[RFC,37/53] netfs: Support decryption on ubuffered/DIO read

Message ID	20231013160423.2218093-38-dhowells@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-cifs-owner@vger.kernel.org> From: David Howells <dhowells@redhat.com> To: Jeff Layton <jlayton@kernel.org>, Steve French <smfrench@gmail.com> Cc: David Howells <dhowells@redhat.com>, Matthew Wilcox <willy@infradead.org>, Marc Dionne <marc.dionne@auristor.com>, Paulo Alcantara <pc@manguebit.com>, Shyam Prasad N <sprasad@microsoft.com>, Tom Talpey <tom@talpey.com>, Dominique Martinet <asmadeus@codewreck.org>, Ilya Dryomov <idryomov@gmail.com>, Christian Brauner <christian@brauner.io>, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-cachefs@redhat.com Subject: [RFC PATCH 37/53] netfs: Support decryption on ubuffered/DIO read Date: Fri, 13 Oct 2023 17:04:06 +0100 Message-ID: <20231013160423.2218093-38-dhowells@redhat.com> In-Reply-To: <20231013160423.2218093-1-dhowells@redhat.com> References: <20231013160423.2218093-1-dhowells@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	netfs, afs, cifs: Delegate high-level I/O to netfslib \| expand [RFC,00/53] netfs, afs, cifs: Delegate high-level I/O to netfslib [RFC,01/53] netfs: Add a procfile to list in-progress requests [RFC,02/53] netfs: Track the fpos above which the server has no data [RFC,03/53] netfs: Note nonblockingness in the netfs_io_request struct [RFC,04/53] netfs: Allow the netfs to make the io (sub)request alloc larger [RFC,05/53] netfs: Add a ->free_subrequest() op [RFC,06/53] afs: Don't use folio->private to record partial modification [RFC,07/53] netfs: Provide invalidate_folio and release_folio calls [RFC,08/53] netfs: Add rsize to netfs_io_request [RFC,09/53] netfs: Implement unbuffered/DIO vs buffered I/O locking [RFC,10/53] netfs: Add iov_iters to (sub)requests to describe various buffers [RFC,11/53] netfs: Add support for DIO buffering [RFC,12/53] netfs: Provide tools to create a buffer in an xarray [RFC,13/53] netfs: Add bounce buffering support [RFC,14/53] netfs: Add func to calculate pagecount/size-limited span of an iterator [RFC,15/53] netfs: Limit subrequest by size or number of segments [RFC,16/53] netfs: Export netfs_put_subrequest() and some tracepoints [RFC,17/53] netfs: Extend the netfs_io_*request structs to handle writes [RFC,18/53] netfs: Add a hook to allow tell the netfs to update its i_size [RFC,19/53] netfs: Make netfs_put_request() handle a NULL pointer [RFC,20/53] fscache: Add a function to begin an cache op from a netfslib request [RFC,21/53] netfs: Make the refcounting of netfs_begin_read() easier to use [RFC,22/53] netfs: Prep to use folio->private for write grouping and streaming write [RFC,23/53] netfs: Dispatch write requests to process a writeback slice [RFC,24/53] netfs: Provide func to copy data to pagecache for buffered write [RFC,25/53] netfs: Make netfs_read_folio() handle streaming-write pages [RFC,26/53] netfs: Allocate multipage folios in the writepath [RFC,27/53] netfs: Implement support for unbuffered/DIO read [RFC,28/53] netfs: Implement unbuffered/DIO write support [RFC,29/53] netfs: Implement buffered write API [RFC,30/53] netfs: Allow buffered shared-writeable mmap through netfs_page_mkwrite() [RFC,31/53] netfs: Provide netfs_file_read_iter() [RFC,32/53] netfs: Provide a writepages implementation [RFC,33/53] netfs: Provide minimum blocksize parameter [RFC,34/53] netfs: Make netfs_skip_folio_read() take account of blocksize [RFC,35/53] netfs: Perform content encryption [RFC,36/53] netfs: Decrypt encrypted content [RFC,37/53] netfs: Support decryption on ubuffered/DIO read [RFC,38/53] netfs: Support encryption on Unbuffered/DIO write [RFC,39/53] netfs: Provide a launder_folio implementation [RFC,40/53] netfs: Implement a write-through caching option [RFC,41/53] netfs: Rearrange netfs_io_subrequest to put request pointer first [RFC,42/53] afs: Use the netfs write helpers [RFC,43/53] cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest [RFC,44/53] cifs: Share server EOF pos with netfslib [RFC,45/53] cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest [RFC,46/53] cifs: Use more fields from netfs_io_subrequest [RFC,47/53] cifs: Make wait_mtu_credits take size_t args [RFC,48/53] cifs: Implement netfslib hooks [RFC,49/53] cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c [RFC,50/53] cifs: Cut over to using netfslib [RFC,51/53] cifs: Remove some code that's no longer used, part 1 [RFC,52/53] cifs: Remove some code that's no longer used, part 2 [RFC,53/53] cifs: Remove some code that's no longer used, part 3

