From patchwork Fri Jul 17 01:35:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668659 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A78FD161F for ; Fri, 17 Jul 2020 01:35:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8E01420691 for ; Fri, 17 Jul 2020 01:35:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rNcJ1z/h" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726852AbgGQBf3 (ORCPT ); Thu, 16 Jul 2020 21:35:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726512AbgGQBf2 (ORCPT ); Thu, 16 Jul 2020 21:35:28 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39B59C08C5C0 for ; Thu, 16 Jul 2020 18:35:28 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id d67so5783966pfd.4 for ; Thu, 16 Jul 2020 18:35:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=B0x0K0LAx9+Y7Q8FXBFUwx+eU4+ad8NV7ubLsxeFaf4=; b=rNcJ1z/hk3b1nlQcOK344BBKSaTZD0FO1lc1KBwd0QAUCl8LAzorkSchCeJV+hqxco VxZdkX7BuCr07mM59e6rfOF9TcpZ2NNNqjgG1ix7aij9jNjawUvA6ftvYtPvlKxkQrCb r1Du7ASXNCYSpyLj9txeDB4id+SBLeq+zfMufpbluvu3wACCfzpcjItXMleC2WhSNMK4 5mGgzVaRaRBvczOOazdepqhiP4UyFot3XBcOUh37HxRuiDjpZ0OzsgmD8XQaggV9gneU lAJiuyQYhik+85aksvgSo7vrHofshzMnswjyCii7OnIWl5oEpf0m6JssM590tZE6J/pU U6Dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=B0x0K0LAx9+Y7Q8FXBFUwx+eU4+ad8NV7ubLsxeFaf4=; b=RaZOi1ey9a8UGsPgCaTPIkdBOpz9Q4Z6a7G4g//0iXq57OMB9/EYdmMKtzpWzpqOvy QSRtMqJtiGSUmJPrrv+dbB7B7FV3LSuOFX/RwD0SbWlPTW0vVc1uZCP9yIqnsgbpwpi4 zxs0j2MR6mOFijcmiWiO86LZi8ro7ZpLSYNGoudHOeZWcenFjncCVwbCDwkUrYMy/6rY 7qM8nCrxykEZg1UrK3eCc5kj1xjozo+n4c8dtP2ntz21ooEyVKoYDFpst7oMMNF64OTX fPl4Er0kE3DnUNJ6OLkLm4R6bKQ3O8lOlvpBKvMOg6lTeZdKELAR0wMw25qrABNFXkWt WyEw== X-Gm-Message-State: AOAM532FGXCuEf7gbphqVzT1vEiXGrcdNWaW4g0GNp/e/o0KdRhS6Syu pYum5jvBAqiShT+ij9MtdsBsYARWR5g= X-Google-Smtp-Source: ABdhPJxPTXctCC0zB+2Aag+2QZjZh13xx8lZoFZnZfaqM8dqP3fwqUDr7MTFN8aR7cvnb4Uu0xvaMjfWhvM= X-Received: by 2002:a17:90a:1fcb:: with SMTP id z11mr2171503pjz.1.1594949727176; Thu, 16 Jul 2020 18:35:27 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:12 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-2-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 1/7] fscrypt: Add functions for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Introduce fscrypt_dio_supported() to check whether a direct I/O request is unsupported due to encryption constraints, and fscrypt_limit_io_pages() to check how many pages may be added to a bio being prepared for direct I/O. The IV_INO_LBLK_32 fscrypt policy introduced the possibility that DUNs in logically continuous file blocks might wrap from 0xffffffff to 0. Since this was particularly difficult to handle when block_size != PAGE_SIZE, fscrypt only supports blk-crypto en/decryption with the IV_INO_LBLK_32 policy when block_size == PAGE_SIZE, and ensures that the DUN never wraps around within any submitted bio. fscrypt_limit_io_pages() can be used to determine the number of logically contiguous blocks/pages that may be added to the bio without causing the DUN to wrap around within the bio. This is an alternative to calling fscrypt_mergeable_bio() on each page in a range of logically contiguous pages. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/crypto/crypto.c | 8 ++++ fs/crypto/inline_crypt.c | 80 ++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 19 ++++++++++ 3 files changed, 107 insertions(+) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index a52cf32733ab..fb34364360b3 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page) } EXPORT_SYMBOL(fscrypt_free_bounce_page); +/* + * Generate the IV for the given logical block number within the given file. + * For filenames encryption, lblk_num == 0. + * + * Keep this in sync with