From patchwork Fri Jul 24 12:11:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683145 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ABA9813B4 for ; Fri, 24 Jul 2020 12:12:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8E7A52073E for ; Fri, 24 Jul 2020 12:12:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="N35TMO4O" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726890AbgGXMMf (ORCPT ); Fri, 24 Jul 2020 08:12:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726591AbgGXMLx (ORCPT ); Fri, 24 Jul 2020 08:11:53 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70212C0698C4 for ; Fri, 24 Jul 2020 05:11:51 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id c2so5342493plr.5 for ; Fri, 24 Jul 2020 05:11:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=4xTRuI3ukKx1mDSkufTvw87vWQHQ0dgTXmHXj781XZU=; b=N35TMO4OE5kGfZVI5qQnSlReA8YO6TKhSrFFQsy+zHisRguZKA0D647ajrnQunN/zO 2wQDoZqvZtkAk+XWhTyyxFng93mQolkeCib9MBocXXlXVMNLQhIAZHu0l11caFNvSt2B psJrEvBzsqSgCzpY64vuuaSg75wCN2glWHgTvDD3SLLN1K59mikEFaQo3NGJlA+0Sg5m cWMgANsw/QjmbXvUa7ebKP5ohSO/0RS/2ws/RHvtEulePdWZh+ts8WxG0gKy4SKqH9qO K4sPjKDxrOUYA+Gy9/CMT9GjbRYxQYjTPHv7kEHk9LJxiZrERYpeP4cH2m+zjt4GN4iK eDOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=4xTRuI3ukKx1mDSkufTvw87vWQHQ0dgTXmHXj781XZU=; b=mnmfZW5CNKq6zhnQ0QJP4rlD1Bohfd/Tvl1hxgGrpxUHOGRU7EAa08CANv1MnL/hRI xqjnYqbmpGAfkPi1E/dSkoklInpVdhsiE1xMTdJnrIo8/1y8ntfAyzwVPtPG+5OrNWlT SCUnTs6z4nd+YqiBlqdTXEDkuwpyo81wg4+iswvBB9lLuuuAyRozImL7DZJktBF/5wtO 4fZM5R8SDBO9mhJaAgqZIChjuhP87YeEoKyCuSaORhLAl4XfVzMj13SW8AR/6z1ssGmF rLGbxeGOw1I9oc21pHE3ukmo9Ces/u3KojqELw/ngH5sjprCFcRML4s1zK3rfm5MPj9P 2WxA== X-Gm-Message-State: AOAM530pV0cnhO92+QxvRe63x+aHpMjqLzHvOv4M/NSbRPncIYdYCYa4 b7Qc2tLZYpQcVZrKZKkW/HCWbmdXk0RpzjouuT4ZHL4aPsXBTdajvY43Mz0HJLqek+aMVa1IoAq Ocf65OkkeeUCBZJ+xjPqnoHRsnU7mCSorqgC7yOucGqN3VhGmuvkeNdWrYeg4zq5SIbknp3w= X-Google-Smtp-Source: ABdhPJzQmAzL231qx4WpEAUhCmv3dBYfdDZAE2MV5FlcIdPxHxVXBkGNvZkUdE0gc+2cgccNhZoSHps7xrw= X-Received: by 2002:aa7:9303:: with SMTP id 3mr8570871pfj.108.1595592710801; Fri, 24 Jul 2020 05:11:50 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:37 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-2-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 1/7] fscrypt: Add functions for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Introduce fscrypt_dio_supported() to check whether a direct I/O request is unsupported due to encryption constraints. Also introduce fscrypt_limit_io_blocks() to limit how many blocks can be added to a bio being prepared for direct I/O. This is needed for filesystems that use the iomap direct I/O implementation to avoid DUN wraparound in the middle of a bio (which is possible with the IV_INO_LBLK_32 IV generation method). Elsewhere fscrypt_mergeable_bio() is used for this, but iomap operates on logical ranges directly, so filesystems using iomap won't have a chance to call fscrypt_mergeable_bio() on every block added to a bio. So we need this function which limits a logical range in one go. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Reviewed-by: Jaegeuk Kim --- fs/crypto/crypto.c | 8 +++++ fs/crypto/inline_crypt.c | 75 ++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 19 ++++++++++ 3 files changed, 102 insertions(+) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index a52cf32733ab..d2e933eb98dd 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page) } EXPORT_SYMBOL(fscrypt_free_bounce_page); +/* + * Generate the IV for the given logical block number within the given file. + * For filenames encryption, lblk_num == 0. + * + * Keep this in sync with fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() + * needs to know about any IV generation methods where the low bits of IV don't + * simply contain the lblk_num (e.g., IV_INO_LBLK_32). + */ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index