lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200724121143.1589121-8-satyat@google.com> Date: Fri, 24 Jul 2020 12:11:43 +0000 From: Satya Tangirala <satyat@...gle.com> To: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org Cc: linux-xfs@...r.kernel.org, Satya Tangirala <satyat@...gle.com>, Eric Biggers <ebiggers@...gle.com>, Jaegeuk Kim <jaegeuk@...nel.org> Subject: [PATCH v5 7/7] fscrypt: update documentation for direct I/O support Update fscrypt documentation to reflect the addition of direct I/O support and document the necessary conditions for direct I/O on encrypted files. Signed-off-by: Satya Tangirala <satyat@...gle.com> Reviewed-by: Eric Biggers <ebiggers@...gle.com> Reviewed-by: Jaegeuk Kim <jaegeuk@...nel.org> --- Documentation/filesystems/fscrypt.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index ec81598477fc..5367c03b17bb 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1049,8 +1049,10 @@ astute users may notice some differences in behavior: may be used to overwrite the source files but isn't guaranteed to be effective on all filesystems and storage devices. -- Direct I/O is not supported on encrypted files. Attempts to use - direct I/O on such files will fall back to buffered I/O. +- Direct I/O is supported on encrypted files only under some + circumstances (see `Direct I/O support`_ for details). When these + circumstances are not met, attempts to use direct I/O on encrypted + files will fall back to buffered I/O. - The fallocate operations FALLOC_FL_COLLAPSE_RANGE and FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will @@ -1123,6 +1125,20 @@ It is not currently possible to backup and restore encrypted files without the encryption key. This would require special APIs which have not yet been implemented. +Direct I/O support +================== + +Direct I/O on encrypted files is supported through blk-crypto. In +particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION +enabled, the filesystem must have had the 'inlinecrypt' mount option +specified, and either hardware inline encryption must be present, or +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further, +any I/O must be aligned to the filesystem block size (*not* necessarily +the same as the block device's block size) - in particular, any userspace +buffer into which data is read/written from must also be aligned to the +filesystem block size. If any of these conditions isn't met, attempts to do +direct I/O on an encrypted file will fall back to buffered I/O. + Encryption policy enforcement ============================= -- 2.28.0.rc0.142.g3c755180ce-goog
Powered by blists - more mailing lists