From patchwork Wed Jan 24 17:18:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529449 Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69B6A7E77D for ; Wed, 24 Jan 2024 17:19:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116766; cv=none; b=liKS9AxXiqfWoM8H9wF7R7OBdV0ZWGgmeRuFlkJmgJ09fbSUQWgTJOqLimirCpMbYbynms036c4noFy037FyfsugI+EyZTfHP+/PREGdw9ELI8s3ABfopgQFmP4gv2b7rBZpPW0hAe850X6NB1UI9FqLM+Qy/bkRsxFXiYCz5UQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116766; c=relaxed/simple; bh=jc5t6p3BcAlY5qsrOYdxbzcAzY3bhLnqeimsJjEmS3c=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X0UHpwQTFJC0u1tHSTWxVaTygzaBnHltiVvq87o/bppT5gZYag4x84h1Xs9CPSrRlwZ3rqvpB5j3TbZzGmJ4ef6pHuQRUu/DpHLE80lhb0pffF9VLwxAhAthvQL5Cctjcs2CI2rPOOhweCiWcVS3V4rQLCqXPDnh03WY7VjskL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=cjykHSEe; arc=none smtp.client-ip=209.85.219.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="cjykHSEe" Received: by mail-yb1-f181.google.com with SMTP id 3f1490d57ef6-dc226bad48cso4007847276.3 for ; Wed, 24 Jan 2024 09:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116763; x=1706721563; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BsFZCuzjLI2foRhy+O+RHwNviTR4wDykZWZKy7gqmKQ=; b=cjykHSEeuNOJWKxDjVOg6Cm5G2GhjvAhpWQmCMuDieXiSTA68NHU4LQTmN2J7+WZwJ b2UhYtnXdgtl2lH46pEp41jTBPXbrQrSCJeFYGOA4n4S0jmGSgOl2S3NMVbIQ5Q8em0G wX/dXdL8i0y+GFOXyU5TYRLjz9EMIbuSP1nohw/z51Jdwe7Y4WLqMRBzzhGizR4M2Yv6 aNA9M2mF9E4wu7dbtMVaZF2WCHONdXuW56elGy48oCBZmxXKqu7EMSBf+NlchDZI7Qhr 9htwskCwwLxf656dGSzb5s8cf5JRPuO2AXRoYte5CtwYSvTDzbtCSup2XXUSzy5j+u0X e25Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116763; x=1706721563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BsFZCuzjLI2foRhy+O+RHwNviTR4wDykZWZKy7gqmKQ=; b=ratLqVGy9X/F8eUfMlR5Zo8AWPVXls6bIfm1y/lm0eZU4IIyTZlWd3ng2r9yAfkOpa mFoyABCF+Kot7oxy4U4EBjPzHDHdu3Nr2LDJmoM7pFPz4G9b9N91LgIi15dFgQ5b2ZjZ np7z0fdbCoLaS9EWj/Av0WCVYV5bTeKBGkmeVQ8RCIJ0p5+7RMZlfekORUPqObQ7i8Pq 0/6mxUsp2k0oI1xcNzdGcBdQ2gU7mmgnvpZ6APm10Zr5UoD+Pj+TFfG1f9paDWLndbr9 Xyzxldxu9CsTja79FKePlwegHEpfw0bKUfJjsK4gYPRfr/oXGZo50oj2VAUaTFJKjGzP ObKw== X-Gm-Message-State: AOJu0YxDh2c6uSFwBjTKo8hIOr+xa9iyQPEABalRubUkvyo4BK64W4HN 7VGFNgxgReLSNrOM28+GgT0zeJ7nThK1GRRu8CywbK/MudLPneRKpneElhTsXRIKBap8uClW7d4 3 X-Google-Smtp-Source: AGHT+IEbdK744XXhrlJcxFxeDZrQPfljxVuMN4e8K4haN25M0sKKFUd2CiSj8EwrGzadWU7WEcdllw== X-Received: by 2002:a25:6b41:0:b0:dbf:487b:1fe7 with SMTP id o1-20020a256b41000000b00dbf487b1fe7mr829396ybm.17.1706116762887; Wed, 24 Jan 2024 09:19:22 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id a5-20020a5b0905000000b00dc256eab936sm2881000ybq.52.2024.01.24.09.19.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:22 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 01/52] fscrypt: add per-extent encryption support Date: Wed, 24 Jan 2024 12:18:23 -0500 Message-ID: <37c2237bf485e44b0c813716f9506413026ce6dc.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This adds the code necessary for per-extent encryption. We will store a nonce for every extent we create, and then use the inode's policy and the extents nonce to derive a per-extent key. This is meant to be flexible, if we choose to expand the on-disk extent information in the future we have a version number we can use to change what exists on disk. The file system indicates it wants to use per-extent encryption by setting s_cop->has_per_extent_encryption. This