181
on a remote file server.
182
182
183
-
There are several ways of encrypting disks. Some of these require
184
-
kernel patches. The vanilla kernel offers the cryptoloop option
185
-
and a Device Mapper target (which is superior, as it supports all
186
-
file systems). If you want to use the cryptoloop, say Y to both
187
-
LOOP and CRYPTOLOOP, and make sure you have a recent (version 2.12
188
-
or later) version of util-linux. Additionally, be aware that
189
-
the cryptoloop is not safe for storing journaled filesystems.
190
-
191
183
Note that this loop device has nothing to do with the loopback
192
184
device used for network connections from the machine to itself.
193
185
···
202
210
The historic default is 8. If a late 2011 version of losetup(8)
203
211
is used, it can be set to 0, since needed loop devices can be
204
212
dynamically allocated with the /dev/loop-control interface.
205
-
206
-
config BLK_DEV_CRYPTOLOOP
207
-
tristate "Cryptoloop Support (DEPRECATED)"
208
-
select CRYPTO
209
-
select CRYPTO_CBC
210
-
depends on BLK_DEV_LOOP
211
-
help
212
-
Say Y here if you want to be able to use the ciphers that are
213
-
provided by the CryptoAPI as loop transformation. This might be
214
-
used as hard disk encryption.
215
-
216
-
WARNING: This device is not safe for journaled file systems like
217
-
ext3 or Reiserfs. Please use the Device Mapper crypto module
218
-
instead, which can be configured to be on-disk compatible with the
219
-
cryptoloop device. cryptoloop support will be removed in Linux 5.16.
220
213
221
214
source "drivers/block/drbd/Kconfig"
222
215
-1
drivers/block/Makefile
-1
drivers/block/Makefile
-206
drivers/block/cryptoloop.c
-206
drivers/block/cryptoloop.c
···
1
-
// SPDX-License-Identifier: GPL-2.0-or-later
2
-
/*
3
-
Linux loop encryption enabling module
4
-
5
-
Copyright (C) 2002 Herbert Valerio Riedel <hvr@gnu.org>
6
-
Copyright (C) 2003 Fruhwirth Clemens <clemens@endorphin.org>
7
-
8
-
*/
9
-
10
-
#include <linux/module.h>
11
-
12
-
#include <crypto/skcipher.h>
13
-
#include <linux/init.h>
14
-
#include <linux/string.h>
15
-
#include <linux/blkdev.h>
16
-
#include <linux/scatterlist.h>
17
-
#include <linux/uaccess.h>
18
-
#include "loop.h"
19
-
20
-
MODULE_LICENSE("GPL");
21
-
MODULE_DESCRIPTION("loop blockdevice transferfunction adaptor / CryptoAPI");
22
-
MODULE_AUTHOR("Herbert Valerio Riedel <hvr@gnu.org>");
23
-
24
-
#define LOOP_IV_SECTOR_BITS 9
25
-
#define LOOP_IV_SECTOR_SIZE (1 << LOOP_IV_SECTOR_BITS)
26
-
27
-
static int
28
-
cryptoloop_init(struct loop_device *lo, const struct loop_info64 *info)
29
-
{
30
-
int err = -EINVAL;
31
-
int cipher_len;
32
-
int mode_len;
33
-
char cms[LO_NAME_SIZE]; /* cipher-mode string */
34
-
char *mode;
35
-
char *cmsp = cms; /* c-m string pointer */
36
-
struct crypto_sync_skcipher *tfm;
37
-
38
-
/* encryption breaks for non sector aligned offsets */
39
-
40
-
if (info->lo_offset % LOOP_IV_SECTOR_SIZE)
41
-
goto out;
42
-
43
-
strncpy(cms, info->lo_crypt_name, LO_NAME_SIZE);
44
-
