[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YGvJn09vECHxKCMP@mit.edu>
Date: Mon, 5 Apr 2021 22:38:23 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Daniel Rosenberg <drosen@...gle.com>
Cc: Eric Biggers <ebiggers@...nel.org>,
Andreas Dilger <adilger.kernel@...ger.ca>,
linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
Gabriel Krisman Bertazi <krisman@...labora.com>,
kernel-team@...roid.com
Subject: Re: [PATCH v2 1/2] ext4: Handle casefolding with encryption
On Fri, Mar 19, 2021 at 07:34:13AM +0000, Daniel Rosenberg wrote:
> This adds support for encryption with casefolding.
>
> Since the name on disk is case preserving, and also encrypted, we can no
> longer just recompute the hash on the fly. Additionally, to avoid
> leaking extra information from the hash of the unencrypted name, we use
> siphash via an fscrypt v2 policy.
>
> The hash is stored at the end of the directory entry for all entries
> inside of an encrypted and casefolded directory apart from those that
> deal with '.' and '..'. This way, the change is backwards compatible
> with existing ext4 filesystems.
>
> Signed-off-by: Daniel Rosenberg <drosen@...gle.com>
Applied, thanks with the following addition so that tests, e2fsprogs,
etc., can determine whether or not the currently running kernel has
this feature enabled:
diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index a3d08276d441..7367ba406e01 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -313,6 +313,7 @@ EXT4_ATTR_FEATURE(verity);
#endif
EXT4_ATTR_FEATURE(metadata_csum_seed);
EXT4_ATTR_FEATURE(fast_commit);
+EXT4_ATTR_FEATURE(encrypted_casefold);
static struct attribute *ext4_feat_attrs[] = {
ATTR_LIST(lazy_itable_init),
@@ -330,6 +331,7 @@ static struct attribute *ext4_feat_attrs[] = {
#endif
ATTR_LIST(metadata_csum_seed),
ATTR_LIST(fast_commit),
+ ATTR_LIST(encrypted_casefold),
NULL,
};
ATTRIBUTE_GROUPS(ext4_feat);
Future versions of e2fsprogs may issue a warning if tune2fs or mke2fs
tries to modify or create a file system such that both the encryption
and casefold feature is enabled if it appears that the kernel won't
support this combination. Daniel, if you could try to get this change
into the Android kernels that are using encrypted casefold, that would
be a good thing.
- Ted
Powered by blists - more mailing lists