fscrypt_limit_io_pages(). fscrypt_limit_io_pages() + * needs to know about any IV generation methods where the low bits of IV don't + * simply contain the lblk_num (e.g., IV_INO_LBLK_32). + */ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index d7aecadf33c1..f5af6a63e04c 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fscrypt_private.h" @@ -362,3 +363,82 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio, return fscrypt_mergeable_bio(bio, inode, next_lblk); } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh); + +/** + * fscrypt_dio_supported() - check whether a direct I/O request is unsupported + * due to encryption constraints + * @iocb: the file and position the I/O is targeting + * @iter: the I/O data segment(s) + * + * Return: true if direct I/O is supported + */ +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + const unsigned int blocksize = i_blocksize(inode); + + /* If the file is unencrypted, no veto from us. */ + if (!fscrypt_needs_contents_encryption(inode)) + return true; + + /* We only support direct I/O with inline crypto, not fs-layer crypto */ + if (!fscrypt_inode_uses_inline_crypto(inode)) + return false; + + /* + * Since the granularity of encryption is filesystem blocks, the I/O + * must be block aligned -- not just disk sector aligned. + */ + if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(fscrypt_dio_supported); + +/** + * fscrypt_limit_io_pages() - limit I/O pages to avoid discontiguous DUNs + * @inode: the file on which I/O is being done + * @pos: the file position (in bytes) at which the I/O is being done + * @nr_pages: the number of pages we want to submit starting at @pos + * + * Determine the limit to the number of pages that can be submitted in the bio + * targeting @pos without causing a data unit number (DUN) discontinuity. + * + * For IV generation methods that can't cause DUN wraparounds + * within logically continuous data blocks, the maximum number of pages is + * simply @nr_pages. For those IV generation methods that *might* cause DUN + * wraparounds, the returned number of pages is the largest possible number of + * pages (less than @nr_pages) that can be added to the bio without causing a + * DUN wraparound within the bio. + * + * Return: the actual number of pages that can be submitted + */ +int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, int nr_pages) +{ + const struct fscrypt_info *ci = inode->i_crypt_info; + u32 dun; + + if (!fscrypt_inode_uses_inline_crypto(inode)) + return nr_pages; + + if (nr_pages <= 1) + return nr_pages; + + if (!(fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) + return nr_pages; + + /* + * fscrypt_select_encryption_impl() ensures that block_size == PAGE_SIZE + * when using FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32. + */ + if (WARN_ON_ONCE(i_blocksize(inode) != PAGE_SIZE)) + return 1; + + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + + dun = ci->ci_hashed_ino + (pos >> inode->i_blkbits); + + return min_t(u64, nr_pages, (u64)U32_MAX + 1 - dun); +} diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index bb257411365f..c205c214b35e 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -559,6 +559,11 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); + +int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, + int nr_pages); + #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) @@ -587,6 +592,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, { return true; } + +static inline bool fscrypt_dio_supported(struct kiocb *iocb, + struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + + return !fscrypt_needs_contents_encryption(inode); +} + +static inline int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, + int