| Message ID | cover.1706116485.git.josef@toxicpanda.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | btrfs: add fscrypt support | expand |
On Wed, Jan 24, 2024 at 12:19 PM Josef Bacik <josef@toxicpanda.com> wrote: > > Hello, > > This is based on > > https://github.com/btrfs/linux.git for-next > > which has the recent pull from the fscrypt tree. > > I've reworked a lot of this to incorporate Eric's suggestions. There are a few > more patches because of bugs I've found in testing, and I've disabled a few > features, namely RAID5/6 and send, as they will require more work to support > with encryption and that can be done after the core work is merged. > > Thanks, > > Josef > > v4->v5: > - Addressed all the comments from Eric and then reworked the rest of the code to > handle the various changes. > - Fixed read repair. > - Fixed log replay. > - Disabled send for encrypted file systems. > - Disabled turning on encryption on RAID5/6 file systems. > As long as we get these features back soon after this is merged, I'm fine with this. It's important from the Fedora perspective to at least have the ability to do blind replication, so I hope it follows shortly after. With regards to the RAID 5/6 modes, I'm somewhat okay on sitting that out while the rework to use the raid-stripe-tree stuff is in progress. -- 真実はいつも一つ!/ Always, there's only one truth!
On Wed, Jan 24, 2024 at 02:18:40PM -0500, Neal Gompa wrote: > On Wed, Jan 24, 2024 at 12:19 PM Josef Bacik <josef@toxicpanda.com> wrote: > > > > Hello, > > > > This is based on > > > > https://github.com/btrfs/linux.git for-next > > > > which has the recent pull from the fscrypt tree. > > > > I've reworked a lot of this to incorporate Eric's suggestions. There are a few > > more patches because of bugs I've found in testing, and I've disabled a few > > features, namely RAID5/6 and send, as they will require more work to support > > with encryption and that can be done after the core work is merged. > > > > Thanks, > > > > Josef > > > > v4->v5: > > - Addressed all the comments from Eric and then reworked the rest of the code to > > handle the various changes. > > - Fixed read repair. > > - Fixed log replay. > > - Disabled send for encrypted file systems. > > - Disabled turning on encryption on RAID5/6 file systems. > > > > As long as we get these features back soon after this is merged, I'm > fine with this. It's important from the Fedora perspective to at least > have the ability to do blind replication, so I hope it follows shortly > after. Yup the send/receive stuff is mostly done, it's just the incremental part that's broken. I have a plan for it, but it's an additional 10-20 patches and this series is already a monster. I don't plan on enabling it for normal users until send support is landed as well. Thanks, Josef
Hello, This is based on https://github.com/btrfs/linux.git for-next which has the recent pull from the fscrypt tree. I've reworked a lot of this to incorporate Eric's suggestions. There are a few more patches because of bugs I've found in testing, and I've disabled a few features, namely RAID5/6 and send, as they will require more work to support with encryption and that can be done after the core work is merged. Thanks, Josef v4->v5: - Addressed all the comments from Eric and then reworked the rest of the code to handle the various changes. - Fixed read repair. - Fixed log replay. - Disabled send for encrypted file systems. - Disabled turning on encryption on RAID5/6 file systems. v3->v4: - Added support for '-o test_dummy_encryption' at Eric's suggestion, this uncovered a load of issues. - Preliminary work to support decrypting names for our various name resolution ioctls. I didn't get everything but I got the ones we depend on in fstests. - Preliminary work for send of an encrypted directory with the key loaded. There's probably still bugs in here, but it doesn't crash anymore. - Fixed how we limit the bio size to work with direct and buffered io. - Fixed using the wrong fscrypt extent context for writes into prealloc extents. Josef Bacik (38): fscrypt: add per-extent encryption support fscrypt: allow inline encryption for extent based encryption fscrypt: add a fscrypt_inode_open helper fscrypt: conditionally don't