| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Feb 2018 15:13:36 +0530
From: Chandan Rajendra <chandan@...ux.vnet.ibm.com>
To: linux-ext4@...r.kernel.org
Cc: Chandan Rajendra <chandan@...ux.vnet.ibm.com>,
linux-fsdevel@...r.kernel.org, ebiggers3@...il.com,
linux-fscrypt@...r.kernel.org, tytso@....edu
Subject: [RFC PATCH V2 00/11] Ext4 encryption support for blocksize < pagesize
This patchset implements code to support encryption of Ext4 filesystem
instances that have blocksize less than pagesize. The patchset has
been tested on both ppc64 and x86_64 machines.
Eric, fscrypt_mpage_readpages() (originally, ext4_mpage_readpages())
still retains the ability to read non-encrypted file data. Please let
me know if the code has to be changed such that
fscrypt_mpage_readpages() makes it mandatory for the file's data to be
encrypted.
TODO:
F2FS and UBIFS code needs to be updated to make use of the newly added
fscrypt functions. I will do that in the next version of the patchset.
Changelog:
"RFC V1" -> "RFC V2":
1. Ext4's "encryption aware" functionality in fs/ext4/readpage.c has
been moved to fs/crypto/.
2. fscrypt functions have now been renamed to indicate that they work
on blocks rather than pages.
Eric, I have renamed completion_pages() to fscrypt_complete_pages()
rather than to fscrypt_complete_blocks(). This is because we have a
new function fscrypt_complete_block() (which operates on a single
block) and IMHO having the identifier fscrypt_complete_blocks()
which differs from it by just one letter would confuse the reader.
3. ext4_block_write_begin() now clears BH_Uptodate flag when
decryption of boundary blocks fail.
4. fscrypt_encrypt_page() (now renamed to fscrypt_encrypt_block()) is
now split into two functions. fscrypt_prep_ciphertext_page()
allocates and initializes the fscrypt context and the bounce
page. fscrypt_encrypt_block() is limited to encrypting the
filesystem's block.
5. fscrypt_zeroout_range() has been updated to work on blocksize <
pagesize scenario.
6. Documentation/filesystems/fscrypt.rst has been updated to indicate
encryption support for blocksize < pagesize.
Thanks to Eric Biggers for providing review comments for "RFC V1".
Chandan Rajendra (11):
ext4: Clear BH_Uptodate flag on decryption error
fs/buffer.c: Export end_buffer_async_read and create_page_buffers
fs/crypto/: Rename functions to indicate that they operate on FS
blocks
completion_pages: Decrypt all contiguous blocks in a page
ext4: Decrypt all boundary blocks when doing buffered write
ext4: Decrypt the block that needs to be partially zeroed
fscrypt_zeroout_range: Encrypt all zeroed out blocks of a page
Enable reading encrypted files in blocksize less than pagesize setup
fscrypt: Move completion_pages to crypto/readpage.c
Enable writing encrypted files in blocksize less than pagesize setup
ext4: Enable encryption for blocksize less than page size
Documentation/filesystems/fscrypt.rst | 14 +-
fs/buffer.c | 6 +-
fs/crypto/Makefile | 2 +-
fs/crypto/bio.c | 77 +++---
fs/crypto/crypto.c | 91 +++---
fs/crypto/fscrypt_private.h | 5 +-
fs/crypto/readpage.c | 506 ++++++++++++++++++++++++++++++++++
fs/ext4/Makefile | 2 +-
fs/ext4/ext4.h | 5 -
fs/ext4/inode.c | 53 +++-
fs/ext4/page-io.c | 34 ++-
fs/ext4/readpage.c | 294 --------------------
fs/ext4/super.c | 7 -
include/linux/buffer_head.h | 3 +
include/linux/fscrypt.h | 1 +
include/linux/fscrypt_notsupp.h | 23 +-
include/linux/fscrypt_supp.h | 20 +-
17 files changed, 700 insertions(+), 443 deletions(-)
create mode 100644 fs/crypto/readpage.c
delete mode 100644 fs/ext4/readpage.c
--
2.9.5
Powered by blists - more mailing lists