nr_pages) +{ + return nr_pages; +} #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ /** From patchwork Fri Jul 17 01:35:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668661 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A4B11751 for ; Fri, 17 Jul 2020 01:35:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3D40220691 for ; Fri, 17 Jul 2020 01:35:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EcPT5iw6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726885AbgGQBfb (ORCPT ); Thu, 16 Jul 2020 21:35:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726512AbgGQBfa (ORCPT ); Thu, 16 Jul 2020 21:35:30 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C62EDC08C5CE for ; Thu, 16 Jul 2020 18:35:29 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id d27so9475256ybe.20 for ; Thu, 16 Jul 2020 18:35:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=zp9IyNE/WOqMjmmUo5OQb7An9Jck4EABFW2ZtXIp0J8=; b=EcPT5iw6xeAfEjdlPbda6DoINJs/j9jKP2TGre8RBeZXNcyIRuqos8GS/JPjNxyyMj aARz+rkyGL52RWpzFM5BJ3zkR/4wfsdnrw+1luAFREm/VEQT+l2s5cpIKsr+5uKeFMH4 WY51ds7oCW7o+7bxVZeVdvBRNakPa9eZZmcbTSZ4YdYGuLV6Q/SugNCpoAJkT93/jfJb IGJddYgCOXxJUJ+GqNK5dO62cUYyve5r5yM+KtVqyAb2Zs2BUOSmw7Fs3p41vxvgdu5b 24MANUxf9LZQryIjThNYfZtFGr6rsTY31QgdC5WUa3iwxTm6vikksUZPQJEA49/6nHBM jWDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=zp9IyNE/WOqMjmmUo5OQb7An9Jck4EABFW2ZtXIp0J8=; b=fx0wcuomKkOS4LLxsqAfv4p/2qUFFebHa7Q3RuU83ZLRsxAriS1YMmCD969Skazi9A SgkfD73JdxLyTX3xIlwvP0Z2mOIBhCTZyKe64Il54iDOUdRQ3eS6S8MindokREXAhZsm CDiIO6NT+MiaqaD7YJw1CwDW8KfbfI2s7y/F3Ms8NpOQ7yHaqFObdLLkHaBzPB/OPIpf 1Dc0pV3cgblBkJUgtaVgwgySrRoDM1Jwq79q4Na9BCvBHSgbXbmitjz3D/bWxDkC6ri1 jmD5tpRKBGb/dahhife3DE982bcPLPOulKyoC5FfyuTVpKj2VQtjjcpaBmZ1bqaxFsl5 KKFQ== X-Gm-Message-State: AOAM532hiN2V4BcDCdRjnv6P2Q31OxLMhpWWY5oCZLr8EXG55nG06x9E +2GJblPPBj0eXhQ2z4ToE3blLy7psi4= X-Google-Smtp-Source: ABdhPJxs8eFAsth37g1R47hI62Mpm1RAZyjhJ4mmlKAvDAiqG/78AzVwzEyzIKJIVFj3OeeEfj/R+GGoZ6o= X-Received: by 2002:a25:e481:: with SMTP id b123mr9697382ybh.126.1594949728932; Thu, 16 Jul 2020 18:35:28 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:13 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-3-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 2/7] direct-io: add support for fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required, and explicitly check for DUN continuity when adding pages to the bio. (While DUN continuity is usually implied by logical block contiguity, this is not the case when using certain fscrypt IV generation methods like IV_INO_LBLK_32). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/direct-io.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index 6d5370eac2a8..f27f7e3780ee 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -411,6 +412,7 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, sector_t first_sector, int nr_vecs) { struct bio *bio; + struct inode *inode = dio->inode; /* * bio_alloc() is guaranteed to return a bio when allowed to sleep and @@ -418,6 +420,9 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, */ bio = bio_alloc(GFP_KERNEL, nr_vecs); + fscrypt_set_bio_crypt_ctx(bio, inode, + sdio->cur_page_fs_offset >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, bdev); bio->bi_iter.bi_sector = first_sector; bio_set_op_attrs(bio, dio->op, dio->op_flags); @@ -782,9 +787,17 @@ static inline int dio_send_cur_page(struct dio *dio, struct dio_submit *sdio, * current logical offset in the file does not equal what would * be the next logical offset in the bio, submit the bio we * have. + * + * When fscrypt inline encryption is used, data unit number + * (DUN) contiguity is also required. Normally that's implied + * by logical