lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 18 Dec 2020 17:02:23 +0800
From:   Chao Yu <>
To:     Satya Tangirala <>
CC:     "Theodore Y . Ts'o" <>,
        Jaegeuk Kim <>,
        Eric Biggers <>, Chao Yu <>,
        <>, <>,
Subject: Re: [PATCH 0/3] add support for metadata encryption to F2FS

On 2020/12/17 23:44, Satya Tangirala wrote:
> On Sat, Oct 10, 2020 at 05:53:06PM +0800, Chao Yu wrote:
>> On 2020/10/5 15:36, Satya Tangirala wrote:
>>> This patch series adds support for metadata encryption to F2FS using
>>> blk-crypto.
>> It looks this implementation is based on hardware crypto engine, could you
>> please add this info into f2fs.rst as well like inlinecrypt...
> To be precise, the implementation requires either a hardware crypto
> engine *or* blk-crypto-fallback. I tried to clarify this a little better
> in the commit messages and in fscrypt.rst, but thinking about it again
> now, I think I should add a section about metadata encryption at the end
> of f2fs.rst. I'll do that when I send out v3 of this patch series (I
> just sent out v2).
>>> Patch 3 wires up F2FS with the functions introduced in Patch 2. F2FS
>>> will encrypt every block (that's not being encrypted by some other
>>> encryption key, e.g. a per-file key) with the metadata encryption key
>>> except the superblock (and the redundant copy of the superblock). The DUN
>>> of a block is the offset of the block from the start of the F2FS
>>> filesystem.
>> Why not using nid as DUN, then GC could migrate encrypted node block directly via
>> meta inode's address space like we do for encrypted data block, rather than
>> decrypting node block to node page and then encrypting node page with DUN of new
>> blkaddr it migrates to.
> The issue is, the bi_crypt_context in a bio holds a single DUN value,
> which is the DUN for the first data unit in the bio. blk-crypto assumes
> that the DUN of each subsequent data unit can be computed by simply
> incrementing the DUN. So physically contiguous data units can only be put
> into the same bio if they also have contiguous DUNs. I don't know much
> about nids, but if the nid is invariant w.r.t the physical block location,
> then there might be more fragmentation of bios in regular read/writes

Correct, considering performance of in batch node flush, it will be better to
use pba as IV value.

But, what's the plan about supporting software encryption for metadata? Current
f2fs write flow will handle all operations which may encounter failure before
allocating block address for node, if we do allocation first, and then use pba
as IV to encrypt node block, it will be a little complicated to revert allocation
if we fail to encrypt node block.


> (because physical contiguity may have no relation to DUN contiguity). So I
> think we should continue using the fsblk number as the DUN.
> .

Powered by blists - more mailing lists