ext4 crypto: enable HW based encryption with ICE

Numerous changes were introduced to various layers:
Block: removed dependency on selinux module for decision on bio merge
EXT4: Added feature controlled support for HW encryption
PFK: Major re-factoring, separation to eCryptfs and EXT4 sub-layers

Change-Id: I9256c8736e1c16175fe3f94733dda430ccc57980
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>

5 files changed, 56 insertions, 16 deletions

diff --git a/include/linux/ecryptfs.h b/include/linux/ecryptfs.h
index 33d35ea4f937..489b99e37128 100644
--- a/include/linux/ecryptfs.h
+++ b/include/linux/ecryptfs.h
@@ -130,7 +130,7 @@ struct ecryptfs_events {
 	size_t (*get_salt_key_size_cb)(const void *ecrytpfs_data);
 };
 
-
+#ifdef CONFIG_ECRYPT_FS
 int ecryptfs_register_to_events(const struct ecryptfs_events *ops);
 
 int ecryptfs_unregister_from_events(int user_handle);
@@ -151,4 +151,55 @@ bool ecryptfs_is_page_in_metadata(const void *ecrytpfs_data, pgoff_t offset);
 bool ecryptfs_is_data_equal(const void *ecrytpfs_data1,
 		const void *ecrytpfs_data2);
 
+#else
+static inline int ecryptfs_register_to_events(
+	const struct ecryptfs_events *ops)
+{
+	return 1; /* dummy handle */
+}
+
+static int ecryptfs_unregister_from_events(int user_handle)
+{
+	return 0;
+}
+
+static inline const unsigned char *ecryptfs_get_key(const void *ecrytpfs_data)
+{
+	return NULL;
+}
+
+static inline size_t ecryptfs_get_key_size(const void *ecrytpfs_data)
+{
+	return 0;
+}
+
+static inline const unsigned char *ecryptfs_get_salt(const void *ecrytpfs_data)
+{
+	return NULL;
+}
+
+static inline size_t ecryptfs_get_salt_size(const void *ecrytpfs_data)
+{
+	return 0;
+}
+
+static inline bool ecryptfs_cipher_match(const void *ecrytpfs_data,
+		const unsigned char *cipher, size_t cipher_size)
+{
+	return false;
+}
+
+bool ecryptfs_is_page_in_metadata(const void *ecrytpfs_data, pgoff_t offset)
+{
+	return false;
+}
+
+bool ecryptfs_is_data_equal(const void *ecrytpfs_data1,
+		const void *ecrytpfs_data2)
+{
+	return false;
+}
+
+#endif /* CONFIG_ECRYPT_FS */
+
 #endif /* _LINUX_ECRYPTFS_H */
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1919b06f28f4..cf4832db2b29 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1443,7 +1443,6 @@ union security_list_options {
 	int (*file_receive)(struct file *file);
 	int (*file_open)(struct file *file, const struct cred *cred);
 	int (*file_close)(struct file *file);
-	bool (*allow_merge_bio)(struct bio *bio1, struct bio *bio2);
 
 	int (*task_create)(unsigned long clone_flags);
 	void (*task_free)(struct task_struct *task);
@@ -1708,7 +1707,6 @@ struct security_hook_heads {
 	struct list_head file_receive;
 	struct list_head file_open;
 	struct list_head file_close;
-	struct list_head allow_merge_bio;
 	struct list_head task_create;
 	struct list_head task_free;
 	struct list_head cred_alloc_blank;
diff --git a/include/linux/pfk.h b/include/linux/pfk.h
index a7e8ecbea8f5..2fc64442b8ee 100644
--- a/include/linux/pfk.h
+++ b/include/linux/pfk.h
@@ -23,7 +23,7 @@ int pfk_load_key_start(const struct bio *bio,
 		struct ice_crypto_setting *ice_setting, bool *is_pfe, bool);
 int pfk_load_key_end(const struct bio *bio, bool *is_pfe);
 int pfk_remove_key(const unsigned char *key, size_t key_size);
-bool pfk_allow_merge_bio(struct bio *bio1, struct bio *bio2);
+bool pfk_allow_merge_bio(const struct bio *bio1, const struct bio *bio2);
 
 #else
 static inline int pfk_load_key_start(const struct bio *bio,
@@ -48,10 +48,6 @@ static inline bool pfk_allow_merge_bio(const struct bio *bio1,
 	return true;
 }
 
-static inline void pfk_remove_all_keys(void)
-{
-}
-
 #endif /* CONFIG_PFK */
 
 #endif /* PFK_H */
diff --git a/include/linux/pft.h b/include/linux/pft.h
index f2173b89a2a0..818383c73476 100644
--- a/include/linux/pft.h
+++ b/include/linux/pft.h
@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2016, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -55,7 +55,8 @@ static inline int pft_get_key_index(struct bio *bio, u32 *key_index,
 				    bool *is_encrypted, bool *is_inplace)
 { return -ENODEV; }
 
-static inline bool pft_allow_merge_bio(struct bio *bio1, struct bio *bio2)
+static inline bool pft_allow_merge_bio(const struct bio *bio1,
+	const struct bio *bio2)
 { return true; }
 
 static inline int pft_file_permission(struct file *file, int mask)
diff --git a/include/linux/security.h b/include/linux/security.h
index 3de0302aecf2..e3b5efc0eb4b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -293,7 +293,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
 int security_file_receive(struct file *file);
 int security_file_open(struct file *file, const struct cred *cred);
 int security_file_close(struct file *file);
-bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2);
 int security_task_create(unsigned long clone_flags);
 void security_task_free(struct task_struct *task);
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
@@ -826,11 +825,6 @@ static inline int security_file_close(struct file *file)
 	return 0;
 }
 
-static inline int security_allow_merge_bio(struct bio *bio1, struct bio *bio2)
-{
-	return true;
-}
-
 static inline int security_task_create(unsigned long clone_flags)
 {
 	return 0;