contiguity. However, certain IV generation + * methods (e.g. IV_INO_LBLK_32) don't guarantee it. So, we + * must explicitly check fscrypt_mergeable_bio() too. */ if (sdio->final_block_in_bio != sdio->cur_page_block || - cur_offset != bio_next_offset) + cur_offset != bio_next_offset || + !fscrypt_mergeable_bio(sdio->bio, dio->inode, + cur_offset >> dio->inode->i_blkbits)) dio_bio_submit(dio, sdio); } From patchwork Fri Jul 17 01:35:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668687 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8AEAF17C7 for ; Fri, 17 Jul 2020 01:35:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6EFA520838 for ; Fri, 17 Jul 2020 01:35:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="S9hUMdzt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726971AbgGQBfg (ORCPT ); Thu, 16 Jul 2020 21:35:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726892AbgGQBfb (ORCPT ); Thu, 16 Jul 2020 21:35:31 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 619DBC08C5CE for ; Thu, 16 Jul 2020 18:35:31 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id h93so6676053pjb.2 for ; Thu, 16 Jul 2020 18:35:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+UBFxrt4pNJbQqfKhET/4plBmEv6gpLPjB+6J7RRg5k=; b=S9hUMdztXXvOY4ssFaJ9x50x8aFoXJPR1Ord6CgvNBpR6vnJ1HcxEp+eSdaGY2wu49 f3fn0Te4kWifwbc6OZ2yWU1j5vyM+/dIh9NQBMQelj7AihRRtRxZWdcI+Qm/qQb+JSZ1 4vatdj6y/6H9IPDw31RFvJBnXZAEWZbrTIeQ4n+CYYf5Ls9iTkaDeHulKw5UxKN3y0t7 zfn3cXRsUyUuNwYuMX4HUH1SILLzTcAjK5hnXBz6/fju1dXdZTfC0wUHMfBLejmNNWiV 2zSjQ0QinEPAhWayJplF9JFzkA1NeMZT/PHLH5AVbbg/wAeJA+k9Fp7jqWMsVvb0ahs1 nmew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+UBFxrt4pNJbQqfKhET/4plBmEv6gpLPjB+6J7RRg5k=; b=obAe8cpgzDXh80x1Jfd7X8vPHH3c2lSA0db1QFYcLNkdT7FalE0J7LUMFPaI2QXyyX UyiZF9m3MKnvZM7gjq1t6SsGgQH2W1myE5CfVHhOkymBDqYYp0GChpsZ51U0/rpIt8ha BXOHyJFP31aNao9CakxIUCpDnzh4GauoqptKrwCoO/BGGQ9aPDtb3mq1wRRfy+U2fyKn 3Xk0KNaUW13Bw07xwQQ/2bzMv3yLyzD3VV7XfUkYGYyUgUpVWacalUCluOp+KFJsqOmS 2hcpsZehkA2TAEi6x5bfEW+nhwiexLlVjq5jswk3u3V8yuprMR4ZjFU5cF+SfWH3SQZl R8DQ== X-Gm-Message-State: AOAM533ULppv9Qo31K7kdn0WvqCqRwohjqBl1GLijR6Z/QRgdZPAElVs +08cVuwMdwPN1oW5JHmIR8yBqs3J7kM= X-Google-Smtp-Source: ABdhPJyUKbNKbPD52mHlMT2ZSrU8LempwbQ8BXLBZXihRGAVepOXrVcw0EfQ5Li0VQYXBx83T3iUPhq+8QI= X-Received: by 2002:a17:90a:1fcb:: with SMTP id z11mr2171526pjz.1.1594949730708; Thu, 16 Jul 2020 18:35:30 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:14 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-4-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 3/7] iomap: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Wire up iomap direct I/O with the fscrypt additions for direct I/O, and set bio crypt contexts on bios when appropriate. Make iomap_dio_bio_actor() call fscrypt_limit_io_pages() to ensure that DUNs remain contiguous within a bio, since it works directly with logical ranges and can't call fscrypt_mergeable_bio() on each page. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/iomap/direct-io.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index ec7b78e6feca..4507dc16dbe5 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -183,11 +184,14 @@ static void iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos, unsigned len) { + struct inode *inode = file_inode(dio->iocb->ki_filp); struct page *page = ZERO_PAGE(0); int flags = REQ_SYNC | REQ_IDLE; struct bio *bio; bio = bio_alloc(GFP_KERNEL, 1); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_private = dio; @@ -253,6 +257,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, ret = nr_pages; goto out; } + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages); if (need_zeroout) { /* zero out from the start of the block to the write