From: Chandan Rajendra <chandan@linux.vnet.ibm.com>
To: linux-ext4@vger.kernel.org
Cc: Chandan Rajendra <chandan@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org, ebiggers3@gmail.com,
linux-fscrypt@vger.kernel.org, tytso@mit.edu
Subject: [RFC PATCH V2 11/11] ext4: Enable encryption for blocksize less than page size
Date: Mon, 12 Feb 2018 15:13:47 +0530 [thread overview]
Message-ID: <20180212094347.22071-12-chandan@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180212094347.22071-1-chandan@linux.vnet.ibm.com>
Now that we have all the code to support encryption for block size less
than page size scenario, this commit removes the conditional check in
filesystem mount code.
The commit also changes the support statement in
Documentation/filesystems/fscrypt.rst to reflect the fact that
encryption of filesystems with blocksize less than page size now works.
Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
---
Documentation/filesystems/fscrypt.rst | 14 +++++++-------
fs/ext4/super.c | 7 -------
2 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 776ddc6..2147e53 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -202,13 +202,13 @@ modes are not currently supported because of the difficulty of dealing
with ciphertext expansion.
For file contents, each filesystem block is encrypted independently.
-Currently, only the case where the filesystem block size is equal to
-the system's page size (usually 4096 bytes) is supported. With the
-XTS mode of operation (recommended), the logical block number within
-the file is used as the IV. With the CBC mode of operation (not
-recommended), ESSIV is used; specifically, the IV for CBC is the
-logical block number encrypted with AES-256, where the AES-256 key is
-the SHA-256 hash of the inode's data encryption key.
+Starting from Linux kernel 4.17, encryption of filesystems with block
+size less than system's page size is supported. With the XTS mode of
+operation (recommended), the logical block number within the file is
+used as the IV. With the CBC mode of operation (not recommended),
+ESSIV is used; specifically, the IV for CBC is the logical block
+number encrypted with AES-256, where the AES-256 key is the SHA-256
+hash of the inode's data encryption key.
For filenames, the full filename is encrypted at once. Because of the
requirements to retain support for efficient directory lookups and
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ebb7edb..3ec04cc 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4138,13 +4138,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
}
}
- if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) &&
- (blocksize != PAGE_SIZE)) {
- ext4_msg(sb, KERN_ERR,
- "Unsupported blocksize for fs encryption");
- goto failed_mount_wq;
- }
-
if (DUMMY_ENCRYPTION_ENABLED(sbi) && !sb_rdonly(sb) &&
!ext4_has_feature_encrypt(sb)) {
ext4_set_feature_encrypt(sb);
--
2.9.5
WARNING: multiple messages have this Message-ID (diff)
From: Chandan Rajendra <chandan@linux.vnet.ibm.com>
To: linux-ext4@vger.kernel.org
Cc: Chandan Rajendra <chandan@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org, ebiggers3@gmail.com,
linux-fscrypt@vger.kernel.org, tytso@mit.edu
Subject: [RFC PATCH V2 11/11] ext4: Enable encryption for blocksize less than page size
Date: Mon, 12 Feb 2018 15:13:47 +0530 [thread overview]
Message-ID: <20180212094347.22071-12-chandan@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180212094347.22071-1-chandan@linux.vnet.ibm.com>
Now that we have all the code to support encryption for block size less
than page size scenario, this commit removes the conditional check in
filesystem mount code.
The commit also changes the support statement in
Documentation/filesystems/fscrypt.rst to reflect the fact that
encryption of filesystems with blocksize less than page size now works.
Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
---
Documentation/filesystems/fscrypt.rst | 14 +++++++-------
fs/ext4/super.c | 7 -------
2 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 776ddc6..2147e53 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -202,13 +202,13 @@ modes are not currently supported because of the difficulty of dealing
with ciphertext expansion.
For file contents, each filesystem block is encrypted independently.
