[v5,37/52] btrfs: limit encrypted writes to 256 segments

Message ID	1fc07b885453495bccea5a37e13d7d26333bd2af.1706116485.git.josef@toxicpanda.com (mailing list archive)
State	New, archived
Headers	show Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13004128368 for <linux-btrfs@vger.kernel.org>; Wed, 24 Jan 2024 17:19:58 +0000 (UTC) From: Josef Bacik <josef@toxicpanda.com> To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 37/52] btrfs: limit encrypted writes to 256 segments Date: Wed, 24 Jan 2024 12:18:59 -0500 Message-ID: <1fc07b885453495bccea5a37e13d7d26333bd2af.1706116485.git.josef@toxicpanda.com> In-Reply-To: <cover.1706116485.git.josef@toxicpanda.com> References: <cover.1706116485.git.josef@toxicpanda.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	btrfs: add fscrypt support \| expand [v5,00/52] btrfs: add fscrypt support [v5,01/52] fscrypt: add per-extent encryption support [v5,02/52] fscrypt: allow inline encryption for extent based encryption [v5,03/52] fscrypt: add a fscrypt_inode_open helper [v5,04/52] fscrypt: conditionally don't wipe mk secret until the last active user is done [v5,05/52] blk-crypto: add a process bio callback [v5,06/52] fscrypt: add a process_bio hook to fscrypt_operations [v5,07/52] fscrypt: expose fscrypt_nokey_name [v5,08/52] fscrypt: add documentation about extent encryption [v5,09/52] btrfs: add infrastructure for safe em freeing [v5,10/52] btrfs: disable various operations on encrypted inodes [v5,11/52] btrfs: disable verity on encrypted inodes [v5,12/52] btrfs: start using fscrypt hooks [v5,13/52] btrfs: add inode encryption contexts [v5,14/52] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag [v5,15/52] btrfs: adapt readdir for encrypted and nokey names [v5,16/52] btrfs: handle nokey names. [v5,17/52] btrfs: implement fscrypt ioctls [v5,18/52] btrfs: gate encryption behind BTRFS_DEBUG [v5,19/52] btrfs: select encryption dependencies if FS_ENCRYPTION [v5,20/52] btrfs: add get_devices hook for fscrypt [v5,21/52] btrfs: set file extent encryption excplicitly [v5,22/52] btrfs: add fscrypt_info and encryption_type to extent_map [v5,23/52] btrfs: add fscrypt_info and encryption_type to ordered_extent [v5,24/52] btrfs: plumb through setting the fscrypt_info for ordered extents [v5,25/52] btrfs: plumb the fscrypt extent context through create_io_em [v5,26/52] btrfs: populate the ordered_extent with the fscrypt context [v5,27/52] btrfs: keep track of fscrypt info and orig_start for dio reads [v5,28/52] btrfs: add an optional encryption context to the end of file extents [v5,29/52] btrfs: explicitly track file extent length for replace and drop [v5,30/52] btrfs: pass through fscrypt_extent_info to the file extent helpers [v5,31/52] btrfs: implement the fscrypt extent encryption hooks [v5,32/52] btrfs: setup fscrypt_extent_info for new extents [v5,33/52] btrfs: populate ordered_extent with the orig offset [v5,34/52] btrfs: set the bio fscrypt context when applicable [v5,35/52] btrfs: add a bio argument to btrfs_csum_one_bio [v5,36/52] btrfs: add orig_logical to btrfs_bio [v5,37/52] btrfs: limit encrypted writes to 256 segments [v5,38/52] btrfs: implement process_bio cb for fscrypt [v5,39/52] btrfs: implement read repair for encryption [v5,40/52] btrfs: add test_dummy_encryption support [v5,41/52] btrfs: don't rewrite ret from inode_permission [v5,42/52] btrfs: move inode_to_path higher in backref.c [v5,43/52] btrfs: make btrfs_ref_to_path handle encrypted filenames [v5,44/52] btrfs: don't search back for dir inode item in INO_LOOKUP_USER [v5,45/52] btrfs: deal with encrypted symlinks in send [v5,46/52] btrfs: decrypt file names for send [v5,47/52] btrfs: load the inode context before sending writes [v5,48/52] btrfs: set the appropriate free space settings in reconfigure [v5,49/52] btrfs: support encryption with log replay [v5,50/52] btrfs: disable auto defrag on encrypted files [v5,51/52] btrfs: disable encryption on RAID5/6 [v5,52/52] btrfs: disable send if we have encryption enabled

Message ID

1fc07b885453495bccea5a37e13d7d26333bd2af.1706116485.git.josef@toxicpanda.com (mailing list archive)

State

New, archived

Headers

From: Josef Bacik <josef@toxicpanda.com>
To: linux-btrfs@vger.kernel.org,
	kernel-team@fb.com
Subject: [PATCH v5 37/52] btrfs: limit encrypted writes to 256 segments
Date: Wed, 24 Jan 2024 12:18:59 -0500
Message-ID: 
 <1fc07b885453495bccea5a37e13d7d26333bd2af.1706116485.git.josef@toxicpanda.com>
In-Reply-To: <cover.1706116485.git.josef@toxicpanda.com>
References: <cover.1706116485.git.josef@toxicpanda.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

btrfs: add fscrypt support | expand

Commit Message

Josef Bacik Jan. 24, 2024, 5:18 p.m. UTC

For the fallback encrypted writes it allocates a bounce buffer to
encrypt, and if the bio is larger than 256 segments it splits the bio we
send down.  This wreaks havoc on us because we need our actual original
bio to be passed into the process_cb callback in order to get at our
ordered extent.  With the split we'll get some cloned bio that has none
of our information.  Handle this by returning the length we need to be
truncated to and then splitting ourselves, which will handle giving us
the correct btrfs_bio that we need.

Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
 fs/btrfs/bio.c     | 29 ++++++++++++++++++++++++++++-
 fs/btrfs/fscrypt.c | 24 ++++++++++++++++++++++++
 fs/btrfs/fscrypt.h |  6 ++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c
index cb998048edce..1fb8a198e093 100644
--- a/fs/btrfs/bio.c
+++ b/fs/btrfs/bio.c
@@ -15,6 +15,7 @@ 
 #include "zoned.h"
 #include "file-item.h"
 #include "raid-stripe-tree.h"
+#include "fscrypt.h"
 
 static struct bio_set btrfs_bioset;
 static struct bio_set btrfs_clone_bioset;
@@ -664,6 +665,7 @@  static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num)
 	u64 logical = bio->bi_iter.bi_sector << SECTOR_SHIFT;
 	u64 length = bio->bi_iter.bi_size;
 	u64 map_length = length;
+	u64 max_bio_len = length;
 	bool use_append = btrfs_use_zone_append(bbio);
 	struct btrfs_io_context *bioc = NULL;
 	struct btrfs_io_stripe smap;
@@ -673,6 +675,31 @@  static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num)
 	smap.is_scrub = !bbio->inode;
 
 	btrfs_bio_counter_inc_blocked(fs_info);
+
+	/*
+	 * The blk-crypto-fallback limits bio sizes to 256 segments, because it
+	 * has no way of controlling the pages it gets for the bounce bio it
+	 * submits.
+	 *
+	 * If we don't pre-split our bio blk-crypto-fallback will do it for us,
+	 * and then call into our checksum callback with a random cloned bio
+	 * that isn't a btrfs_bio.
+	 *
+	 * To account for this we must truncate the bio ourselves, so we need to
+	 * get our length at 256 segments and return that.  We must do this
+	 * before btrfs_map_block because the RAID5/6 code relies on having
+	 * properly stripe aligned things, so we return the truncated length
+	 * here so that btrfs_map_block() does the correct thing.  Further down
+	 * we actually truncate map_length to map_bio_len because map_length
+	 * will be set to whatever the mapping length is for the underlying
+	 * geometry.  This will work properly with RAID5/6 as it will have
+	 * already setup everything for the expected length, and everything else
+	 * can handle with a truncated map_length.
+	 */
+	if (bio_has_crypt_ctx(bio))
+		max_bio_len = btrfs_fscrypt_bio_length(bio, map_length);
+
+	map_length = max_bio_len;
 	error = btrfs_map_block(fs_info, btrfs_op(bio), logical, &map_length,
 				&bioc, &smap, &mirror_num);
 	if (error) {
@@ -688,7 +715,7 @@  static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num)
 	if (bio_op(bio) == REQ_OP_WRITE && is_data_bbio(bbio))
 		bbio->orig_logical = logical;
 
-	map_length = min(map_length, length);
+	map_length = min(map_length, max_bio_len);
 	if (use_append)
 		map_length = min(map_length, fs_info->max_zone_append_size);
 
diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c
index b93fce2db3d5..9f4811b2fb4e 100644
--- a/fs/btrfs/fscrypt.c
+++ b/fs/btrfs/fscrypt.c
@@ -308,6 +308,30 @@  bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode,
 	return fscrypt_mergeable_extent_bio(bio, fi, logical_offset);
 }
 
+/*
+ * The block crypto stuff allocates bounce buffers for encryption, so splits at
+ * BIO_MAX_VECS worth of segments.  If we are larger than that number of
+ * segments then we need to limit the size to the size that BIO_MAX_VECS covers.
+ */
+int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length)
+{
+	unsigned int i = 0;
+	struct bio_vec bv;
+	struct bvec_iter iter;
+	u64 segments_length = 0;
+
+	if (bio_op(bio) != REQ_OP_WRITE)
+		return map_length;
+
+	bio_for_each_segment(bv, bio, iter) {
+		segments_length += bv.bv_len;
+		if (++i == BIO_MAX_VECS)
+			return segments_length;
+	}
+
+	return map_length;
+}
+
 const struct fscrypt_operations btrfs_fscrypt_ops = {
 	.has_per_extent_encryption = 1,
 	.get_context = btrfs_fscrypt_get_context,
diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h
index 4da80090361f..703122e8d57f 100644
--- a/fs/btrfs/fscrypt.h
+++ b/fs/btrfs/fscrypt.h
@@ -37,6 +37,7 @@  void btrfs_set_bio_crypt_ctx_from_extent(struct bio *bio,
 bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode,
 				   struct fscrypt_extent_info *fi,
 				   u64 logical_offset);
+int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length);
 
 #else
 static inline void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode,
@@ -92,6 +93,11 @@  static inline bool btrfs_mergeable_encrypted_bio(struct bio *bio,
 	return true;
 }
 
+static inline u64 btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length)
+{
+	return map_length;
+}
+
 #endif /* CONFIG_FS_ENCRYPTION */
 
 extern const struct fscrypt_operations btrfs_fscrypt_ops;

[v5,37/52] btrfs: limit encrypted writes to 256 segments

Commit Message

Patch