also requires the use of inline block encryption. The support is relatively straightforward, the only "extra" bit is we're deriving a per-extent key to use for the encryption, the inode still controls the policy and access to the master key. Since extent based encryption uses a lot of keys, we're requiring the use of inline block crypto if you use extent-based encryption. This enables us to take advantage of the built in pooling and reclamation of the crypto structures that underpin all of the encryption. The different encryption related options for fscrypt are too numerous to support for extent based encryption. Support for a few of these options could possibly be added, but since they're niche options simply reject them for file systems using extent based encryption. Signed-off-by: Josef Bacik --- fs/crypto/crypto.c | 10 ++- fs/crypto/fscrypt_private.h | 42 +++++++++ fs/crypto/inline_crypt.c | 74 ++++++++++++++++ fs/crypto/keysetup.c | 166 ++++++++++++++++++++++++++++++++++++ fs/crypto/policy.c | 47 ++++++++++ include/linux/fscrypt.h | 67 +++++++++++++++ 6 files changed, 405 insertions(+), 1 deletion(-) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index 328470d40dec..18bd96b9db4e 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -40,6 +40,7 @@ static struct workqueue_struct *fscrypt_read_workqueue; static DEFINE_MUTEX(fscrypt_init_mutex); struct kmem_cache *fscrypt_inode_info_cachep; +struct kmem_cache *fscrypt_extent_info_cachep; void fscrypt_enqueue_decrypt_work(struct work_struct *work) { @@ -414,12 +415,19 @@ static int __init fscrypt_init(void) if (!fscrypt_inode_info_cachep) goto fail_free_queue; + fscrypt_extent_info_cachep = KMEM_CACHE(fscrypt_extent_info, + SLAB_RECLAIM_ACCOUNT); + if (!fscrypt_extent_info_cachep) + goto fail_free_inode_info; + err = fscrypt_init_keyring(); if (err) - goto fail_free_inode_info; + goto fail_free_extent_info; return 0; +fail_free_extent_info: + kmem_cache_destroy(fscrypt_extent_info_cachep); fail_free_inode_info: kmem_cache_destroy(fscrypt_inode_info_cachep); fail_free_queue: diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 1892356cf924..b9d04754986d 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -30,6 +30,8 @@ #define FSCRYPT_CONTEXT_V1 1 #define FSCRYPT_CONTEXT_V2 2 +#define FSCRYPT_EXTENT_CONTEXT_V1 1 + /* Keep this in sync with include/uapi/linux/fscrypt.h */ #define FSCRYPT_MODE_MAX FSCRYPT_MODE_AES_256_HCTR2 @@ -53,6 +55,25 @@ struct fscrypt_context_v2 { u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; }; +/* + * fscrypt_extent_context - the encryption context of an extent + * + * This is the on-disk information stored for an extent. The nonce is used as a + * KDF input in conjuction with the inode context to derive a per-extent key for + * encryption. + * + * With the current implementation, master_key_identifier and encryption mode + * must match the inode context. These are here for future expansion where we + * may want the option of mixing different keys and encryption modes for the + * same file. + */ +struct fscrypt_extent_context { + u8 version; /* FSCRYPT_EXTENT_CONTEXT_V1 */ + u8 encryption_mode; + u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]; + u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; +}; + /* * fscrypt_context - the encryption context of an inode * @@ -288,6 +309,25 @@ struct fscrypt_inode_info { u32 ci_hashed_ino; }; +/* + * fscrypt_extent_info - the "encryption key" for an extent. + * + * This contains the derived key for the given extent and the nonce for the + * extent. + */ +struct fscrypt_extent_info { + refcount_t refs; + + /* The derived key for this extent. */ + struct fscrypt_prepared_key prep_key; + + /* The super block that this extent belongs to. */ + struct super_block *sb; + + /* This is the extent's nonce, loaded from the fscrypt_extent_context */ + u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; +}; + typedef enum { FS_DECRYPT = 0, FS_ENCRYPT, @@ -295,6 +335,7 @@ typedef enum { /* crypto.c */ extern struct kmem_cache *fscrypt_inode_info_cachep; +extern struct kmem_cache *fscrypt_extent_info_cachep; int fscrypt_initialize(struct super_block *sb); int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci, fscrypt_direction_t rw, u64 index, @@ -365,6 +406,7 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key, #define HKDF_CONTEXT_DIRHASH_KEY 5 /* info=file_nonce */ #define HKDF_CONTEXT_IV_INO_LBLK_32_KEY 6 /* info=mode_num||fs_uuid */ #define HKDF_CONTEXT_INODE_HASH_KEY 7 /* info= */ +#define HKDF_CONTEXT_PER_EXTENT_ENC_KEY 8 /* info=extent_nonce */ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context, const u8 *info, unsigned int infolen, diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index b4002aea7cdb..50294cece233 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -279,6 +279,34 @@ void fscrypt_set_bio_crypt_ctx(struct bio *bio, const struct inode *inode, } EXPORT_SYMBOL_GPL(fscrypt_set_bio_crypt_ctx); +/** + * fscrypt_set_bio_crypt_ctx_from_extent() - prepare a file contents bio for + * inline crypto with extent + * encryption + * @bio: a bio which will eventually be submitted to the file + * @ei: the extent's crypto info + * @first_lblk: the first file logical block number in the I/O + * @gfp_mask: memory allocation flags - these must be a waiting mask so that + * bio_crypt_set_ctx can't fail. + * + * If the contents of the file should be encrypted (or decrypted) with inline + * encryption, then assign the appropriate encryption context to the bio. + * + * Normally the bio should be newly allocated (i.e. no pages added yet), as + * otherwise fscrypt_mergeable_bio() won't work as intended. + * + * The encryption context will be freed automatically when the bio is freed. + */ +void fscrypt_set_bio_crypt_ctx_from_extent(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 first_lblk, gfp_t gfp_mask) +{ + u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE] = { first_lblk }; + + bio_crypt_set_ctx(bio, ei->prep_key.blk_key, dun, gfp_mask); +} +EXPORT_SYMBOL_GPL(fscrypt_set_bio_crypt_ctx_from_extent); + /* Extract the inode and logical block number from a buffer_head. */ static bool bh_get_inode_and_lblk_num(const struct buffer_head *bh, const struct inode **inode_ret, @@ -370,6 +398,52 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio); +/** + * fscrypt_mergeable_extent_bio() - test whether data can be added to a bio + * @bio: the bio being built up + * @ei: the fscrypt_extent_info for this extent + * @next_lblk: the next file logical block number in the I/O + * + * When building a bio which may contain data which should undergo inline + * encryption (or decryption) via fscrypt, filesystems should call this function + * to ensure that the resulting bio contains only contiguous data unit numbers. + * This will return