From: Eric Biggers <ebiggers@kernel.org>
To: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Cc: linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-doc@vger.kernel.org, linux-mips@linux-mips.org,
linux-s390@vger.kernel.org, linux-mtd@lists.infradead.org,
linux-fsdevel@vger.kernel.org, tytso@mit.edu,
adilger.kernel@dilger.ca, jaegeuk@kernel.org, yuchao0@huawei.com,
corbet@lwn.net, ralf@linux-mips.org, paul.burton@mips.com,
jhogan@kernel.org, green.hu@gmail.com, deanbo422@gmail.com,
schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com,
richard@nod.at, dedekind1@gmail.com, adrian.hunter@intel.com,
viro@zeniv.linux.org.uk
Subject: Re: [PATCH V2 3/7] fscrypt: remove filesystem specific build config option
Date: Tue, 4 Dec 2018 15:43:21 -0800 [thread overview]
Message-ID: <20181204234320.GC70682@gmail.com> (raw)
In-Reply-To: <20181204095650.12562-4-chandan@linux.vnet.ibm.com>
Hi Chandan,
On Tue, Dec 04, 2018 at 03:26:46PM +0530, Chandan Rajendra wrote:
> In order to have a common code base for fscrypt "post read" processing
> for all filesystems which support encryption, this commit removes
> filesystem specific build config option (e.g. CONFIG_EXT4_FS_ENCRYPTION)
> and replaces it with a build option (i.e. CONFIG_FS_ENCRYPTION) whose
> value affects all the filesystems making use of fscrypt.
>
> Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
[...]
> -config F2FS_FS_ENCRYPTION
> - bool "F2FS Encryption"
> - depends on F2FS_FS
> - depends on F2FS_FS_XATTR
> - select FS_ENCRYPTION
> - help
> - Enable encryption of f2fs files and directories. This
> - feature is similar to ecryptfs, but it is more memory
> - efficient since it avoids caching the encrypted and
> - decrypted pages in the page cache.
> -
[...]
> -config UBIFS_FS_ENCRYPTION
> - bool "UBIFS Encryption"
> - depends on UBIFS_FS && UBIFS_FS_XATTR && BLOCK
> - select FS_ENCRYPTION
> - default n
> - help
> - Enable encryption of UBIFS files and directories. This
> - feature is similar to ecryptfs, but it is more memory
> - efficient since it avoids caching the encrypted and
> - decrypted pages in the page cache.
Will it cause problems that now f2fs encryption can be "enabled" without
F2FS_FS_XATTR, and ubifs encryption without UBIFS_FS_XATTR && BLOCK?
Otherwise I think this patch looks fine. I'm a bit concerned about the bloat
from making FS_ENCRYPTION non-modular, but given that it will make sharing I/O
code much easier, it's probably worthwhile.
It would help to strip down the dependencies of FS_ENCRYPTION to just the stuff
needed for just AES-256-XTS and AES-256-CTS. I already sent out a patch a
couple months ago (https://patchwork.kernel.org/patch/10589319/) to remove
CONFIG_CTR which isn't used at all; I'll remind Ted to apply that. But we could
also drop CONFIG_SHA256, which is only needed for AES-128-CBC contents
encryption. If we do that, it should be a separate patch, though.
Thanks,
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Cc: linux-mips@linux-mips.org, linux-doc@vger.kernel.org,
jhogan@kernel.org, heiko.carstens@de.ibm.com,
linux-mtd@lists.infradead.org, deanbo422@gmail.com,
linux-s390@vger.kernel.org, corbet@lwn.net, richard@nod.at,
linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org,
green.hu@gmail.com, jaegeuk@kernel.org, tytso@mit.edu,
dedekind1@gmail.com, adrian.hunter@intel.com,
ralf@linux-mips.org, linux-f2fs-devel@lists.sourceforge.net,
paul.burton@mips.com, schwidefsky@de.ibm.com,
adilger.kernel@dilger.ca, viro@zeniv.linux.org.uk
Subject: Re: [PATCH V2 3/7] fscrypt: remove filesystem specific build config option
Date: Tue, 4 Dec 2018 15:43:21 -0800 [thread overview]
Message-ID: <20181204234320.GC70682@gmail.com> (raw)
In-Reply-To: <20181204095650.12562-4-chandan@linux.vnet.ibm.com>
Hi Chandan,
On Tue, Dec 04, 2018 at 03:26:46PM +0530, Chandan Rajendra wrote:
> In order to have a common code base for fscrypt "post read" processing
> for all filesystems which support encryption, this commit removes
> filesystem specific build config option (e.g. CONFIG_EXT4_FS_ENCRYPTION)
> and replaces it with a build option (i.e. CONFIG_FS_ENCRYPTION) whose
> value affects all the filesystems making use of fscrypt.
