From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Eric Biggers <ebiggers@kernel.org>, Chris Mason <clm@fb.com>,
Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v2 00/14] fscrypt: add extent encryption
Date: Sun, 9 Jul 2023 14:53:33 -0400 [thread overview]
Message-ID: <cover.1688927487.git.sweettea-kernel@dorminy.me> (raw)
This changeset adds extent-based data encryption to fscrypt.
Some filesystems need to encrypt data based on extents, rather than on
inodes, due to features incompatible with inode-based encryption. For
instance, btrfs can have multiple inodes referencing a single block of
data, and moves logical data blocks to different physical locations on
disk in the background.
As per discussion last year in [1] and later in [2], we would like to
allow the use of fscrypt with btrfs, with authenticated encryption. This
is the first step of that work, adding extent-based encryption to
fscrypt; authenticated encryption is the next step. Extent-based
encryption should be usable by other filesystems which wish to support
snapshotting or background data rearrangement also, but btrfs is the
first user.
This changeset requires extent encryption to use inlinecrypt, as
discussed previously. There are two questionable parts: the
forget_extent_info hook is not yet in use by btrfs, as I haven't yet
written a test exercising a race where it would be relevant; and saving
the session key credentials just to enable v1 session-based policies is
perhaps less good than
This applies atop [3], which itself is based on kdave/misc-next. It
passes encryption fstests with suitable changes to btrfs-progs and tests.
[1] https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing
[2] https://lore.kernel.org/linux-fscrypt/80496cfe-161d-fb0d-8230-93818b966b1b@dorminy.me/T/#t
[3]
https://lore.kernel.org/linux-fscrypt/cover.1688927423.git.sweettea-kernel@dorminy.me/
Changelog:
v2:
- Change to soft-delete keys in use by inodes using extent encryption at
key removal time (new changes 9 and 10), as per feedback.
- Add a missing error check in fscrypt_mergeable_bio (change 3)
v1:
- https://lore.kernel.org/linux-fscrypt/248eac32-96cc-eb2e-85da-422a8d75a376@dorminy.me/T/#t
Sweet Tea Dorminy (14):
fscrypt: factor helper for locking master key
fscrypt: factor getting info for a specific block
fscrypt: adjust effective lblks based on extents
fscrypt: add a super_block pointer to fscrypt_info
fscrypt: setup leaf inodes for extent encryption
fscrypt: allow infos to be owned by extents
fscrypt: notify per-extent infos if master key vanishes
fscrypt: use an optional ino equivalent for per-extent infos
fscrypt: move function call warning of busy inodes
fscrypt: revamp key removal for extent encryption
fscrypt: add creation/usage/freeing of per-extent infos
fscrypt: allow load/save of extent contexts
fscrypt: save session key credentials for extent infos
fscrypt: update documentation for per-extent keys
Documentation/filesystems/fscrypt.rst | 43 +++-
fs/crypto/crypto.c | 6 +-
fs/crypto/fscrypt_private.h | 128 +++++++++++-
fs/crypto/inline_crypt.c | 28 ++-
fs/crypto/keyring.c | 79 +++++---
fs/crypto/keysetup.c | 274 ++++++++++++++++++++++----
fs/crypto/keysetup_v1.c | 7 +-
fs/crypto/policy.c | 20 ++
include/linux/fscrypt.h | 65 ++++++
9 files changed, 562 insertions(+), 88 deletions(-)
base-commit: e0144e6be2ec62c8d874076a6292a8d83b00ee32
prerequisite-patch-id: ab342a72cf967dadfb8bec1320c5906fd3c6800f
prerequisite-patch-id: ced2a9dab36539f55c14cd74a28950087c475ff2
prerequisite-patch-id: d4f1a64c994c2fa0d2d4cab83f9ddff52f0622e9
prerequisite-patch-id: 1af0fc98277159b31c26bc5751663efc0d322d75
prerequisite-patch-id: 3b21b62208587486cf9b31618f7c3bc875362f1a
prerequisite-patch-id: c43d693f5b7c498a876d9ffcfc49c11a8ca93d80
prerequisite-patch-id: f120bde1cf47fbef1d9f8fd09cdcccc1408c3ff4
prerequisite-patch-id: c6a1f087d4a67b928b9c6af04e00310bfa74ace1
--
2.40.1
next reply other threads:[~2023-07-09 18:53 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-09 18:53 Sweet Tea Dorminy [this message]
2023-07-09 18:53 ` [PATCH v2 01/14] fscrypt: factor helper for locking master key Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v2 02/14] fscrypt: factor getting info for a specific block Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v2 03/14] fscrypt: adjust effective lblks based on extents Sweet Tea Dorminy
2023-07-14 18:13 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 04/14] fscrypt: add a super_block pointer to fscrypt_info Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v2 05/14] fscrypt: setup leaf inodes for extent encryption Sweet Tea Dorminy
2023-07-14 18:16 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 06/14] fscrypt: allow infos to be owned by extents Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v2 07/14] fscrypt: notify per-extent infos if master key vanishes Sweet Tea Dorminy
2023-07-17 14:54 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 08/14] fscrypt: use an optional ino equivalent for per-extent infos Sweet Tea Dorminy
2023-07-09 18:53 ` [PATCH v2 09/14] fscrypt: move function call warning of busy inodes Sweet Tea Dorminy
2023-07-17 14:59 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 10/14] fscrypt: revamp key removal for extent encryption Sweet Tea Dorminy
2023-07-17 15:18 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 11/14] fscrypt: add creation/usage/freeing of per-extent infos Sweet Tea Dorminy
2023-07-17 15:21 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 12/14] fscrypt: allow load/save of extent contexts Sweet Tea Dorminy
2023-07-17 15:23 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 13/14] fscrypt: save session key credentials for extent infos Sweet Tea Dorminy
2023-07-17 14:31 ` Josef Bacik
2023-07-09 18:53 ` [PATCH v2 14/14] fscrypt: update documentation for per-extent keys Sweet Tea Dorminy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1688927487.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).