false if the next part of the I/O cannot be merged with the + * bio because either the encryption key would be different or the encryption + * data unit numbers would be discontiguous. + * + * fscrypt_set_bio_crypt_ctx_from_extent() must have already been called on the + * bio. + * + * This function isn't required in cases where crypto-mergeability is ensured in + * another way, such as I/O targeting only a single file (and thus a single key) + * combined with fscrypt_limit_io_blocks() to ensure DUN contiguity. + * + * Return: true iff the I/O is mergeable + */ +bool fscrypt_mergeable_extent_bio(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 next_lblk) +{ + const struct bio_crypt_ctx *bc = bio->bi_crypt_context; + u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE] = { next_lblk }; + + if (!ei) + return true; + if (!bc) + return true; + + /* + * Comparing the key pointers is good enough, as all I/O for each key + * uses the same pointer. I.e., there's currently no need to support + * merging requests where the keys are the same but the pointers differ. + */ + if (bc->bc_key != ei->prep_key.blk_key) + return false; + + return bio_crypt_dun_is_contiguous(bc, bio->bi_iter.bi_size, next_dun); +} +EXPORT_SYMBOL_GPL(fscrypt_mergeable_extent_bio); + /** * fscrypt_mergeable_bio_bh() - test whether data can be added to a bio * @bio: the bio being built up diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index d71f7c799e79..5268dc54f7f2 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -812,3 +812,169 @@ int fscrypt_drop_inode(struct inode *inode) return !READ_ONCE(ci->ci_master_key->mk_present); } EXPORT_SYMBOL_GPL(fscrypt_drop_inode); + +static struct fscrypt_extent_info * +setup_extent_info(struct inode *inode, const u8 nonce[FSCRYPT_FILE_NONCE_SIZE]) +{ + struct fscrypt_extent_info *ei; + struct fscrypt_inode_info *ci; + struct fscrypt_master_key *mk; + u8 derived_key[FSCRYPT_MAX_KEY_SIZE]; + int err; + + ci = inode->i_crypt_info; + mk = ci->ci_master_key; + if (WARN_ON_ONCE(!mk)) + return ERR_PTR(-ENOKEY); + + ei = kmem_cache_zalloc(fscrypt_extent_info_cachep, GFP_KERNEL); + if (!ei) + return ERR_PTR(-ENOMEM); + + refcount_set(&ei->refs, 1); + memcpy(ei->nonce, nonce, FSCRYPT_FILE_NONCE_SIZE); + ei->sb = inode->i_sb; + + down_read(&mk->mk_sem); + /* + * We specifically don't check ->mk_present here because if the inode is + * open and has a reference on the master key then it should be + * available for us to use. + */ + err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, + HKDF_CONTEXT_PER_EXTENT_ENC_KEY, ei->nonce, + FSCRYPT_FILE_NONCE_SIZE, derived_key, + ci->ci_mode->keysize); + if (err) + goto out_free; + + err = fscrypt_prepare_inline_crypt_key(&ei->prep_key, derived_key, ci); + memzero_explicit(derived_key, ci->ci_mode->keysize); + if (err) + goto out_free; + up_read(&mk->mk_sem); + return ei; +out_free: + up_read(&mk->mk_sem); + memzero_explicit(ei, sizeof(*ei)); + kmem_cache_free(fscrypt_extent_info_cachep, ei); + return ERR_PTR(err); +} + +/** + * fscrypt_prepare_new_extent() - prepare to create a new extent for a file + * @inode: the possibly-encrypted inode + * + * If the inode is encrypted, setup the fscrypt_extent_info for a new extent. + * This will include the nonce and the derived key necessary for the extent to + * be encrypted. This is only meant to be used with inline crypto and on inodes + * that need