Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp357077imn;
        Mon, 25 Jul 2022 19:14:54 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1ucCLUhpUNQGdZrSfl5/uskKwZFGnG1+TM7D6JCRix7gJrUZWUEuv5vc3GWBLM/H4epdaf9
X-Received: by 2002:a17:907:a0c6:b0:72f:c570:9006 with SMTP id hw6-20020a170907a0c600b0072fc5709006mr11121418ejc.325.1658801693981;
        Mon, 25 Jul 2022 19:14:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658801693; cv=none;
        d=google.com; s=arc-20160816;
        b=wvpTfI0Q0nrXKb44NedkRYD3Kcvjnfj8HdbXwACcv6fCofC5XwYX0fE66xquLmarPJ
         W3fKzFkpMmXZWbris7Phviqo91OGZoiE81gWzxpWjd4jt59GmyAHscIxdmo4TCEGhwD8
         UHeD4wq1c6tllAzAHGUiEYiJtzh4lCZ64PicUoXD367mgz1n0FQrxGfdlX3kJkV/u0z+
         znoSUjczmWLBloGG1Y+8CVQitVoh9a9qh6mYBwSxaPsfhOeZf/4bxiUpad9rtRm0GCZJ
         EbYPPGH0DdQ2/pXDeLkydNwVvAzeShaf4w/DQKuk8U0sbPEhhOSM+b3psM6SKX4n/Ae1
         jJ0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:mime-version:date
         :message-id:dkim-signature;
        bh=IMV6eAz6ru9cWQSN3lulPJd7ShQbFp6x3tIF5uT/5iI=;
        b=Rt0usJhiQdHF+Kj5It+0Qrpo4WQzHOYnv9vLCDpGwr5P9kJcOJ3vt1iT5EhKOvo/KG
         XcpfdcELQpE5Ys+uRmfoFC1E31/cx5W7SYX6RMGbZRgSMy8VHwuUhyhrkJkTI5EUlJDP
         iU/YyRpIQtpgHFBbBt/Pew3pvCyCCWY7aGbsL2SmoK/KID3815FkHRAatH/EVNaTze4b
         NLieWhLIdlYHPWUt0mLW4L6CFmgqSjnvVHqD1OucBLdcZlsYKSutWBGCwgjqD2yvOPWX
         OHl5GOMSmlQfS+OX7PluVMAzPOH2FzpQva4OhNJBBtggZJJkTKwLN5SSDSwzp9Bt1MYo
         3pjA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=sY8+uTyY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id o3-20020a170906974300b0072ef52514f6si16222637ejy.629.2022.07.25.19.14.27;
        Mon, 25 Jul 2022 19:14:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=sY8+uTyY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236904AbiGZCNU (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Mon, 25 Jul 2022 22:13:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53600 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236428AbiGZCNS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Jul 2022 22:13:18 -0400
Received: from box.fidei.email (box.fidei.email [71.19.144.250])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C29DD28E21;
        Mon, 25 Jul 2022 19:13:16 -0700 (PDT)
Received: from authenticated-user (box.fidei.email [71.19.144.250])
        (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
        (No client certificate requested)
        by box.fidei.email (Postfix) with ESMTPSA id 939A580856;
        Mon, 25 Jul 2022 22:13:14 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail;
        t=1658801596; bh=ptXxAfZgAszQC6rVofIN+8stpKgcYrpCGjXOeETcBxI=;
        h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
        b=sY8+uTyYkmYgw5vXe18+OY5dPxTlS5lsMHmeATXw7zDP6bbTOuH6lqbVq5WQPGAFx
         0H7tYofi+pWTxWq2edyUpvCgy57Q/E3jhVoiC8KDahGKp3XSGib55KK3xgRoIZPOIR
         s83TFrzKd7lszUOB/TtvCnSio0k8SMM7E7Gr5bUOvgDCZetwC51u7vzFmATtW98XQn
         CnFCk0BOpRWBmaQJBPR+NIqKDkBDHgrx7pAceAjaVLM/Qgcdzpqb2AU62lb241KVdG
         zPetzFUaTQretRex1i+9uEz/warkPbb6shtOoHmbwyvwSWY6ujYldn+cjJKbHeCpd1
         Akk0HuSyb+aaQ==
Message-ID: <7b35f666-b474-9628-1cc4-7b8fc35e5074@dorminy.me>
Date:   Mon, 25 Jul 2022 22:13:12 -0400
MIME-Version: 1.0
Subject: Re: [PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted
 directories
Content-Language: en-US
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     "Theodore Y . Ts'o" <tytso@mit.edu>,
        Jaegeuk Kim <jaegeuk@kernel.org>,
        linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-btrfs@vger.kernel.org, osandov@osandov.com,
        kernel-team@fb.com
References: <cover.1658623235.git.sweettea-kernel@dorminy.me>
 <0508dac7fd6ec817007c5e21a565d1bb9d4f4921.1658623235.git.sweettea-kernel@dorminy.me>
 <Yt7zsMGrxwKiM+GH@sol.localdomain>
From:   Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
In-Reply-To: <Yt7zsMGrxwKiM+GH@sol.localdomain>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


>> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
>> index 6020b738c3b2..fb48961c46f6 100644
>> --- a/include/linux/fscrypt.h
>> +++ b/include/linux/fscrypt.h
>> @@ -102,6 +102,8 @@ struct fscrypt_nokey_name {
>>    * pages for writes and therefore won't need the fscrypt bounce page pool.
>>    */
>>   #define FS_CFLG_OWN_PAGES (1U << 1)
>> +/* The filesystem allows partially encrypted directories/files. */
>> +#define FS_CFLG_ALLOW_PARTIAL (1U << 2)
> 
> I'm very confused about what the semantics of this are.  So a directory will be
> able to contain both encrypted and unencrypted filenames?  If so, how will it be
> possible to distinguish between them? Or is it just both encrypted and
> unencrypted files (which is actually already possible, in the case where
> encrypted files are moved into an unencrypted directory)?  What sort of metadata
> is stored with the parent directory?
Yes, a directory for a filesystem with this flag could have both 
encrypted and unencrypted filenames.

When a directory switches to encrypted, the filesystem can get and store 
a fscrypt_context for it, as though it were a new directory. All new 
filenames for that directory will be encrypted, as will any filename 
lookup requests, by fscrypt_prepare_filename() since the directory has a 
context.

When a request for a lookup of a name in that directory comes in, it'll 
be an encrypted or nokey name; the directory can be searched for both 
the encrypted and unencrypted versions of that name. I don't think any 
filename collisions can result, as any encrypted filename which happens 
to match a plaintext filename will be detected as a collision when it's 
first added.

> 
> Please note that any new semantics and APIs will need to be documented in
> Documentation/filesystems/fscrypt.rst.
Good point.

Thanks!

Sweet Tea