Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp1779136imi; Sat, 23 Jul 2022 17:53:38 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t2325MdD6eItmfzmIlXxpIluhFNO2KrRFfaNnF700HFh0qCOmeaMX5s2cbJlMK3ye757EB X-Received: by 2002:a17:902:ce05:b0:16b:e725:6f6c with SMTP id k5-20020a170902ce0500b0016be7256f6cmr6109519plg.110.1658624018204; Sat, 23 Jul 2022 17:53:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658624018; cv=none; d=google.com; s=arc-20160816; b=GOhqq/IIVIa/MtzX9BJnbLYzQZRVV38BnDUE81XadvKgsemF/f5YIkzNtkESaqG4mb akPX//JTt3VBqhHxYTkv0KTXFKRKLm06836PDjfx0BIwEseuFx86fEy3fTbZ7qHH/Bzr 37tfBFPr06S7d5ChXGoOhvWE5IlIyAAo166IH8WADAKDg7PbQwTV9wcKAyBKTHbxAdBH xvt5sEgLfUKtovEgdGVPyaeomiJ3R8RTI0q9O/1gcYmMWN7Fux0mwJYActxtwQQrNFf+ 1tOMTeGZK0g238Fyo2FhexM3fmaxKgDcOqU0c5Q2f4y3KbgLQMbHI4QDCEjl7c29Y2QB ZNjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Kufb3i76d/faKSTHdSgGZb2TkYEVgLcruTJ0jgP2028=; b=NmaLrwI6vrzJZkPPBV0g5bcLemwdNapUhrKACcPoFDL8Ticp/83cbWYm4zinYBcgL3 DIrLhD2hDnI6EBCT9Zz1hVGcC2GSM/5rnJXUrJ/3REKgBHBcHRq4JhnmOlhlgRL5i0Cm 1YHUqcbKi9C3lzXytW4hjbCeFipbQSPXzooEuFaA0za25SglvRRz5YXRpgdWQtesuyp8 nBUmNgqdGbDJ/YlGk/eQbQ2EHCXxUiusLVKsTMeqHgt+n8OObVwQI3Rwy3Z8rMm61Ftw aIcq7AaKoIyykUmP3AU+k7LRenipc4a3F76h4CYYSgcO2bjaA19vlO5z2DEKv/VPPVb2 QFSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b="SdCm/HZT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i184-20020a6254c1000000b0052523d203a0si10038449pfb.77.2022.07.23.17.53.23; Sat, 23 Jul 2022 17:53:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b="SdCm/HZT"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236606AbiGXAwj (ORCPT + 99 others); Sat, 23 Jul 2022 20:52:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbiGXAwi (ORCPT ); Sat, 23 Jul 2022 20:52:38 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9CE8C14D10; Sat, 23 Jul 2022 17:52:37 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id F0D6780794; Sat, 23 Jul 2022 20:52:36 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1658623957; bh=RAQNqSLQnPCNoIiEhDvY+4M3GbpUGvsojzAKy+lc6/Q=; h=From:To:Cc:Subject:Date:From; b=SdCm/HZTzCERxBrSYy57Lv5VWfRalppRdv/RcLrb5LvH/4SvbnoLOQTa6tsbtZTzA +i0XYqbfWhLa6nv9RuHreGac2jT2kk+KuXfHxS9GDD7GTOeSlxxDt4DMd1HO/mXJlo kvrGJLi8cZBbnEyr9eq3qBp+CDv+oQ3x5BtlyXhUDDCAmZKwSBUnCAkzAJvhfhsn2r hZCyRq/kDhZexVvlxRFGdwuu/PFznInLCtPlI0vxZA3eolC2va8NY2MHJD2kVufbMm Mhx54KAz6/KKNc0m7t+0T6hyyUjF5dq2g3+doB+DxrJcH7yvsBFyvfyVY/uLoE0ABJ wshdUrn6QaeQQ== From: Sweet Tea Dorminy To: "Theodore Y . Ts'o " , Jaegeuk Kim , Eric Biggers , linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, linux-btrfs@vger.kernel.org, osandov@osandov.com, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH RFC 0/4] fscrypt changes for btrfs encryption Date: Sat, 23 Jul 2022 20:52:24 -0400 Message-Id: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is the fscrypt section of my draft patch series [1] to add encryption support to btrfs. Last October, Omar Sandoval sent out a design proposal for using fscrypt with btrfs [2]. To tersely summarize the challenges laid out in the document, btrfs supports sharing the same physical storage between multiple files (reflinks); moving the physical location of file data without access to the file inodes; and creating writable snapshots of some directories (subvolumes). To allow encryption to coexist with these features, the proposal was for btrfs to create and preserve an IV per data block, no matter its physical location or owning inode(s), and for btrfs to allow partially-encrypted writable snapshots of unencrypted subvolumes. To deal with these issues, a few changes to fscrypt are proposed: - To enable snapshotting and then encrypting new writes to that subvolume, a flag to allow partially encrypted directories; - To allow filesystems to supply an IV in cases where the logical block number and owning inode for data may change, a new policy and interface to convey IVs from filesystem to fscrypt. Comments, especially on the new policy and interface, appreciated! [1] https://lore.kernel.org/linux-btrfs/cover.1658623319.git.sweettea-kernel@dorminy.me [2] https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/ Omar Sandoval (3): fscrypt: expose fscrypt_nokey_name fscrypt: add flag allowing partially-encrypted directories fscrypt: add fscrypt_have_same_policy() to check inode's compatibility Sweet Tea Dorminy (1): fscrypt: Add new encryption policy for btrfs. fs/crypto/crypto.c | 28 +++++++++++++++-- fs/crypto/fname.c | 56 ++++++++++----------------------- fs/crypto/fscrypt_private.h | 4 +-- fs/crypto/inline_crypt.c | 20 ++++++++---- fs/crypto/keysetup.c | 5 +++ fs/crypto/policy.c | 42 ++++++++++++++++++++++++- include/linux/fscrypt.h | 61 +++++++++++++++++++++++++++++++++++- include/uapi/linux/fscrypt.h | 1 + 8 files changed, 166 insertions(+), 51 deletions(-) -- 2.35.1