| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jun 2020 15:50:09 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Satya Tangirala <satyat@...gle.com>
Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org
Subject: Re: [PATCH 3/4] f2fs: add inline encryption support
On Wed, Jun 17, 2020 at 07:57:31AM +0000, Satya Tangirala wrote:
> Wire up f2fs to support inline encryption via the helper functions which
> fs/crypto/ now provides. This includes:
>
> - Adding a mount option 'inlinecrypt' which enables inline encryption
> on encrypted files where it can be used.
>
> - Setting the bio_crypt_ctx on bios that will be submitted to an
> inline-encrypted file.
>
> - Not adding logically discontiguous data to bios that will be submitted
> to an inline-encrypted file.
>
> - Not doing filesystem-layer crypto on inline-encrypted files.
>
> This patch includes a fix for a race during IPU by
> Sahitya Tummala <stummala@...eaurora.org>
>
> Co-developed-by: Eric Biggers <ebiggers@...gle.com>
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> Signed-off-by: Satya Tangirala <satyat@...gle.com>
> ---
> Documentation/filesystems/f2fs.rst | 7 ++-
> fs/f2fs/compress.c | 2 +-
> fs/f2fs/data.c | 81 ++++++++++++++++++++++++------
> fs/f2fs/super.c | 32 ++++++++++++
> 4 files changed, 104 insertions(+), 18 deletions(-)
>
> diff --git a/Documentation/filesystems/f2fs.rst b/Documentation/filesystems/f2fs.rst
> index 099d45ac8d8f..4dc36143ff82 100644
> --- a/Documentation/filesystems/f2fs.rst
> +++ b/Documentation/filesystems/f2fs.rst
> @@ -258,7 +258,12 @@ compress_extension=%s Support adding specified extension, so that f2fs can enab
> on compression extension list and enable compression on
> these file by default rather than to enable it via ioctl.
> For other files, we can still enable compression via ioctl.
> -====================== ============================================================
The above line being deleted marks the end of a table, so it shouldn't be
deleted (it should go after the part below).
> +inlinecrypt
> + Encrypt/decrypt the contents of encrypted files using the
> + blk-crypto framework rather than filesystem-layer encryption.
> + This allows the use of inline encryption hardware. The on-disk
> + format is unaffected. For more details, see
> + Documentation/block/inline-encryption.rst.
Like I commented on one of the commit messages -- this doesn't make it clear
what happens in cases where blk-crypto can't be used. Maybe just replace:
"Encrypt/decrypt" => "When possible, encrypt/decrypt".
Likewise for the ext4 documentation for this same mount option.
- Eric
Powered by blists - more mailing lists