d7aecadf33c1..2cac0da0bd04 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fscrypt_private.h" @@ -362,3 +363,77 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio, return fscrypt_mergeable_bio(bio, inode, next_lblk); } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh); + +/** + * fscrypt_dio_supported() - check whether a direct I/O request is unsupported + * due to encryption constraints + * @iocb: the file and position the I/O is targeting + * @iter: the I/O data segment(s) + * + * Return: true if direct I/O is supported + */ +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + const unsigned int blocksize = i_blocksize(inode); + + /* If the file is unencrypted, no veto from us. */ + if (!fscrypt_needs_contents_encryption(inode)) + return true; + + /* We only support direct I/O with inline crypto, not fs-layer crypto */ + if (!fscrypt_inode_uses_inline_crypto(inode)) + return false; + + /* + * Since the granularity of encryption is filesystem blocks, the I/O + * must be block aligned -- not just disk sector aligned. + */ + if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(fscrypt_dio_supported); + +/** + * fscrypt_limit_io_blocks() - limit I/O blocks to avoid discontiguous DUNs + * @inode: the file on which I/O is being done + * @pos: the file position (in bytes) at which the I/O is being done + * @nr_blocks: the number of blocks we want to submit starting at @pos + * + * Determine the limit to the number of blocks that can be submitted in the bio + * targeting @pos without causing a data unit number (DUN) discontinuity. + * + * This is normally just @nr_blocks, as normally the DUNs just increment along + * with the logical blocks. (Or the file is not encrypted.) + * + * In rare cases, fscrypt can be using an IV generation method that allows the + * DUN to wrap around within logically continuous blocks, and that wraparound + * will occur. If this happens, a value less than @nr_blocks will be returned + * so that the wraparound doesn't occur in the middle of the bio. + * + * Return: the actual number of blocks that can be submitted + */ +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks) +{ + const struct fscrypt_info *ci = inode->i_crypt_info; + u32 dun; + + if (!fscrypt_inode_uses_inline_crypto(inode)) + return nr_blocks; + + if (nr_blocks <= 1) + return nr_blocks; + + if (!(fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) + return nr_blocks; + + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + + dun = ci->ci_hashed_ino + (pos >> inode->i_blkbits); + + return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); +} diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index bb257411365f..241266cba21f 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -559,6 +559,11 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); + +int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks); + #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) @@ -587,6 +592,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, { return true; } + +static inline bool fscrypt_dio_supported(struct kiocb *iocb, + struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + + return !fscrypt_needs_contents_encryption(inode); +} + +static inline int fscrypt_limit_io_blocks(const struct inode *inode, loff_t pos, + unsigned int nr_blocks) +{ + return nr_blocks; +} #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ /** From patchwork Fri Jul 24 12:11:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683147 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A91A31392 for ; Fri, 24 Jul 2020 12:12:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8F5852065E for ; Fri, 24 Jul 2020 12:12:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="na82ZxXR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726759AbgGXMMe (ORCPT ); Fri, 24 Jul 2020 