Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1676397pxu; Thu, 17 Dec 2020 16:11:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJy8Y2Ah2LzZ4ATm/Np9SmVhVcgIpl28mW8rfh6yagwf1RN/XBeWZZhptDlXI3VTYdG5TmMQ X-Received: by 2002:a50:fb97:: with SMTP id e23mr1955864edq.208.1608250270738; Thu, 17 Dec 2020 16:11:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608250270; cv=none; d=google.com; s=arc-20160816; b=HtBf93ylSPuIh4vq8qDm8Z0p3mvSe4ASIITV0innmSS8aEokCy8Td0WGftFlj2iOJB GnsmwVWQF8+mfGjymzfoZRpvfVEV7ZS5LVAY3VO+kRXH5EOjlArwFBHLUQLYvJh3W17+ vr9Fc5/2Cc5MGuvi/+1ZEvjRfvJT93W4UsHNnAAXGjtAWPzEKK0weC936YupzcsC6kEq 7rG0dCMmdbz/PxYQJg8gE1OaBRdnQebVXQMrcj1rEhum16O4F0/7dUmlf61IpAP7ayZA 9wvIG4uAfjhrSte1CuzWwSko3h5wJJdPM5ppoayeZwiepW9wzGaW5YB74mf0NxI1UdPR vhsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=ftImLJzo43H5xhmSmjP4UoiWeHjvqDggI/0+orDetik=; b=yAYnRFZ/qA83n8vDCmBhQQlj4JvQ/CPeiCd8zha5slDumjCAEtGoI4YdxSW2tKafY0 lb7ai7dQmGXVtxfLaBLDFlDLhkH+5vmy28dKChiQFBo44ACPlai1mfa1F9aG0UAOiQeY HDiJ/wjaiHDpWHOaLVEi2Yy8Ma/MR7u4VGQC8io+uhAeBpuAYwCYHw6f6ImFjytei/Z/ 7IeJ8Elrlv4cjrm2HtMAv7mbkZEA+6pXX7dNU5IkUfI1Zl3jxtk9aGFQklAjcVh4Iqqf TJx5EhC7+7FzN5KPp76MI5jw3IrUs87s1sxOuH3GovURZs0lXzs639W+5rkQYJaEILss M49A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lGUzz2DB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c15si5429952edy.244.2020.12.17.16.10.47; Thu, 17 Dec 2020 16:11:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lGUzz2DB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732074AbgLRAFx (ORCPT + 99 others); Thu, 17 Dec 2020 19:05:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732028AbgLRAFx (ORCPT ); Thu, 17 Dec 2020 19:05:53 -0500 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 225E7C0617A7 for ; Thu, 17 Dec 2020 16:05:13 -0800 (PST) Received: by mail-pf1-x431.google.com with SMTP id d2so429599pfq.5 for ; Thu, 17 Dec 2020 16:05:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ftImLJzo43H5xhmSmjP4UoiWeHjvqDggI/0+orDetik=; b=lGUzz2DBxHqOZ3lDtOCCkd5RBICJjSiF7pJd7d7sVRkhLLTKqKGLKsCCQh83Y2DyRu R3Hp/kZrLyaW6w9dqBBrAVhEv3IN66sHWz9c/Bfw+5Z8wcu4NHMGbwIqL+wk5UMRsv4G I27gqRa/r18pf7SWXr6cl8quCCTDDBFrv6Y9/i2tGMl+BIJAT2A5z59eEJPIudq5dYWA IJgcSLsecYIDeumR/5soBqp8zY0vIS+8EjXWq+Macuep/4LhIjKbn9IPWV/0KIs+bLje 4owXXvYNfFeizvCslb0wzsQlVgTwd3w8j2YI5Ya+v8nrsLjuDr2+4wZOAS2RB1GGddcr ABkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ftImLJzo43H5xhmSmjP4UoiWeHjvqDggI/0+orDetik=; b=mVUc8RUi7j4tKAtBaYwXte+4ybH0+VPf8dvsl8BdjRVugOtFCqbWmiXNrBLxVP/NW3 R9ttBzNSyFWAZXVC+m1BzeoT17WcKwXP32qDPx5LPQCyQ7R0wSbWL13N5PNf7X1lrpwr Xmy4urQs/+sUY5mhj3XwfpF74h/Xvjs5bNo7cThY8EIhWCAoRfL06j9Ty14P5docDrp1 cjYazV4u6LV8ZHHHNCE+oKBwQ9BvFI4Dh/G+0NJwpz4n2CIYhz4Zg6BnFA+hRmyJ/FBX QTj7me7u+bjf6lmTmrBN7WaV8tNp4km52t4jhsSY3Lkqp3gE2LiP1TKnggJKMMHTYg8y mtyw== X-Gm-Message-State: AOAM530JuKxEddJVx42eM5CBthhOqHwEs32tbIFX5DfqKxmDvNFLHUDf pUGo+ajs+LsYFWGW+lBmWTZVSg== X-Received: by 2002:a62:ac09:0:b029:1a9:dd65:2f46 with SMTP id v9-20020a62ac090000b02901a9dd652f46mr1674893pfe.15.1608249912162; Thu, 17 Dec 2020 16:05:12 -0800 (PST) Received: from google.com (139.60.82.34.bc.googleusercontent.com. [34.82.60.139]) by smtp.gmail.com with ESMTPSA id 14sm4578052pfi.131.2020.12.17.16.05.