cms[LO_NAME_SIZE - 1] = 0;
45
-
46
-
cipher_len = strcspn(cmsp, "-");
47
-
48
-
mode = cmsp + cipher_len;
49
-
mode_len = 0;
50
-
if (*mode) {
51
-
mode++;
52
-
mode_len = strcspn(mode, "-");
53
-
}
54
-
55
-
if (!mode_len) {
56
-
mode = "cbc";
57
-
mode_len = 3;
58
-
}
59
-
60
-
if (cipher_len + mode_len + 3 > LO_NAME_SIZE)
61
-
return -EINVAL;
62
-
63
-
memmove(cms, mode, mode_len);
64
-
cmsp = cms + mode_len;
65
-
*cmsp++ = '(';
66
-
memcpy(cmsp, info->lo_crypt_name, cipher_len);
67
-
cmsp += cipher_len;
68
-
*cmsp++ = ')';
69
-
*cmsp = 0;
70
-
71
-
tfm = crypto_alloc_sync_skcipher(cms, 0, 0);
72
-
if (IS_ERR(tfm))
73
-
return PTR_ERR(tfm);
74
-
75
-
err = crypto_sync_skcipher_setkey(tfm, info->lo_encrypt_key,
76
-
info->lo_encrypt_key_size);
77
-
78
-
if (err != 0)
79
-
goto out_free_tfm;
80
-
81
-
lo->key_data = tfm;
82
-
return 0;
83
-
84
-
out_free_tfm:
85
-
crypto_free_sync_skcipher(tfm);
86
-
87
-
out:
88
-
return err;
89
-
}
90
-
91
-
92
-
typedef int (*encdec_cbc_t)(struct skcipher_request *req);
93
-
94
-
static int
95
-
cryptoloop_transfer(struct loop_device *lo, int cmd,
96
-
struct page *raw_page, unsigned raw_off,
97
-
struct page *loop_page, unsigned loop_off,
98
-
int size, sector_t IV)
99
-
{
100
-
struct crypto_sync_skcipher *tfm = lo->key_data;
101
-
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
102
-
struct scatterlist sg_out;
103
-
struct scatterlist sg_in;
104
-
105
-
encdec_cbc_t encdecfunc;
106
-
struct page *in_page, *out_page;
107
-
unsigned in_offs, out_offs;
108
-
int err;
109
-
110
-
skcipher_request_set_sync_tfm(req, tfm);
111
-
skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
112
-
NULL, NULL);
113
-
114
-
sg_init_table(&sg_out, 1);
115
-
sg_init_table(&sg_in, 1);
116
-
117
-
if (cmd == READ) {
118
-
in_page = raw_page;
119
-
in_offs = raw_off;
120
-
out_page = loop_page;
121
-
out_offs = loop_off;
122
-
encdecfunc = crypto_skcipher_decrypt;
123
-
} else {
124
-
in_page = loop_page;
125
-
in_offs = loop_off;
126
-
out_page = raw_page;
127
-
out_offs = raw_off;
128
-
encdecfunc = crypto_skcipher_encrypt;
129
-
}
130
-
131
-
while (size > 0) {
132
-
const int sz = min(size, LOOP_IV_SECTOR_SIZE);
133
-
u32 iv[4] = { 0, };
134
-
iv[0] = cpu_to_le32(IV & 0xffffffff);
135
-
136
-
sg_set_page(&sg_in, in_page, sz, in_offs);
137
-
sg_set_page(&sg_out, out_page, sz, out_offs);
138
-
139
-
skcipher_request_set_crypt(req, &sg_in, &sg_out, sz, iv);
140
-
err = encdecfunc(req);
141
-
if (err)
142
-
goto out;
143
-
144
-
IV++;
145
-
size -= sz;
146
-
in_offs += sz;
147
-
out_offs += sz;
148
-
}
149
-
150
-
err = 0;
151
-
152
-
out:
153
-
skcipher_request_zero(req);
154
-
return err;
155
-
}
156
-
157
-
static int
158
-
cryptoloop_ioctl(struct loop_device *lo, int cmd, unsigned long arg)
159
-
{
160
-
return -EINVAL;
161
-
}
162
-
163
-
static int
164
-
cryptoloop_release(struct loop_device *lo)
165
-
{
166
-
struct crypto_sync_skcipher *tfm = lo->key_data;
167
-
if (tfm != NULL) {
168
-
crypto_free_sync_skcipher(tfm);
169
-
