Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp7095870pxu; Fri, 25 Dec 2020 01:33:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwTn/jmm7loeW03wHvaF91OKbXqdgqbdXXxCltXQrnRSBohAFPFhWHpb9kSzvA9t1fQtjxf X-Received: by 2002:a17:907:961b:: with SMTP id gb27mr13490504ejc.313.1608888831870; Fri, 25 Dec 2020 01:33:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608888831; cv=none; d=google.com; s=arc-20160816; b=gl5rwJdCzzn2zuMCuEZTbyXsMVIPCyB1eiYSOjfSbXWAQlRdzdw84bazG18FbXoB19 rOdAXA7Jhagyl6pn1OctqlQk5gjEKS3MbqR/aUpE6dTpMwBhylb2H20ckOD1CupdBsGJ aXhviDfbM6gOXkpcxAkP1IHtg6dWjCSleIJFPup1GeEWVL9Mw7CRZ3N8Wkxr+ccsmlOu N7M2vUmqTF1eiOIcmf64cYk8ovddw9o0FbvaaMfz/POvR07+AA79nx7y02rBclXIc6p8 BGETLTPfuCNgA3nkttDl2CvJBmnAcxLRB4TbWxfUpA+aCd2JwRrPm2U+D5n0eRt6QYVZ Zjyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=LkrjtnFzjlQ9VTVE7WhRSdUMRQvDBRSjtlr6xLGGgXE=; b=w5RNGeYgIubhuhz7YaDczoxim/TOcQ501245VQZwYAqDv69WI/dm8hNez7aLteABQ7 8nPMiCE0ADy6iZIbIiGoVyqBwbeKttLq7NtrFczJTdjMyF20tlVvPGNDFhzupPoxIJzE qyWMFwVurxZ/TeUYm4r+e1SXx1tnBlVqSKciAZMPBsG4ycOMbcdBq3uZd+uov+CffAy6 rAmn0NkGi1DE8o98nrhExueDe6sKB5xe136mQMjxVjBhM86LH254z2fLudqUDQ7MoZkd MNz821RsOXSeJ6eYuRnjB+YDfqEhYad2EcQf8b6W3D5azLPZyIDgI3MgQL3O194GcADD +M4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x2si14596979ejc.177.2020.12.25.01.33.29; Fri, 25 Dec 2020 01:33:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729081AbgLYJch (ORCPT + 99 others); Fri, 25 Dec 2020 04:32:37 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:9994 "EHLO szxga05-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728794AbgLYJcg (ORCPT ); Fri, 25 Dec 2020 04:32:36 -0500 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4D2MBg63P0zhxyy; Fri, 25 Dec 2020 17:31:07 +0800 (CST) Received: from [10.136.114.67] (10.136.114.67) by smtp.huawei.com (10.3.19.205) with Microsoft SMTP Server (TLS) id 14.3.498.0; Fri, 25 Dec 2020 17:31:50 +0800 Subject: Re: [PATCH 0/3] add support for metadata encryption to F2FS To: Satya Tangirala CC: "Theodore Y . Ts'o" , Jaegeuk Kim , Eric Biggers , Chao Yu , , , References: <20201005073606.1949772-1-satyat@google.com> <471e0eb7-b035-03da-3ee3-35d5880a6748@huawei.com> <9a8d3ae2-a09f-f199-5cb1-48b1317b3d37@huawei.com> From: Chao Yu Message-ID: <8a0246cf-0548-7c36-b4af-08219fad365d@huawei.com> Date: Fri, 25 Dec 2020 17:31:50 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.136.114.67] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/12/24 18:13, Satya Tangirala wrote: > On Tue, Dec 22, 2020 at 07:47:45PM +0800, Chao Yu wrote: >> On 2020/12/18 19:53, Satya Tangirala wrote: >>> On Fri, Dec 18, 2020 at 05:02:23PM +0800, Chao Yu wrote: >>>> But, what's the plan about supporting software encryption for metadata? Current >>>> f2fs write flow will handle all operations which may encounter failure before >>>> allocating block address for node, if we do allocation first, and then use pba >>>> as IV to encrypt node block, it will be a little complicated to revert allocation >>>> if we fail to encrypt node block. >>>> >>> Software encryption for metadata is supported through the blk-crypto >> >> blk-crypto will encrypt all data in filesystem, if FBE is enabled, data may >> be encrypted twice? > blk-crypto will only encrypt bios as directed to do so by the encryption > context set on the bio. That encryption context is constructed by the > submitter of the bio - in our case, the submitter is the filesystem. > So the filesystem decides which bio gets encrypted with > which key/algorithm/etc (and in the current implementation, each bio > only supports a single bi_crypt_context, so *only one* layer of > encryption is possible with blk-crypto anyway). So no, data won't be > encrypted twice, because F2FS/fscrypt ensure that it does not (and the > filesystem knows exactly which blocks need metadata encryption, and > which blocks need FBE). Oh, sorry, I misunderstand blk-crypto as dm-crypt... So once hardware encryption is absent, blk-crypto will use blk-crypto-fallback to encrypt bio data with software crypto, I see. >> >> And why not supporting hardware encryption for metadata in blk-crypto? then >> both f2fs and ext4 can use inline-encryption based blk-crypto? >> > I may be misunderstanding what you're asking, but I think you're asking > why not make blk-crypto do metadata encryption (without explicit > involvement from filesystems)? Or more generally, why not do metadata > encryption below the filesystem layer? Yes. > > As mentioned above, the filesystem is what knows which blocks need to be > metadata encrypted and which blocks need to be FBE encrypted (or even > just read without any encryption at all) - the block layer doesn't have > this information, and so can't effectively decide which blocks to use > the metadata encryption key on. Fwiw, Android does take a somewhat > similar approach to what you're suggesting here (I explain more in > detail in the cover letter for v2 of this patch series at > https://lore.kernel.org/linux-fscrypt/20201217150435.1505269-1-satyat@google.com/ Ah, thanks for all your detailed explanation, now, I can see the context. > ). In Android, we have a new DM target (called dm-default-key) that adds > an encryption context to any bio that doesn't already have an encryption > context - so the assumption in general is that if the filesystem wants to > use an FBE key, it would have already set the encryption context on the > bio, so if a bio reaches dm-default-key without an encryption context, > it must mean that it needs metadata encryption. However, that assumption > doesn't always hold because F2FS sometimes needs to read the ciphertext > of FBE files without having the file's FBE key available - in those > situations, F2FS will send a bio without any encryption context, but > will also tell dm-default-key to *not* add the metadata encryption > context. That's a layering violation, which is why I'm not using that > approach here. > > Does that answer your question? Or am I misunderstanding what you're > asking? Yup, thank you! Thanks, >> Thanks, >> >>> framework - so encryption will happen in the block layer, not the >>> filesystem layer. So there's nothing extra/special we need to do if >>> there's an encryption failure - an encryption failure is no different >>> from a read/write failure in a lower layer from f2fs' perspective. >>> . >>> > . >