lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 13 Jan 2020 14:29:51 -0500
From:   "Theodore Y. Ts'o" <>
To:     Eric Biggers <>
Subject: Re: [PATCH] ext4: allow ZERO_RANGE on encrypted files

On Thu, Dec 26, 2019 at 09:42:16AM -0600, Eric Biggers wrote:
> From: Eric Biggers <>
> When ext4 encryption support was first added, ZERO_RANGE was disallowed,
> supposedly because test failures (e.g. ext4/001) were seen when enabling
> it, and at the time there wasn't enough time/interest to debug it.
> However, there's actually no reason why ZERO_RANGE can't work on
> encrypted files.  And it fact it *does* work now.  Whole blocks in the
> zeroed range are converted to unwritten extents, as usual; encryption
> makes no difference for that part.  Partial blocks are zeroed in the
> pagecache and then ->writepages() encrypts those blocks as usual.
> ext4_block_zero_page_range() handles reading and decrypting the block if
> needed before actually doing the pagecache write.
> Also, f2fs has always supported ZERO_RANGE on encrypted files.
> As far as I can tell, the reason that ext4/001 was failing in v4.1 was
> actually because of one of the bugs fixed by commit 36086d43f657 ("ext4
> crypto: fix bugs in ext4_encrypted_zeroout()").  The bug made
> ext4_encrypted_zeroout() always return a positive value, which caused
> unwritten extents in encrypted files to sometimes not be marked as
> initialized after being written to.  This bug was not actually in
> ZERO_RANGE; it just happened to trigger during the extents manipulation
> done in ext4/001 (and probably other tests too).
> So, let's enable ZERO_RANGE on encrypted files on ext4.
> Tested with:
> 	gce-xfstests -c ext4/encrypt -g auto
> 	gce-xfstests -c ext4/encrypt_1k -g auto
> Got the same set of test failures both with and without this patch.
> But with this patch 6 fewer tests are skipped: ext4/001, generic/008,
> generic/009, generic/033, generic/096, and generic/511.
> Signed-off-by: Eric Biggers <>

Thanks, applied.

					- Ted

Powered by blists - more mailing lists