Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp357077imn; Mon, 25 Jul 2022 19:14:54 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ucCLUhpUNQGdZrSfl5/uskKwZFGnG1+TM7D6JCRix7gJrUZWUEuv5vc3GWBLM/H4epdaf9 X-Received: by 2002:a17:907:a0c6:b0:72f:c570:9006 with SMTP id hw6-20020a170907a0c600b0072fc5709006mr11121418ejc.325.1658801693981; Mon, 25 Jul 2022 19:14:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658801693; cv=none; d=google.com; s=arc-20160816; b=wvpTfI0Q0nrXKb44NedkRYD3Kcvjnfj8HdbXwACcv6fCofC5XwYX0fE66xquLmarPJ W3fKzFkpMmXZWbris7Phviqo91OGZoiE81gWzxpWjd4jt59GmyAHscIxdmo4TCEGhwD8 UHeD4wq1c6tllAzAHGUiEYiJtzh4lCZ64PicUoXD367mgz1n0FQrxGfdlX3kJkV/u0z+ znoSUjczmWLBloGG1Y+8CVQitVoh9a9qh6mYBwSxaPsfhOeZf/4bxiUpad9rtRm0GCZJ EbYPPGH0DdQ2/pXDeLkydNwVvAzeShaf4w/DQKuk8U0sbPEhhOSM+b3psM6SKX4n/Ae1 jJ0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:mime-version:date :message-id:dkim-signature; bh=IMV6eAz6ru9cWQSN3lulPJd7ShQbFp6x3tIF5uT/5iI=; b=Rt0usJhiQdHF+Kj5It+0Qrpo4WQzHOYnv9vLCDpGwr5P9kJcOJ3vt1iT5EhKOvo/KG XcpfdcELQpE5Ys+uRmfoFC1E31/cx5W7SYX6RMGbZRgSMy8VHwuUhyhrkJkTI5EUlJDP iU/YyRpIQtpgHFBbBt/Pew3pvCyCCWY7aGbsL2SmoK/KID3815FkHRAatH/EVNaTze4b NLieWhLIdlYHPWUt0mLW4L6CFmgqSjnvVHqD1OucBLdcZlsYKSutWBGCwgjqD2yvOPWX OHl5GOMSmlQfS+OX7PluVMAzPOH2FzpQva4OhNJBBtggZJJkTKwLN5SSDSwzp9Bt1MYo 3pjA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=sY8+uTyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o3-20020a170906974300b0072ef52514f6si16222637ejy.629.2022.07.25.19.14.27; Mon, 25 Jul 2022 19:14:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@dorminy.me header.s=mail header.b=sY8+uTyY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dorminy.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236904AbiGZCNU (ORCPT + 99 others); Mon, 25 Jul 2022 22:13:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236428AbiGZCNS (ORCPT ); Mon, 25 Jul 2022 22:13:18 -0400 Received: from box.fidei.email (box.fidei.email [71.19.144.250]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C29DD28E21; Mon, 25 Jul 2022 19:13:16 -0700 (PDT) Received: from authenticated-user (box.fidei.email [71.19.144.250]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by box.fidei.email (Postfix) with ESMTPSA id 939A580856; Mon, 25 Jul 2022 22:13:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dorminy.me; s=mail; t=1658801596; bh=ptXxAfZgAszQC6rVofIN+8stpKgcYrpCGjXOeETcBxI=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=sY8+uTyYkmYgw5vXe18+OY5dPxTlS5lsMHmeATXw7zDP6bbTOuH6lqbVq5WQPGAFx 0H7tYofi+pWTxWq2edyUpvCgy57Q/E3jhVoiC8KDahGKp3XSGib55KK3xgRoIZPOIR s83TFrzKd7lszUOB/TtvCnSio0k8SMM7E7Gr5bUOvgDCZetwC51u7vzFmATtW98XQn CnFCk0BOpRWBmaQJBPR+NIqKDkBDHgrx7pAceAjaVLM/Qgcdzpqb2AU62lb241KVdG zPetzFUaTQretRex1i+9uEz/warkPbb6shtOoHmbwyvwSWY6ujYldn+cjJKbHeCpd1 Akk0HuSyb+aaQ== Message-ID: <7b35f666-b474-9628-1cc4-7b8fc35e5074@dorminy.me> Date: Mon, 25 Jul 2022 22:13:12 -0400 MIME-Version: 1.0 Subject: Re: [PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted directories Content-Language: en-US To: Eric Biggers Cc: "Theodore Y . Ts'o" , Jaegeuk Kim , linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, linux-btrfs@vger.kernel.org, osandov@osandov.com, kernel-team@fb.com References: <0508dac7fd6ec817007c5e21a565d1bb9d4f4921.1658623235.git.sweettea-kernel@dorminy.me> From: Sweet Tea Dorminy In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h >> index 6020b738c3b2..fb48961c46f6 100644 >> --- a/include/linux/fscrypt.h >> +++ b/include/linux/fscrypt.h >> @@ -102,6 +102,8 @@ struct fscrypt_nokey_name { >> * pages for writes and therefore won't need the fscrypt bounce page pool. >> */ >> #define FS_CFLG_OWN_PAGES (1U << 1) >> +/* The filesystem allows partially encrypted directories/files. */ >> +#define FS_CFLG_ALLOW_PARTIAL (1U << 2) > > I'm very confused about what the semantics of this are. So a directory will be > able to contain both encrypted and unencrypted filenames? If so, how will it be > possible to distinguish between them? Or is it just both encrypted and > unencrypted files (which is actually already possible, in the case where > encrypted files are moved into an unencrypted directory)? What sort of metadata > is stored with the parent directory? Yes, a directory for a filesystem with this flag could have both encrypted and unencrypted filenames. When a directory switches to encrypted, the filesystem can get and store a fscrypt_context for it, as though it were a new directory. All new filenames for that directory will be encrypted, as will any filename lookup requests, by fscrypt_prepare_filename() since the directory has a context. When a request for a lookup of a name in that directory comes in, it'll be an encrypted or nokey name; the directory can be searched for both the encrypted and unencrypted versions of that name. I don't think any filename collisions can result, as any encrypted filename which happens to match a plaintext filename will be detected as a collision when it's first added. > > Please note that any new semantics and APIs will need to be documented in > Documentation/filesystems/fscrypt.rst. Good point. Thanks! Sweet Tea