08:12:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726689AbgGXMLx (ORCPT ); Fri, 24 Jul 2020 08:11:53 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47F36C08C5C1 for ; Fri, 24 Jul 2020 05:11:53 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id e127so6210311pgc.2 for ; Fri, 24 Jul 2020 05:11:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=VSwfu85pneIFmS24X/ynlOi1yjIof1V3mRCitL8rAYY=; b=na82ZxXRU6iClGLM8WY9JUbwRK5YUa3sTtXEJAwHrO98aL18NfbYyftkYmWDIOxxyy T7SrhCfspxsNEqAec7X7g0yjtog3uy198m3utKXpdn7FbCKK0qBZG8GBlG8OCgy3XFE/ 5XCvWfE+NTp0lUxEsObWjCs2V/DckxSrQrrU8oa1zrQKItVDbp62lcQYDpavVyrZMPM7 ByWbVURq2ZA4ucRoJ/VmZy6LBkfXKaamgP2vD8nyqzCK9MrVVcSIbVcZArUge1ZYouNV 4f7KLUEJmaR9jMsaPGAXBzn6Du2kuxt5zMM82QtJX1ciG3D+Sl3PlDIEWmgq3XUx74Xj KrUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=VSwfu85pneIFmS24X/ynlOi1yjIof1V3mRCitL8rAYY=; b=F+eqJFVZ6D+fT/W3iBBGTbceFZMCfePHbKiM9KtAskGnn6UHa3cXGREILT2uxiSO/O J8ak4m66tnyphrBo9FKdfl/1oyYuobjicZ15oOSWyuhoiTK50kmey+JFRYsV1UPLBfB5 abT+ejz/2083WPSMDZsMk/NQuVP+Zw3tlwm8stWN127dhgans6DVdyHNY4BKRhXpbsoZ 5r9++maLx6Lub7TD+l372oRHvZRj53cMnfKsEcjNm5i6trpCBJHCANOXN1sdrC4Ud9H5 qx+OztPZKV++CYxnkMfmYJE7e7LfJcgnXnjURyXnR8SpQ16Po/F0dSny21Mr2LBWyezV Jqkw== X-Gm-Message-State: AOAM532j7xag+NoheF8kArw19kBE568PNLhJISqO90prB4PAkN+Ar+Wm p0J/wIYWF2pVjZR0MJC+8Z5+9T1ZXzOd2BOt666gFYKp06oeWnmmSzWu0IvJ60vhyIu7O/tIQf+ BcKQzdSCVmeu9bNyS5mq0x5fCNnH1Dl21+VpJj2k8Wf1xIhqNWA0MS38vbJeRFj8BckZ/Lck= X-Google-Smtp-Source: ABdhPJyXvc5X+E5fgB1RgalJIQFlddeppaa/6YZOev6UFYpfCi49Ptm7h7gpD9+XTeJEMJcFHxhtOWgZXzk= X-Received: by 2002:a63:e114:: with SMTP id z20mr7242047pgh.300.1595592712586; Fri, 24 Jul 2020 05:11:52 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:38 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-3-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 2/7] direct-io: add support for fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required, and explicitly check for DUN continuity when adding pages to the bio. (While DUN continuity is usually implied by logical block contiguity, this is not the case when using certain fscrypt IV generation methods like IV_INO_LBLK_32). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Reviewed-by: Jaegeuk Kim --- fs/direct-io.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index 6d5370eac2a8..f27f7e3780ee 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -411,6 +412,7 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, sector_t first_sector, int nr_vecs) { struct bio *bio; + struct inode *inode = dio->inode; /* * bio_alloc() is guaranteed to return a bio when allowed to sleep and @@ -418,6 +420,9 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, */ bio = bio_alloc(GFP_KERNEL, nr_vecs); + fscrypt_set_bio_crypt_ctx(bio, inode, + sdio->cur_page_fs_offset >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, bdev); bio->bi_iter.bi_sector = first_sector; bio_set_op_attrs(bio, dio->op, dio->op_flags); @@ -782,9 +787,17 @@ static inline int dio_send_cur_page(struct dio *dio, struct dio_submit *sdio, * current logical offset in the file does not equal what would * be the next logical offset in the bio, submit the bio we * have. + * + * When fscrypt inline encryption is used, data unit number + * (DUN) contiguity is also required. Normally that's implied + * by logical contiguity. However, certain IV generation + * methods (e.g. IV_INO_LBLK_32) don't guarantee it. So, we + * must explicitly check fscrypt_mergeable_bio() too. */ if (sdio->final_block_in_bio != sdio->cur_page_block || - cur_offset != bio_next_offset) + cur_offset != bio_next_offset || + !fscrypt_mergeable_bio(sdio->bio, dio->inode, + cur_offset >> dio->inode->i_blkbits)) dio_bio_submit(dio, sdio); } From patchwork Fri Jul 24 12:11:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683133 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 59C621392 for ; Fri, 