From: Anand Jain <anand.jain@oracle.com>
To: Chris Mason <clm@fb.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Alex Elsayed <eternaleye@gmail.com>,
linux-btrfs@vger.kernel.org
Subject: Re: Experimental btrfs encryption
Date: Wed, 21 Sep 2016 21:52:04 +0800 [thread overview]
Message-ID: <eaca18c1-9022-9705-a8e5-1ccac9b39c22@oracle.com> (raw)
In-Reply-To: <12484cc6-b5ca-e507-157e-5eb48d9a4edf@fb.com>
> So there's a matrix of possible configurations. If you're doing a
> reflink between subvolumes and you're doing a subvolume granular
> encryption and you don't have keys to the source subvolume, the reflink
> shouldn't be allowed.
Right, this is working.
> If you do have keys, any new writes are happening
> into a different inode, and will be encrypted with a different key.
As of now it returns -EXDEV. But I should change this.
> If you're doing a file level encryption and you do have access to the
> source file, the destination file is a new inode. Thanks to COW any
> changes are going to go into new extents and will end up with different
> keys/nonces.
> Either way, we degrade down into extent based encryption. I'd take that
> hit to maintain sane semantics in the face of snapshots and reflinks.
> The btrfs extent structures on disk already have an encryption type field.
Agreed. About keys.. a file might need N number of keys (N = number of
extents) to open.
Thanks, Anand
>>
>> So in any case, assuming you're using block encryption (which is what
>> fscrypt uses) there really isn't a problem with nonce reuse, although
>> in some cases if you really do want to reflink a file and have it be
>> protected by different user keys, this would have to force copy of the
>> duplicated blocks at that point. But arguably, that is a feature, not
>> a bug. If the two users are mutually suspicious, you don't _want_ to
>> leak information about who much of a particular file had been changed
>> by a particular user. So you would want to break the reflink and have
>> separate copies for both users anyway.
>>
>>
>> One final thought --- something which is really going to be a factor
>> in many use cases is going to be hardware accelerated encryption. For
>> example, Qualcomm is already shipping an SOC where the encryption can
>> be done in the data path between the CPU and the eMMC storage device.
>> If you want to support certain applications that try to read megabytes
>> and megabytes of data before painting a single pixel, in-line hardware
>> crypto at line speeds is going to be critical if you don't want to
>> sacrifice performance, and keep users from being cranky because it
>> took extra seconds before they could start reading their news feed (or
>> saving bird eggs from voracious porcine predators, or whatever).
>>
>> This may very well be an issue in the future not just for mobile
>> devices, but I could imagine this potentially being an issue for other
>> form factors as well. Yes, Skylake can encrypt multiple bytes per
>> clock cycle using the miracles of hardware acceleration and
>> pipelining. But in-line encryption will still have the advantage of
>> avoiding the memory bandwidth costs. So while it is fun to talk about
>> exotic encryption modes, it would be wise to have file system
>> encryption architectures to have modes which are compatible with
>> hardware in-line encryption schemes.
>>
>
> Strongly agree here. This is the whole reason btrfs used crc32c, but
> times 100 (or maybe 1000). I love that Kent and others are
> experimenting in bcachefs and elsewhere. Btrfs can always bring in new
> schemes that work well once the framework is in place, but its not an
> area where I have enough expertise to get exotic on the first try.
>
> -chris
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-09-21 13:50 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-13 13:39 [RFC] Preliminary BTRFS Encryption Anand Jain
2016-09-13 13:39 ` [PATCH] btrfs: Encryption: Add btrfs encryption support Anand Jain
2016-09-13 14:12 ` kbuild test robot
2016-09-13 14:24 ` kbuild test robot
2016-09-13 16:10 ` kbuild test robot
2016-09-13 13:39 ` [PATCH 1/2] btrfs-progs: make wait_for_commit non static Anand Jain
2016-09-13 13:39 ` [PATCH 2/2] btrfs-progs: add encryption support Anand Jain
2016-09-13 13:39 ` [PATCH] fstests: btrfs: support encryption Anand Jain
2016-09-13 16:42 ` [RFC] Preliminary BTRFS Encryption Wilson Meier
2016-09-14 7:02 ` Anand Jain
2016-09-14 18:26 ` Wilson Meier
2016-09-15 4:53 ` Alex Elsayed
2016-09-15 11:33 ` Anand Jain
2016-09-15 11:47 ` Alex Elsayed
2016-09-16 11:35 ` Anand Jain
2016-09-15 5:38 ` Chris Murphy
2016-09-15 11:32 ` Anand Jain
2016-09-15 11:37 ` Austin S. Hemmelgarn
2016-09-15 14:06 ` Anand Jain
2016-09-15 14:24 ` Austin S. Hemmelgarn
2016-09-16 8:58 ` David Sterba
2016-09-17 2:18 ` Zygo Blaxell
2016-09-16 1:12 ` Dave Chinner
2016-09-16 5:47 ` Roman Mamedov
2016-09-16 6:49 ` Alex Elsayed
2016-09-17 4:38 ` Zygo Blaxell
2016-09-17 6:37 ` Alex Elsayed
2016-09-19 18:08 ` Zygo Blaxell
2016-09-19 20:01 ` Alex Elsayed
2016-09-19 22:22 ` Zygo Blaxell
2016-09-19 22:25 ` Chris Murphy
2016-09-19 22:31 ` Zygo Blaxell
2016-09-20 1:10 ` Zygo Blaxell
2016-09-17 18:45 ` David Sterba
2016-09-20 14:26 ` Anand Jain
2016-09-16 10:45 ` Brendan Hide
2016-09-16 11:46 ` Anand Jain
2016-09-16 8:49 ` David Sterba
2016-09-16 11:56 ` Anand Jain
2016-09-17 20:35 ` David Sterba
2016-09-18 8:34 ` RAID1 availability issue[2], Hot-spare and auto-replace Anand Jain
2016-09-18 17:28 ` Chris Murphy
2016-09-18 17:34 ` Chris Murphy
2016-09-19 2:25 ` Anand Jain
2016-09-19 12:07 ` Austin S. Hemmelgarn
2016-09-19 12:25 ` Austin S. Hemmelgarn
2016-09-18 9:54 ` [RFC] Preliminary BTRFS Encryption Anand Jain
2016-09-20 0:12 ` Chris Mason
2016-09-20 0:55 ` Anand Jain
2016-09-17 6:58 ` Eric Biggers
2016-09-17 7:13 ` Alex Elsayed
2016-09-19 18:57 ` Zygo Blaxell
2016-09-19 19:50 ` Alex Elsayed
2016-09-19 22:12 ` Zygo Blaxell
2016-09-17 16:12 ` Anand Jain
2016-09-17 18:57 ` Chris Murphy
2016-09-19 15:15 ` Experimental btrfs encryption Theodore Ts'o
2016-09-19 20:58 ` Alex Elsayed
2016-09-20 0:32 ` Chris Mason
2016-09-20 2:47 ` Alex Elsayed
2016-09-20 2:50 ` Theodore Ts'o
2016-09-20 3:05 ` Alex Elsayed
2016-09-20 4:09 ` Zygo Blaxell
2016-09-20 15:44 ` Chris Mason
2016-09-21 13:52 ` Anand Jain [this message]
2016-09-20 4:05 ` Anand Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eaca18c1-9022-9705-a8e5-1ccac9b39c22@oracle.com \
--to=anand.jain@oracle.com \
--cc=clm@fb.com \
--cc=eternaleye@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).