lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Jan 2018 18:10:20 -0800
From:   Eric Biggers <ebiggers3@...il.com>
To:     Chandan Rajendra <chandan@...ux.vnet.ibm.com>
Cc:     linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        tytso@....edu
Subject: Re: [RFC PATCH 0/8] Ext4 encryption support for blocksize < pagesize

Hi Chandan,

On Fri, Jan 12, 2018 at 07:41:21PM +0530, Chandan Rajendra wrote:
> This patchset implements code to support encryption of Ext4 filesystem
> instances that have blocksize less than pagesize. The patchset has
> been tested on both ppc64 and x86_64 machines.
> 
> This patchset changes the prototype of the function
> fscrypt_encrypt_page(). I will make the relevant changes to the rest
> of the filesystems (e.g. f2fs) and post them in the next version of
> the patchset.
> 
> Chandan Rajendra (8):
>   ext4: use EXT4_INODE_ENCRYPT flag to detect encrypted bio
>   fs/buffer.c: make some functions non-static
>   ext4: decrypt all contiguous blocks in a page
>   ext4: decrypt all boundary blocks when doing buffered write
>   ext4: decrypt the block that needs to be partially zeroed
>   ext4: encrypt blocks whose size is less than page size
>   ext4: decrypt blocks whose size is less than page size
>   ext4: enable encryption for blocksize less than page size
> 

Thanks for working on this!  We've wanted this for a while (both so that it
works on PowerPC with a 64K PAGE_SIZE, and so that people can't screw up their
1K blocksize filesystems by enabling the 'encrypt' flag), but no one ever got
around to it.  And it's not easy!

First, just a few notes that didn't fit into my comments for the individual
patches.

Updating fscrypt_zeroout_range() seems to have been missed.  Currently it
assumes block_size == PAGE_SIZE so it will need to be updated too.

The file Documentation/filesystems/fscrypt.rst will also need to be updated, at
least to remove the following sentence: "Currently, only the case where the
filesystem block size is equal to the system's page size (usually 4096 bytes) is
supported.".

Also, on future versions of this patchset can you please also Cc
linux-fscrypt@...r.kernel.org?

Thanks,

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