lo->key_data = NULL;
170
-
return 0;
171
-
}
172
-
printk(KERN_ERR "cryptoloop_release(): tfm == NULL?\n");
173
-
return -EINVAL;
174
-
}
175
-
176
-
static struct loop_func_table cryptoloop_funcs = {
177
-
.number = LO_CRYPT_CRYPTOAPI,
178
-
.init = cryptoloop_init,
179
-
.ioctl = cryptoloop_ioctl,
180
-
.transfer = cryptoloop_transfer,
181
-
.release = cryptoloop_release,
182
-
.owner = THIS_MODULE
183
-
};
184
-
185
-
static int __init
186
-
init_cryptoloop(void)
187
-
{
188
-
int rc = loop_register_transfer(&cryptoloop_funcs);
189
-
190
-
if (rc)
191
-
printk(KERN_ERR "cryptoloop: loop_register_transfer failed\n");
192
-
else
193
-
pr_warn("the cryptoloop driver has been deprecated and will be removed in in Linux 5.16\n");
194
-
return rc;
195
-
}
196
-
197
-
static void __exit
198
-
cleanup_cryptoloop(void)
199
-
{
200
-
if (loop_unregister_transfer(LO_CRYPT_CRYPTOAPI))
201
-
printk(KERN_ERR
202
-
"cryptoloop: loop_unregister_transfer failed\n");
203
-
}
204
-
205
-
module_init(init_cryptoloop);
206
-
module_exit(cleanup_cryptoloop);
+26
-350
drivers/block/loop.c
+26
-350
drivers/block/loop.c
···
133
133
static int max_part;
134
134
static int part_shift;
135
135
136
-
static int transfer_xor(struct loop_device *lo, int cmd,
137
-
struct page *raw_page, unsigned raw_off,
138
-
struct page *loop_page, unsigned loop_off,
139
-
int size, sector_t real_block)
140
-
{
141
-
char *raw_buf = kmap_atomic(raw_page) + raw_off;
142
-
char *loop_buf = kmap_atomic(loop_page) + loop_off;
143
-
char *in, *out, *key;
144
-
int i, keysize;
145
-
146
-
if (cmd == READ) {
147
-
in = raw_buf;
148
-
out = loop_buf;
149
-
} else {
150
-
in = loop_buf;
151
-
out = raw_buf;
152
-
}
153
-
154
-
key = lo->lo_encrypt_key;
155
-
keysize = lo->lo_encrypt_key_size;
156
-
for (i = 0; i < size; i++)
157
-
*out++ = *in++ ^ key[(i & 511) % keysize];
158
-
159
-
kunmap_atomic(loop_buf);
160
-
kunmap_atomic(raw_buf);
161
-
cond_resched();
162
-
return 0;
163
-
}
164
-
165
-
static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
166
-
{
167
-
if (unlikely(info->lo_encrypt_key_size <= 0))
168
-
return -EINVAL;
169
-
return 0;
170
-
}
171
-
172
-
static struct loop_func_table none_funcs = {
173
-
.number = LO_CRYPT_NONE,
174
-
};
175
-
176
-
static struct loop_func_table xor_funcs = {
177
-
.number = LO_CRYPT_XOR,
178
-
.transfer = transfer_xor,
179
-
.init = xor_init
180
-
};
181
-
182
-
/* xfer_funcs[0] is special - its release function is never called */
183
-
static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
184
-
&none_funcs,
185
-
&xor_funcs
186
-
};
187
-
188
136
static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file)
189
137
{
190
138
loff_t loopsize;
···
176
228
/*
177
229
* We support direct I/O only if lo_offset is aligned with the
178
230
* logical I/O size of backing device, and the logical block
179
-
* size of loop is bigger than the backing device's and the loop
180
-
* needn't transform transfer.
231
+
* size of loop is bigger than the backing device's.