24 Jul 2020 12:12:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 405112065E for ; Fri, 24 Jul 2020 12:12:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KoB83sJ7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727096AbgGXMMY (ORCPT ); Fri, 24 Jul 2020 08:12:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726792AbgGXML5 (ORCPT ); Fri, 24 Jul 2020 08:11:57 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01990C08C5CE for ; Fri, 24 Jul 2020 05:11:55 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id w2so6145753pfn.0 for ; Fri, 24 Jul 2020 05:11:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=cZRHJd9vm6wSJv/XnptuJQLr+rxaeXJfolkFtRJQLFQ=; b=KoB83sJ7CUVdLVzAAXXB1d5HIww3b9w4WXANf6RJDhlArPSiHhTK/PK8WuhB2tEWdE kCcFKQn/yySmnkf4jT6de1v2OPxpX9sjJn+U5/tromL2TKBfU60c+bjV00XwXIrTLEu4 8vI0PugTGuvm/QxFdiB0sqTcNW/MonZSsudP+hxmFGx4UuhVFhTp54Uxrhu5H9iG4l9R KkcujV6MJnRby0uWob+6hiQIuEJret9I5UCLvXr8+0CAJYPwHv6lDGhKsfT9uWS8Cli0 18olVrcMqQGc8/lazYnAKA5yuqsfJKFeFrR+BYovE5b8eq9DSEwSvqm/zrJXl71JukyE b5yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=cZRHJd9vm6wSJv/XnptuJQLr+rxaeXJfolkFtRJQLFQ=; b=JaNMoDw5EORIIi/IQxOFjiXI3pcsP7yHJTq9OKvN1pP1xX764w9byksnSxlB+Y+XK4 ODxi2lcqSuf4EqjutVvNt9HvrIM6FUYj9vq6QSv25NC+BgshHSf0fn/Q/ekbGwx8hZ3h gI8YhTVCWQFKfytDA2bMWwoymfydfeVyUyaXLUbiyH9nkkete3fPcSt7PEfici4XvS3x ScryugDjLm2xR2XwqIziO2LF8RQqUFxxuErfWbmCgAscHvGSNzOpRH+gRq4Fnpb2wEL5 ByUxMaGE/qjI178z9sgqvQGdmLlJdlp3eXDzDoROOaoMYuvqSUAYMzWx7F6P/OTWsUvz dkTA== X-Gm-Message-State: AOAM530Se9Kx5mgF+AXAX9TT7eHluWm4nnm4DIu+UXG6+jTZQS6RkSlz gW4OBGI27/67oCqBI/1sgm6I1tXZjZewFcT3oVFdj5xdqZiz/jMe/PpLfCYdVe+b3UqOH153T5I VYxCWEwmPaitAJEXHo0fr9UGDIYLH7wM7pQyjl6T+ei577c+QH2+OHcxOwXpjwn4Qbwpg6gY= X-Google-Smtp-Source: ABdhPJzqW0b3TqyL5cn0deoeV5HaYLyzoiAc0kf0C/GsHjnYYMOhspEGJ3mRFCHxl3UhNASvV8FA7vQBd2k= X-Received: by 2002:a17:90b:f05:: with SMTP id br5mr5218030pjb.42.1595592714411; Fri, 24 Jul 2020 05:11:54 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:39 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-4-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 3/7] iomap: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required. No DUN contiguity checks are done - callers are expected to set up the iomap correctly to ensure that each bio submitted by iomap will not have blocks with incontiguous DUNs by calling fscrypt_limit_io_blocks() appropriately. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/iomap/direct-io.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index ec7b78e6feca..a8785bffdc7c 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -183,11 +184,14 @@ static void iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos, unsigned len) { + struct inode *inode = file_inode(dio->iocb->ki_filp); struct page *page = ZERO_PAGE(0); int flags = REQ_SYNC | REQ_IDLE; struct bio *bio; bio = bio_alloc(GFP_KERNEL, 1); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_private = dio; @@ -270,6 +274,8 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, } bio = bio_alloc(GFP_KERNEL, nr_pages); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_write_hint = dio->iocb->ki_hint; From patchwork Fri Jul 24 12:11:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683139 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EE8BE138A for ; Fri, 24 Jul 2020 12:12:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D48342073E for ; Fri, 24 Jul 2020 12:12:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CIOYCqTm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726696AbgGXMMW (ORCPT ); Fri, 24 Jul 2020 08:12:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726895AbgGXML7 (ORCPT ); Fri, 24 Jul 2020 08:11:59 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33002C08C5DC for ; Fri, 24 Jul 2020 05:11:57 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id p22so10199007ybg.21 for ; Fri, 