wipe mk secret until the last active user is done blk-crypto: add a process bio callback fscrypt: add a process_bio hook to fscrypt_operations fscrypt: add documentation about extent encryption btrfs: add infrastructure for safe em freeing btrfs: select encryption dependencies if FS_ENCRYPTION btrfs: add fscrypt_info and encryption_type to ordered_extent btrfs: plumb through setting the fscrypt_info for ordered extents btrfs: plumb the fscrypt extent context through create_io_em btrfs: populate the ordered_extent with the fscrypt context btrfs: keep track of fscrypt info and orig_start for dio reads btrfs: add an optional encryption context to the end of file extents btrfs: pass through fscrypt_extent_info to the file extent helpers btrfs: implement the fscrypt extent encryption hooks btrfs: setup fscrypt_extent_info for new extents btrfs: populate ordered_extent with the orig offset btrfs: set the bio fscrypt context when applicable btrfs: add a bio argument to btrfs_csum_one_bio btrfs: add orig_logical to btrfs_bio btrfs: limit encrypted writes to 256 segments btrfs: implement process_bio cb for fscrypt btrfs: implement read repair for encryption btrfs: add test_dummy_encryption support btrfs: don't rewrite ret from inode_permission btrfs: move inode_to_path higher in backref.c btrfs: make btrfs_ref_to_path handle encrypted filenames btrfs: don't search back for dir inode item in INO_LOOKUP_USER btrfs: deal with encrypted symlinks in send btrfs: decrypt file names for send btrfs: load the inode context before sending writes btrfs: set the appropriate free space settings in reconfigure btrfs: support encryption with log replay btrfs: disable auto defrag on encrypted files btrfs: disable encryption on RAID5/6 btrfs: disable send if we have encryption enabled Omar Sandoval (7): fscrypt: expose fscrypt_nokey_name btrfs: disable various operations on encrypted inodes btrfs: start using fscrypt hooks btrfs: add inode encryption contexts btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag btrfs: adapt readdir for encrypted and nokey names btrfs: implement fscrypt ioctls Sweet Tea Dorminy (7): btrfs: disable verity on encrypted inodes btrfs: handle nokey names. btrfs: gate encryption behind BTRFS_DEBUG btrfs: add get_devices hook for fscrypt btrfs: set file extent encryption excplicitly btrfs: add fscrypt_info and encryption_type to extent_map btrfs: explicitly track file extent length for replace and drop Documentation/filesystems/fscrypt.rst | 41 ++ block/blk-crypto-fallback.c | 43 +++ block/blk-crypto-internal.h | 8 + block/blk-crypto-profile.c | 2 + block/blk-crypto.c | 6 +- fs/btrfs/Kconfig | 3 + fs/btrfs/Makefile | 1 + fs/btrfs/accessors.h | 50 +++ fs/btrfs/backref.c | 114 ++++-- fs/btrfs/bio.c | 163 +++++++- fs/btrfs/bio.h | 16 +- fs/btrfs/btrfs_inode.h | 3 +- fs/btrfs/compression.c | 9 + fs/btrfs/ctree.h | 5 + fs/btrfs/defrag.c | 18 +- fs/btrfs/delayed-inode.c | 29 +- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 108 +++++- fs/btrfs/dir-item.h | 11 +- fs/btrfs/disk-io.c | 3 +- fs/btrfs/extent_io.c | 120 +++++- fs/btrfs/extent_io.h | 3 + fs/btrfs/extent_map.c | 104 ++++- fs/btrfs/extent_map.h | 26 ++ fs/btrfs/file-item.c | 33 +- fs/btrfs/file-item.h | 7 +- fs/btrfs/file.c | 12 +- fs/btrfs/fs.h | 6 +- fs/btrfs/fscrypt.c | 423 ++++++++++++++++++++ fs/btrfs/fscrypt.h | 116 ++++++ fs/btrfs/inode.c | 529 ++++++++++++++++++++------ fs/btrfs/ioctl.c | 69 ++-- fs/btrfs/ordered-data.c | 36 +- fs/btrfs/ordered-data.h | 21 +- fs/btrfs/reflink.c | 8 + fs/btrfs/root-tree.c | 8 +- fs/btrfs/root-tree.h | 2 +- fs/btrfs/send.c | 140 ++++++- fs/btrfs/super.c | 106 +++++- fs/btrfs/super.h | 3 +- fs/btrfs/sysfs.c | 6 + fs/btrfs/tree-checker.c | 66 +++- fs/btrfs/tree-log.c | 37 +- fs/btrfs/verity.c | 3 + fs/crypto/crypto.c | 10 +- fs/crypto/fname.c | 36 -- fs/crypto/fscrypt_private.h | 42 ++ fs/crypto/hooks.c | 46 ++- fs/crypto/inline_crypt.c | 84 +++- fs/crypto/keyring.c | 18 +- fs/crypto/keysetup.c | 166 ++++++++ fs/crypto/policy.c | 47 +++ include/linux/blk-crypto.h | 15 +- include/linux/fscrypt.h | 125 ++++++ include/uapi/linux/btrfs.h | 1 + include/uapi/linux/btrfs_tree.h | 35 +- 56 files changed, 2798 insertions(+), 350 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h