-Currently, only the case where the filesystem block size is equal to
-the system's page size (usually 4096 bytes) is supported. With the
-XTS mode of operation (recommended), the logical block number within
-the file is used as the IV. With the CBC mode of operation (not
-recommended), ESSIV is used; specifically, the IV for CBC is the
-logical block number encrypted with AES-256, where the AES-256 key is
-the SHA-256 hash of the inode's data encryption key.
+Starting from Linux kernel 4.17, encryption of filesystems with block
+size less than system's page size is supported. With the XTS mode of
+operation (recommended), the logical block number within the file is
+used as the IV. With the CBC mode of operation (not recommended),
+ESSIV is used; specifically, the IV for CBC is the logical block
+number encrypted with AES-256, where the AES-256 key is the SHA-256
+hash of the inode's data encryption key.
For filenames, the full filename is encrypted at once. Because of the
requirements to retain support for efficient directory lookups and
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ebb7edb..3ec04cc 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4138,13 +4138,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
}
}
- if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) &&
- (blocksize != PAGE_SIZE)) {
- ext4_msg(sb, KERN_ERR,
- "Unsupported blocksize for fs encryption");
- goto failed_mount_wq;
- }
next prev parent reply other threads:[~2018-02-12 9:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-12 9:43 [RFC PATCH V2 00/11] Ext4 encryption support for blocksize < pagesize Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 01/11] ext4: Clear BH_Uptodate flag on decryption error Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 02/11] fs/buffer.c: Export end_buffer_async_read and create_page_buffers Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 03/11] fs/crypto/: Rename functions to indicate that they operate on FS blocks Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 04/11] completion_pages: Decrypt all contiguous blocks in a page Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 05/11] ext4: Decrypt all boundary blocks when doing buffered write Chandan Rajendra
2018-02-21 1:01 ` Eric Biggers
2018-02-21 9:57 ` Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 06/11] ext4: Decrypt the block that needs to be partially zeroed Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 07/11] fscrypt_zeroout_range: Encrypt all zeroed out blocks of a page Chandan Rajendra
2018-02-21 1:16 ` Eric Biggers
2018-02-21 9:57 ` Chandan Rajendra
2018-03-26 6:05 ` Theodore Y. Ts'o
2018-03-26 8:22 ` Chandan Rajendra
2018-03-27 19:40 ` Theodore Y. Ts'o
2018-03-28 13:36 ` Chandan Rajendra
2018-04-05 7:03 ` Chandan Rajendra
2018-04-05 12:47 ` Theodore Y. Ts'o
2018-04-05 13:07 ` Chandan Rajendra
2018-04-05 20:50 ` Theodore Y. Ts'o
2018-02-12 9:43 ` [RFC PATCH V2 08/11] Enable reading encrypted files in blocksize less than pagesize setup Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 09/11] fscrypt: Move completion_pages to crypto/readpage.c Chandan Rajendra
2018-02-12 9:43 ` [RFC PATCH V2 10/11] Enable writing encrypted files in blocksize less than pagesize setup Chandan Rajendra
2018-02-21 0:54 ` Eric Biggers
2018-02-21 9:57 ` Chandan Rajendra
2018-02-21 18:53 ` Eric Biggers
2018-02-12 9:43 ` Chandan Rajendra [this message]
2018-02-12 9:43 ` [RFC PATCH V2 11/11] ext4: Enable encryption for blocksize less than page size Chandan Rajendra
2018-02-21 0:48 ` [RFC PATCH V2 00/11] Ext4 encryption support for blocksize < pagesize Eric Biggers
2018-02-21 9:57 ` Chandan Rajendra
2018-02-21 19:06 ` Eric Biggers
2018-02-22 8:50 ` Chandan Rajendra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180212094347.22071-12-chandan@linux.vnet.ibm.com \
--to=chandan@linux.vnet.ibm.com \
--cc=ebiggers3@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.