181
232
*
182
233
* TODO: the above condition may be loosed in the future, and
183
234
* direct I/O may be switched runtime at that time because most
···
185
238
if (dio) {
186
239
if (queue_logical_block_size(lo->lo_queue) >= sb_bsize &&
187
240
!(lo->lo_offset & dio_align) &&
188
-
mapping->a_ops->direct_IO &&
189
-
!lo->transfer)
241
+
mapping->a_ops->direct_IO)
190
242
use_dio = true;
191
243
else
192
244
use_dio = false;
···
245
299
kobject_uevent(&disk_to_dev(lo->lo_disk)->kobj, KOBJ_CHANGE);
246
300
}
247
301
248
-
static inline int
249
-
lo_do_transfer(struct loop_device *lo, int cmd,
250
-
struct page *rpage, unsigned roffs,
251
-
struct page *lpage, unsigned loffs,
252
-
int size, sector_t rblock)
253
-
{
254
-
int ret;
255
-
256
-
ret = lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
257
-
if (likely(!ret))
258
-
return 0;
259
-
260
-
printk_ratelimited(KERN_ERR
261
-
"loop: Transfer error at byte offset %llu, length %i.\n",
262
-
(unsigned long long)rblock << 9, size);
263
-
return ret;
264
-
}
265
-
266
302
static int lo_write_bvec(struct file *file, struct bio_vec *bvec, loff_t *ppos)
267
303
{
268
304
struct iov_iter i;
···
284
356
return ret;
285
357
}
286
358
287
-
/*
288
-
* This is the slow, transforming version that needs to double buffer the
289
-
* data as it cannot do the transformations in place without having direct
290
-
* access to the destination pages of the backing file.
291
-
*/
292
-
static int lo_write_transfer(struct loop_device *lo, struct request *rq,
293
-
loff_t pos)
294
-
{
295
-
struct bio_vec bvec, b;
296
-
struct req_iterator iter;
297
-
struct page *page;
298
-
int ret = 0;
299
-
300
-
page = alloc_page(GFP_NOIO);
301
-
if (unlikely(!page))
302
-
return -ENOMEM;
303
-
304
-
rq_for_each_segment(bvec, rq, iter) {
305
-
ret = lo_do_transfer(lo, WRITE, page, 0, bvec.bv_page,
306
-
bvec.bv_offset, bvec.bv_len, pos >> 9);
307
-
if (unlikely(ret))
308
-
break;
309
-
310
-
b.bv_page = page;
311
-
b.bv_offset = 0;
312
-
b.bv_len = bvec.bv_len;
313
-
ret = lo_write_bvec(lo->lo_backing_file, &b, &pos);
314
-
if (ret < 0)
315
-
break;
316
-
}
317
-
318
-
__free_page(page);
319
-
return ret;
320
-
}
321
-
322
359
static int lo_read_simple(struct loop_device *lo, struct request *rq,
323
360
loff_t pos)
324
361
{
···
313
420
return 0;
314
421
}
315
422
316
-
static int lo_read_transfer(struct loop_device *lo, struct request *rq,
317
-
loff_t pos)
318
-
{
319
-
struct bio_vec bvec, b;
320
-
struct req_iterator iter;
321
-
struct iov_iter i;
322
-
struct page *page;
323
-
ssize_t len;
324
-
int ret = 0;
325
-
326
-
page = alloc_page(GFP_NOIO);
327
-
if (unlikely(!page))
328
-
return -ENOMEM;
329
-
330
-
rq_for_each_segment(bvec, rq, iter) {
331
-
loff_t offset = pos;
332
-
333
-
b.bv_page = page;
334
-
b.bv_offset = 0;
335
-
b.bv_len = bvec.bv_len;
336
-
337
-
iov_iter_bvec(&i, READ, &b, 1, b.bv_len);
338
-
len = vfs_iter_read(lo->lo_backing_file, &i, &pos, 0);
339
-
if (len < 0) {
340
-
ret = len;
341
-
goto out_free_page;
342
-
}
343
-
344
-
ret = lo_do_transfer(lo, READ, page, 0, bvec.bv_page,
345
-
bvec.bv_offset, len, offset >> 9);
346
-
if (ret)
347
-
goto out_free_page;
348
-
349
-
flush_dcache_page(bvec.bv_page);
350
-
351
-
if (len != bvec.bv_len) {
352
-
struct bio *bio;
353
-
354
-
__rq_for_each_bio(bio, rq)
355
-
zero_fill_bio(bio);
356
-
break;
357
-
}
358
-
}
359
-
360
-
ret = 0;
361
-
out_free_page:
362
-
__free_page(page);
363
-
return ret;
364
-
}
365
-
366
423
static int lo_fallocate(struct loop_device *lo, struct request *rq, loff_t pos,
367
424
int mode)
368
425
{
369
426
/*
370
427
* We use fallocate to manipulate the space mappings used by the image
371
-
* a.k.a. discard/zerorange. However we do not support this if
372
-
* encryption is enabled, because it may give an attacker useful
373
-
* information.
