From patchwork Fri Jul 24 18:44:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684127 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8A42B913 for ; Fri, 24 Jul 2020 18:45:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 715D52070B for ; Fri, 24 Jul 2020 18:45:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fiwV9W1r" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726702AbgGXSpL (ORCPT ); Fri, 24 Jul 2020 14:45:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726553AbgGXSpJ (ORCPT ); Fri, 24 Jul 2020 14:45:09 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB24CC0619E6 for ; Fri, 24 Jul 2020 11:45:08 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id j187so11509834ybj.7 for ; Fri, 24 Jul 2020 11:45:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=e3QQnyJEAo5uWrYUDsDCPQeAxWHqtOZ6h6W8L9vv5Ok=; b=fiwV9W1rn8xIx3eZin4HllP1i3QSz+XUBPdewpcOoRimkQuoOrFrKuu38oLKdxH/DL vjPZdSY437ObQqT07i4flLI+1fCaVT7Ymuca2SmUy4H+CrkIrxGI6jsA4EgPZZauHHUt w/Tg2NAvoP98hkyUVK+5yBTBUA/3l8/6rYlDlWHfAmPIHHvKIXtSVukfxFwkMujd4Zv2 aD16Gnr0+DPz3kaVcz9meN+oEqmVMDwbCt7HOOFTt1XvP0x1pFx5ASr/LQ43SiIqmiEF dJNIHgPR6/zhiU7zn6P9EKElVptiQsjVOLZRH9RuAggnZ6iX8hjjZSEwMbuHQegF+4MK IBnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=e3QQnyJEAo5uWrYUDsDCPQeAxWHqtOZ6h6W8L9vv5Ok=; b=LNTiboaFJhMeHDkoZJaJEm4vztTQx9sDMlw8nZGQL0nrSP833OUv4n/ywpWapYTKEV TDSML8dhBNxD78LxxAILW7drZyo18RhjS9at6//I0hqDVhDi1pqqmX1dTi8UozMtt6E1 jW8+gmM9DQgWEha1zryRhw7LfL/+UBDRtsvHsOmn1HPaKs/Dax5ZJ2HJxX4gV+PnWWLN rhnYW1gYxKsIYYjI3CmQgBiqUEr2bH7R8ecbDQyTFr6U1fTmnx3OeJ7Sp9cnXCNofkBX YTQdhKEvO6Uxjc2fKkiRB800+ygg6v8NZ6qnwA4flZnZuXSKAhei2HjY4qOBlpMZ075s U3+g== X-Gm-Message-State: AOAM531+5T9MbdtQQkM19boRwqe7A9DUAng3oRlwnYMNkue801SajCbD OPefQ0Fn3st/HlUhUXdLFjAP7BEq+XXkiUrN1sORt9LNISGvlEr7tqi1yppswrv5UtZCyiWbhp6 If9GjoFX+wyKhi/lr+B/KnqGvZ09dTiSY4b+eRQwBGfnSXtskX6Zh0dCe1DI1zaw4KSBwWuE= X-Google-Smtp-Source: ABdhPJwl1gKyF3pfJ5ie868kPXKBua9doUzwDRqGLr8lKTqxr1HHAMw3xL4wn/F/CGySesYoXqUp4cD0u0I= X-Received: by 2002:a25:2417:: with SMTP id k23mr15167611ybk.300.1595616307826; Fri, 24 Jul 2020 11:45:07 -0700 (PDT) Date: Fri, 24 Jul 2020 18:44:55 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-2-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 1/7] fscrypt: Add functions for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Introduce fscrypt_dio_supported() to check whether a direct I/O request is unsupported due to encryption constraints. Also introduce fscrypt_limit_io_blocks() to limit how many blocks can be added to a bio being prepared for direct I/O. This is needed for filesystems that use the iomap direct I/O implementation to avoid DUN wraparound in the middle of a bio (which is possible with the IV_INO_LBLK_32 IV generation method). Elsewhere fscrypt_mergeable_bio() is used for this, but iomap operates on logical ranges directly, so filesystems using iomap won't have a chance to call fscrypt_mergeable_bio() on every block added to a bio. So we need this function which limits a logical range in one go. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/crypto/crypto.c | 8 +++++ fs/crypto/inline_crypt.c | 74 ++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 18 ++++++++++ 3 files changed, 100 insertions(+) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 9212325763b0..f72f22a718b2 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page) } EXPORT_SYMBOL(fscrypt_free_bounce_page); +/* + * Generate the IV for the given logical block number within the given file. + * For filenames encryption, lblk_num == 0. + * + * Keep this in sync with fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks() + * needs to know about any IV generation methods where the low bits of IV don't + * simply contain the lblk_num (e.g., IV_INO_LBLK_32). + */ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index d7aecadf33c1..4cdf807b89b9 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fscrypt_private.h" @@ -362,3 +363,76 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio, return fscrypt_mergeable_bio(bio, inode, next_lblk); } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh); + +/** + * fscrypt_dio_supported() - check whether a direct I/O request is unsupported + * due to encryption constraints + * @iocb: the file and position the I/O is targeting + * @iter: the I/O data segment(s) + * + * Return: true if direct I/O is supported + */ +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + const unsigned int blocksize = i_blocksize(inode); + + /* If the file is unencrypted, no veto from us. */ + if (!fscrypt_needs_contents_encryption(inode)) + return true; + + /* We only support direct I/O with inline crypto, not fs-layer crypto */ + if (!fscrypt_inode_uses_inline_crypto(inode)) + return false; + + /* + * Since the granularity of encryption is filesystem blocks, the I/O + * must be block aligned -- not just disk sector aligned. + */ + if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(fscrypt_dio_supported); + +/** + * fscrypt_limit_io_blocks() - limit I/O blocks to avoid discontiguous DUNs + * @inode: the file on which I/O is being done + * @lblk: the block at which the I/O is being started from + * @nr_blocks: the number of blocks we want to submit starting at @pos + * + * Determine the limit to the number of blocks that can be submitted in the bio + * targeting @pos without causing a data unit number (DUN) discontinuity. + * + * This is normally just @nr_blocks, as normally the DUNs just increment along + * with the logical blocks. (Or the file is not encrypted.) + * + * In rare cases, fscrypt can be using an IV generation method that allows the + * DUN to wrap around within logically continuous blocks, and that wraparound + * will occur. If this happens, a value less than @nr_blocks will be returned + * so that the wraparound doesn't occur in the middle of the bio. + * + * Return: the actual number of blocks that can be submitted + */ +u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks) +{ + const struct fscrypt_info *ci = inode->i_crypt_info; + u32 dun; + + if (!fscrypt_inode_uses_inline_crypto(inode)) + return nr_blocks; + + if (nr_blocks <= 1) + return nr_blocks; + + if (!(fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) + return nr_blocks; + + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + + dun = ci->ci_hashed_ino + lblk; + + return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun); +} diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index bb257411365f..5de122ec0464 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -559,6 +559,10 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); + +u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks); + #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) @@ -587,6 +591,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, { return true; } + +static inline bool fscrypt_dio_supported(struct kiocb *iocb, + struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + + return !fscrypt_needs_contents_encryption(inode); +} + +static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, + u64 nr_blocks) +{ + return nr_blocks; +} #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ /** From patchwork Fri Jul 24 18:44:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684141 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 839241392 for ; Fri, 24 Jul 2020 18:45:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6771D2070B for ; Fri, 24 Jul 2020 18:45:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="maAmxJ7N" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726826AbgGXSpQ (ORCPT ); Fri, 24 Jul 2020 14:45:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726689AbgGXSpK (ORCPT ); Fri, 24 Jul 2020 14:45:10 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07DADC0698C4 for ; Fri, 24 Jul 2020 11:45:10 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id w2so6949713pfn.0 for ; Fri, 24 Jul 2020 11:45:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=VSwfu85pneIFmS24X/ynlOi1yjIof1V3mRCitL8rAYY=; b=maAmxJ7NYpOeYwEieVBxCvRDZINBI5z01Z7yoA6Kvl2IYqByL1XVGCthlTgPirzHTR 5nXxBJvJ9Wt7KA1zuGzaQDvSG5JBu4jne2azUTlVKbGojdVvR/GsCiiOGhYZfls55xX+ vb7IqBleMcL/eF/RiTCPxqdypPn2KKzoMLJ6OlgoiFw2wmrMpqEd0oGoa/cAUN16dbVJ mbvl5Pjm/9rEEPXF1iygFadnE/pcA3dJdwaWGdx4RU8aeSSpToh7gK1ay2iYWIqrnIqQ wGwk93dF3mWAgl2urxtmiGQyZwx8qsrDPbHwP4m2RhCl25zv7XND4Kaft04Xv2XS6LU/ rOrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=VSwfu85pneIFmS24X/ynlOi1yjIof1V3mRCitL8rAYY=; b=n4Z1h9TcVTRgOEsr0JXpts9zd50hA2X4miK+1TAq7MAezk0U5yOn9Q6F7r+mcMOs89 edf4JmBRISgMEXy29+IKlo+lPdeF2UCRypi/GMh6y/KwnC77GwiUBoASQpp6jwUbojlv bI+7C3fkqEBrMM0H8pZg6ttSCMU08mjtPoZ8llp3Xse2Wb0mZLBz5AcCEugdejU/13AD LB8QAsiZUvoATAMb7Ih2BjhHziasE2c3pG3MiskrjCG25WRegcm5SC3iF+TKW/57oPIg zliy15ryItu3sYP1kTWxY+zlCVsxrkcAUaQeIHJDy+OE4BbKvih8U8eOqsbOmXOO/BBj GeKQ== X-Gm-Message-State: AOAM532RZ1pKWETw2nC8K3ep7tRII41sBNLXevfsxnMwz7v/7K+41fwT hxPyf0ziYHxLV9Yq0InfAwVQtVy9fTs50LQobga8XcSrOy8QSwd3hBeZvUmBJQXdlTQW6KmyUXG ePMsihXFUQv1ZBXTp4ttz5CCaicbxR0Ubf9Aehz/pAtMSp9OiLWND/MOtVdsLTMGTWqaCpr8= X-Google-Smtp-Source: ABdhPJyT41z7Bo2DJVXrD2yfQgUGfnGWGnRtL9zK9eYdoIYIP8wyrLRC6/JqsXYyBn0KLNCSTVI1XabDyNk= X-Received: by 2002:a17:90b:1296:: with SMTP id fw22mr6730717pjb.20.1595616309435; Fri, 24 Jul 2020 11:45:09 -0700 (PDT) Date: Fri, 24 Jul 2020 18:44:56 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-3-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 2/7] direct-io: add support for fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required, and explicitly check for DUN continuity when adding pages to the bio. (While DUN continuity is usually implied by logical block contiguity, this is not the case when using certain fscrypt IV generation methods like IV_INO_LBLK_32). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Reviewed-by: Jaegeuk Kim --- fs/direct-io.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index 6d5370eac2a8..f27f7e3780ee 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -411,6 +412,7 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, sector_t first_sector, int nr_vecs) { struct bio *bio; + struct inode *inode = dio->inode; /* * bio_alloc() is guaranteed to return a bio when allowed to sleep and @@ -418,6 +420,9 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, */ bio = bio_alloc(GFP_KERNEL, nr_vecs); + fscrypt_set_bio_crypt_ctx(bio, inode, + sdio->cur_page_fs_offset >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, bdev); bio->bi_iter.bi_sector = first_sector; bio_set_op_attrs(bio, dio->op, dio->op_flags); @@ -782,9 +787,17 @@ static inline int dio_send_cur_page(struct dio *dio, struct dio_submit *sdio, * current logical offset in the file does not equal what would * be the next logical offset in the bio, submit the bio we * have. + * + * When fscrypt inline encryption is used, data unit number + * (DUN) contiguity is also required. Normally that's implied + * by logical contiguity. However, certain IV generation + * methods (e.g. IV_INO_LBLK_32) don't guarantee it. So, we + * must explicitly check fscrypt_mergeable_bio() too. */ if (sdio->final_block_in_bio != sdio->cur_page_block || - cur_offset != bio_next_offset) + cur_offset != bio_next_offset || + !fscrypt_mergeable_bio(sdio->bio, dio->inode, + cur_offset >> dio->inode->i_blkbits)) dio_bio_submit(dio, sdio); } From patchwork Fri Jul 24 18:44:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684129 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4D539913 for ; Fri, 24 Jul 2020 18:45:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33B8E2070E