24 Jul 2020 05:11:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=r8Pg6JmNaFN8fVBskJ954zlZvlkSSoV1f+xmIU4eJ8Y=; b=CIOYCqTme+TnWuKD+xZRysHr8oJo78rie88iaMhNzTS0t45MoVE4RsI/vEVkYotMFZ JtjeVNk6dL7xq1AR4PQA6w+exLdpvxRctrNJ2l6hVGYJMGeMH8HU4Izlxs39K4/L9Csg iaeQxhWNQr4udHFUBEXYDh0it42hv4TuuYRMH3NvOqxfOT5YQZZhuwdUvMZocLeHtm1+ wWhBEQsXnDrUzdith9nAVMQtoO0aXYKyWzoqdOJxpf17R/DHVuV6ojo2ym2rZkevTwWN dbBmJIWEZR4a7YLOBF2DNCau1fKoD6S7dcgLT2jQsSAOFbzYgqxPmojFzvDL5GEfdwZp Xzbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=r8Pg6JmNaFN8fVBskJ954zlZvlkSSoV1f+xmIU4eJ8Y=; b=SpPfyqs9fwUC3PwLWeAZ1+zH3lo2OKYGBg39SeTGkrUE/IJggCrZELE1tlmDeeF+ZD gkrp8cKK5lJMOMs2NOmR1wGGIJgdQfwZqwYePgEUFpfzkN2aRNSVr96CbV2XqTqmqIDF Z/7SpAad6xTKl/W1rXLqZ9lsr2ycyEz+veMhI6BPAvQ76NHVe1ApwT3vKfIm+N95iIDE 9P7gKE1J7dIuZ3zDGBhZcJ9kcrjT102yREB+CQhj7TUZ4sqg5z3552vEssVMv9E5Fnxl zrJDVBBemE/EYcPVLdOxa/Czhcp0tHyY4oDhRumzuBNcRrjDMq4kvmsKJE4opWbdBLBA fCTQ== X-Gm-Message-State: AOAM530Z7U24EYF1EVXMn6LqO11l6nEY7tNZCBhCDAVHM2apY3r47T2s HK9KLvjizP+Z/ep1MYBPf4HVVSENUPxiBcol3uQzfifzhlvY7dTE6rAcCsuCXYPh+stqb4cOsM8 utnOthHFVBJEF3hJFmjVbZ8dWUr319JL07YSnwVKrDozLJFWC3Y/G5XmkvWw1ofvioy/mJSI= X-Google-Smtp-Source: ABdhPJx/KO6QnXMM0Pc1pM0nRqEcHHdAJJmtmE+sSNw66/LnMCl7LqpQ2/7JJlu071k/LdTupwpYQ4l/YFY= X-Received: by 2002:a5b:74a:: with SMTP id s10mr15292910ybq.101.1595592716305; Fri, 24 Jul 2020 05:11:56 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:40 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-5-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 4/7] ext4: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up ext4 with fscrypt direct I/O support. Direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). fscrypt_limit_io_blocks() is called before setting up the iomap to ensure that the blocks of each bio that iomap will submit will have contiguous DUNs. Note that fscrypt_limit_io_blocks() is normally a no-op, as normally the DUNs simply increment along with the logical blocks. But it's needed to handle an edge case in one of the fscrypt IV generation methods. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Reviewed-by: Jaegeuk Kim --- fs/ext4/file.c | 10 ++++++---- fs/ext4/inode.c | 7 +++++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2a01e31a032c..d534f72675d9 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -36,9 +36,11 @@ #include "acl.h" #include "truncate.h" -static bool ext4_dio_supported(struct inode *inode) +static bool ext4_dio_supported(struct kiocb *iocb, struct iov_iter *iter) { - if (IS_ENABLED(CONFIG_FS_ENCRYPTION) && IS_ENCRYPTED(inode)) + struct inode *inode = file_inode(iocb->ki_filp); + + if (!fscrypt_dio_supported(iocb, iter)) return false; if (fsverity_active(inode)) return false; @@ -61,7 +63,7 @@ static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to) inode_lock_shared(inode); } - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, to)) { inode_unlock_shared(inode); /* * Fallback to buffered I/O if the operation being performed on @@ -490,7 +492,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) } /* Fallback to buffered I/O if the inode does not support direct I/O. */ - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, from)) { if (ilock_shared) inode_unlock_shared(inode); else diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 44bad4bb8831..6725116ea348 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3445,6 +3445,13 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, if (ret < 0) return ret; + /* + * When inline encryption is enabled, sometimes I/O to an encrypted file + * has to be broken up to guarantee DUN contiguity. Handle this by + * limiting the length of the mapping returned. + */ + map.m_len = fscrypt_limit_io_blocks(inode, map.m_lblk, map.m_len); + ext4_set_iomap(inode, iomap, &map, offset, length); return 0; From patchwork Fri Jul 24 