From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Eric Biggers <ebiggers@kernel.org>, Chris Mason <clm@fb.com>,
Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v4 06/21] fscrypt: document btrfs' fscrypt quirks.
Date: Mon, 24 Oct 2022 19:13:16 -0400 [thread overview]
Message-ID: <686fce255e979bd8805e194c7288b80f2ceddbe0.1666651724.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1666651724.git.sweettea-kernel@dorminy.me>
As btrfs has a couple of quirks in its encryption compared to other
filesystems, they should be documented like ext4's quirks. Additionally,
extent-based contents encryption, being wholly new, deserves its own
section to compare against inode-based contents encryption.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
---
Documentation/filesystems/fscrypt.rst | 31 +++++++++++++++++++++------
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 5ba5817c17c2..2ced42afd58b 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -31,7 +31,7 @@ However, except for filenames, fscrypt does not encrypt filesystem
metadata.
Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated
-directly into supported filesystems --- currently ext4, F2FS, and
+directly into supported filesystems --- currently btrfs, ext4, F2FS, and
UBIFS. This allows encrypted files to be read and written without
caching both the decrypted and encrypted pages in the pagecache,
thereby nearly halving the memory used and bringing it in line with
@@ -280,6 +280,11 @@ included in the IV. Moreover:
key derived using the KDF. Users may use the same master key for
other v2 encryption policies.
+For filesystems with extent-based content encryption (e.g. btrfs),
+this is the only choice. Data shared among multiple inodes must share
+the exact same key, therefore necessitating inodes using the same key
+for contents encryption.
+
IV_INO_LBLK_64 policies
-----------------------
@@ -374,12 +379,12 @@ to individual filesystems. However, authenticated encryption (AE)
modes are not currently supported because of the difficulty of dealing
with ciphertext expansion.
-Contents encryption
--------------------
+Inode-based contents encryption
+------------------------------
-For file contents, each filesystem block is encrypted independently.
-Starting from Linux kernel 5.5, encryption of filesystems with block
-size less than system's page size is supported.
+For most filesystems, each filesystem block within each file is
+encrypted independently. Starting from Linux kernel 5.5, encryption of
+filesystems with block size less than system's page size is supported.
Each block's IV is set to the logical block number within the file as
a little endian number, except that:
@@ -403,6 +408,20 @@ Note that because file logical block numbers are included in the IVs,
filesystems must enforce that blocks are never shifted around within
encrypted files, e.g. via "collapse range" or "insert range".
+Extent-based contents encryption
+--------------------------------
+
+For certain filesystems (currently only btrfs), data is encrypted on a
+per-extent basis. Each filesystem block in a data extent is encrypted
+independently. Multiple files may refer to the extent, as long as they
+all share the same key. The filesystem may relocate the extent on disk,
+as long as the encrypted data within the extent retains its offset
+within the data extent.
+
+Each extent stores a nonce; each block within the extent has an IV
+based on this nonce and the logical block number within the extent as a
+little endian number.
+
Filenames encryption
--------------------
--
2.35.1
next prev parent reply other threads:[~2022-10-25 0:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 23:13 [PATCH v4 00/21] btrfs: add fscrypt integration Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 01/21] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 02/21] fscrypt: add fscrypt_have_same_policy() to check inode compatibility Sweet Tea Dorminy
2022-10-27 18:57 ` Omar Sandoval
2022-10-24 23:13 ` [PATCH v4 03/21] fscrypt: allow fscrypt_generate_iv() to distinguish filenames Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 04/21] fscrypt: add extent-based encryption Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 05/21] fscrypt: direct key policies for " Sweet Tea Dorminy
2022-10-24 23:13 ` Sweet Tea Dorminy [this message]
2022-10-24 23:13 ` [PATCH v4 07/21] btrfs: use struct qstr instead of name and namelen Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 08/21] btrfs: setup qstrings from dentrys using fscrypt helper Sweet Tea Dorminy
2022-10-25 13:14 ` Filipe Manana
2022-10-31 15:42 ` David Sterba
2022-10-24 23:13 ` [PATCH v4 09/21] btrfs: use struct fscrypt_str instead of struct qstr Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 10/21] btrfs: store directory encryption state Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 11/21] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 12/21] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 13/21] btrfs: add fscrypt_context items Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 14/21] btrfs: translate btrfs encryption flags and encrypted inode flag Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 15/21] btrfs: store a fscrypt extent context per normal file extent Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 16/21] btrfs: encrypt normal file extent data if appropriate Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 17/21] btrfs: Add new FEATURE_INCOMPAT_ENCRYPT feature flag Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 18/21] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 19/21] btrfs: permit searching for nokey names for removal Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 20/21] btrfs: use correct name hash for nokey names Sweet Tea Dorminy
2022-10-24 23:13 ` [PATCH v4 21/21] btrfs: encrypt verity items Sweet Tea Dorminy
2022-10-25 12:35 ` [PATCH v4 00/21] btrfs: add fscrypt integration David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=686fce255e979bd8805e194c7288b80f2ceddbe0.1666651724.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).