From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
kernel-team@meta.com, linux-btrfs@vger.kernel.org,
linux-fscrypt@vger.kernel.org
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v1 00/17] btrfs: add encryption feature
Date: Wed, 28 Jun 2023 20:35:23 -0400 [thread overview]
Message-ID: <cover.1687988380.git.sweettea-kernel@dorminy.me> (raw)
This is a changeset adding encryption to btrfs. It is not complete; it
does not support inline data or verity or authenticated encryption. It
is primarily intended as a proof that the fscrypt extent encryption
changeset it builds on work.
As per the design doc refined in the fall of last year [1], btrfs
encryption has several steps: first, adding extent encryption to fscrypt
and then btrfs; second, adding authenticated encryption support to the
block layer, fscrypt, and then btrfs; and later adding potentially the
ability to change the key used by a directory (either for all data or
just newly written data) and/or allowing use of inline extents and
verity items in combination with encryption and/or enabling send/receive
of encrypted volumes. As such, this change is only the first step and is
unsafe.
This change does not pass a couple of encryption xfstests, because of
different properties of extent encryption. It hasn't been tested with
direct IO or RAID. Because currently extent encryption always uses inline
encryption (i.e. IO-block-only) for data encryption, it does not support
encryption of inline extents; similarly, since btrfs stores verity items
in the tree instead of in inline encryptable blocks on disk as other
filesystems do, btrfs cannot currently encrypt verity items. Finally,
this is insecure; the checksums are calculated on the unencrypted data
and stored unencrypted, which is a potential information leak. (This
will be addressed by authenticated encryption).
This changeset is built on two prior changesets to fscrypt: [2] and [3]
and should have no effect on unencrypted usage.
[1] https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing
[2]
https://lore.kernel.org/linux-fscrypt/cover.1687988119.git.sweettea-kernel@dorminy.me/
[3]
https://lore.kernel.org/linux-fscrypt/cover.1687988246.git.sweettea-kernel@dorminy.me
Omar Sandoval (7):
btrfs: disable various operations on encrypted inodes
fscrypt: expose fscrypt_nokey_name
btrfs: start using fscrypt hooks
btrfs: add inode encryption contexts
btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag
btrfs: adapt readdir for encrypted and nokey names
btrfs: implement fscrypt ioctls
Sweet Tea Dorminy (10):
btrfs: disable verity on encrypted inodes
btrfs: use correct name hash for nokey names
btrfs: add encryption to CONFIG_BTRFS_DEBUG
btrfs: add get_devices hook for fscrypt
btrfs: turn on inlinecrypt mount option for encrypt
btrfs: turn on the encryption ioctls
btrfs: create and free extent fscrypt_infos
btrfs: start tracking extent encryption context info
btrfs: explicitly track file extent length and encryption
btrfs: save and load fscrypt extent contexts
fs/btrfs/Kconfig | 2 +-
fs/btrfs/Makefile | 1 +
fs/btrfs/accessors.h | 31 +++
fs/btrfs/btrfs_inode.h | 3 +-
fs/btrfs/ctree.h | 2 +
fs/btrfs/delayed-inode.c | 30 ++-
fs/btrfs/delayed-inode.h | 4 +-
fs/btrfs/dir-item.c | 81 ++++++--
fs/btrfs/dir-item.h | 13 +-
fs/btrfs/extent_io.c | 49 +++++
fs/btrfs/extent_io.h | 3 +
fs/btrfs/extent_map.c | 9 +
fs/btrfs/extent_map.h | 3 +
fs/btrfs/file-item.c | 29 +++
fs/btrfs/file.c | 11 +-
fs/btrfs/fs.h | 7 +-
fs/btrfs/fscrypt.c | 236 ++++++++++++++++++++++
fs/btrfs/fscrypt.h | 61 ++++++
fs/btrfs/inode.c | 333 +++++++++++++++++++++++++-------
fs/btrfs/ioctl.c | 42 +++-
fs/btrfs/reflink.c | 8 +
fs/btrfs/root-tree.c | 8 +-
fs/btrfs/root-tree.h | 2 +-
fs/btrfs/super.c | 17 ++
fs/btrfs/tree-checker.c | 37 +++-
fs/btrfs/tree-log.c | 28 ++-
fs/btrfs/verity.c | 3 +
fs/crypto/fname.c | 39 +---
include/linux/fscrypt.h | 37 ++++
include/uapi/linux/btrfs.h | 1 +
include/uapi/linux/btrfs_tree.h | 20 ++
31 files changed, 1004 insertions(+), 146 deletions(-)
create mode 100644 fs/btrfs/fscrypt.c
create mode 100644 fs/btrfs/fscrypt.h
base-commit: 212cb3d0b8f4abf657671f05dbe0b3d9d858211d
--
2.40.1
next reply other threads:[~2023-06-29 0:36 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 0:35 Sweet Tea Dorminy [this message]
2023-06-29 0:35 ` [PATCH v1 01/17] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2023-07-07 23:36 ` Boris Burkov
2023-07-17 1:42 ` Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 02/17] btrfs: disable verity " Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 03/17] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 04/17] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 05/17] btrfs: add inode encryption contexts Sweet Tea Dorminy
2023-07-07 23:32 ` Boris Burkov
2023-07-17 1:43 ` Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 06/17] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 07/17] btrfs: adapt readdir for encrypted and nokey names Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 08/17] btrfs: use correct name hash for " Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 09/17] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 10/17] btrfs: add encryption to CONFIG_BTRFS_DEBUG Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 11/17] btrfs: add get_devices hook for fscrypt Sweet Tea Dorminy
2023-06-29 13:20 ` Luís Henriques
2023-06-29 0:35 ` [PATCH v1 12/17] btrfs: turn on inlinecrypt mount option for encrypt Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 13/17] btrfs: turn on the encryption ioctls Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 14/17] btrfs: create and free extent fscrypt_infos Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 15/17] btrfs: start tracking extent encryption context info Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 16/17] btrfs: explicitly track file extent length and encryption Sweet Tea Dorminy
2023-06-29 0:35 ` [PATCH v1 17/17] btrfs: save and load fscrypt extent contexts Sweet Tea Dorminy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1687988380.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox