lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c8d135f8-8fbf-2314-9efc-ec172233150f@collabora.com>
Date:   Thu, 13 Oct 2022 17:14:09 +0500
From:   Muhammad Usama Anjum <usama.anjum@...labora.com>
To:     Sweet Tea Dorminy <sweettea-kernel@...miny.me>
Cc:     Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
        David Sterba <dsterba@...e.com>, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org, osandov@...ndov.com,
        kernel-team@...com
Subject: Re: [PATCH RFC v2 00/16] btrfs: add fscrypt integration

Hello,

I see no comment on this RFC. Is there any next version?

Thanks,
Usama

On 7/24/22 5:53 AM, Sweet Tea Dorminy wrote:
> This is a draft set of changes adding fscrypt integration to btrfs.
> 
> Last October, Omar sent out a design document for having fscrypt
> integration with btrfs [1]. In summary, it proposes btrfs storing its
> own encryption IVs on a per-file-extent basis. fscrypt usually encrypts
> files using an IV derived from per-inode information; this would prevent
> snapshotting or reflinking or data relocation for btrfs, but by using an
> IV associated with each file extent, all the inodes sharing a particular
> key and file extent may decrypt successfully.
> 
> This series starts implementing it on the kernel side for the simple
> case, non-compressed data extents. My goal in sending out this RFC is to
> get feedback on whether these are going in a reasonable direction; while
> there are a couple of additional parts, they're fundamentally minor
> compared to this.
> 
> Not included are a couple of minor changes to btrfs-progs; additionally,
> none of the fscrypt tool changes needed to use the new encryption policy
> are included. Obviously, additional fstests will be needed. Also not yet
> included are encryption for inline data extents, verity items, and
> compressed data.
> 
> [1]
> https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/
> 
> Changelog:
> 
> v2:
>   - Fixed all warnings and known incorrectnesses.
>   - Split fscrypt changes into their own patchset:
>      https://lore.kernel.org/linux-fscrypt/cover.1658623235.git.sweettea-kernel@dorminy.me
>   - Combined and reordered changes so that enabling fscrypt is the last change.
>   - Removed unnecessary factoring.
>   - Split a cleanup change off.
> 
> v1:
>   - https://lore.kernel.org/linux-btrfs/cover.1657707686.git.sweettea-kernel@dorminy.me
> 
> Omar Sandoval (13):
>    btrfs: store directories' encryption state
>    btrfs: factor a fscrypt_name matching method
>    btrfs: disable various operations on encrypted inodes
>    btrfs: add fscrypt operation table to superblock
>    btrfs: start using fscrypt hooks.
>    btrfs: add a subvolume flag for whole-volume encryption
>    btrfs: translate btrfs encryption flags and encrypted inode flag.
>    btrfs: store an IV per encrypted normal file extent
>    btrfs: Add new FEATURE_INCOMPAT_FSCRYPT feature flag.
>    btrfs: reuse encrypted filename hash when possible.
>    btrfs: adapt directory read and lookup to potentially encrypted
>      filenames
>    btrfs: encrypt normal file extent data if appropriate
>    btrfs: implement fscrypt ioctls
> 
> Sweet Tea Dorminy (3):
>    btrfs: use fscrypt_name's instead of name/len everywhere.
>    btrfs: setup fscrypt_names from dentrys using helper
>    btrfs: add iv generation function for fscrypt
> 
>   fs/btrfs/Makefile               |   1 +
>   fs/btrfs/btrfs_inode.h          |   3 +
>   fs/btrfs/ctree.h                | 113 +++++--
>   fs/btrfs/delayed-inode.c        |  48 ++-
>   fs/btrfs/delayed-inode.h        |   9 +-
>   fs/btrfs/dir-item.c             | 120 ++++---
>   fs/btrfs/extent_io.c            |  93 +++++-
>   fs/btrfs/extent_io.h            |   2 +
>   fs/btrfs/extent_map.h           |   8 +
>   fs/btrfs/file-item.c            |  20 +-
>   fs/btrfs/file.c                 |  11 +-
>   fs/btrfs/fscrypt.c              | 224 +++++++++++++
>   fs/btrfs/fscrypt.h              |  49 +++
>   fs/btrfs/inode-item.c           |  84 ++---
>   fs/btrfs/inode-item.h           |  14 +-
>   fs/btrfs/inode.c                | 547 ++++++++++++++++++++++++--------
>   fs/btrfs/ioctl.c                |  80 ++++-
>   fs/btrfs/ordered-data.c         |  12 +-
>   fs/btrfs/ordered-data.h         |   3 +-
>   fs/btrfs/print-tree.c           |   4 +-
>   fs/btrfs/props.c                |  11 +-
>   fs/btrfs/reflink.c              |   8 +
>   fs/btrfs/root-tree.c            |  20 +-
>   fs/btrfs/send.c                 | 141 ++++----
>   fs/btrfs/super.c                |   8 +-
>   fs/btrfs/transaction.c          |  43 ++-
>   fs/btrfs/tree-checker.c         |  56 +++-
>   fs/btrfs/tree-log.c             | 261 ++++++++-------
>   fs/btrfs/tree-log.h             |   4 +-
>   fs/btrfs/xattr.c                |  21 +-
>   include/uapi/linux/btrfs.h      |   1 +
>   include/uapi/linux/btrfs_tree.h |  26 ++
>   32 files changed, 1525 insertions(+), 520 deletions(-)
>   create mode 100644 fs/btrfs/fscrypt.c
>   create mode 100644 fs/btrfs/fscrypt.h
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