I'm working on the academic project, part of which is applying transparent encryption (AES-CTR) to the selected Ext4 files stored on the disk (I can already mark them as encrypted using new ioctl etc.,).
In order to do so, I need to find the best spot to call my algorithm on the data, while it's read or written from/to the device. Due to large amount of features (like journal, inlines, o-direct, extents) provided by the filesystem, I'm struggling for few days now to find the proper solution - I need to operate on the raw data, as it's stored in the datablocks.
I had few ideas in mind, one was to hook in somewhere on the callpath from sys_read(...)
and sys_write(...)
, more precisely ext4_file_write(...)
and generic_file_aio_read(...)
- but that wouldn't work with mmap
, and probably is not the way to go. Another approach would be to do it through ext4_writepages(...)
and ext4_readpages(...)
(and it's callback, as it's async), when the memory pages are written down to disk.
Because it's not production version, just a proof of concept - I can switch off some Ext4 features in order to simplify the task. While using the algorithm I need to be able to access the inode's xargs (where the key id is stored), and as well be aware of the block number in order to generate the initial vector used in [en/de]cryption. Do you have any ideas and/or suggestions regarding that issue?
There are many alternatives to design the solution for this.
One way could be to use Wrapfs (a stackable filesystem) which will help you intercept the call from VFS to underlying physical file system. You can choose to add your hook before or after the underlying filesystem call is invoked.
Benefits of doing this way would be. 1. Your code can work with any physical filesystem seamlessly. 2. You need not change/modify original filesystem code. 3. You will have completely different module.
So the call hierarchy would look like, Application <=> VFS <=> Wrapfs <=> Physical FS (ext3/ext4/etc)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With