12:11:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683113 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8BF9F1392 for ; Fri, 24 Jul 2020 12:12:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7372E2073E for ; Fri, 24 Jul 2020 12:12:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="slmTUkhi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726975AbgGXMMK (ORCPT ); Fri, 24 Jul 2020 08:12:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726971AbgGXMMB (ORCPT ); Fri, 24 Jul 2020 08:12:01 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1987C08C5E0 for ; Fri, 24 Jul 2020 05:11:58 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id a185so8121892ybg.8 for ; Fri, 24 Jul 2020 05:11:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=oZN8SnIpsU7aOjS5+8MoI/0a82Ym0e3d0O/7K4J6ac4=; b=slmTUkhiIwbSQEjfkgmbeV4KCF4u08msiGK6SabnKAiv3CvAYVrGboynyzzbTajxKw dZH2xvPQR8jXzK/qntUI9lKlDPtetaRmLCjNT5omgxxhrMizgoRnSC0roIaFgwopHXTv IXhLjv+xSOfUUk6gqkYmieytlR1L9nV3xvpbFcQbtEdY9WsWZGStH0uxtSTg0ybo+Yxm vNqm/3J1IWd3IHGexMF628lSrVQrvqvd4tFPYBV1UKFjQMZxtGxh9xzY6EDBXANOm8ma khmwfHYWnDUYIZDYcO3J3ycu2JUI8GPQwMez8LsY1EOnHkqtMh2j3Mt5z7kSMvf3UCRW rFgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=oZN8SnIpsU7aOjS5+8MoI/0a82Ym0e3d0O/7K4J6ac4=; b=Z24W4kkHKYvTZeR9OohJRnDCICx0k262KtraBumACUd9EyjO1foKpqLwO8FwUdtrl5 6xDbibHGNsuU5DARtWWNMZGlP7q2rMlCmMsP297lEI0Bgn9Gz06HlxjPSfKkaka544JJ K5V8b5vgSG9JZuW9WVTU6eBlTq3xpjP3IdBQi5Ntu2U8wdGcl++V53DIiA0h2kYU8db6 B5UuSymfAtjI6sUVJP3SibEwUlAAkr5F9M0sB99LEOQH90KYtnTn87MFyK5ICKaeyQdA sGxX3SdYAHrnUQeSmhMFMHQuil4eDvyWRcZdNOCEhpKJdIfA2yQO3lWai2hjfeFLexwc Jozg== X-Gm-Message-State: AOAM532KO5ub5qc5PDwfaGrQCKgoiQQCJSPXwmsBFbTNPN/02vtvQqKI dUorwJzrVDqXtrcOwoy2aspx14OAGbkXHf+Ty8tlBqgEzAV5A8RCDch2QlQphLWirzsUs7RuXaw GQkAtxDjoGQzdJcsdPmTprc+dVWaofzqiTqZ4w196vUbQb7zhS0zkc3cMNL0eAg0OO0tOiRk= X-Google-Smtp-Source: ABdhPJyouJ1E2gRcgMN/M3G2tNtXRlKvJhp7ZjedMaUfi7bBr8eQzy4Glr/QlcgRyBhW5mboqWuW4qtyaT8= X-Received: by 2002:a25:bb07:: with SMTP id z7mr13476612ybg.343.1595592718109; Fri, 24 Jul 2020 05:11:58 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:41 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-6-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 5/7] f2fs: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up f2fs with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Acked-by: Jaegeuk Kim --- fs/f2fs/f2fs.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index b35a50f4953c..978130b5a195 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4082,7 +4082,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int rw = iov_iter_rw(iter); - if (f2fs_post_read_required(inode)) + if (!fscrypt_dio_supported(iocb, iter)) + return true; + if (fsverity_active(inode)) + return true; + if (f2fs_compressed_file(inode)) return true; if (f2fs_is_multi_device(sbi)) return true; From patchwork Fri Jul 24 12:11:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683123 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 095531392 for ; Fri, 24 Jul 2020 12:12:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E3EB92065E for ; Fri, 24 Jul 2020 12:12:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kiMq1ZWt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726280AbgGXMMN (ORCPT ); Fri, 24 Jul 2020 08:12:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726258AbgGXMMC (ORCPT ); Fri, 24 Jul 2020 08:12:02 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6653BC08C5E2 for ; Fri, 24 Jul 2020 05:12:00 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id x23so5303133plr.17 for ; Fri, 24 Jul 2020 05:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=U1mjdiTf1REytCgM0qXLRwHi12+4iLhjMHz6o0dObf4=; b=kiMq1ZWtQnJd4reX4VWrcLsQOtCggJ6Lx8/zqeNQSzQ7hT54ehmC/vMQjFsmcj5Bzl vfX6LCyxcL40ZX02qaEmRhcqWquQZcpcm14ND8JtsyogdqAL+HsczyPTJ/86YKvMEITC a+14IVbSsKlMoJEklV7JAH9lru+zgeEFcHQouasVGEZpC36HAZ0A8fXzWaPHdHwwh531 