>
> Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
[...]
> -config F2FS_FS_ENCRYPTION
> - bool "F2FS Encryption"
> - depends on F2FS_FS
> - depends on F2FS_FS_XATTR
> - select FS_ENCRYPTION
> - help
> - Enable encryption of f2fs files and directories. This
> - feature is similar to ecryptfs, but it is more memory
> - efficient since it avoids caching the encrypted and
> - decrypted pages in the page cache.
> -
[...]
> -config UBIFS_FS_ENCRYPTION
> - bool "UBIFS Encryption"
> - depends on UBIFS_FS && UBIFS_FS_XATTR && BLOCK
> - select FS_ENCRYPTION
> - default n
> - help
> - Enable encryption of UBIFS files and directories. This
> - feature is similar to ecryptfs, but it is more memory
> - efficient since it avoids caching the encrypted and
> - decrypted pages in the page cache.
Will it cause problems that now f2fs encryption can be "enabled" without
F2FS_FS_XATTR, and ubifs encryption without UBIFS_FS_XATTR && BLOCK?
Otherwise I think this patch looks fine. I'm a bit concerned about the bloat
from making FS_ENCRYPTION non-modular, but given that it will make sharing I/O
code much easier, it's probably worthwhile.
It would help to strip down the dependencies of FS_ENCRYPTION to just the stuff
needed for just AES-256-XTS and AES-256-CTS. I already sent out a patch a
couple months ago (https://patchwork.kernel.org/patch/10589319/) to remove
CONFIG_CTR which isn't used at all; I'll remind Ted to apply that. But we could
also drop CONFIG_SHA256, which is only needed for AES-128-CBC contents
encryption. If we do that, it should be a separate patch, though.
Thanks,
- Eric
next prev parent reply other threads:[~2018-12-04 23:43 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-04 9:56 [PATCH V2 0/7] Remove fs specific fscrypt and fsverity build config options Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 9:56 ` [PATCH V2 1/7] ext4: use IS_ENCRYPTED() to check encryption status Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:12 ` Eric Biggers
2018-12-04 23:12 ` Eric Biggers
2018-12-04 9:56 ` [PATCH V2 2/7] f2fs: " Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:16 ` Eric Biggers
2018-12-04 23:16 ` Eric Biggers
2018-12-04 9:56 ` [PATCH V2 3/7] fscrypt: remove filesystem specific build config option Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:43 ` Eric Biggers [this message]
2018-12-04 23:43 ` Eric Biggers
2018-12-08 7:07 ` Chandan Rajendra
2018-12-08 7:07 ` Chandan Rajendra
2018-12-10 18:04 ` Eric Biggers
2018-12-10 18:04 ` Eric Biggers
2018-12-05 0:05 ` Eric Biggers
2018-12-05 0:05 ` Eric Biggers
2018-12-12 1:52 ` Guenter Roeck
2018-12-12 1:52 ` Guenter Roeck
2018-12-12 2:48 ` Eric Biggers
2018-12-12 2:48 ` Eric Biggers
2018-12-12 3:16 ` Guenter Roeck
2018-12-12 3:16 ` Guenter Roeck
2018-12-12 6:27 ` Chandan Rajendra
2018-12-12 6:27 ` Chandan Rajendra
2018-12-04 9:56 ` [PATCH V2 4/7] Add S_VERITY and IS_VERITY() Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:49 ` Eric Biggers
2018-12-04 23:49 ` Eric Biggers
2018-12-04 9:56 ` [PATCH V2 5/7] ext4: use IS_VERITY() to check inode's fsverity status Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:55 ` Eric Biggers
2018-12-04 23:55 ` Eric Biggers
2018-12-04 9:56 ` [PATCH V2 6/7] f2fs: " Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-04 23:57 ` Eric Biggers
2018-12-04 23:57 ` Eric Biggers
2018-12-04 9:56 ` [PATCH V2 7/7] fsverity: Remove filesystem specific build config option Chandan Rajendra
2018-12-04 9:56 ` Chandan Rajendra
2018-12-05 0:08 ` Eric Biggers
2018-12-05 0:08 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181204234320.GC70682@gmail.com \
--to=ebiggers@kernel.org \
--cc=adilger.kernel@dilger.ca \
--cc=adrian.hunter@intel.com \
--cc=chandan@linux.vnet.ibm.com \
--cc=corbet@lwn.net \
--cc=deanbo422@gmail.com \
--cc=dedekind1@gmail.com \
--cc=green.hu@gmail.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jaegeuk@kernel.org \
--cc=jhogan@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=paul.burton@mips.com \
--cc=ralf@linux-mips.org \
--cc=richard@nod.at \
--cc=schwidefsky@de.ibm.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=yuchao0@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.