From: "Theodore Ts'o" <tytso@mit.edu>
To: Daniel Rosenberg <drosen@google.com>
Cc: Eric Biggers <ebiggers@kernel.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Gabriel Krisman Bertazi <krisman@collabora.com>,
kernel-team@android.com
Subject: Re: [PATCH v2 1/2] ext4: Handle casefolding with encryption
Date: Mon, 5 Apr 2021 22:38:23 -0400 [thread overview]
Message-ID: <YGvJn09vECHxKCMP@mit.edu> (raw)
In-Reply-To: <20210319073414.1381041-2-drosen@google.com>
On Fri, Mar 19, 2021 at 07:34:13AM +0000, Daniel Rosenberg wrote:
> This adds support for encryption with casefolding.
>
> Since the name on disk is case preserving, and also encrypted, we can no
> longer just recompute the hash on the fly. Additionally, to avoid
> leaking extra information from the hash of the unencrypted name, we use
> siphash via an fscrypt v2 policy.
>
> The hash is stored at the end of the directory entry for all entries
> inside of an encrypted and casefolded directory apart from those that
> deal with '.' and '..'. This way, the change is backwards compatible
> with existing ext4 filesystems.
>
> Signed-off-by: Daniel Rosenberg <drosen@google.com>
Applied, thanks with the following addition so that tests, e2fsprogs,
etc., can determine whether or not the currently running kernel has
this feature enabled:
diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index a3d08276d441..7367ba406e01 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -313,6 +313,7 @@ EXT4_ATTR_FEATURE(verity);
#endif
EXT4_ATTR_FEATURE(metadata_csum_seed);
EXT4_ATTR_FEATURE(fast_commit);
+EXT4_ATTR_FEATURE(encrypted_casefold);
static struct attribute *ext4_feat_attrs[] = {
ATTR_LIST(lazy_itable_init),
@@ -330,6 +331,7 @@ static struct attribute *ext4_feat_attrs[] = {
#endif
ATTR_LIST(metadata_csum_seed),
ATTR_LIST(fast_commit),
+ ATTR_LIST(encrypted_casefold),
NULL,
};
ATTRIBUTE_GROUPS(ext4_feat);
Future versions of e2fsprogs may issue a warning if tune2fs or mke2fs
tries to modify or create a file system such that both the encryption
and casefold feature is enabled if it appears that the kernel won't
support this combination. Daniel, if you could try to get this change
into the Android kernels that are using encrypted casefold, that would
be a good thing.
- Ted
next prev parent reply other threads:[~2021-04-06 2:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-19 7:34 [PATCH v2 0/2] Reconcile Encryption and Casefolding in Ext4 Daniel Rosenberg
2021-03-19 7:34 ` [PATCH v2 1/2] ext4: Handle casefolding with encryption Daniel Rosenberg
2021-03-20 9:05 ` Andreas Dilger
2021-04-06 2:38 ` Theodore Ts'o [this message]
2021-03-19 7:34 ` [PATCH v2 2/2] ext4: Optimize match for casefolded encrypted dirs Daniel Rosenberg
2021-04-06 2:38 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YGvJn09vECHxKCMP@mit.edu \
--to=tytso@mit.edu \
--cc=adilger.kernel@dilger.ca \
--cc=drosen@google.com \
--cc=ebiggers@kernel.org \
--cc=kernel-team@android.com \
--cc=krisman@collabora.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).