offset */ @@ -270,6 +275,8 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, } bio = bio_alloc(GFP_KERNEL, nr_pages); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_write_hint = dio->iocb->ki_hint; @@ -307,6 +314,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, copied += n; nr_pages = iov_iter_npages(dio->submit.iter, BIO_MAX_PAGES); + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages); iomap_dio_submit_bio(dio, iomap, bio, pos); pos += n; } while (nr_pages); From patchwork Fri Jul 17 01:35:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668671 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5628E1751 for ; Fri, 17 Jul 2020 01:35:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3B2072070E for ; Fri, 17 Jul 2020 01:35:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZcYDTvcf" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726944AbgGQBfe (ORCPT ); Thu, 16 Jul 2020 21:35:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726401AbgGQBfd (ORCPT ); Thu, 16 Jul 2020 21:35:33 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 236FDC061755 for ; Thu, 16 Jul 2020 18:35:33 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id s28so5784447pfd.19 for ; Thu, 16 Jul 2020 18:35:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=E/vVSGidxRNqfgFvT7W0V9puYBqKI9SZ+5JR8j0m+58=; b=ZcYDTvcfLLpu/jhtpmOZTX1yip7PM/LKW+mqaazTmFRD19tgdynOHn3dvFmYrGW/EU 3OGE6491fFJOHWChT38oVFGgJgqcZ1z9qC05QU8JraayXUwgfZmczmipgbR37elMel8Z zNb7TYC+lWvWJJ6SnDNsPiAtosseBQpBY7N1qfVzLHJNWx+JNLHhks/B90rtrKlzTw2Q QdJ4Rgwpk7ZYwleZwGq00b+zq66rjpmtFE10TZhsYG25d9JTk8G6JQVQC1rLY+/3pY2o 8blcSeqgKqhLSzrKduWn3JF/DTEgh0C9d7W/d32ySDrix8TvV4yJXo/ftZgek76k0P/c Y1Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=E/vVSGidxRNqfgFvT7W0V9puYBqKI9SZ+5JR8j0m+58=; b=ph/ZCxQTxAQlml9hESzmtnrwHgMg+SVscBCfYPpyLi8zu0h2fqyklZbYc4In4dzonY fMGvQg9b2/zHybx600WITBH/C/VW7C0h/R04nVLeJXHN+05T44rs+DnnM6e1zed6ib26 /272jHFPUKLn1WFtPUm5dc9IQQT4FhohrFm9K+KbgH6AtLMb+ugsiopkvBMtzrDHfZg+ wieNOZYvHiu/wkosvTMVbhnp4KIxy3LTJe0Jkk09QupyUsOWUIRfShakiWc/GxbGBO7p 0uzOZduCQC/d1CtkM/Bg4/yzLwGBnrR0ZBsQM/SEH+u1alQPplShdsop3T74xGhuhInd ddRA== X-Gm-Message-State: AOAM532CKDVUoNgomjkq5671hU7FA/6Um2BeajJ1/0WkZruZsZd4f/4v VKQsMxcS83v04E/5ZPq0KAmztB3FOjQ= X-Google-Smtp-Source: ABdhPJxblkVinfK9/GjEu/MeJLy/xcw1zo2TEXIQwGlWkq0fWav4MrbEVMKPE2WnLaQ1sWXSffDb1SKbb/Q= X-Received: by 2002:a63:225d:: with SMTP id t29mr6933840pgm.374.1594949732647; Thu, 16 Jul 2020 18:35:32 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:15 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-5-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 4/7] ext4: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Wire up ext4 with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/ext4/file.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2a01e31a032c..d534f72675d9 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -36,9 +36,11 @@ #include "acl.h" #include "truncate.h" -static bool ext4_dio_supported(struct inode *inode) +static bool ext4_dio_supported(struct kiocb *iocb, struct iov_iter *iter) { - if (IS_ENABLED(CONFIG_FS_ENCRYPTION) && IS_ENCRYPTED(inode)) + struct inode *inode = file_inode(iocb->ki_filp); + + if (!fscrypt_dio_supported(iocb, iter)) return false; if (fsverity_active(inode)) return false; @@ -61,7 +63,7 @@ static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to) inode_lock_shared(inode); } - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, to)) { inode_unlock_shared(inode); /* * Fallback to buffered I/O if the operation being performed on @@ -490,7 +492,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) } /* Fallback to buffered I/O if the inode does not support direct I/O. */ - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, from)) { if (ilock_shared) inode_unlock_shared(inode); else From patchwork Fri Jul 17 01:35:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668677 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7AD05161F for ; Fri, 17 Jul 2020 01:35:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5F38C20838 for ; Fri, 17 Jul 2020 01:35:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="oxCwlxw8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726983AbgGQBfh (ORCPT ); Thu, 16 Jul 2020 21:35:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726401AbgGQBff (ORCPT ); Thu, 16 Jul 2020 21:35:35 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F547C08C5CE for ; Thu, 16 Jul 2020 18:35:35 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id i62so9502556ybc.15 for ; Thu, 16 Jul 2020 18:35:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ORAQciKgJGVxLPMl88O8FRaS7Y2vfgBBYDIN8L834Cw=; b=oxCwlxw8hiOmpc9dDE5VHP0nyw8uhX2w43IaKudLEwrXxdgnP120llEreKyOOyh1yb 1WL8Dz+vf62oDSYhDCJMemrgkfz8WYWqfwvE/k3RuBACwKsg9UN/b/70jtV8Bh5s5ZUl WrqxtcHQKHwvgHTdS5R/09Di9WRfeq7aFwIAp6PB4QWEH0TDZQQYq6ccRf0UpNNMbFFl k4ZGdek4wV3r5+sTAIYfuP/jWrOw9Pbl+P1VkdzDRNqXM7DL0BJSJwO91JPyC0vA5ApC ngAIgB1BKgaFCSFN5dAUqxUK11W1Cw9dSBzo0il3J6r3PmLNgtmOY/hVfrka9zORhpXj ZLCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ORAQciKgJGVxLPMl88O8FRaS7Y2vfgBBYDIN8L834Cw=; b=Crq1aUoS+0Xv1zxpO02Tz7iCD1YcJOx2b3jdHoThE3n5SpbpRg5R7oI0FOkLTMMIdg HFQJ9VV5ECrJy6eGiAKCaArP0Nm+LYryBMYjxMd1SnH3MrKX5XZmZHe8+iLQV7useryW MeG3T5dRKRVBZ6J+u11kAz2zXp0TJqKHUTevaBeioCvqzWB7bDxumCGeiaFogsdmVw+2 asKM7Z8Iq1ipVGi3SbHScoIT2sUmprcyCbehZL5ENqD+B9gG8pYj766PR9HhtmzpRRw3 7pw+7kHNTkxlF4l6FQcpbcMkpkVE5CoDNMOtvKeudK1q7DZ5d6cFUqFESyDmfavskpE0 wpdQ== X-Gm-Message-State: AOAM533kTecRmLd3LoW04fYqpx2PXaGbmCDDqKAlp8UUlYKBeCPioosF 8XKw4JKh0IBgEmczPrHW6xQH7Aj3uos= X-Google-Smtp-Source: ABdhPJwyL6R46WRxWnDIfZEHMgiK0bcZUjuux5QdiBW2epiAYbnHUX5h5wXX6tXlXwwrx+N2jIvS0DNsy54= X-Received: by 2002:a25:e790:: with SMTP id e138mr11127098ybh.114.1594949734407; Thu, 16 Jul 2020 18:35:34 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:16 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-6-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 5/7] f2fs: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Eric Biggers Wire up f2fs with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/f2fs/f2fs.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index b35a50f4953c..978130b5a195 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4082,7 +4082,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int rw = iov_iter_rw(iter); - if (f2fs_post_read_required(inode)) + if (!fscrypt_dio_supported(iocb, iter)) + return true; + if (fsverity_active(inode)) + return true; + if (f2fs_compressed_file(inode)) return true; if (f2fs_is_multi_device(sbi)) return true; From patchwork Fri Jul 17 01:35:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668681 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ECAD1618 for ; Fri, 17 Jul 2020 01:35:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CECF02070E for ; Fri, 17 Jul 2020 01:35:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ScOd4eVd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727026AbgGQBfk (ORCPT ); Thu, 16 Jul 2020 21:35:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726968AbgGQBfg (ORCPT ); Thu, 16 Jul 2020 21:35:36 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A45B2C061755 for ; Thu, 16 Jul 2020 18:35:36 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id k7so6570837pjw.2 for ; Thu, 16 Jul 2020 18:35:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=M2BARCIgcttWxNELPw4zNOFpxD9+a8coXLhy2/p7EJA=; b=ScOd4eVdydlkWQWlLKjntUWKsksUG68MvUJTiQKD/1j4ez9IPtZHneB7t7Ah8qMNyc