From: Eric Biggers <ebiggers@kernel.org>
To: Daniel Vacek <neelx@suse.com>
Cc: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Jens Axboe <axboe@kernel.dk>,
David Sterba <dsterba@suse.com>, Jonathan Corbet <corbet@lwn.net>,
Shuah Khan <skhan@linuxfoundation.org>,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org
Subject: Re: [PATCH v7 08/43] fscrypt: add documentation about extent encryption
Date: Mon, 1 Jun 2026 16:43:21 -0700 [thread overview]
Message-ID: <20260601234321.GE25574@quark> (raw)
In-Reply-To: <20260513085340.3673127-9-neelx@suse.com>
On Wed, May 13, 2026 at 10:52:42AM +0200, Daniel Vacek wrote:
> From: Josef Bacik <josef@toxicpanda.com>
>
> Add a couple of sections to the fscrypt documentation about per-extent
> encryption.
A few things that were missed:
- "Contents encryption" section should be updated to document how
extents are encrypted
- btrfs should be added to the list of filesystems in the introduction
section and in the "Tests" section
- "Read-only kernel memory compromise" should be updated to mention the
new limitation which extent-based encryption creates.
Maybe after the sentence "Per-file keys for in-use files will *not* be
removed or wiped.", insert "On filesystems that use per-extent
encryption, master keys for in-use files will not be wiped either."
The list of filesystems can also be found in the help text for the
CONFIG_FS_ENCRYPTION kconfig. That should be updated too.
> +For certain file systems, such as btrfs, it's desired to derive a
> +per-extent encryption key. This is to enable features such as snapshots
It's necessary, not just "desired". The per-file keys just don't work
when multiple files can share the same extents.
> +Currently the inode's master key and encryption policy must match the
> +extent, so you cannot share extents between inodes that were encrypted
> +differently.
Here's another instance of "the inode". It should say something like:
Currently, each extent's master key and encryption mode always match the
corresponding values from each inode that shares the extent.
> +The extent encryption context mirrors the important parts of the above
> +`Encryption context`_, with a few omissions. The struct is defined as
> +follows::
> +
> + struct fscrypt_extent_context {
> + u8 version;
> + u8 encryption_mode;
> + u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
> + u8 nonce[FSCRYPT_FILE_NONCE_SIZE];
> + };
> +
> +Currently all fields much match the containing inode's encryption
> +context, with the exception of the nonce.
> +
> +Additionally extent encryption is only supported with
> +FSCRYPT_EXTENT_CONTEXT_V2 using the standard policy; all other policies
> +are disallowed.
FSCRYPT_EXTENT_CONTEXT_V2 should say FSCRYPT_EXTENT_CONTEXT_V1.
Both version and nonce are exceptions, not just nonce.
Unclear what "the standard policy" is.
- Eric
next prev parent reply other threads:[~2026-06-01 23:43 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 8:52 [PATCH v7 00/43] btrfs: add fscrypt support Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 01/43] fscrypt: add per-extent encryption support Daniel Vacek
2026-06-01 22:44 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 02/43] fscrypt: allow inline encryption for extent based encryption Daniel Vacek
2026-06-01 22:49 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 03/43] fscrypt: add a __fscrypt_file_open helper Daniel Vacek
2026-06-02 2:33 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 04/43] fscrypt: conditionally don't wipe mk secret until the last active user is done Daniel Vacek
2026-06-01 23:04 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 05/43] blk-crypto: add a process bio callback Daniel Vacek
2026-06-01 23:09 ` Eric Biggers
2026-06-02 2:48 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 06/43] fscrypt: add a process_bio hook to fscrypt_operations Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 07/43] fscrypt: expose fscrypt_nokey_name Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 08/43] fscrypt: add documentation about extent encryption Daniel Vacek
2026-06-01 23:43 ` Eric Biggers [this message]
2026-05-13 8:52 ` [PATCH v7 09/43] btrfs: add infrastructure for safe em freeing Daniel Vacek
2026-06-02 2:54 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 10/43] btrfs: start using fscrypt hooks Daniel Vacek
2026-06-02 3:12 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 11/43] btrfs: add inode encryption contexts Daniel Vacek
2026-06-02 3:25 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 12/43] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Daniel Vacek
2026-06-02 3:27 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 13/43] btrfs: adapt readdir for encrypted and nokey names Daniel Vacek
2026-06-01 23:44 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 14/43] btrfs: handle " Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 15/43] btrfs: implement fscrypt ioctls Daniel Vacek
2026-06-02 2:35 ` Eric Biggers
2026-05-13 8:52 ` [PATCH v7 16/43] btrfs: select encryption dependencies if FS_ENCRYPTION Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 17/43] btrfs: add get_devices hook for fscrypt Daniel Vacek
2026-05-22 9:19 ` Christoph Hellwig
2026-05-22 12:00 ` Daniel Vacek
2026-05-22 12:17 ` Christoph Hellwig
2026-05-29 14:51 ` Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 18/43] btrfs: set file extent encryption excplicitly Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 19/43] btrfs: add fscrypt_info and encryption_type to extent_map Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 20/43] btrfs: add fscrypt_info and encryption_type to ordered_extent Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 21/43] btrfs: plumb through setting the fscrypt_info for ordered extents Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 22/43] btrfs: populate the ordered_extent with the fscrypt context Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 23/43] btrfs: keep track of fscrypt info and orig_start for dio reads Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 24/43] btrfs: add extent encryption context tree item type Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 25/43] btrfs: pass through fscrypt_extent_info to the file extent helpers Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 26/43] btrfs: implement the fscrypt extent encryption hooks Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 27/43] btrfs: setup fscrypt_extent_info for new extents Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 28/43] btrfs: populate ordered_extent with the orig offset Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 29/43] btrfs: set the bio fscrypt context when applicable Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 30/43] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 31/43] btrfs: limit encrypted writes to 256 segments Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 32/43] btrfs: implement process_bio cb for fscrypt Daniel Vacek
2026-05-22 9:19 ` Christoph Hellwig
2026-05-29 15:43 ` Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 33/43] btrfs: implement read repair for encryption Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 34/43] btrfs: add test_dummy_encryption support Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 35/43] btrfs: make btrfs_ref_to_path handle encrypted filenames Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 36/43] btrfs: deal with encrypted symlinks in send Daniel Vacek
2026-06-02 2:42 ` Eric Biggers
2026-05-13 8:53 ` [PATCH v7 37/43] btrfs: decrypt file names for send Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 38/43] btrfs: load the inode context before sending writes Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 39/43] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 40/43] btrfs: support encryption with log replay Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 41/43] btrfs: disable auto defrag on encrypted files Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 42/43] btrfs: disable encryption on RAID5/6 Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 43/43] btrfs: disable send if we have encryption enabled Daniel Vacek
2026-05-22 7:00 ` [PATCH v7 00/43] btrfs: add fscrypt support Daniel Vacek
2026-05-31 0:28 ` Eric Biggers
2026-06-01 18:57 ` David Sterba
2026-06-01 20:09 ` Eric Biggers
2026-06-02 2:25 ` Eric Biggers
2026-06-02 4:19 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260601234321.GE25574@quark \
--to=ebiggers@kernel.org \
--cc=axboe@kernel.dk \
--cc=clm@fb.com \
--cc=corbet@lwn.net \
--cc=dsterba@suse.com \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neelx@suse.com \
--cc=skhan@linuxfoundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.