From: Tom Marshall <tom@cyngn.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
Dave Chinner <david@fromorbit.com>,
Jaegeuk Kim <jaegeuk@kernel.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH 03/18] f2fs crypto: declare some definitions for f2fs encryption feature
Date: Sat, 16 May 2015 10:13:26 -0700 [thread overview]
Message-ID: <20150516171326.GA24795@eden.sea.cyngn.com> (raw)
In-Reply-To: <20150516132403.GA2998@thunk.org>
On Sat, May 16, 2015 at 09:24:03AM -0400, Theodore Ts'o wrote:
> [...] What's going to be more difficult in the long run is
> when we want to support per-block data integrity, using (for example)
> AES/GCM, which will require 32 bytes of per-block "authentication tag"
> (think Message Authentication Code) that have to be committed
> atomically with the data block write.
>
> Quite frankly, this is going to be much easier for COW file systems
> like f2fs and btrfs. I have some ideas about how to do this for
> update-in-place file systems (using either a compression hack and/or
> storing two generations worth of authentication tag per block), but
> it's not pretty. (Or in the case of ext4 we could use
> data=journalling mode, but that's even less pretty from a performance
> standpoint.)
It seems to me that compression has a similar issue with framing metadata.
The block map can be stored upfront, which then would require two writes to
update a data block. Or it can be stored inline, which then would require
scanning through the file sequentially for random access.
The big difference, of course, is that in the case of compression, we have
the luxury of assuming or mandating read-only/read-mostly.
next prev parent reply other threads:[~2015-05-16 17:13 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-09 4:20 [PATCH 01/18] f2fs: avoid value overflow in showing current status Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 02/18] f2fs: report unwritten area in f2fs_fiemap Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 03/18] f2fs crypto: declare some definitions for f2fs encryption feature Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-13 2:02 ` Dave Chinner
2015-05-13 2:23 ` nick
2015-05-13 6:48 ` Jaegeuk Kim
2015-05-14 0:37 ` Dave Chinner
2015-05-14 1:56 ` Jaegeuk Kim
2015-05-14 1:56 ` Jaegeuk Kim
2015-05-14 16:50 ` Tom Marshall
2015-05-16 1:14 ` Jaegeuk Kim
2015-05-16 4:47 ` Tom Marshall
2015-05-18 6:24 ` Jaegeuk Kim
2015-05-16 13:24 ` Theodore Ts'o
2015-05-16 13:24 ` Theodore Ts'o
2015-05-16 17:13 ` Tom Marshall [this message]
2015-05-20 17:46 ` fs compression Tom Marshall
2015-05-20 19:50 ` Tom Marshall
2015-05-20 21:36 ` Theodore Ts'o
2015-05-20 22:46 ` Tom Marshall
2015-05-21 4:28 ` Tom Marshall
2015-05-27 18:53 ` Tom Marshall
2015-05-27 23:38 ` Theodore Ts'o
2015-05-28 0:20 ` Tom Marshall
2015-05-28 20:55 ` Tom Marshall
2015-05-29 0:18 ` Tom Marshall
2015-05-29 17:05 ` Tom Marshall
2015-05-29 21:52 ` Tom Marshall
2015-05-09 4:20 ` [PATCH 04/18] f2fs crypto: add f2fs encryption Kconfig Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 05/18] f2fs crypto: add encryption xattr support Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 06/18] f2fs crypto: add encryption policy and password salt support Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 07/18] f2fs crypto: add f2fs encryption facilities Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 08/18] f2fs crypto: add encryption key management facilities Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 09/18] f2fs crypto: filename encryption facilities Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 10/18] f2fs crypto: activate encryption support for fs APIs Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 11/18] f2fs crypto: add encryption support in read/write paths Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 12/18] f2fs crypto: add filename encryption for f2fs_add_link Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 13/18] f2fs crypto: add filename encryption for f2fs_readdir Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 14/18] f2fs crypto: add filename encryption for f2fs_lookup Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-11 2:52 ` [f2fs-dev] " hujianyang
2015-05-11 2:52 ` hujianyang
2015-05-11 5:12 ` [f2fs-dev] " Jaegeuk Kim
2015-05-11 5:12 ` Jaegeuk Kim
2015-05-11 6:38 ` hujianyang
2015-05-11 6:38 ` hujianyang
2015-05-09 4:20 ` [PATCH 15/18] f2fs crypto: add filename encryption for roll-forward recovery Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 16/18] f2fs crypto: add symlink encryption Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
2015-05-09 4:25 ` Al Viro
2015-05-11 5:15 ` Jaegeuk Kim
2015-05-12 3:48 ` [PATCH 16/18 v2] " Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 17/18] f2fs crypto: fix missing key when reading a page Jaegeuk Kim
2015-05-09 4:20 ` [PATCH 18/18] f2fs crypto: remove checking key context during lookup Jaegeuk Kim
2015-05-09 4:20 ` Jaegeuk Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150516171326.GA24795@eden.sea.cyngn.com \
--to=tom@cyngn.com \
--cc=david@fromorbit.com \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.