From a9a545067a93d9821f965989b8eaea6fba7d27f7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 7 Feb 2020 10:45:22 -0800 Subject: [PATCH] ANDROID: dm: prevent default-key from being enabled without needed hooks While dm-default-key no longer requires that the filesystem is also using inline encryption (i.e. mounted with '-o inlinecrypt'), it does still rely on the inline crypto hooks like fscrypt_set_bio_crypt_ctx() being built into the kernel rather than stubbed out, as these are used to set the bi_skip_dm_default_key flag on bios for encrypted files. I.e., CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y is still needed. The proper solution is to fix these hooks to handle DM_DEFAULT_KEY && !FS_ENCRYPTION_INLINE_CRYPT, but that would introduce a case that wouldn't get tested. So for now, to avoid problems just make dm-default-key depend on FS_ENCRYPTION_INLINE_CRYPT. Test: make gki_defconfig echo CONFIG_FS_ENCRYPTION_INLINE_CRYPT=n >> .config make olddefconfig grep CONFIG_DM_DEFAULT_KEY .config # was disabled Bug: 147814592 Change-Id: Ie52686a72d5d14457d87dcf81677e33e291680bb Signed-off-by: Eric Biggers --- drivers/md/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index 1f38aa9d3db8..1abc2380d9a6 100644 --- a/drivers/md/Kconfig +++ b/drivers/md/Kconfig @@ -290,6 +290,9 @@ config DM_DEFAULT_KEY tristate "Default-key target support" depends on BLK_DEV_DM depends on BLK_INLINE_ENCRYPTION + # dm-default-key doesn't require -o inlinecrypt, but it does currently + # rely on the inline encryption hooks being built into the kernel. + depends on FS_ENCRYPTION_INLINE_CRYPT help This device-mapper target allows you to create a device that assigns a default encryption key to bios that aren't for the