for ; Fri, 24 Jul 2020 18:45:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="cLH6fzkp" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726676AbgGXSpM (ORCPT ); Fri, 24 Jul 2020 14:45:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726763AbgGXSpL (ORCPT ); Fri, 24 Jul 2020 14:45:11 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D06FFC0619E6 for ; Fri, 24 Jul 2020 11:45:11 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id a25so6939402pfl.2 for ; Fri, 24 Jul 2020 11:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=cZRHJd9vm6wSJv/XnptuJQLr+rxaeXJfolkFtRJQLFQ=; b=cLH6fzkpbrIyelFo1byJfRWbdqDhF3ZuMGCQS4DuqoFfUVEI6AqUb/cLmCcnxe2DB/ NuclTLQUseIGENpT7nSaTyqpx9/aizcWbC3NKqN5eALGkn02PLzSafBJR0zP+YtgRdjx iiqFAGrcWbXnR1oSAceanlMou1uN1NcKZaHO7V6Fq14CfHQBbuPffCJrhM+PHcdgXacy ZTIPrXi3DslzIjo4fnTej7bdyl7kq0p1qIzcLMEMzdaXiKnZj5yIvjZYQny4aGeAndIA PQZfy+PrHHJBs5Hj0M8Ccv3m4ELMXmcv4DxI8RLO/We8K9PWuYUCvp83BPAYwnWrSsLM 6aYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=cZRHJd9vm6wSJv/XnptuJQLr+rxaeXJfolkFtRJQLFQ=; b=f6Gz2bWlHRzNsf7ZTf7uhlxifRCv2caSP9OnVYVp6OMPglf0M4ZOS6JdA5l8rL9WsU H86TJd8Z2N4hj18S6u5zFYVgfkMJQJ26reTG3SQkAiEiF9J2T64gYKc0Hm2jFvzcJ96L o40Z7qJE+ktoUnHH4BAIPrkos1yshNjmhBWvePz38Swe4PBljMCIjS1DYSNbj7dZO0UN N8OwjkpTVawu9UCj1GpmbsUwKCTYw29cyHlZ39cNgaXF/IOte6FEH9MG3XZH9I0VTV6+ hb2bWj+L/EygFmMCIPiNA0LI7EkMUfFcXudbqFWie/SqsevIiXl2jjNeKzSKma7bwCyx QbfQ== X-Gm-Message-State: AOAM531rBVLCQwtZMo5cWugVpTrbnw09UV91/a3Dp8JzsnGejdwxemfN Drf+Y88lcxIz0TGokoXTBLe4k9jXvYTRytS6skcpne67q2GwOqnayvKkI0QJj8nYxdIBh3Azfpq q2FU7dWgb8LtBwRWaq5+EOuC+mN7mSnRS/WcBeR9rh8bFSmaxk2gr7TnH48Pyp1HvzwNP+0g= X-Google-Smtp-Source: ABdhPJw8fcIvmjHR7H+eb8aZqwFTcCm45Bq/Yx+3nVsrxPL6bXnXqOMUT4Dox/jUn8rhKVdlkFqNAmoD0JI= X-Received: by 2002:a62:1acc:: with SMTP id a195mr9957629pfa.32.1595616311087; Fri, 24 Jul 2020 11:45:11 -0700 (PDT) Date: Fri, 24 Jul 2020 18:44:57 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-4-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 3/7] iomap: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required. No DUN contiguity checks are done - callers are expected to set up the iomap correctly to ensure that each bio submitted by iomap will not have blocks with incontiguous DUNs by calling fscrypt_limit_io_blocks() appropriately. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/iomap/direct-io.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index ec7b78e6feca..a8785bffdc7c 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -183,11 +184,14 @@ static void iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos, unsigned len) { + struct inode *inode = file_inode(dio->iocb->ki_filp); struct page *page = ZERO_PAGE(0); int flags = REQ_SYNC | REQ_IDLE; struct bio *bio; bio = bio_alloc(GFP_KERNEL, 1); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_private = dio; @@ -270,6 +274,8 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, } bio = bio_alloc(GFP_KERNEL, nr_pages); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_write_hint = dio->iocb->ki_hint; From patchwork Fri Jul 24 18:44:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684157 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3AB3B13B1 for ; Fri, 24 Jul 2020 18:45:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 216BA20737 for ; Fri, 24 Jul 2020 18:45:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WZxif6+6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726863AbgGXSpT (ORCPT ); Fri, 24 Jul 2020 14:45:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726763AbgGXSpN (ORCPT ); Fri, 24 Jul 2020 14:45:13 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B031C0619E6 for ; Fri, 24 Jul 2020 11:45:13 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 8so11467949ybc.23 for ; Fri, 24 Jul 2020 11:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=r8Pg6JmNaFN8fVBskJ954zlZvlkSSoV1f+xmIU4eJ8Y=; b=WZxif6+6SPfu0xTeldRLQ3uzvhiQHHPuJ3wvszADxxQXo+kraJNCkoW2SjaTiCI/fA tjr/RHdHC2utCZI6gqsTf6bi248HQE4FH8OeQ3i5z7Mjm/erk6l9Hs4KAFgiNnGSoJzQ +wFpox/AoKBdgYO6JL/4Pt7vSNaTodsgMpvLea+xlBamKo2Zp7mdiwk8z3K+1O4pvHHT Zn4bWRPvpRwh7o3cHRLAUqjDHP0wki5gObcM3HhSBidRJ187n9QJXUzMC2M7ubEQa66B ltnFBglVcP3vBXxYW+dKa0oTYE+kv+oO/LBgR0e2hn6tgE0m1OcMFNfOm3F+WYqCTZ6H wMlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=r8Pg6JmNaFN8fVBskJ954zlZvlkSSoV1f+xmIU4eJ8Y=; b=RGWwMfrdrjRskloqgDhTQH57t7iM6ndYWEEaeTzMwZuA2PUVaYE1/8Oy9+GA6+0Ask anxYiK7A8zKdWcyVOEX0mAF1poCB2h6frDO+uOCvfAHK8xzhUm5zI8Qv5V28vGZ1+3QI 6aXl2OsxMLgavqA+iO2D8YwJDx8V9sckPrNF9MjL9O/29JPUYW7rFqJJUc7gEq0Hd1z0 sK9ZK77Nut6GqGFRymIqCMiEu+wqViXA5Pz6B5GeBVB3+S1lXaEANLQsuASHEtbKPnYe JhtQK3+fi4sLodf5DLwjewYODJ2dTVCAIysh2Kd5k/m34RMaGcua5XQ0LPJU8f8pBMwP +i1g== X-Gm-Message-State: AOAM533eMk5QxPDT4NlsbYu4rRiHSDPSHKu50XLx+D5KWGO6E8T7stUF SMt2HuCs0nO73q/EIN3oXonGFWm3fSML0/J9BC01RvRKB7plP9ugezNotDKH8/ENJeUc1JVKkOT tyConCayVaztcHFoKubUZkcqXs5NRGx1CRLxMPu44tFna02ut3WP++KSpXiaXoPUZeACtjPw= X-Google-Smtp-Source: ABdhPJz/pwO4CPr/TwSp+10jXFW4RyYAdzpCUQarKYvxET89Fk5Zhv46IwKHyL9Ir7sI+fKC28k4po0GnP8= X-Received: by 2002:a25:6c8a:: with SMTP id h132mr17095635ybc.353.1595616312763; Fri, 24 Jul 2020 11:45:12 -0700 (PDT) Date: Fri, 24 Jul 2020 18:44:58 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-5-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 4/7] ext4: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up ext4 with fscrypt direct I/O support. Direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). fscrypt_limit_io_blocks() is called before setting up the iomap to ensure that the blocks of each bio that iomap will submit will have contiguous DUNs. Note that fscrypt_limit_io_blocks() is normally a no-op, as normally the DUNs simply increment along with the logical blocks. But it's needed to handle an edge case in one of the fscrypt IV generation methods. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Reviewed-by: Jaegeuk Kim --- fs/ext4/file.c | 10 ++++++---- fs/ext4/inode.c | 7 +++++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2a01e31a032c..d534f72675d9 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -36,9 +36,11 @@ #include "acl.h" #include "truncate.h" -static bool ext4_dio_supported(struct inode *inode) +static bool ext4_dio_supported(struct kiocb *iocb, struct iov_iter *iter) { - if (IS_ENABLED(CONFIG_FS_ENCRYPTION) && IS_ENCRYPTED(inode)) + struct inode *inode = file_inode(iocb->ki_filp); + + if (!fscrypt_dio_supported(iocb, iter)) return false; if (fsverity_active(inode)) return false; @@ -61,7 +63,7 @@ static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to) inode_lock_shared(inode); } - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, to)) { inode_unlock_shared(inode); /* * Fallback to buffered I/O if the operation being performed on @@ -490,7 +492,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) } /* Fallback to buffered I/O if the inode does not support direct I/O. */ - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, from)) { if (ilock_shared) inode_unlock_shared(inode); else diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 44bad4bb8831..6725116ea348 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3445,6 +3445,13 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, if (ret < 0) return ret; + /* + * When inline encryption is enabled, sometimes I/O to an encrypted file + * has to be broken up to guarantee DUN contiguity. Handle this by + * limiting the length of the mapping returned. + */ + map.m_len = fscrypt_limit_io_blocks(inode, map.m_lblk, map.m_len); + ext4_set_iomap(inode, iomap, &map, offset, length); return 0; From patchwork Fri Jul 24 18:44:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684161 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6429513B1 