3sgi8AC8myUTqxXOiGCGooXwGHlrL4xx7SKojIoIGoqgllfhRf7ZT072nwliYBJnNjsH kgVdv5uGrSMRIfdEbgA6jSqsd00RikhGl/OBLE9V+8itOqdO7bSHm0kJnSbdv6a48pA2 Wz1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=U1mjdiTf1REytCgM0qXLRwHi12+4iLhjMHz6o0dObf4=; b=L68+A6maIjSxxwyGIV5friniUDKa4+rKAo8Z/RT5aKYYQUlFNkFgU9ZMNk/5aXLaBm DBIrpo9RzaEGZFSPiQ8JoP+X3O5XmL9Rxl3Gno5Sbtf5C7OkBJdT3ZxqJGuqAY3jaEdN 8SC7ISmwiYUrVCBTxaI1DWanoD7ooOQoODEnXEzNAZeY8dBuso0AL0dndzO9qlyTirUm Qs/fhXcji0sDBnZaBjcQx4VwPpd0CRSGUzWqgyIKokEMGs4wkdwASuZua2Aux1KbaE60 YyltfH9eNF14binLYHLENHicYhcJ/tN+9hnOTlwwaCUN9WkLhhaeTl0/myYOD4vCK2lB CcCA== X-Gm-Message-State: AOAM530VQ3xmzSo4dsruTORhyB0brKYuP3mVqjCzmQKLwrtiwT/QJoyo Qe+dao7DQT3QmaSegEdZCf6AdKcKQoGG6PjM+7VaY2wtqW6nAu8P43hIkoQGI2cVCP2RYJVy/qF wzEWDf9EKh+9Yu0nEUxL70vyzwASXcki3b0rJX5AJXB3+jKFdfmNOKyd4DXLmxBQcdbwb3Xo= X-Google-Smtp-Source: ABdhPJxJfhv4J/Z8dONpLYUW4MpGcI1VRHtlxbqb93pVNIkZdbpJQqFPedb6S47261MqborqJwQs/SHfE9o= X-Received: by 2002:a17:902:c389:: with SMTP id g9mr7645772plg.317.1595592719727; Fri, 24 Jul 2020 05:11:59 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:42 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-7-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 6/7] fscrypt: document inline encryption support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala , Eric Biggers , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update the fscrypt documentation file for inline encryption support. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers Reviewed-by: Jaegeuk Kim --- Documentation/filesystems/fscrypt.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f5d8b0303ddf..ec81598477fc 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary buffers regardless of encryption. Other filesystems, such as ext4 and F2FS, have to allocate bounce pages specially for encryption. +Fscrypt is also able to use inline encryption hardware instead of the +kernel crypto API for en/decryption of file contents. When possible, +and if directed to do so (by specifying the 'inlinecrypt' mount option +for an ext4/F2FS filesystem), it adds encryption contexts to bios and +uses blk-crypto to perform the en/decryption instead of making use of +the above read/write path changes. Of course, even if directed to +make use of inline encryption, fscrypt will only be able to do so if +either hardware inline encryption support is available for the +selected encryption algorithm or CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK +is selected. If neither is the case, fscrypt will fall back to using +the above mentioned read/write path changes for en/decryption. + Filename hashing and encoding ----------------------------- @@ -1250,7 +1262,9 @@ Tests To test fscrypt, use xfstests, which is Linux's de facto standard filesystem test suite. First, run all the tests in the "encrypt" -group on the relevant filesystem(s). For example, to test ext4 and +group on the relevant filesystem(s). One can also run the tests +with the 'inlinecrypt' mount option to test the implementation for +inline encryption support. For example, to test ext4 and f2fs encryption using `kvm-xfstests `_:: From patchwork Fri Jul 24 12:11:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11683129 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79B7E13B4 for ; Fri, 24 Jul 2020 12:12:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5FBA42073E for ; Fri, 24 Jul 2020 12:12:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uinx4umN" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727014AbgGXMMN (ORCPT ); Fri, 24 Jul 2020 08:12:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727115AbgGXMME (ORCPT ); Fri, 24 Jul 2020 08:12:04 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E2DAC0619E4 for ; Fri, 24 Jul 2020 05:12:02 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id d202so10143439ybh.12 