MHTRFtyHLSVQuzXvDGfcq1tmzfAdCtLSmZIu8QiLrxTH5oPYRpc6Xm8acH/i/frdbEfg qAGhkmd5lTbDuYireEzW2VFzMdyc3o3Ix94XFQPXLGMjKcpyqYukSAR/2bsRkAy9pBhB 04thfYfEh36yMRz9fE7EiL6Rb5v/6cBI7oGtqnFqKH9w4ZHgI7/tLWdLQ9a6EuFnbIRP YWzo3NcnvBJXf0IanbogryzR0zhzkrtHOFHVCRcHUwUgvU/7rQQ2KBsuYyow/vQSkZkO l60g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=M2BARCIgcttWxNELPw4zNOFpxD9+a8coXLhy2/p7EJA=; b=XJkPVBCAgAodwC9OMabV4knbxoVMH6aoMCCyeJo+xQClmAeOeIGfMOJ445i8PQXYhg n1PiQJDHiN4bbCVcGHYyZ8AnyiqKcPQoSi6+le52YWK/7ETwJMXZSlcwyfBn5rRaOUqW ltkkeyvNe1SR6sDquYXDyen7ACBe3VdY2qpEs6nwdwHQ9ElmHfK2O3s8PXdZwnsRO309 NiKLQqTi9x4QhW+rUlAp/fjpYQDwXgz547UCBZEoTlKybk61JdjphHCtg4IVwqCVVsBB YUW+0Jhklk8IK0yr6ly0K8an0Rw6yJsEg2lK6T4bZvInB4WvmmBm53/slKABZfWz47t6 i1mQ== X-Gm-Message-State: AOAM531xrW7tstjzasNAMI3c+qmhFpyDw/PEmaFfKb29Ml1ZqpZMHVs3 0Z7VK7RYzOsRk0odpqmFiQVrTClDAZ4= X-Google-Smtp-Source: ABdhPJwgAFskhvgfu4vtFSTvQKdAqkDng2ZY6RLfUv2eaMhfxGJSBKlELwg44/Lye+vEDWsHb/qZyTbtD8k= X-Received: by 2002:a17:902:7008:: with SMTP id y8mr5639281plk.85.1594949736186; Thu, 16 Jul 2020 18:35:36 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:17 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-7-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 6/7] fscrypt: document inline encryption support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Update the fscrypt documentation file for inline encryption support. Signed-off-by: Satya Tangirala --- Documentation/filesystems/fscrypt.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f5d8b0303ddf..f3d87a1a0a7f 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary buffers regardless of encryption. Other filesystems, such as ext4 and F2FS, have to allocate bounce pages specially for encryption. +Fscrypt is also able to use inline encryption hardware instead of the +kernel crypto API for en/decryption of file contents. When possible, and +if directed to do so (by specifying the 'inlinecrypt' mount option for +an ext4/F2FS filesystem), it adds encryption contexts to bios and +uses blk-crypto to perform the en/decryption instead of making use +of the above read/write path changes. Of course, even if directed to make +use of inline encryption, fscrypt will only be able to do so if either +hardware inline encryption support is available for the selected encryption +algorithm or CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK is selected. If neither +is the case, fscrypt will fall back to using the above mentioned read/write +path changes for en/decryption. + Filename hashing and encoding ----------------------------- @@ -1250,7 +1262,9 @@ Tests To test fscrypt, use xfstests, which is Linux's de facto standard filesystem test suite. First, run all the tests in the "encrypt" -group on the relevant filesystem(s). For example, to test ext4 and +group on the relevant filesystem(s). One can also run the tests +with the 'inlinecrypt' mount option to test the implementation for +inline encryption support. For example, to test ext4 and f2fs encryption using `kvm-xfstests `_:: From patchwork Fri Jul 17 01:35:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668689 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D2C25618 for ; Fri, 17 Jul 2020 01:35:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B9B2A20691 for ; Fri, 17 Jul 2020 01:35:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tlDHCdVZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727029AbgGQBfm (ORCPT ); Thu, 16 Jul 2020 21:35:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726401AbgGQBfi (ORCPT ); Thu, 16 Jul 2020 21:35:38 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72318C08C5DB