for ; Fri, 24 Jul 2020 18:45:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BC712070B for ; Fri, 24 Jul 2020 18:45:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wIgyWZnm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726841AbgGXSpY (ORCPT ); Fri, 24 Jul 2020 14:45:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726689AbgGXSpS (ORCPT ); Fri, 24 Jul 2020 14:45:18 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D40CC0698C4 for ; Fri, 24 Jul 2020 11:45:15 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id i9so11642461ybg.1 for ; Fri, 24 Jul 2020 11:45:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=oZN8SnIpsU7aOjS5+8MoI/0a82Ym0e3d0O/7K4J6ac4=; b=wIgyWZnmLwySzWDZSlBrKLMi9o7JvXabuPmirleI8ql4xoXo7sERCN6n1iqc7ulrPe +0bTFhJB6lh8er/OHOe2MXTTa4FGq9Z3I6vsRXEScezsqzlDDr2vnow9hUL76dFd4t73 LSY7AXOCLmvkf5lykey7j+KVR2MMALlndNl2R6YrkZFHfXwGZkrfnHwyHn1h/uaaOf9l uJnX4cyIXqW+w1n+7Eb7Pxn4EQVXztt3YcG5WdnGQg5++z/bnqsVqqqlx/TYg5agIJhj WavGB7UKwBzo7jCeULL7RegHdYo0aLeV9COGmhAu19Pyol/rjfmG50iF+cCQ2zkbz44I mBmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=oZN8SnIpsU7aOjS5+8MoI/0a82Ym0e3d0O/7K4J6ac4=; b=BGZktpSWuA6PSKOsHtZ9W2/PCd2hhQr0Ru9wfgFX283n9HnRbPLjXHirPxIVTblHeH AwjDIUkFDi0p4ZbR1ddvsjy7VlCbBqthESwEv2htI5rlCbNLkfR93d4TeGpxV3hx8n62 In6Xfgbn+amem8KJ8L5YDM6Ud8d1yhjd/Z87kH4f4O3uxxjvf3XuKAGD1H01wWzL/qvk QpgZNK4VrFMLDe1mfNq9vO23BSniZ1C5YTQmiRN1O7DS8CO7+EjpyiIsFAHwVYkwWnK+ sPVo14FgfjCzvfxi05hjYhJhuptoQUlSVgr2LHx3JlcQ8TwtLjv8Gn5N6+rWaA1WCbXc GKxg== X-Gm-Message-State: AOAM530OBNNg5EDZoRz9kf5v9/6mXmCGe3Rlc/kLLwfkEhDuVV7tab/5 ej/LRChreYEK2FUMKrsk1iuU1UjS2qeAJPnouDeQLwpA4LbUzGwxAf/46Ah1qh3xt3VMQ6hW+QH 29hV0eOi7h0RCixWW/dSBCsplwXqFwRqZ3yUJ7joKwKIJYTASZYCeg7/bG0o81mLvGLsRQI0= X-Google-Smtp-Source: ABdhPJzmZ43+VRZcOd+tePRiD99mq4GfMup1JpMkWtUBzFz9rcQiFfN2MHUCR4TgOqatdZ2Tf8jsOOl0B2c= X-Received: by 2002:a25:c483:: with SMTP id u125mr16946975ybf.194.1595616314284; Fri, 24 Jul 2020 11:45:14 -0700 (PDT) Date: Fri, 24 Jul 2020 18:44:59 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-6-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 5/7] f2fs: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up f2fs with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala Acked-by: Jaegeuk Kim --- fs/f2fs/f2fs.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index b35a50f4953c..978130b5a195 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4082,7 +4082,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int rw = iov_iter_rw(iter); - if (f2fs_post_read_required(inode)) + if (!fscrypt_dio_supported(iocb, iter)) + return true; + if (fsverity_active(inode)) + return true; + if (f2fs_compressed_file(inode)) return true; if (f2fs_is_multi_device(sbi)) return true; From patchwork Fri Jul 24 18:45:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684159 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 01477913 for ; Fri, 24 Jul 2020 18:45:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DD58E2070E for ; Fri, 24 Jul 2020 18:45:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ITpDF03z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726676AbgGXSpY (ORCPT ); Fri, 24 Jul 2020 14:45:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726841AbgGXSpS (ORCPT ); Fri, 24 Jul 2020 14:45:18 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7173C08C5C1 for ; Fri, 24 Jul 2020 11:45:16 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id a127so11655509ybb.14 for ; Fri, 24 Jul 2020 11:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ak9b1MetrNwz8tkXgMNDeTUR8YoZBpQh5jjz0bYRY0M=; b=ITpDF03zh4gAXQ80IgtXYXSVSudg/gU9rVN57XZQKro+oG5FczxsGGWDIk19KaZUlG Hkjz42c4BcWVc7yDHolMXgpncUUqKjalZEP7MuFByMe4pNel/xhE7ghREp4QClDZsKCO Ephfn9OUfGkQ4PQc3FpjFY9Q1OGvIPi/WWbgtYnXgbmI+ypPpmWm4E1cZWktwV5WV/Hk 1r6DAzau+34Tj4JZDNQ+kk85DecV+mTqhpQFF3eVxMwgJIAB1/H/e1XTzvZ6sLHGhsNn