428
+
* a.k.a. discard/zerorange.
374
429
*/
375
430
struct file *file = lo->lo_backing_file;
376
431
struct request_queue *q = lo->lo_queue;
···
501
660
case REQ_OP_DISCARD:
502
661
return lo_fallocate(lo, rq, pos, FALLOC_FL_PUNCH_HOLE);
503
662
case REQ_OP_WRITE:
504
-
if (lo->transfer)
505
-
return lo_write_transfer(lo, rq, pos);
506
-
else if (cmd->use_aio)
663
+
if (cmd->use_aio)
507
664
return lo_rw_aio(lo, cmd, pos, WRITE);
508
665
else
509
666
return lo_write_simple(lo, rq, pos);
510
667
case REQ_OP_READ:
511
-
if (lo->transfer)
512
-
return lo_read_transfer(lo, rq, pos);
513
-
else if (cmd->use_aio)
668
+
if (cmd->use_aio)
514
669
return lo_rw_aio(lo, cmd, pos, READ);
515
670
else
516
671
return lo_read_simple(lo, rq, pos);
···
771
934
* not blkdev_issue_discard(). This maintains consistent behavior with
772
935
* file-backed loop devices: discarded regions read back as zero.
773
936
*/
774
-
if (S_ISBLK(inode->i_mode) && !lo->lo_encrypt_key_size) {
937
+
if (S_ISBLK(inode->i_mode)) {
775
938
struct request_queue *backingq = bdev_get_queue(I_BDEV(inode));
776
939
777
940
max_discard_sectors = backingq->limits.max_write_zeroes_sectors;
···
780
943
781
944
/*
782
945
* We use punch hole to reclaim the free space used by the
783
-
* image a.k.a. discard. However we do not support discard if
784
-
* encryption is enabled, because it may give an attacker
785
-
* useful information.
946
+
* image a.k.a. discard.
786
947
*/
787
-
} else if (!file->f_op->fallocate || lo->lo_encrypt_key_size) {
948
+
} else if (!file->f_op->fallocate) {
788
949
max_discard_sectors = 0;
789
950
granularity = 0;
790
951
···
919
1084
blk_queue_flag_clear(QUEUE_FLAG_NONROT, q);
920
1085
}
921
1086
922
-
static int
923
-
loop_release_xfer(struct loop_device *lo)
924
-
{
925
-
int err = 0;
926
-
struct loop_func_table *xfer = lo->lo_encryption;
927
-
928
-
if (xfer) {
929
-
if (xfer->release)
930
-
err = xfer->release(lo);
931
-
lo->transfer = NULL;
932
-
lo->lo_encryption = NULL;
933
-
module_put(xfer->owner);
934
-
}
935
-
return err;
936
-
}
937
-
938
-
static int
939
-
loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
940
-
const struct loop_info64 *i)
941
-
{
942
-
int err = 0;
943
-
944
-
if (xfer) {
945
-
struct module *owner = xfer->owner;
946
-
947
-
if (!try_module_get(owner))
948
-
return -EINVAL;
949
-
if (xfer->init)
950
-
err = xfer->init(lo, i);
951
-
if (err)
952
-
module_put(owner);
953
-
else
954
-
lo->lo_encryption = xfer;
955
-
}
956
-
return err;
957
-
}
958
-
959
1087
/**
960
1088
* loop_set_status_from_info - configure device from loop_info
961
1089
* @lo: struct loop_device to configure
···
931
1133
loop_set_status_from_info(struct loop_device *lo,
932
1134
const struct loop_info64 *info)
933
1135
{
934
-
int err;
935
-
struct loop_func_table *xfer;
936
-
kuid_t uid = current_uid();
937
-
938
1136
if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
939
1137
return -EINVAL;
940
1138
941
-
err = loop_release_xfer(lo);
942
-
if (err)
943
-
return err;
944
-
945
-
if (info->lo_encrypt_type) {
946
-
unsigned int type = info->lo_encrypt_type;
947
-
948
-
if (type >= MAX_LO_CRYPT)
949
-
return -EINVAL;
950
-
xfer = xfer_funcs[type];
951
-
if (xfer == NULL)
952
-
return -EINVAL;
953
-
} else
954
-
xfer = NULL;
955
-
956
-
err = loop_init_xfer(lo, xfer, info);
957
-
if (err)
958
-
return err;
1139
+
switch (info->lo_encrypt_type) {
1140
+
case LO_CRYPT_NONE:
1141
+
break;
1142
+
case LO_CRYPT_XOR:
1143
+
pr_warn("support for the xor transformation has been removed.\n");
1144
+
return -EINVAL;
1145
+
case LO_CRYPT_CRYPTOAPI:
1146
+
pr_warn("support for cryptoloop has been removed. Use dm-crypt instead.\n");
1147
+
return -EINVAL;
1148
+
default:
1149
+
return -EINVAL;
1150
+
}
959
1151
960
1152
lo->lo_offset = info->lo_offset;
