Linux-FSCrypt Archive on lore.kernel.org
 help / color / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Satya Tangirala <satyat@google.com>
Cc: linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
	linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-ext4@vger.kernel.org,
	Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
	Kuohong Wang <kuohong.wang@mediatek.com>,
	Kim Boojin <boojin.kim@samsung.com>
Subject: Re: [PATCH v9 09/11] fscrypt: add inline encryption support
Date: Wed, 25 Mar 2020 22:45:36 -0700
Message-ID: <20200326054536.GD858@sol.localdomain> (raw)
In-Reply-To: <20200326030702.223233-10-satyat@google.com>

On Wed, Mar 25, 2020 at 08:07:00PM -0700, Satya Tangirala wrote:
> +/* Enable inline encryption for this file if supported. */
> +void fscrypt_select_encryption_impl(struct fscrypt_info *ci)
> +{
> +	const struct inode *inode = ci->ci_inode;
> +	struct super_block *sb = inode->i_sb;
> +
> +	/* The file must need contents encryption, not filenames encryption */
> +	if (!fscrypt_needs_contents_encryption(inode))
> +		return;
> +
> +	/* blk-crypto must implement the needed encryption algorithm */
> +	if (ci->ci_mode->blk_crypto_mode == BLK_ENCRYPTION_MODE_INVALID)
> +		return;
> +
> +	/* The filesystem must be mounted with -o inlinecrypt */
> +	if (!(sb->s_flags & SB_INLINECRYPT))
> +		return;
> +
> +	ci->ci_inlinecrypt = true;
> +}

A bug I came across last week when writing a new test is that '-o inlinecrypt'
can break some fscrypt settings because it enables blk-crypto even when
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK is unset and the hardware doesn't support
the algorithm.  For example, adding '-o inlinecrypt' can make Adiantum-encrypted
files stop working, due to the hardware only supporting AES-XTS.

That's undesirable.  Adding '-o inlinecrypt' should just make inline encryption
be used where it can, and not break anything.

To fix this, we should make fscrypt_select_encryption_impl() only set
->ci_inlinecrypt if either blk-crypto-fallback is enabled or if all the
filesystem's devices support the algorithm.

In v7+ of this patchset, this is a bit tricky because now
blk_ksm_crypto_key_supported() takes in a 'struct blk_crypto_key', which
fscrypt_select_encryption_impl() doesn't have available yet.  Perhaps make
blk_ksm_crypto_key_supported() a wrapper around a function like
blk_ksm_crypto_setting_supported() that takes a new struct:

	struct blk_crypto_setting {
	        enum blk_crypto_mode_num crypto_mode;
		unsigned int data_unit_size;
		unsigned int dun_bytes;
	};

Then maybe add blk_crypto_setting_supported() which returns true if either
blk_ksm_crypto_key_supported() *or* blk-crypto-fallback is enabled.

- Eric

  reply index

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-26  3:06 [PATCH v9 00/11] Inline Encryption Support Satya Tangirala
2020-03-26  3:06 ` [PATCH v9 01/11] block: Keyslot Manager for Inline Encryption Satya Tangirala
2020-03-26  6:22   ` Eric Biggers
2020-03-27 17:00     ` Christoph Hellwig
2020-03-26  3:06 ` [PATCH v9 02/11] block: Inline encryption support for blk-mq Satya Tangirala
2020-03-26 20:05   ` Eric Biggers
2020-03-27 17:05     ` Christoph Hellwig
2020-03-26  3:06 ` [PATCH v9 03/11] block: Make blk-integrity preclude hardware inline encryption Satya Tangirala
2020-03-26  3:06 ` [PATCH v9 04/11] block: blk-crypto-fallback for Inline Encryption Satya Tangirala
2020-03-26 20:28   ` Eric Biggers
2020-03-26  3:06 ` [PATCH v9 05/11] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2020-03-26  3:06 ` [PATCH v9 06/11] scsi: ufs: UFS crypto API Satya Tangirala
2020-03-26  5:07   ` Eric Biggers
2020-03-26  3:06 ` [PATCH v9 07/11] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2020-03-26  5:09   ` Eric Biggers
2020-03-26  3:06 ` [PATCH v9 08/11] fs: introduce SB_INLINECRYPT Satya Tangirala
2020-03-26  5:56   ` Eric Biggers
2020-03-26  3:07 ` [PATCH v9 09/11] fscrypt: add inline encryption support Satya Tangirala
2020-03-26  5:45   ` Eric Biggers [this message]
2020-03-26  3:07 ` [PATCH v9 10/11] f2fs: " Satya Tangirala
2020-03-26  3:07 ` [PATCH v9 11/11] ext4: " Satya Tangirala
2020-03-26  3:32 ` [PATCH v9 00/11] Inline Encryption Support Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200326054536.GD858@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=bmuthuku@qti.qualcomm.com \
    --cc=boojin.kim@samsung.com \
    --cc=kuohong.wang@mediatek.com \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=satyat@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-FSCrypt Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-fscrypt/0 linux-fscrypt/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-fscrypt linux-fscrypt/ https://lore.kernel.org/linux-fscrypt \
		linux-fscrypt@vger.kernel.org
	public-inbox-index linux-fscrypt

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fscrypt


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git