Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp1779805imi; Sat, 23 Jul 2022 17:55:19 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ulfkrCdZD6TPW5YKVemXZ1j45tl2Iu9TC9TQ7PC1spuMHIxo5hbU0Cxc6VhSJdWDoMI2A6 X-Received: by 2002:a17:902:eb8f:b0:16d:4215:5f23 with SMTP id q15-20020a170902eb8f00b0016d42155f23mr6467617plg.70.1658624119402; Sat, 23 Jul 2022 17:55:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658624119; cv=none; d=google.com; s=arc-20160816; b=e56pjP6PmyfRJ0ukEaFdQHofNFiNt3k4e8k3OsCLLRFRuHdELIC7DjvjwhaZNCvL09 cAxEQRDuze0Tl2ZrMR8eMwp9LT0OSrnBrGb3dPpSoJkKqbPSDeApV+8dFkllUYXCGN3b 7MVFJuPLi5y/nBn1dOVQZfx56UBYC4skm73Hkr14Fx5tbl+GbUixZW7A4rsqZlYKLFim mEnFU6B/NzpWx/jG8umCTJII6WmA2hQddXgdaTOQ8LtBlXokkXIPmtXiOF9qB3lNJlBc PTUFrVcIRlnaJHXHmaMipaFlO1Udw3eYgunqLWXkjkJ9vt/gYczNdwekv+iAaVNJ00zT 4rag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XCy2U+/7MwzWboDioa6bEH1dpB5wpDcZg/5CpLo5pV4=; b=XWx1VZml7RhsBWHEY1go5kixY3vsCYvYwUW57VVBRTRk73gtzj0ANxlNQEpN75WTE/ DT2ct2q4qbdr+p7yOP2HeIAJlWpPAEzdicD9jFKvHbddiAEM/3PN5yiqnSF4ng0oTBSE SfoOIHA25TwVwXm+fPI37TWVqs3FZgmKKQZJRdenyghO96cyPMdQBB1TuF1VPeNbXBqd LDABD1r77gIM5VfsE6LpkLYNhtDF6RvE6F0maToK3KpXJGKapXkDkWAfqQ8mL9Fb9UyF zWxdoFgV1e4WUCYA7E02+R03UGuhQqabqoliZmttPOnvZCngGHgN1V2TLV7gRteQtnB/ xvsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=noJdIxB8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr4-20020a17090b4b8400b001ef826b9223si11790465pjb.153.2022.07.23.17.55.05; Sat, 23 Jul 2022 17:55:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=noJdIxB8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239109AbiGXAyR (ORCPT + 99 others); Sat, 23 Jul 2022 20:54:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230417AbiGXAyQ (ORCPT ); Sat, 23 Jul 2022 20:54:16 -0400 X-Greylist: delayed 96 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sat, 23 Jul 2022 17:54:16 PDT Received: from box.fidei.email (box.fidei.email [IPv6:2605:2700:0:2:a800:ff:feba:dc44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4BF0414D3B; Sat, 23 Jul 2022 17:54:16 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 80A6A807A4; Sat, 23 Jul 2022 20:54:15 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1658624056; bh=gJyPhOyUxpuePGvIu48Bao84uC8KU19ls1HXqO4P0zw=; h=From:To:Cc:Subject:Date:From; b=noJdIxB8rqpFElMEsxADiHgE/RuQxsLwGcswZgYVOMsy7fVqtbtxDbKM4ErYSImyz VFmRccPexJguj5wG/r7jlO6yG1G6LckZbvGc3Qyaf2G/f8UbsFIF5J1SI0i2f/lbZi 2w+HmkbCmqSh82m6nmhLFYHapFnt5TU9ePLJzC2rxH866o1UcyXOmF1d3NY9rTxqST HHHgp8mOUn+4Zcno2sQWOpM1N5ompfiKvwtbIkJrnxALr0KaDPGY4i2sZX1RXPeZs+ JbHTx06aEJkvygcexXWyyYIhiD1BwjzIKpuFLOl/WN2uUskNIj3eCv3vOJYqDNDMxf 3oaUe4KJND4vA== From: Sweet Tea Dorminy To: Chris Mason , Josef Bacik , David Sterba , linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, osandov@osandov.com, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH RFC v2 00/16] btrfs: add fscrypt integration Date: Sat, 23 Jul 2022 20:53:45 -0400 Message-Id: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a draft set of changes adding fscrypt integration to btrfs. Last October, Omar sent out a design document for having fscrypt integration with btrfs [1]. In summary, it proposes btrfs storing its own encryption IVs on a per-file-extent basis. fscrypt usually encrypts files using an IV derived from per-inode information; this