for ; Fri, 24 Jul 2020 05:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=j09FJFOs7ox27oQ/jw0Hg/h+WWOfzzYjATzxUrwtjag=; b=uinx4umNBzjZNhDldRFu/4q/KRDj/aDyTI/UPTsQCLp9QNIT/Pkx3JVsXg/gNYy18X 8fzYbL2l+0BjejTs82TRocYlvCmHfn64VAHgBtAoxl223aUkRG3nBLgaaC3G9xOT+Ee1 rnavYw4RFQWWpr4kEAgcyApl0DBMmQqQ425gWWhdRZjgy/8fQlCPdngERjFBN7JGM4dr U8tyJmjfakSMtKlyzL3/ej5FMsNjZGA0nrRghc67idy4m8GhAjIfh7Nj6B8JlxuCnCUI kVLkYfz/3ijWwgCZz1ul3FHiFmKsgTc48xkeKY1rm28DffqkcvD9qA1RRrydNx89Ft+E K0ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=j09FJFOs7ox27oQ/jw0Hg/h+WWOfzzYjATzxUrwtjag=; b=uERieHeDvcd82pyfTYB9Lg49ejgN81Dt2mJh4GXoiBzZGDeImyRoZiBQnScfXBL1hO +7lsvsp39OsgqmiiRZD6dFiWgywOEgsJBbn0al1Pqid+vLsWnMp2bDifb+fOSaygCkJB zVhGFZk5VaC5br5JiBxfYScbtXGNdMikewVGHcWsTNLFsOGkzXESUBj+GGj6wsCe7NlX vGqX7MuYQIJU3V+ASGejY+NG4GXssM60Ax/YyDpgo2Db8lBWNOnsZslDX9smLwMVmi+T fYGNIwPlgRT7JR32S+YeREpnMtul43fP6KSefKFe2RDcfq7SYUOjnB4OtzPeY8XGpGM3 Ghow== X-Gm-Message-State: AOAM530gc3BYirQv2gHGFV9/oXdrYg4CQoTad23JKuryo0SI0vCqPm17 wVWo+g+aigbQDK+jC7F1omrC3ieg5YGKvEjBiAZLTb5ptzpuPUUK7P9z2rRNs+wAwTxXWgaUp+q +8FVSCrpx1fXz5WEVOTitaCCjEeSicmcTXXXxSbTjbYzNvZ3+T7mzP4szenrrsXnonyCDuRg= X-Google-Smtp-Source: ABdhPJx/kR9OGGrb08Cms1pOt8vKHYWUtxe5tDqnionkhbA71lMBxyPqAWtadG1S0CUcqUHbUujo0btmzCE= X-Received: by 2002:a25:385:: with SMTP id 127mr14857247ybd.141.1595592721412; Fri, 24 Jul 2020 05:12:01 -0700 (PDT) Date: Fri, 24 Jul 2020 12:11:43 +0000 In-Reply-To: <20200724121143.1589121-1-satyat@google.com> Message-Id: <20200724121143.1589121-8-satyat@google.com> Mime-Version: 1.0 References: <20200724121143.1589121-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v5 7/7] fscrypt: update documentation for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala , Eric Biggers , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update fscrypt documentation to reflect the addition of direct I/O support and document the necessary conditions for direct I/O on encrypted files. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers Reviewed-by: Jaegeuk Kim --- Documentation/filesystems/fscrypt.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index ec81598477fc..5367c03b17bb 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1049,8 +1049,10 @@ astute users may notice some differences in behavior: may be used to overwrite the source files but isn't guaranteed to be effective on all filesystems and storage devices. -- Direct I/O is not supported on encrypted files. Attempts to use - direct I/O on such files will fall back to buffered I/O. +- Direct I/O is supported on encrypted files only under some + circumstances (see `Direct I/O support`_ for details). When these + circumstances are not met, attempts to use direct I/O on encrypted + files will fall back to buffered I/O. - The fallocate operations FALLOC_FL_COLLAPSE_RANGE and FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will @@ -1123,6 +1125,20 @@ It is not currently possible to backup and restore encrypted files without the encryption key. This would require special APIs which have not yet been implemented. +Direct I/O support +================== + +Direct I/O on encrypted files is supported through blk-crypto. In +particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION +enabled, the filesystem must have had the 'inlinecrypt' mount option +specified, and either hardware inline encryption must be present, or +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further, +any I/O must be aligned to the filesystem block size (*not* necessarily +the same as the block device's block size) - in particular, any userspace +buffer into which data is read/written from must also be aligned to the +filesystem block size. If any of these conditions isn't met, attempts to do +direct I/O on an encrypted file will fall back to buffered I/O. + Encryption policy enforcement =============================