lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 6 Nov 2019 13:54:40 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     linux-ext4@...r.kernel.org, Theodore Ts'o <tytso@....edu>
Cc:     linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        Chandan Rajendra <chandan@...ux.ibm.com>
Subject: Re: [PATCH v2 0/2] ext4: support encryption with blocksize !=
 PAGE_SIZE

On Tue, Oct 22, 2019 at 08:33:10PM -0700, Eric Biggers wrote:
> Hello,
> 
> This patchset makes ext4 support encryption on filesystems where the
> filesystem block size is not equal to PAGE_SIZE.  This allows e.g.
> PowerPC systems to use ext4 encryption.
> 
> Most of the work for this was already done in prior kernel releases; now
> the only part missing is decryption support in block_read_full_page().
> Chandan Rajendra has proposed a patchset "Consolidate FS read I/O
> callbacks code" [1] to address this and do various other things like
> make ext4 use mpage_readpages() again, and make ext4 and f2fs share more
> code.  But it doesn't seem to be going anywhere.
> 
> Therefore, I propose we simply add decryption support to
> block_read_full_page() for now.  This is a fairly small change, and it
> gets ext4 encryption with subpage-sized blocks working.
> 
> Note: to keep things simple I'm just allocating the work object from the
> bi_end_io function with GFP_ATOMIC.  But if people think it's necessary,
> it could be changed to use preallocation like the page-based read path.
> 
> Tested with 'gce-xfstests -c ext4/encrypt_1k -g auto', using the new
> "encrypt_1k" config I created.  All tests pass except for those that
> already fail or are excluded with the encrypt or 1k configs, and 2 tests
> that try to create 1023-byte symlinks which fails since encrypted
> symlinks are limited to blocksize-3 bytes.  Also ran the dedicated
> encryption tests using 'kvm-xfstests -c ext4/1k -g encrypt'; all pass,
> including the on-disk ciphertext verification tests.
> 
> [1] https://lkml.kernel.org/linux-fsdevel/20190910155115.28550-1-chandan@linux.ibm.com/T/#u
> 
> Changed v1 => v2:
>   - Added check for S_ISREG() which technically should be there, though
>     it happens not to matter currently.
> 
> Chandan Rajendra (1):
>   ext4: Enable encryption for subpage-sized blocks
> 
> Eric Biggers (1):
>   fs/buffer.c: support fscrypt in block_read_full_page()
> 
>  Documentation/filesystems/fscrypt.rst |  4 +--
>  fs/buffer.c                           | 48 ++++++++++++++++++++++++---
>  fs/ext4/super.c                       |  7 ----
>  3 files changed, 45 insertions(+), 14 deletions(-)
> 

Any more comments on this?

Ted, are you interested in taking this through the ext4 tree for 5.5?

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