961
1153
lo->lo_sizelimit = info->lo_sizelimit;
962
1154
memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
963
-
memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
964
1155
lo->lo_file_name[LO_NAME_SIZE-1] = 0;
965
-
lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
966
-
967
-
if (!xfer)
968
-
xfer = &none_funcs;
969
-
lo->transfer = xfer->transfer;
970
-
lo->ioctl = xfer->ioctl;
971
-
972
1156
lo->lo_flags = info->lo_flags;
973
-
974
-
lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
975
-
lo->lo_init[0] = info->lo_init[0];
976
-
lo->lo_init[1] = info->lo_init[1];
977
-
if (info->lo_encrypt_key_size) {
978
-
memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
979
-
info->lo_encrypt_key_size);
980
-
lo->lo_key_owner = uid;
981
-
}
982
-
983
1157
return 0;
984
1158
}
985
1159
···
1151
1381
lo->lo_backing_file = NULL;
1152
1382
spin_unlock_irq(&lo->lo_lock);
1153
1383
1154
-
loop_release_xfer(lo);
1155
-
lo->transfer = NULL;
1156
-
lo->ioctl = NULL;
1157
1384
lo->lo_device = NULL;
1158
-
lo->lo_encryption = NULL;
1159
1385
lo->lo_offset = 0;
1160
1386
lo->lo_sizelimit = 0;
1161
-
lo->lo_encrypt_key_size = 0;
1162
-
memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
1163
-
memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
1164
1387
memset(lo->lo_file_name, 0, LO_NAME_SIZE);
1165
1388
blk_queue_logical_block_size(lo->lo_queue, 512);
1166
1389
blk_queue_physical_block_size(lo->lo_queue, 512);
···
1261
1498
loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
1262
1499
{
1263
1500
int err;
1264
-
kuid_t uid = current_uid();
1265
1501
int prev_lo_flags;
1266
1502
bool partscan = false;
1267
1503
bool size_changed = false;
···
1268
1506
err = mutex_lock_killable(&lo->lo_mutex);
1269
1507
if (err)
1270
1508
return err;
1271
-
if (lo->lo_encrypt_key_size &&
1272
-
!uid_eq(lo->lo_key_owner, uid) &&
1273
-
!capable(CAP_SYS_ADMIN)) {
1274
-
err = -EPERM;
1275
-
goto out_unlock;
1276
-
}
1277
1509
if (lo->lo_state != Lo_bound) {
1278
1510
err = -ENXIO;
1279
1511
goto out_unlock;
···
1353
1597
info->lo_sizelimit = lo->lo_sizelimit;
1354
1598
info->lo_flags = lo->lo_flags;
1355
1599
memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
1356
-
memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1357
-
info->lo_encrypt_type =
1358
-
lo->lo_encryption ? lo->lo_encryption->number : 0;
1359
-
if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1360
-
info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1361
-
memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1362
-
lo->lo_encrypt_key_size);
1363
-
}
1364
1600
1365
1601
/* Drop lo_mutex while we call into the filesystem. */
1366
1602
path = lo->lo_backing_file->f_path;
···
1378
1630
info64->lo_rdevice = info->lo_rdevice;
1379
1631
info64->lo_offset = info->lo_offset;
1380
1632
info64->lo_sizelimit = 0;
1381
-
info64->lo_encrypt_type = info->lo_encrypt_type;
1382
-
info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1383
1633
info64->lo_flags = info->lo_flags;
1384
-
info64->lo_init[0] = info->lo_init[0];
1385
-
info64->lo_init[1] = info->lo_init[1];
1386
-
if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1387
-
memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1388
-
else
1389
-
memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1390
-
memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1634
+
memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1391
1635
}
1392
1636
1393
1637
static int
···
1391
1651
info->lo_inode = info64->lo_inode;
1392
1652
info->lo_rdevice = info64->lo_rdevice;
1393
1653
info->lo_offset = info64->lo_offset;
1394
-
info->lo_encrypt_type = info64->lo_encrypt_type;
1395
-
info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1396
1654
info->lo_flags = info64->lo_flags;