MhBrQ+GdgjovyQoTISpziTf1X9MqGb/stJUXrK9lxtfQ2BpP77C5c3tsRK5M0QJCJHHC 0gLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ak9b1MetrNwz8tkXgMNDeTUR8YoZBpQh5jjz0bYRY0M=; b=WQHGNetqYOzKZEkCids50hEqERgkVSB1ylDVLJ4eW32yFt8WdWwGieMM1R0g8hFgQH Ly75c5pBRVrl+L30HcRtHKkMPMnaTwS70FQTHxrQetNo2OpiJi1AYMkS4vWNaj5ct7iT G/79SwsFn8nYFcY+QHduRi31CisBWsW+U2e4pfLzaSZOKxZc1lSRpRe4oPfYX4HZEK7q BvP2uKR/7XyjQltJ0P9se3EKUe1FZw1kc+ySY8menmk7mDHxBOqjx4Xwtg527pYncysQ 4+DbFF1ncHmIYee7EjXeHgS7/uv5Je7wJTO/BjZj/u44v8hu2O2UIEZTtBlBFFWfNYVN BgPA== X-Gm-Message-State: AOAM532RNUQk6mqEJ8hgotNRHGCDhOg3qThP2Un8vkXDDnMjNtPA9/xg aIMgaLe0mcPbqxHo1zuRc2gDriN51KiizAEfhFOjte6Ry7nQp/AAx6b55BbUbVSoju+NVUenceU Z7G8VuFtWAckDLcjodIpTrPUXj3UXmDUve9BRBlRGU+Q/HZSTCKiuR7bCi0gpQJ8yfWsTkVM= X-Google-Smtp-Source: ABdhPJwseKqiZHZW7R0lAN2FfflJ1727vAQQkCjVmAbzoVzFBnjTpAAyolnIjYFGGURfVI9rNc5tdpoHwlY= X-Received: by 2002:a25:2b89:: with SMTP id r131mr16541745ybr.131.1595616316063; Fri, 24 Jul 2020 11:45:16 -0700 (PDT) Date: Fri, 24 Jul 2020 18:45:00 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-7-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 6/7] fscrypt: document inline encryption support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala , Eric Biggers , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update the fscrypt documentation file for inline encryption support. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers Reviewed-by: Jaegeuk Kim --- Documentation/filesystems/fscrypt.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index 1a6ad6f736b5..423c5a0daf45 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary buffers regardless of encryption. Other filesystems, such as ext4 and F2FS, have to allocate bounce pages specially for encryption. +Fscrypt is also able to use inline encryption hardware instead of the +kernel crypto API for en/decryption of file contents. When possible, +and if directed to do so (by specifying the 'inlinecrypt' mount option +for an ext4/F2FS filesystem), it adds encryption contexts to bios and +uses blk-crypto to perform the en/decryption instead of making use of +the above read/write path changes. Of course, even if directed to +make use of inline encryption, fscrypt will only be able to do so if +either hardware inline encryption support is available for the +selected encryption algorithm or CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK +is selected. If neither is the case, fscrypt will fall back to using +the above mentioned read/write path changes for en/decryption. + Filename hashing and encoding ----------------------------- @@ -1250,7 +1262,9 @@ Tests To test fscrypt, use xfstests, which is Linux's de facto standard filesystem test suite. First, run all the tests in the "encrypt" -group on the relevant filesystem(s). For example, to test ext4 and +group on the relevant filesystem(s). One can also run the tests +with the 'inlinecrypt' mount option to test the implementation for +inline encryption support. For example, to test ext4 and f2fs encryption using `kvm-xfstests `_:: From patchwork Fri Jul 24 18:45:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11684149 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 341D11392 for ; Fri, 24 Jul 2020 18:45:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1B7982065E for ; Fri, 24 Jul 2020 18:45:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mBULbubn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726593AbgGXSpU (ORCPT ); Fri, 24 Jul 2020 14:45:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726877AbgGXSpT (ORCPT ); Fri, 24 Jul 2020 14:45:19 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0388DC0619D3 for ; Fri, 24 Jul 2020 11:45:19 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id p8so6949833pgj.14 for ; Fri, 24 Jul 2020 