From: Eric Biggers <ebiggers3@gmail.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Linux Filesystem Development List <linux-fsdevel@vger.kernel.org>,
Ext4 Developers List <linux-ext4@vger.kernel.org>,
stable@vger.kernel.org
Subject: Re: [PATCH] fscrypt: fix the test_dummy_encryption mount option
Date: Wed, 28 Dec 2016 19:01:49 -0600 [thread overview]
Message-ID: <20161229010149.GA12683@zzz> (raw)
In-Reply-To: <20161229004526.yoo2tyrqnsx3qpbc@thunk.org>
On Wed, Dec 28, 2016 at 07:45:26PM -0500, Theodore Ts'o wrote:
> On Wed, Dec 28, 2016 at 03:27:59PM -0600, Eric Biggers wrote:
> > This problem would also be fixed by my patch to make the test_dummy_encryption
> > encryption keys go through the regular keyring lookup and key derivation paths,
> > which IMO is a better solution long-term:
> >
> > fscrypt / ext4: make test_dummy_encryption require a keyring key
> >
> > and corresponding xfstests-bld patch:
> >
> > xfstests-bld: populate keyring with default key for test_dummy_encryption
> >
>
> My problem with this patch is that it breaks backwards compatibility
> with older kernels --- such as the 3.10 and 3.18 kernels currently
> shipping today in Android handsets. So I don't want to make changes
> to xfstests-bld that require specific kernel patches which aren't
> necesarily available on existing kernels which are in use in
> production today.
>
> And it won't necessarily be simple to get your fscrypt/ext4 change
> into all of the various Android device kernels, the android-common
> kernels, the unreleased device kernels in use at various handset
> manufactuers, etc.
>
Actually the patched xfstests-bld can still test both old and new kernels.
Therefore there would be no need to backport the kernel patch. The xfstests-bld
patch just adds a key to the keyring, which new kernels will use but old kernels
won't (since when test_dummy_encryption is enabled, old kernels don't look at
the keyring at all).
Granted, there is breakage in the other direction --- the kernel change breaks
the current xfstests-bld --- but that's not really an issue since we can just
update xfstests-bld.
Eric
prev parent reply other threads:[~2016-12-29 1:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-28 0:51 [PATCH] fscrypt: fix the test_dummy_encryption mount option Theodore Ts'o
2016-12-28 21:27 ` Eric Biggers
2016-12-29 0:45 ` Theodore Ts'o
2016-12-29 1:01 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161229010149.GA12683@zzz \
--to=ebiggers3@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).