Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1517109ybt; Thu, 18 Jun 2020 10:28:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzPyJhq2KRDYzJn8DlKpOzrPEzFFNSrrl/mDmqPxwn2NrQgQSuKHdiX0F/S4hd18Kgw9la0 X-Received: by 2002:a17:906:528b:: with SMTP id c11mr4758883ejm.407.1592501292937; Thu, 18 Jun 2020 10:28:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592501292; cv=none; d=google.com; s=arc-20160816; b=KJjVJpI5XPjNrK+zDWwSm9TOTjl5+ANFU15zs7h7+Dj36WEc7btqOwd3KRzuSYO2JJ uctB4C3lMB2BtPF7KmsykhToq8LqPfiasSrmYpybih89SN2ESxpwKLKdNtTIjdJt0l9F BT1EAEU5sE1vgsMFyH4QDbt+PtLxzMBZJ9QhDXJKNVzyvcTn+vdBhD/AjNXRrHN4hg4g vtNta/UT9OEHfI29kILY9dEyTDkI+8CTwkSkfrkPj2lkfvzCjMu/5U9GXfbz3EOqeKG8 8VEPkwzfJxPxA9lcckxVFDgBLA3O7pkVu8avtFHP2moj6mFKLgj0zUzUvT0QtIJf8WkM B0Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=d7D+lWAhq/G86CkPcYSet6AUCCMA5c5gsm5q0gSeCIg=; b=RamQcAF34Zhyr/xgL/gyFUARuzoKHSwa6ktD7Wjs3OXYbrG/4ba5lbbo9MgcfmNoXl KQ7ivY623bLESjtFk17boKYHz3SjgSav9qqIk5a/WNLXeS4rrWiqsvWcJuzzS08YG0Bi 48n7YoRd9tfixG+9nXuqJNILt0m4GD65+SFIUMbKjYDJnbrbxthi9pEWjEEldGjUqF8c nyZQO48TmTWTnka6dN1nHPCpiITIye1hi0iD67XQzD11LDaZ3LA46nehOL28uNOzW+Lj Ar0YKG1LTBk53/YDDlmMdqlwHsGv1oAmb7CQGBO175WexxOrfhvcYiTdG0vZpEFSS/pH g4TA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PV1iFkiu; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qx4si2251817ejb.176.2020.06.18.10.27.44; Thu, 18 Jun 2020 10:28:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PV1iFkiu; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732089AbgFRR1M (ORCPT + 99 others); Thu, 18 Jun 2020 13:27:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:45190 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732048AbgFRR1L (ORCPT ); Thu, 18 Jun 2020 13:27:11 -0400 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1E40920890; Thu, 18 Jun 2020 17:27:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1592501231; bh=TjmLKSO1Nhc9L5WT6Ph5Sftq66DD91glxmgDoaZe2V4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PV1iFkiuyMiFLgJcbVe34Dxn0Lkw+nIq+CFntgs3Fcb6w9OHUzPGaZw7NBu9hYGcV pAgyRbAqaANA+PQv0sDqz5p5ny107XWdY0G1bCAtAdkYgKHsXrWpB7tMlHWF9dDhAL n4vfoLPY2D89AQJgkxgqnnOOUXeY8urS/s3azF0U= Date: Thu, 18 Jun 2020 10:27:09 -0700 From: Eric Biggers To: Satya Tangirala Cc: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Subject: Re: [PATCH 0/4] Inline Encryption Support for fscrypt Message-ID: <20200618172709.GA2957@sol.localdomain> References: <20200617075732.213198-1-satyat@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200617075732.213198-1-satyat@google.com> Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Wed, Jun 17, 2020 at 07:57:28AM +0000, Satya Tangirala wrote: > This patch series adds support for Inline Encryption to fscrypt, f2fs > and ext4. It builds on the inline encryption support now present in > the block layer, and has been rebased on v5.8-rc1. > > Patch 1 introduces the SB_INLINECRYPT sb options, which filesystems > should set if they want to use blk-crypto for file content en/decryption. > > Patch 2 adds inline encryption support to fscrypt. To use inline > encryption with fscrypt, the filesystem must set the above mentioned > SB_INLINECRYPT sb option. When this option is set, the contents of > encrypted files will be en/decrypted using blk-crypto. > > Patches 3 and 4 wire up f2fs and ext4 respectively to fscrypt support for > inline encryption, and e.g ensure that bios are submitted with blocks > that not only are contiguous, but also have contiguous DUNs. > > Eric Biggers (1): > ext4: add inline encryption support > > Satya Tangirala (3): > fs: introduce SB_INLINECRYPT > fscrypt: add inline encryption support > f2fs: add inline encryption support > Like I said on the UFS patchset: as this previously went through a number of iterations as part of the "Inline Encryption Support" patchset (latest v13: https://lkml.kernel.org/r/20200514003727.69001-1-satyat@google.com), it would be helpful to list the changelog from v13 (though I can see that not too much changed). And I probably would have called it v14, but it doesn't matter much. Explicit mentioning how this was tested would also be helpful. And for that matter, we should update the "Tests" section of the fscrypt documentation file to mention also using the inlinecrypt mount option, e.g.: diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f517af8ec11c..f5d8b0303ddf 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1255,6 +1255,7 @@ f2fs encryption using `kvm-xfstests `_:: kvm-xfstests -c ext4,f2fs -g encrypt + kvm-xfstests -c ext4,f2fs -g encrypt -m inlinecrypt UBIFS encryption can also be tested this way, but it should be done in a separate command, and it takes some time for kvm-xfstests to set up @@ -1276,6 +1277,7 @@ This tests the encrypted I/O paths more thoroughly. To do this with kvm-xfstests, use the "encrypt" filesystem configuration:: kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto + kvm-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt Because this runs many more tests than "-g encrypt" does, it takes much longer to run; so also consider using `gce-xfstests @@ -1283,3 +1285,4 @@ much longer to run; so also consider using `gce-xfstests instead of kvm-xfstests:: gce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto + gce-xfstests -c ext4/encrypt,f2fs/encrypt -g auto -m inlinecrypt