would prevent snapshotting or reflinking or data relocation for btrfs, but by using an IV associated with each file extent, all the inodes sharing a particular key and file extent may decrypt successfully. This series starts implementing it on the kernel side for the simple case, non-compressed data extents. My goal in sending out this RFC is to get feedback on whether these are going in a reasonable direction; while there are a couple of additional parts, they're fundamentally minor compared to this. Not included are a couple of minor changes to btrfs-progs; additionally, none of the fscrypt tool changes needed to use the new encryption policy are included. Obviously, additional fstests will be needed. Also not yet included are encryption for inline data extents, verity items, and compressed data. [1] https://lore.kernel.org/linux-btrfs/YXGyq+buM79A1S0L@relinquished.localdomain/ Changelog: v2: - Fixed all warnings and known incorrectnesses. - Split fscrypt changes into their own patchset: https://lore.kernel.org/linux-fscrypt/cover.1658623235.git.sweettea-kernel@dorminy.me - Combined and reordered changes so that enabling fscrypt is the last change. - Removed unnecessary factoring. - Split a cleanup change off. v1: - https://lore.kernel.org/linux-btrfs/cover.1657707686.git.sweettea-kernel@dorminy.me Omar Sandoval (13): btrfs: store directories' encryption state btrfs: factor a fscrypt_name matching method btrfs: disable various operations on encrypted inodes btrfs: add fscrypt operation table to superblock btrfs: start using fscrypt hooks. btrfs: add a subvolume flag for whole-volume encryption btrfs: translate btrfs encryption flags and encrypted inode flag. btrfs: store an IV per encrypted normal file extent btrfs: Add new FEATURE_INCOMPAT_FSCRYPT feature flag. btrfs: reuse encrypted filename hash when possible. btrfs: adapt directory read and lookup to potentially encrypted filenames btrfs: encrypt normal file extent data if appropriate btrfs: implement fscrypt ioctls Sweet Tea Dorminy (3): btrfs: use fscrypt_name's instead of name/len everywhere. btrfs: setup fscrypt_names from dentrys using helper btrfs: add iv generation function for fscrypt fs/btrfs/Makefile | 1 + fs/btrfs/btrfs_inode.h | 3 + fs/btrfs/ctree.h | 113 +++++-- fs/btrfs/delayed-inode.c | 48 ++- fs/btrfs/delayed-inode.h | 9 +- fs/btrfs/dir-item.c | 120 ++++--- fs/btrfs/extent_io.c | 93 +++++- fs/btrfs/extent_io.h | 2 + fs/btrfs/extent_map.h | 8 + fs/btrfs/file-item.c | 20 +- fs/btrfs/file.c | 11 +- fs/btrfs/fscrypt.c | 224 +++++++++++++ fs/btrfs/fscrypt.h | 49 +++ fs/btrfs/inode-item.c | 84 ++--- fs/btrfs/inode-item.h | 14 +- fs/btrfs/inode.c | 547 ++++++++++++++++++++++++-------- fs/btrfs/ioctl.c | 80 ++++- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/ordered-data.h | 3 +- fs/btrfs/print-tree.c | 4 +- fs/btrfs/props.c | 11 +- fs/btrfs/reflink.c | 8 + fs/btrfs/root-tree.c | 20 +- fs/btrfs/send.c | 141 ++++---- fs/btrfs/super.c | 8 +- fs/btrfs/transaction.c | 43 ++- fs/btrfs/tree-checker.c | 56 +++- fs/btrfs/tree-log.c | 261 ++++++++------- fs/btrfs/tree-log.h | 4 +- fs/btrfs/xattr.c | 21 +- include/uapi/linux/btrfs.h | 1 + include/uapi/linux/btrfs_tree.h | 26 ++ 32 files changed, 1525 insertions(+), 520 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h -- 2.35.1