On Fri, Oct 21, 2016 at 11:19:31AM -0700, Eric Biggers wrote: > > I don't think it's reasonable to require require changes to filesystems whenever > someone introduces a new encryption mode --- contents, filenames, or both. > Filesystems need to be able to handle unsupported encryption modes in some way > that makes sense. Currently, when it sees an unsupported encryption mode > fscrypto will behave as if the encryption key is not available and will also > print a one-time warning to the kernel log. This happens when a file is > accessed, not when the filesystem is mounted. As far as I can tell, ext4, f2fs, > and ubifs would all behave this way because this code is shared. I think this > is probably the most realistic behavior. I tend to agree, but file systems may choose some alternate approach if they want to "fail fast" (e.g., at mount time). I wouldn't want to do that for ext4, but if ubifs (or some other file system) wants do something more draconian, they can be afraid to do that. Failing that, some kind of one-time warning makes sense. What I would like to do though is to is to have a callback so that code in fs/crypto can call a file system specific notification routine. e.g., for ext4, we would probably want to be able to call ext4_warning() and ext4_error() from fs/crypto, and other file systems might want to have a different set of notification routines. This way we can print a message like kernel: EXT4-fs warning (device sdb1): fscrypto_xxx: foo bar baz and if we later on have a way of sending file system specific warnings or errors through some kind of IPC mechanism, such as netlink or some future kdbus scheme, we can send the warning and error messages out the same way we send other filesystem specific error messages. - Ted P.S. BTW, we actually _do_ have something hacked together inside the Google production kernel which pipes ext4_error() messages to a netlink socket, so that monitoring systems don't have scrape dmesg or /var/log/messages. If anyone inside or outside google is interested in that functionality, I can make the code available. There's nothing sensitive or Google specific in it; it's just that unfortunately, getting that code cleaned up and upstreamed has just never made it "above the fold" on the priority list, the engineer who originally implemented it is no longer on the team --- and I never had the time to cleanup work to get the code to upstream quality myself. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html