| Message ID | 20200724121143.1589121-2-satyat@google.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | add support for direct I/O with fscrypt using blk-crypto | expand |
On Fri, Jul 24, 2020 at 12:11:37PM +0000, Satya Tangirala wrote: > From: Eric Biggers <ebiggers@google.com> > > Introduce fscrypt_dio_supported() to check whether a direct I/O request > is unsupported due to encryption constraints. > > Also introduce fscrypt_limit_io_blocks() to limit how many blocks can be > added to a bio being prepared for direct I/O. This is needed for > filesystems that use the iomap direct I/O implementation to avoid DUN > wraparound in the middle of a bio (which is possible with the > IV_INO_LBLK_32 IV generation method). Elsewhere fscrypt_mergeable_bio() > is used for this, but iomap operates on logical ranges directly, so > filesystems using iomap won't have a chance to call fscrypt_mergeable_bio() > on every block added to a bio. So we need this function which limits a > logical range in one go. > > Signed-off-by: Eric Biggers <ebiggers@google.com> > Co-developed-by: Satya Tangirala <satyat@google.com> > Signed-off-by: Satya Tangirala <satyat@google.com> > Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> Note, generally you should drop Reviewed-by tags if you make nontrivial changes. > +/** > + * fscrypt_limit_io_blocks() - limit I/O blocks to avoid discontiguous DUNs > + * @inode: the file on which I/O is being done > + * @pos: the file position (in bytes) at which the I/O is being done > + * @nr_blocks: the number of blocks we want to submit starting at @pos > + * > + * Determine the limit to the number of blocks that can be submitted in the bio > + * targeting @pos without causing a data unit number (DUN) discontinuity. > + * > + * This is normally just @nr_blocks, as normally the DUNs just increment along > + * with the logical blocks. (Or the file is not encrypted.) > + * > + * In rare cases, fscrypt can be using an IV generation method that allows the > + * DUN to wrap around within logically continuous blocks, and that wraparound > + * will occur. If this happens, a value less than @nr_blocks will be returned > + * so that the wraparound doesn't occur in the middle of the bio. > + * > + * Return: the actual number of blocks that can be submitted > + */ > +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, > + unsigned int nr_blocks) ext4 actually passes a block number for the second argument, not a position. Also, we should make this ready for 64-bit block numbers. When it's trivial to do, we keep fs/crypto/ ready for 64-bit block numbers, even though it's not needed yet. E.g. see fscrypt_crypt_block() and fscrypt_generate_iv(). It's true that currently this function is a no-op except for IV_INO_LBLK_32, but that's more of an implementation detail. So the prototype I recommend is: u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks); > +{ > + const struct fscrypt_info *ci = inode->i_crypt_info; > + u32 dun; > + > + if (!fscrypt_inode_uses_inline_crypto(inode)) > + return nr_blocks; > + > + if (nr_blocks <= 1) > + return nr_blocks; > + > + if (!(fscrypt_policy_flags(&ci->ci_policy) & > + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) > + return nr_blocks; > + > + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ > + > + dun = ci->ci_hashed_ino + (pos >> inode->i_blkbits); > + > + return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); > +} > diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h > index bb257411365f..241266cba21f 100644 > --- a/include/linux/fscrypt.h > +++ b/include/linux/fscrypt.h > @@ -559,6 +559,11 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, > bool fscrypt_mergeable_bio_bh(struct bio *bio, > const struct buffer_head *next_bh); > > +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); > + > +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, > + unsigned int nr_blocks); > + > #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ > > static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) > @@ -587,6 +592,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, > { > return true; > } > + > +static inline bool fscrypt_dio_supported(struct kiocb *iocb, > + struct iov_iter *iter) > +{ > + const struct inode *inode = file_inode(iocb->ki_filp); > + > + return !fscrypt_needs_contents_encryption(inode); > +} > + > +static inline int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, > + unsigned int nr_blocks) > +{ > + return nr_blocks; > +} > #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ > > /** > -- > 2.28.0.rc0.142.g3c755180ce-goog >
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index a52cf32733ab..d2e933eb98dd 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page) } EXPORT_SYMBOL(fscrypt_free_bounce_page); +/* + * Generate the IV for the given logical block number within the given file. + * For filenames encryption, lblk_num == 0. + * + * Keep this in sync with fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() + * needs to know about any IV generation methods where the low bits of IV don't + * simply contain the lblk_num (e.g., IV_INO_LBLK_32). + */ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index d7aecadf33c1..2cac0da0bd04 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -16,6 +16,7 @@ #include <linux/blkdev.h> #include <linux/buffer_head.h> #include <linux/sched/mm.h> +#include <linux/uio.h> #include "fscrypt_private.h" @@ -362,3 +363,77 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio, return fscrypt_mergeable_bio(bio, inode, next_lblk); } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh); + +/** + * fscrypt_dio_supported() - check whether a direct I/O request is unsupported + * due to encryption constraints + * @iocb: the file and position the I/O is targeting + * @iter: the I/O data segment(s) + * + * Return: true if direct I/O is supported + */ +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + const unsigned int blocksize = i_blocksize(inode); + + /* If the file is unencrypted, no veto from us. */ + if (!fscrypt_needs_contents_encryption(inode)) + return true; + + /* We only support direct I/O with inline crypto, not fs-layer crypto */ + if (!fscrypt_inode_uses_inline_crypto(inode)) + return false; + + /* + * Since the granularity of encryption is filesystem blocks, the I/O + * must be block aligned -- not just disk sector aligned. + */ + if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(fscrypt_dio_supported); + +/** + * fscrypt_limit_io_blocks() - limit I/O blocks to avoid discontiguous DUNs + * @inode: the file on which I/O is being done + * @pos: the file position (in bytes) at which the I/O is being done + * @nr_blocks: the number of blocks we want to submit starting at @pos + * + * Determine the limit to the number of blocks that can be submitted in the bio + * targeting @pos without causing a data unit number (DUN) discontinuity. + * + * This is normally just @nr_blocks, as normally the DUNs just increment along + * with the logical blocks. (Or the file is not encrypted.) + * + * In rare cases, fscrypt can be using an IV generation method that allows the + * DUN to wrap around within logically continuous blocks, and that wraparound + * will occur. If this happens, a value less than @nr_blocks will be returned + * so that the wraparound doesn't occur in the middle of the bio. + * + * Return: the actual number of blocks that can be submitted + */ +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks) +{ + const struct fscrypt_info *ci = inode->i_crypt_info; + u32 dun; + + if (!fscrypt_inode_uses_inline_crypto(inode)) + return nr_blocks; + + if (nr_blocks <= 1) + return nr_blocks; + + if (!(fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) + return nr_blocks; + + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + + dun = ci->ci_hashed_ino + (pos >> inode->i_blkbits); + + return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); +} diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index bb257411365f..241266cba21f 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -559,6 +559,11 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); + +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks); + #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) @@ -587,6 +592,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, { return true; } + +static inline bool fscrypt_dio_supported(struct kiocb *iocb, + struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + + return !fscrypt_needs_contents_encryption(inode); +} + +static inline int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks) +{ + return nr_blocks; +} #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ /**