lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Apr 2020 12:03:07 -0400 From: "Theodore Y. Ts'o" <tytso@....edu> To: ira.weiny@...el.com Cc: linux-kernel@...r.kernel.org, Jan Kara <jack@...e.cz>, "Darrick J. Wong" <darrick.wong@...cle.com>, Dan Williams <dan.j.williams@...el.com>, Dave Chinner <david@...morbit.com>, Christoph Hellwig <hch@....de>, Jeff Moyer <jmoyer@...hat.com>, linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH RFC 3/8] fs/ext4: Disallow encryption if inode is DAX On Mon, Apr 13, 2020 at 09:00:25PM -0700, ira.weiny@...el.com wrote: > From: Ira Weiny <ira.weiny@...el.com> > > Encryption and DAX are incompatible. Changing the DAX mode due to a > change in Encryption mode is wrong without a corresponding > address_space_operations update. > > Make the 2 options mutually exclusive by returning an error if DAX was > set first. > > Signed-off-by: Ira Weiny <ira.weiny@...el.com> The encryption flag is inherited from the containing directory, and directories can't have the DAX flag set, so anything we do in ext4_set_context() will be safety belt / sanity checking in nature. But we *do* need to figure out what we do with mount -o dax=always when the file system might have encrypted files. My previous comments about the verity flag and dax flag applies here. Also note that encrypted files are read/write so we must never allow the combination of ENCRPYT_FL and DAX_FL. So that may be something where we should teach __ext4_iget() to check for this, and declare the file system as corrupted if it sees this combination. (For VERITY_FL && DAX_FL that is a combo that we might want to support in the future, so that's probably a case where arguably, we should just ignore the DAX_FL for now.) - Ted
Powered by blists - more mailing lists