for ; Thu, 16 Jul 2020 18:35:38 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id n32so6783761pgb.22 for ; Thu, 16 Jul 2020 18:35:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=zr1haxdG39xCeCSCxAtAF/uCJ0PriAfrFWPYdcjKJpg=; b=tlDHCdVZLG0m6L9levsiz5n7YIyjIML7yueebl4I+pd4oD2GbC2//CVbku08QwfyVK Io6VHBtaFJ92KS1ZOJeZ+gL4I3EE9eCj84H9hWFhQZqN8fQQ85l7TS5gW7erlfNnkmzA h57MTGXvkvtREa2Qo1rEyo9lXW31xuTk1ugMXZ6T1CiepMhKbsP1mrjdiKiW3/Rvmu6c SZPzhAwx7+ulPeallP3vNIjd8m2ACUMFu9PQZzGNoethIWi21ML/Bzl/g8EenyLMa7F8 oq0OBvD9rkYG9V07cK0ln918JiY2QNGYAxh/nFT9nNV7Px5YVBoGsAhCgLPzOODa5J1Q a24Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=zr1haxdG39xCeCSCxAtAF/uCJ0PriAfrFWPYdcjKJpg=; b=VHFY2EqnIzybCiPwhPthLlqBrtaohQ42BrCcYpfA58Quf9Qa2OvTYgS2szUaXFI4JI 2/9vezlPXXcGTHHDuW3WSR7PwnaJ1+geq4xQK6rat0gBEbFDo5s/q8BsPu/enDM8Kpju j8CpIg2gAa+7hGgrXBhx/ypQvxkzVsqqW2c3qyVHdFPTRM4J5rYehQGRurXHlLgM6nOL 80uWOKiIbKyJbLUboWMY96QgBr90s/ujWxPGzZ9T110Y1IqFGXE/fJZvfCdsQpqeyUA+ pOFsVt8UjrlYfUowPTwhsuxzr8iKhttQ1CHGOuvCGtHWRKKX60VO4q6AZX2v3jKgUqCJ m44w== X-Gm-Message-State: AOAM532sXmw91g9YcPGem6j/gUhpgF3XAcPdl1ATjk45LqJCq21sVFU9 leWrpFVzcPeHmKVS6iZCylNHoNdYM4Y= X-Google-Smtp-Source: ABdhPJzDMFCY+G8Oa8F4K0HKeSD+Xc66nsFn69r8yuQKIuJ5CCaPUQ42wZhUaa7Xlm1W8gsHMjhI0okL6Kg= X-Received: by 2002:a17:902:b706:: with SMTP id d6mr5918685pls.266.1594949737873; Thu, 16 Jul 2020 18:35:37 -0700 (PDT) Date: Fri, 17 Jul 2020 01:35:18 +0000 In-Reply-To: <20200717013518.59219-1-satyat@google.com> Message-Id: <20200717013518.59219-8-satyat@google.com> Mime-Version: 1.0 References: <20200717013518.59219-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v2 7/7] fscrypt: update documentation for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Update fscrypt documentation to reflect the addition of direct I/O support and document the necessary conditions for direct I/O on encrypted files. Signed-off-by: Satya Tangirala --- Documentation/filesystems/fscrypt.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f3d87a1a0a7f..95c76a5f0567 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1049,8 +1049,10 @@ astute users may notice some differences in behavior: may be used to overwrite the source files but isn't guaranteed to be effective on all filesystems and storage devices. -- Direct I/O is not supported on encrypted files. Attempts to use - direct I/O on such files will fall back to buffered I/O. +- Direct I/O is supported on encrypted files only under some circumstances + (see `Direct I/O support`_ for details). When these circumstances are not + met, attempts to use direct I/O on such files will fall back to buffered + I/O. - The fallocate operations FALLOC_FL_COLLAPSE_RANGE and FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will @@ -1257,6 +1259,20 @@ without the key is subject to change in the future. It is only meant as a way to temporarily present valid filenames so that commands like ``rm -r`` work as expected on encrypted directories. +Direct I/O support +------------------ + +Direct I/O on encrypted files is supported through blk-crypto. In +particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION +enabled, the filesystem must have had the 'inlinecrypt' mount option +specified, and either hardware inline encryption must be present, or +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further, +any I/O must be aligned to the filesystem block size (*not* necessarily +the same as the block device's block size) - in particular, any userspace +buffer into which data is read/written from must also be aligned to the +filesystem block size. If any of these conditions isn't met, attempts to do +direct I/O on an encrypted file will fall back to buffered I/O. + Tests =====