Message ID

20231013160423.2218093-38-dhowells@redhat.com (mailing list archive)

State

New, archived

Headers

From: David Howells <dhowells@redhat.com>
To: Jeff Layton <jlayton@kernel.org>, Steve French <smfrench@gmail.com>
Cc: David Howells <dhowells@redhat.com>,
        Matthew Wilcox <willy@infradead.org>,
        Marc Dionne <marc.dionne@auristor.com>,
        Paulo Alcantara <pc@manguebit.com>,
        Shyam Prasad N <sprasad@microsoft.com>,
        Tom Talpey <tom@talpey.com>,
        Dominique Martinet <asmadeus@codewreck.org>,
        Ilya Dryomov <idryomov@gmail.com>,
        Christian Brauner <christian@brauner.io>,
        linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org,
        linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org,
        v9fs@lists.linux.dev, linux-fsdevel@vger.kernel.org,
        linux-mm@kvack.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-cachefs@redhat.com
Subject: [RFC PATCH 37/53] netfs: Support decryption on ubuffered/DIO read
Date: Fri, 13 Oct 2023 17:04:06 +0100
Message-ID: <20231013160423.2218093-38-dhowells@redhat.com>
In-Reply-To: <20231013160423.2218093-1-dhowells@redhat.com>
References: <20231013160423.2218093-1-dhowells@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

netfs, afs, cifs: Delegate high-level I/O to netfslib | expand

Commit Message

David Howells Oct. 13, 2023, 4:04 p.m. UTC

Support unbuffered and direct I/O reads from an encrypted file.  This may
require making a larger read than is required into a bounce buffer and
copying out the required bits.  We don't decrypt in-place in the user
buffer lest userspace interfere and muck up the decryption.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
cc: linux-fsdevel@vger.kernel.org
cc: linux-mm@kvack.org
---
 fs/netfs/direct_read.c | 10 ++++++++++
 fs/netfs/internal.h    | 17 +++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/fs/netfs/direct_read.c b/fs/netfs/direct_read.c
index 52ad8fa66dd5..158719b56900 100644
--- a/fs/netfs/direct_read.c
+++ b/fs/netfs/direct_read.c
@@ -181,6 +181,16 @@  static ssize_t netfs_unbuffered_read_iter_locked(struct kiocb *iocb, struct iov_
 		iov_iter_advance(iter, orig_count);
 	}
 
+	/* If we're going to do decryption or decompression, we're going to
+	 * need a bounce buffer - and if the data is misaligned for the crypto
+	 * algorithm, we decrypt in place and then copy.
+	 */
+	if (test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) {
+		if (!netfs_is_crypto_aligned(rreq, iter))
+			__set_bit(NETFS_RREQ_CRYPT_IN_PLACE, &rreq->flags);
+		__set_bit(NETFS_RREQ_USE_BOUNCE_BUFFER, &rreq->flags);
+	}
+
 	/* If we're going to use a bounce buffer, we need to set it up.  We
 	 * will then need to pad the request out to the minimum block size.
 	 */
diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h
index 8dc68a75d6cd..7dd37d3aff3f 100644
--- a/fs/netfs/internal.h
+++ b/fs/netfs/internal.h
@@ -196,6 +196,23 @@  static inline void netfs_put_group_many(struct netfs_group *netfs_group, int nr)
 		netfs_group->free(netfs_group);
 }
 
+/*
+ * Check to see if a buffer aligns with the crypto unit block size.  If it
+ * doesn't the crypto layer is going to copy all the data - in which case
+ * relying on the crypto op for a free copy is pointless.
+ */
+static inline bool netfs_is_crypto_aligned(struct netfs_io_request *rreq,
+					   struct iov_iter *iter)
+{
+	struct netfs_inode *ctx = netfs_inode(rreq->inode);
+	unsigned long align, mask = (1UL << ctx->min_bshift) - 1;
+
+	if (!ctx->min_bshift)
+		return true;
+	align = iov_iter_alignment(iter);
+	return (align & mask) == 0;
+}
+
 /*****************************************************************************/
 /*
  * debug tracing

[RFC,37/53] netfs: Support decryption on ubuffered/DIO read

Commit Message

Patch