From: Josef Bacik <josef@toxicpanda.com>
To: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Cc: Chris Mason <clm@fb.com>, David Sterba <dsterba@suse.com>,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
kernel-team@meta.com, linux-btrfs@vger.kernel.org,
linux-fscrypt@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v3 00/16] fscrypt: add extent encryption
Date: Wed, 9 Aug 2023 15:52:12 -0400 [thread overview]
Message-ID: <20230809195212.GA2561679@perftesting> (raw)
In-Reply-To: <cover.1691505882.git.sweettea-kernel@dorminy.me>
On Tue, Aug 08, 2023 at 01:08:17PM -0400, Sweet Tea Dorminy wrote:
> This changeset adds extent-based data encryption to fscrypt.
> Some filesystems need to encrypt data based on extents, rather than on
> inodes, due to features incompatible with inode-based encryption. For
> instance, btrfs can have multiple inodes referencing a single block of
> data, and moves logical data blocks to different physical locations on
> disk in the background.
>
> As per discussion last year in [1] and later in [2], we would like to
> allow the use of fscrypt with btrfs, with authenticated encryption. This
> is the first step of that work, adding extent-based encryption to
> fscrypt; authenticated encryption is the next step. Extent-based
> encryption should be usable by other filesystems which wish to support
> snapshotting or background data rearrangement also, but btrfs is the
> first user.
>
> This changeset requires extent encryption to use inlinecrypt, as
> discussed previously.
>
> This applies atop [3], which itself is based on kdave/misc-next. It
> passes encryption fstests with suitable changes to btrfs-progs.
>
> Changelog:
> v3:
> - Added four additional changes:
> - soft-deleting keys that extent infos might later need to use, so
> the behavior of an open file after key removal matches inode-based
> fscrypt.
> - a set of changes to allow asynchronous info freeing for extents,
> necessary due to locking constraints in btrfs.
>
> v2:
> - https://lore.kernel.org/linux-fscrypt/cover.1688927487.git.sweettea-kernel@dorminy.me/T/#t
>
>
> [1] https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing
> [2] https://lore.kernel.org/linux-fscrypt/80496cfe-161d-fb0d-8230-93818b966b1b@dorminy.me/T/#t
> [3] https://lore.kernel.org/linux-fscrypt/cover.1691505830.git.sweettea-kernel@dorminy.me/
>
Other than the patches I had comments about this series looks good to me. You
can add
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
to the series once you've cleaned up my other comments.
Eric I did my best to try and review these in the context of all the code, I've
gone and looked at how it ties into the btrfs stuff and I've looked at the final
state of the code, it looks good to me, but clearly I don't have the experience
in this code that Sweet Tea or you have. Thanks,
Josef
next prev parent reply other threads:[~2023-08-09 19:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 17:08 [PATCH v3 00/16] fscrypt: add extent encryption Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 01/16] fscrypt: factor helper for locking master key Sweet Tea Dorminy
2023-08-09 17:53 ` Josef Bacik
2023-08-08 17:08 ` [PATCH v3 02/16] fscrypt: factor getting info for a specific block Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 03/16] fscrypt: adjust effective lblks based on extents Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 04/16] fscrypt: add a super_block pointer to fscrypt_info Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 05/16] fscrypt: setup leaf inodes for extent encryption Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 06/16] fscrypt: allow infos to be owned by extents Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 07/16] fscrypt: use an optional ino equivalent for per-extent infos Sweet Tea Dorminy
2023-08-09 18:51 ` Josef Bacik
2023-08-08 17:08 ` [PATCH v3 08/16] fscrypt: move function call warning of busy inodes Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 09/16] fscrypt: revamp key removal for extent encryption Sweet Tea Dorminy
2023-08-12 22:54 ` Eric Biggers
2023-08-08 17:08 ` [PATCH v3 10/16] fscrypt: add creation/usage/freeing of per-extent infos Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 11/16] fscrypt: allow load/save of extent contexts Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 12/16] fscrypt: save session key credentials for extent infos Sweet Tea Dorminy
2023-08-12 22:34 ` Eric Biggers
2023-08-08 17:08 ` [PATCH v3 13/16] fscrypt: allow multiple extents to reference one info Sweet Tea Dorminy
2023-08-10 15:51 ` Luís Henriques
2023-08-11 16:39 ` Sweet Tea Dorminy
2023-08-08 17:08 ` [PATCH v3 14/16] fscrypt: cache list of inlinecrypt devices Sweet Tea Dorminy
2023-08-12 22:41 ` Eric Biggers
2023-08-08 17:08 ` [PATCH v3 15/16] fscrypt: allow asynchronous info freeing Sweet Tea Dorminy
2023-08-12 22:43 ` Eric Biggers
2023-08-08 17:08 ` [PATCH v3 16/16] fscrypt: update documentation for per-extent keys Sweet Tea Dorminy
2023-08-09 19:52 ` Josef Bacik [this message]
2023-08-10 4:55 ` [PATCH v3 00/16] fscrypt: add extent encryption Eric Biggers
2023-08-10 9:52 ` Neal Gompa
2023-08-10 14:11 ` Sweet Tea Dorminy
2023-08-10 17:17 ` Eric Biggers
2023-08-12 22:15 ` Eric Biggers
2023-08-15 15:12 ` Josef Bacik
2023-08-16 3:37 ` Eric Biggers
2023-08-16 14:42 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230809195212.GA2561679@perftesting \
--to=josef@toxicpanda.com \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).