1397
-
info->lo_init[0] = info64->lo_init[0];
1398
-
info->lo_init[1] = info64->lo_init[1];
1399
-
if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1400
-
memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1401
-
else
1402
-
memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1403
-
memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1655
+
memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1404
1656
1405
1657
/* error in case values were truncated */
1406
1658
if (info->lo_device != info64->lo_device ||
···
1541
1809
err = loop_set_block_size(lo, arg);
1542
1810
break;
1543
1811
default:
1544
-
err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1812
+
err = -EINVAL;
1545
1813
}
1546
1814
mutex_unlock(&lo->lo_mutex);
1547
1815
return err;
···
1617
1885
compat_ulong_t lo_inode; /* ioctl r/o */
1618
1886
compat_dev_t lo_rdevice; /* ioctl r/o */
1619
1887
compat_int_t lo_offset;
1620
-
compat_int_t lo_encrypt_type;
1621
1888
compat_int_t lo_encrypt_key_size; /* ioctl w/o */
1622
1889
compat_int_t lo_flags; /* ioctl r/o */
1623
1890
char lo_name[LO_NAME_SIZE];
···
1645
1914
info64->lo_rdevice = info.lo_rdevice;
1646
1915
info64->lo_offset = info.lo_offset;
1647
1916
info64->lo_sizelimit = 0;
1648
-
info64->lo_encrypt_type = info.lo_encrypt_type;
1649
-
info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
1650
1917
info64->lo_flags = info.lo_flags;
1651
-
info64->lo_init[0] = info.lo_init[0];
1652
-
info64->lo_init[1] = info.lo_init[1];
1653
-
if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1654
-
memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
1655
-
else
1656
-
memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1657
-
memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
1918
+
memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1658
1919
return 0;
1659
1920
}
1660
1921
···
1666
1943
info.lo_inode = info64->lo_inode;
1667
1944
info.lo_rdevice = info64->lo_rdevice;
1668
1945
info.lo_offset = info64->lo_offset;
1669
-
info.lo_encrypt_type = info64->lo_encrypt_type;
1670
-
info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
1671
1946
info.lo_flags = info64->lo_flags;
1672
-
info.lo_init[0] = info64->lo_init[0];
1673
-
info.lo_init[1] = info64->lo_init[1];
1674
-
if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1675
-
memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1676
-
else
1677
-
memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1678
-
memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1947
+
memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1679
1948
1680
1949
/* error in case values were truncated */
1681
1950
if (info.lo_device != info64->lo_device ||
1682
1951
info.lo_rdevice != info64->lo_rdevice ||
1683
1952
info.lo_inode != info64->lo_inode ||
1684
-
info.lo_offset != info64->lo_offset ||
1685
-
info.lo_init[0] != info64->lo_init[0] ||
1686
-
info.lo_init[1] != info64->lo_init[1])
1953
+
info.lo_offset != info64->lo_offset)
1687
1954
return -EOVERFLOW;
1688
1955
1689
1956
if (copy_to_user(arg, &info, sizeof(info)))
···
1813
2100
MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
1814
2101
MODULE_LICENSE("GPL");
1815
2102
MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
1816
-
1817
-
int loop_register_transfer(struct loop_func_table *funcs)
1818
-
{
1819
-
unsigned int n = funcs->number;
1820
-
1821
-
if (n >= MAX_LO_CRYPT || xfer_funcs[n])
1822
-
return -EINVAL;
1823
-
xfer_funcs[n] = funcs;
1824
-
return 0;
1825
-
}
1826
-
1827
-
int loop_unregister_transfer(int number)
1828
-
{
1829
-
unsigned int n = number;
1830
-
struct loop_func_table *xfer;
1831
-
1832
-
if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
1833
-
return -EINVAL;
1834
-
/*
1835
-
* This function is called from only cleanup_cryptoloop().