11:45:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=xyIxbqTzEFkSiRwtwQaLWA16wfxvhvC5m78qlSH1ff0=; b=mBULbubnOs99wcWvCkuB8DaDJihSO0xMIW84PX5bW6WTDj309RqVaJPHsyAy2kaKCY sOD/egWqVHLZ7OUz7656r6qh6CE0O+9+ekoTB8ggySlZKOVBPFRyQhOpz3iP8O3KzA66 TlNycAcYS2Bt5YOOhe3NHBNfRzmIluIfVqVEZaOTBNsFH2DN2tFUJgfwzvHk+Cfu4ktE Ux2qbNoUcHcJSGpYoyJrtPpZVCLD/G+F6TaLMtwwue8ZozjlRyZ5Pqd2SCUqaAjZRuwa 2twdFk1AzPx/nwa4i8eqkv4wxZlZ4QpFLnVvKFEWArFlrDNn6OdFdOF+0n5c6jitoG4w V/dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=xyIxbqTzEFkSiRwtwQaLWA16wfxvhvC5m78qlSH1ff0=; b=CcJrcXzxPertdsRh0sb8g/WnxGAkoegKuPw5WlIq44L51CPWx7a33THx4aC3R4p7uW 3Mq3aS/4AtgBll2TPrSU9p3Jh/Rg/rKkqA+vKJpUh3nxNrd7ACvsZxH83uk/hLTFB3Za uU3VCrwt1NuqE0edet5AqZJOTXqa7F8fs4tCaGTcFzzImQ3A5/0BO/PEFmPosHluNbs7 M/scRtoHfH949F3ob63Wn2oeAx+uqgUWzgC48yoMFlcL6nqbfMx4xDPWAcfdKJO/zRsu T8QG+S+O+5zMggdHO8Ww9teghg12UaZqhDVJiyQ10Cnpe1SvdtjQ8IVK3Lz+HYMOpFgL ikeA== X-Gm-Message-State: AOAM5313Udd0tdBpZhDyP1V9AqHu1D/TI+qOGOhEB2pu+F7vKbhjiLrW icW5VHtfSwDBRtmMYyYwEAr9/PIN5C9PMz0fzSgWD/4QdOAUwlLF8eo84P6FCpa7xehC/gHUZIC DElIdZX8zZg4zGHq2I5I16x4gOW5/6eoTf6r+uhnGlKbwipGsBFE1XFebWjjxO7IESzqJPoM= X-Google-Smtp-Source: ABdhPJzkqIhgfmuH4Tw2HNitGStx6+I2VoJ2h2ZcDf2nCz9kSOHpDDkKAQY+0hH0A++BUEd5FyALMx/aU4Y= X-Received: by 2002:a17:90a:1fcb:: with SMTP id z11mr1970016pjz.1.1595616317802; Fri, 24 Jul 2020 11:45:17 -0700 (PDT) Date: Fri, 24 Jul 2020 18:45:01 +0000 In-Reply-To: <20200724184501.1651378-1-satyat@google.com> Message-Id: <20200724184501.1651378-8-satyat@google.com> Mime-Version: 1.0 References: <20200724184501.1651378-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.142.g3c755180ce-goog Subject: [PATCH v6 7/7] fscrypt: update documentation for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala , Eric Biggers , Jaegeuk Kim Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update fscrypt documentation to reflect the addition of direct I/O support and document the necessary conditions for direct I/O on encrypted files. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers Reviewed-by: Jaegeuk Kim --- Documentation/filesystems/fscrypt.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index 423c5a0daf45..b9bbd6c612ff 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1049,8 +1049,10 @@ astute users may notice some differences in behavior: may be used to overwrite the source files but isn't guaranteed to be effective on all filesystems and storage devices. -- Direct I/O is not supported on encrypted files. Attempts to use - direct I/O on such files will fall back to buffered I/O. +- Direct I/O is supported on encrypted files only under some + circumstances (see `Direct I/O support`_ for details). When these + circumstances are not met, attempts to use direct I/O on encrypted + files will fall back to buffered I/O. - The fallocate operations FALLOC_FL_COLLAPSE_RANGE and FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will @@ -1123,6 +1125,20 @@ It is not currently possible to backup and restore encrypted files without the encryption key. This would require special APIs which have not yet been implemented. +Direct I/O support +================== + +Direct I/O on encrypted files is supported through blk-crypto. In +particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION +enabled, the filesystem must have had the 'inlinecrypt' mount option +specified, and either hardware inline encryption must be present, or +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further, +any I/O must be aligned to the filesystem block size (*not* necessarily +the same as the block device's block size) - in particular, any userspace +buffer into which data is read/written from must also be aligned to the +filesystem block size. If any of these conditions isn't met, attempts to do +direct I/O on an encrypted file will fall back to buffered I/O. + Encryption policy enforcement =============================