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 16:05:11 -0800 (PST) Date: Fri, 18 Dec 2020 00:05:07 +0000 From: Satya Tangirala To: "Theodore Y. Ts'o" Cc: Jaegeuk Kim , Eric Biggers , Chao Yu , linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Subject: Re: [PATCH v2 0/3] add support for metadata encryption to F2FS Message-ID: References: <20201217150435.1505269-1-satyat@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 17, 2020 at 06:34:27PM -0500, Theodore Y. Ts'o wrote: > On Thu, Dec 17, 2020 at 08:51:14PM +0000, Satya Tangirala wrote: > > On Thu, Dec 17, 2020 at 01:08:49PM -0500, Theodore Y. Ts'o wrote: > > > On Thu, Dec 17, 2020 at 03:04:32PM +0000, Satya Tangirala wrote: > > > > This patch series adds support for metadata encryption to F2FS using > > > > blk-crypto. > > > > > > Is there a companion patch series needed so that f2fstools can > > > check/repair a file system with metadata encryption enabled? > > > > > > - Ted > > Yes! It's at > > https://lore.kernel.org/linux-f2fs-devel/20201217151013.1513045-1-satyat@google.com/ > > Cool, I've been meaning to update f2fs-tools in Debian, and including > these patches will allow us to generate {kvm,gce,android}-xfstests > images with this support. I'm hoping to get to it sometime betweeen > Christmas and New Year's. > > I guess there will need to be some additional work needed to create > the f2fs image with a fixed keys for a particular file system in > xfstests-bld, and then mounting and checking said image with the > appropriatre keys as well. Is that something you've put together? > I did put something together that sets up metadata encryption on the disks used by kvm-xfstests. The main code changes were to add a fixed metadata encryption key with keyctl, and export MKFS_OPTIONS with the metadata encryption options. The mkfs options are the only options that need direct modification because the rest of the tools (fsck/dump etc.) automatically do the right thing if the FS superblock has the metadata encryption options. But the rest of the tools do need the metadata encryption key to be present, and some xfstests/other parts of the harness code clear the keyrings directly, so I had a few more hacky changes to re-add the keys when they're cleared. Some more hacky changes were needed because some xfstests override MKFS_OPTIONS. I'll be happy to send what I have to you/put it up somewhere. I'll also try to clean up the code a little, but my knowledge of xfstests is definitely limited so it might take a little while. > Cheers, > > - Ted