From: Andreas Dilger <adilger@dilger.ca>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-ext4 <linux-ext4@vger.kernel.org>,
Sebastien Buisson <sbuisson@ddn.com>
Subject: Re: [RFC PATCH v2 7/8] fscrypt: wire up fscrypt to use blk-crypto
Date: Thu, 13 Jun 2019 15:30:13 -0600 [thread overview]
Message-ID: <C58B3116-8BE1-49F5-93ED-A73E8E72703E@dilger.ca> (raw)
In-Reply-To: <20190613185556.GD686@sol.localdomain>
[-- Attachment #1: Type: text/plain, Size: 1584 bytes --]
[reduced CC list, since I don't think this is interesting outside ext4]
On Jun 13, 2019, at 12:55 PM, Eric Biggers <ebiggers@kernel.org> wrote:
>
> What it really enables is a cryptosystem and on-disk format change where, for
> the purpose of working better with inline encryption, file contents are
> encrypted with the master key directly (or for v2 encryption policies it will be
> a per-mode derived key as it really should be, once we can actually get the v2
> encryption policy support reviewed and merged), and the inode numbers are added
> to the IVs. As we know, when ext4 support is added, this will also preclude the
> filesystem from being resized.
Just as an aside, I thought that the inode number would *not* be added to the IV,
exactly so that ext4 filesystem resize would work?
I guess it shouldn't *strictly* preventing filesystem resizing, only the case of
shrinking the filesystem and having to relocate encrypted inodes. Expanding the
filesystem shouldn't have that problem at all, nor should shrinking if there isn't
a need to relocate the encrypted inodes. Moving encrypted blocks should be OK,
since the logical block numbers (and hence derived block IV) would stay the same.
Something like https://patchwork.ozlabs.org/patch/960766/ "Add block_high_watermark
sysfs tunable" would allow pre-migrating encrypted files in userspace via data copy
(read/decrypt+write/encrypt) before doing the resize, if necessary, so that files
do not use inode numbers that will be cut off the end of the filesystem.
Cheers, Andreas
[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 873 bytes --]
next prev parent reply other threads:[~2019-06-13 21:30 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-05 23:28 [RFC PATCH v2 0/8] Inline Encryption Support Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-05 23:28 ` [RFC PATCH v2 1/8] block: Keyslot Manager for Inline Encryption Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-07 22:28 ` [f2fs-dev] " Eric Biggers
2019-06-07 22:28 ` Eric Biggers
2019-06-07 22:28 ` Eric Biggers
2019-06-12 18:26 ` Eric Biggers
2019-06-12 18:26 ` [f2fs-dev] " Eric Biggers
2019-06-12 18:26 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 2/8] block: Add encryption context to struct bio Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-12 18:10 ` Eric Biggers
2019-06-12 18:10 ` [f2fs-dev] " Eric Biggers
2019-06-12 18:10 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 3/8] block: blk-crypto for Inline Encryption Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-12 23:34 ` [f2fs-dev] " Eric Biggers
2019-06-12 23:34 ` Eric Biggers
2019-06-12 23:34 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 4/8] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-05 23:28 ` [RFC PATCH v2 5/8] scsi: ufs: UFS crypto API Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-13 17:11 ` Eric Biggers
2019-06-13 17:11 ` [f2fs-dev] " Eric Biggers
2019-06-13 17:11 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 6/8] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-13 17:22 ` [f2fs-dev] " Eric Biggers
2019-06-13 17:22 ` Eric Biggers
2019-06-13 17:22 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 7/8] fscrypt: wire up fscrypt to use blk-crypto Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
2019-06-13 18:55 ` Eric Biggers
2019-06-13 18:55 ` [f2fs-dev] " Eric Biggers
2019-06-13 18:55 ` Eric Biggers
2019-06-13 21:30 ` Andreas Dilger [this message]
2019-06-13 21:48 ` Eric Biggers
2019-06-05 23:28 ` [RFC PATCH v2 8/8] f2fs: Wire up f2fs to use inline encryption via fscrypt Satya Tangirala
2019-06-05 23:28 ` Satya Tangirala via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C58B3116-8BE1-49F5-93ED-A73E8E72703E@dilger.ca \
--to=adilger@dilger.ca \
--cc=ebiggers@kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=sbuisson@ddn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.