1836
-
* Given that each loop device that has a transfer enabled holds a
1837
-
* reference to the module implementing it we should never get here
1838
-
* with a transfer that is set (unless forced module unloading is
1839
-
* requested). Thus, check module's refcount and warn if this is
1840
-
* not a clean unloading.
1841
-
*/
1842
-
#ifdef CONFIG_MODULE_UNLOAD
1843
-
if (xfer->owner && module_refcount(xfer->owner) != -1)
1844
-
pr_err("Danger! Unregistering an in use transfer function.\n");
1845
-
#endif
1846
-
1847
-
xfer_funcs[n] = NULL;
1848
-
return 0;
1849
-
}
1850
-
1851
-
EXPORT_SYMBOL(loop_register_transfer);
1852
-
EXPORT_SYMBOL(loop_unregister_transfer);
1853
2103
1854
2104
static blk_status_t loop_queue_rq(struct blk_mq_hw_ctx *hctx,
1855
2105
const struct blk_mq_queue_data *bd)
-30
drivers/block/loop.h
-30
drivers/block/loop.h
···
32
32
loff_t lo_offset;
33
33
loff_t lo_sizelimit;
34
34
int lo_flags;
35
-
int (*transfer)(struct loop_device *, int cmd,
36
-
struct page *raw_page, unsigned raw_off,
37
-
struct page *loop_page, unsigned loop_off,
38
-
int size, sector_t real_block);
39
35
char lo_file_name[LO_NAME_SIZE];
40
-
char lo_crypt_name[LO_NAME_SIZE];
41
-
char lo_encrypt_key[LO_KEY_SIZE];
42
-
int lo_encrypt_key_size;
43
-
struct loop_func_table *lo_encryption;
44
-
__u32 lo_init[2];
45
-
kuid_t lo_key_owner; /* Who set the key */
46
-
int (*ioctl)(struct loop_device *, int cmd,
47
-
unsigned long arg);
48
36
49
37
struct file * lo_backing_file;
50
38
struct block_device *lo_device;
51
-
void *key_data;
52
39
53
40
gfp_t old_gfp_mask;
54
41
···
68
81
struct cgroup_subsys_state *blkcg_css;
69
82
struct cgroup_subsys_state *memcg_css;
70
83
};
71
-
72
-
/* Support for loadable transfer modules */
73
-
struct loop_func_table {
74
-
int number; /* filter type */
75
-
int (*transfer)(struct loop_device *lo, int cmd,
76
-
struct page *raw_page, unsigned raw_off,
77
-
struct page *loop_page, unsigned loop_off,
78
-
int size, sector_t real_block);
79
-
int (*init)(struct loop_device *, const struct loop_info64 *);
80
-
/* release is called from loop_unregister_transfer or clr_fd */
81
-
int (*release)(struct loop_device *);
82
-
int (*ioctl)(struct loop_device *, int cmd, unsigned long arg);
83
-
struct module *owner;
84
-
};
85
-
86
-
int loop_register_transfer(struct loop_func_table *funcs);
87
-
int loop_unregister_transfer(int number);
88
84
89
85
#endif