From: Eric Biggers <ebiggers@kernel.org>
To: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Cc: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
"Theodore Y . Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@fb.com
Subject: Re: [PATCH 05/21] fscrypt: add new encryption policy for btrfs.
Date: Thu, 18 Aug 2022 15:07:40 -0700 [thread overview]
Message-ID: <Yv64LMFQjs081n3Z@sol.localdomain> (raw)
In-Reply-To: <89d9ff01-c405-ec25-736a-bfba4c03e72c@dorminy.me>
On Wed, Aug 17, 2022 at 11:54:56AM -0400, Sweet Tea Dorminy wrote:
>
>
> On 8/17/22 10:49, Sweet Tea Dorminy wrote:
> > Encryption for btrfs must be extent-based, rather than fscrypt's
> > inode-based IV generation policies. In particular, btrfs can have
> > multiple inodes referencing a single block of data, and moves logical
> > data blocks to different physical locations on disk; these two features
> > mean inode or physical-location-based IV generation policies will not
> > work for btrfs. Instead, btrfs can store an IV per extent, generated by
> > fscrypt and iterated per block within the extent, and provide that IV to
> > fscrypt for encryption/decryption.
> >
> > Plumbing filesystem internals into fscrypt for IV generation would be
> > ungainly and fragile. Thus, this change adds a new policy, IV_FROM_FS,
> > and a new operation function pointer, get_fs_derived_iv. btrfs will
> > require this policy to be used, and implements get_fs_derived_iv by
> > getting the IV stored with the relevant file extent and iterating the IV
> > to the appropriate block number. Thus, each individual block has its own
> > IV, but all blocks within a file extent have iterated IVs according to
> > their block number, similarly to the IV_INO_LBLK* policy iterating IVs
> > for a given inode by lblk number.
> >
> > The IV buffer passed to get_fs_derived_iv() is pre-populated with the
> > inode contexts' nonce, as not all data to be encrypted is associated
> > with a file extent: for btrfs, this is used for filename encryption.
> >
> > Filesystems implementing this policy are expected to be incompatible
> > with existing IV generation policies, so if the function pointer is set,
> > only dummy or IV_FROM_FS policies are permitted. If there is a
> > filesystem which allows other policies as well as IV_FROM_FS, it may be
> > better to expose the policy to filesystems, so they can determine
> > whether any given policy is compatible with their operation.
> >
> > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
> > ---
>
> I realized after sending that this doesn't have Documentation/ updates for
> the new policy, still; apologies, and it remains on my queue.
It looks like you also didn't address my feedback about IV_FROM_FS at
https://lore.kernel.org/linux-fscrypt/YuBAiRg9K8IrlCqV@gmail.com ?
- Eric
next prev parent reply other threads:[~2022-08-18 22:08 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-17 14:49 [PATCH 00/21] btrfs: add fscrypt integration Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 01/21] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 02/21] fscrypt: add flag allowing partially-encrypted directories Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 03/21] fscrypt: add fscrypt_have_same_policy() to check inode's compatibility Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 04/21] fscrypt: add a function for a filesystem to generate an IV Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 05/21] fscrypt: add new encryption policy for btrfs Sweet Tea Dorminy
2022-08-17 15:54 ` Sweet Tea Dorminy
2022-08-18 22:07 ` Eric Biggers [this message]
2022-08-19 0:22 ` Sweet Tea Dorminy
2022-08-20 0:50 ` Eric Biggers
2022-08-17 14:49 ` [PATCH 06/21] btrfs: store directorys' encryption state Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 08/21] btrfs: setup fscrypt_names from dentrys using helper Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 09/21] btrfs: factor a fscrypt_name matching method Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 10/21] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 11/21] btrfs: add fscrypt operation table to superblock Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 12/21] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 13/21] btrfs: add fscrypt_context items Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 14/21] btrfs: translate btrfs encryption flags and encrypted inode flag Sweet Tea Dorminy
2022-08-17 14:49 ` [PATCH 15/21] btrfs: add iv generation function for fscrypt Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 16/21] btrfs: store an IV per encrypted normal file extent Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 17/21] btrfs: Add new FEATURE_INCOMPAT_FSCRYPT feature flag Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 18/21] btrfs: reuse encrypted filename hash when possible Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 19/21] btrfs: adapt directory read and lookup to potentially encrypted filenames Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 20/21] btrfs: encrypt normal file extent data if appropriate Sweet Tea Dorminy
2022-08-17 14:50 ` [PATCH 21/21] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yv64LMFQjs081n3Z@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=sweettea-kernel@dorminy.me \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox