Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp1779136imi;
        Sat, 23 Jul 2022 17:53:38 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1t2325MdD6eItmfzmIlXxpIluhFNO2KrRFfaNnF700HFh0qCOmeaMX5s2cbJlMK3ye757EB
X-Received: by 2002:a17:902:ce05:b0:16b:e725:6f6c with SMTP id k5-20020a170902ce0500b0016be7256f6cmr6109519plg.110.1658624018204;
        Sat, 23 Jul 2022 17:53:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658624018; cv=none;
        d=google.com; s=arc-20160816;
        b=GOhqq/IIVIa/MtzX9BJnbLYzQZRVV38BnDUE81XadvKgsemF/f5YIkzNtkESaqG4mb
         akPX//JTt3VBqhHxYTkv0KTXFKRKLm06836PDjfx0BIwEseuFx86fEy3fTbZ7qHH/Bzr
         37tfBFPr06S7d5ChXGoOhvWE5IlIyAAo166IH8WADAKDg7PbQwTV9wcKAyBKTHbxAdBH
         xvt5sEgLfUKtovEgdGVPyaeomiJ3R8RTI0q9O/1gcYmMWN7Fux0mwJYActxtwQQrNFf+
         1tOMTeGZK0g238Fyo2FhexM3fmaxKgDcOqU0c5Q2f4y3KbgLQMbHI4QDCEjl7c29Y2QB
         ZNjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=Kufb3i76d/faKSTHdSgGZb2TkYEVgLcruTJ0jgP2028=;
        b=NmaLrwI6vrzJZkPPBV0g5bcLemwdNapUhrKACcPoFDL8Ticp/83cbWYm4zinYBcgL3
         DIrLhD2hDnI6EBCT9Zz1hVGcC2GSM/5rnJXUrJ/3REKgBHBcHRq4JhnmOlhlgRL5i0Cm
         1YHUqcbKi9C3lzXytW4hjbCeFipbQSPXzooEuFaA0za25SglvRRz5YXRpgdWQtesuyp8
         nBUmNgqdGbDJ/YlGk/eQbQ2EHCXxUiusLVKsTMeqHgt+n8OObVwQI3Rwy3Z8rMm61Ftw
         aIcq7AaKoIyykUmP3AU+k7LRenipc4a3F76h4CYYSgcO2bjaA19vlO5z2DEKv/VPPVb2
         QFSA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b="SdCm/HZT";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i184-20020a6254c1000000b0052523d203a0si10038449pfb.77.2022.07.23.17.53.23;
        Sat, 23 Jul 2022 17:53:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b="SdCm/HZT";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236606AbiGXAwj (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Sat, 23 Jul 2022 20:52:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36592 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229772AbiGXAwi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 23 Jul 2022 20:52:38 -0400
Received: from box.fidei.email (box.fidei.email [71.19.144.250])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CE8C14D10;
        Sat, 23 Jul 2022 17:52:37 -0700 (PDT)
Received: from authenticated-user (box.fidei.email [71.19.144.250])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
        (No client certificate requested)
        by box.fidei.email (Postfix) with ESMTPSA id F0D6780794;
        Sat, 23 Jul 2022 20:52:36 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail;
        t=1658623957; bh=RAQNqSLQnPCNoIiEhDvY+4M3GbpUGvsojzAKy+lc6/Q=;
        h=From:To:Cc:Subject:Date:From;
        b=SdCm/HZTzCERxBrSYy57Lv5VWfRalppRdv/RcLrb5LvH/4SvbnoLOQTa6tsbtZTzA
         +i0XYqbfWhLa6nv9RuHreGac2jT2kk+KuXfHxS9GDD7GTOeSlxxDt4DMd1HO/mXJlo
         kvrGJLi8cZBbnEyr9eq3qBp+CDv+oQ3x5BtlyXhUDDCAmZKwSBUnCAkzAJvhfhsn2r
         hZCyRq/kDhZexVvlxRFGdwuu/PFznInLCtPlI0vxZA3eolC2va8NY2MHJD2kVufbMm
         Mhx54KAz6/KKNc0m7t+0T6hyyUjF5dq2g3+doB+DxrJcH7yvsBFyvfyVY/uLoE0ABJ
         wshdUrn6QaeQQ==
From:   Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To:     "Theodore Y . Ts'o " <tytso@mit.edu>,
        Jaegeuk Kim <jaegeuk@kernel.org>,
        Eric Biggers <ebiggers@kernel.org>,
        linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-btrfs@vger.kernel.org, osandov@osandov.com,
        kernel-team@fb.com
Cc:     Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH RFC 0/4] fscrypt changes for btrfs encryption
Date:   Sat, 23 Jul 2022 20:52:24 -0400
Message-Id: <cover.1658623235.git.sweettea-kernel@dorminy.me>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is the fscrypt section of my draft patch series [1] to add
encryption support to btrfs.

Last October, Omar Sandoval sent out a design proposal for using fscrypt
with btrfs [2]. To tersely summarize the challenges laid out in the
document, btrfs supports sharing the same physical storage between
multiple files (reflinks); moving the physical location of file data
without access to the file inodes; and creating writable snapshots of
some directories (subvolumes). To allow encryption to coexist with these
features, the proposal was for btrfs to create and preserve an IV per
data block, no matter its physical location or owning inode(s), and for
btrfs to allow partially-encrypted writable snapshots of unencrypted
subvolumes.

To deal with these issues, a few changes to fscrypt are proposed:
- To enable snapshotting and then encrypting new writes to that
  subvolume, a flag to allow partially encrypted directories;
- To allow filesystems to supply an IV in cases where the logical block
  number and owning inode for data may change, a new policy and
  interface to convey IVs from filesystem to fscrypt.

Comments, especially on the new policy and interface, appreciated!

[1] https://lore.kernel.org/linux-btrfs/cover.1658623319.git.sweettea-kernel@dorminy.me
[2] https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/

Omar Sandoval (3):
  fscrypt: expose fscrypt_nokey_name
  fscrypt: add flag allowing partially-encrypted directories
  fscrypt: add fscrypt_have_same_policy() to check inode's compatibility

Sweet Tea Dorminy (1):
  fscrypt: Add new encryption policy for btrfs.

 fs/crypto/crypto.c           | 28 +++++++++++++++--
 fs/crypto/fname.c            | 56 ++++++++++-----------------------
 fs/crypto/fscrypt_private.h  |  4 +--
 fs/crypto/inline_crypt.c     | 20 ++++++++----
 fs/crypto/keysetup.c         |  5 +++
 fs/crypto/policy.c           | 42 ++++++++++++++++++++++++-
 include/linux/fscrypt.h      | 61 +++++++++++++++++++++++++++++++++++-
 include/uapi/linux/fscrypt.h |  1 +
 8 files changed, 166 insertions(+), 51 deletions(-)

-- 
2.35.1