Re: [PATCH v3 04/22] fscrypt: add extent-based encryption

Eric Biggers <ebiggers@xxxxxxxxxx> · Thu, 20 Oct 2022 14:45:54 -0700

On Thu, Oct 20, 2022 at 12:58:23PM -0400, Sweet Tea Dorminy wrote:
> Some filesystems need to encrypt data based on extents, rather than on
> inodes, due to features incompatible with inode-based encryption. For
> instance, btrfs can have multiple inodes referencing a single block of
> data, and moves logical data blocks to different physical locations on
> disk in the background; these two features mean traditional inode-based
> file contents encryption will not work for btrfs.
> 
> This change introduces fscrypt_extent_context objects, in analogy to
> existing context objects based on inodes. For a filesystem which opts to
> use extent-based encryption, a new hook provides a new
> fscrypt_extent_context, generated in close analogy to the IVs generated
> with existing policies. During file content encryption/decryption, the
> existing fscrypt_context object provides key information, while the new
> fscrypt_extent_context provides IV information. For filename encryption,
> the existing IV generation methods are still used, since filenames are
> not stored in extents.
> 
> Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx>
> ---
>  fs/crypto/crypto.c          | 20 ++++++++--
>  fs/crypto/fscrypt_private.h | 25 +++++++++++-
>  fs/crypto/inline_crypt.c    | 28 ++++++++++---
>  fs/crypto/policy.c          | 79 +++++++++++++++++++++++++++++++++++++
>  include/linux/fscrypt.h     | 47 ++++++++++++++++++++++
>  5 files changed, 189 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
> index 7fe5979fbea2..08b495dc5c0c 100644
> --- a/fs/crypto/crypto.c
> +++ b/fs/crypto/crypto.c
> @@ -81,8 +81,22 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
>  			 const struct fscrypt_info *ci)
>  {
>  	u8 flags = fscrypt_policy_flags(&ci->ci_policy);
> +	struct inode *inode = ci->ci_inode;
> +	const struct fscrypt_operations *s_cop = inode->i_sb->s_cop;
>  
> -	memset(iv, 0, ci->ci_mode->ivsize);
> +	memset(iv, 0, sizeof(*iv));
> +	if (s_cop->get_extent_context && lblk_num != U64_MAX) {
> +		size_t extent_offset;
> +		union fscrypt_extent_context ctx;
> +		int ret;
> +
> +		ret = fscrypt_get_extent_context(inode, lblk_num, &ctx,
> +						 &extent_offset, NULL);
> +		WARN_ON_ONCE(ret);
> +		memcpy(iv->raw, ctx.v1.iv.raw, sizeof(*iv));
> +		iv->lblk_num += cpu_to_le64(extent_offset);
> +		return;
> +	}

Please read through my review comment
https://lore.kernel.org/linux-fscrypt/Yx6MnaUqUTdjCmX+@quark/ again, as it
doesn't seem that you've addressed it.

- Eric