their contents encrypted. + * + * This doesn't persist the new extents encryption context, this is done later + * by calling fscrypt_set_extent_context(). + * + * Return: The newly allocated fscrypt_extent_info on success, -EOPNOTSUPP if + * we're not encrypted, or another -errno code + */ +struct fscrypt_extent_info *fscrypt_prepare_new_extent(struct inode *inode) +{ + u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; + + if (WARN_ON_ONCE(!inode->i_crypt_info)) + return ERR_PTR(-EOPNOTSUPP); + if (WARN_ON_ONCE(!fscrypt_inode_uses_inline_crypto(inode))) + return ERR_PTR(-EOPNOTSUPP); + + get_random_bytes(nonce, FSCRYPT_FILE_NONCE_SIZE); + return setup_extent_info(inode, nonce); +} +EXPORT_SYMBOL_GPL(fscrypt_prepare_new_extent); + +/** + * fscrypt_load_extent_info() - create an fscrypt_extent_info from the context + * @inode: the inode + * @ctx: the context buffer + * @ctx_size: the size of the context buffer + * + * Create the fscrypt_extent_info and derive the key based on the + * fscrypt_extent_context buffer that is provided. + * + * Return: The newly allocated fscrypt_extent_info on success, -EOPNOTSUPP if + * we're not encrypted, or another -errno code + */ +struct fscrypt_extent_info *fscrypt_load_extent_info(struct inode *inode, + u8 *ctx, size_t ctx_size) +{ + struct fscrypt_extent_context extent_ctx; + const struct fscrypt_inode_info *ci = inode->i_crypt_info; + const struct fscrypt_policy_v2 *policy = &ci->ci_policy.v2; + + if (WARN_ON_ONCE(!ci)) + return ERR_PTR(-EOPNOTSUPP); + if (WARN_ON_ONCE(!fscrypt_inode_uses_inline_crypto(inode))) + return ERR_PTR(-EOPNOTSUPP); + if (ctx_size < sizeof(extent_ctx)) + return ERR_PTR(-EINVAL); + + memcpy(&extent_ctx, ctx, sizeof(extent_ctx)); + + if (extent_ctx.version != FSCRYPT_EXTENT_CONTEXT_V1) { + fscrypt_warn(inode, "Invalid extent encryption context version"); + return ERR_PTR(-EINVAL); + } + + /* + * For now we need to validate that the master key and the encryption + * mode matches what is in the inode. + */ + if (memcmp(extent_ctx.master_key_identifier, + policy->master_key_identifier, + sizeof(extent_ctx.master_key_identifier))) { + fscrypt_warn(inode, "Mismatching master key identifier"); + return ERR_PTR(-EINVAL); + } + + if (extent_ctx.encryption_mode != policy->contents_encryption_mode) { + fscrypt_warn(inode, "Mismatching encryption mode"); + return ERR_PTR(-EINVAL); + } + + return setup_extent_info(inode, extent_ctx.nonce); +} +EXPORT_SYMBOL_GPL(fscrypt_load_extent_info); + +/** + * fscrypt_put_extent_info() - put a reference to a fscrypt_extent_info + * @ei: the fscrypt_extent_info being put or NULL. + * + * Drop a reference and possibly free the fscrypt_extent_info. + * + * Might sleep, since this may call blk_crypto_evict_key() which can sleep. + */ +void fscrypt_put_extent_info(struct fscrypt_extent_info *ei) +{ + if (ei && refcount_dec_and_test(&ei->refs)) { + fscrypt_destroy_prepared_key(ei->sb, &ei->prep_key); + memzero_explicit(ei, sizeof(*ei)); + kmem_cache_free(fscrypt_extent_info_cachep, ei); + } +} +EXPORT_SYMBOL_GPL(fscrypt_put_extent_info); + +/** + * fscrypt_get_extent_info() - get a reference to a fscrypt_extent_info + * @ei: the extent_info to get. + * + * Get a reference on the fscrypt_extent_info. This is useful for file systems + * that need to pass the fscrypt_extent_info through various other structures to + * make lifetime tracking simpler. + * + * Return: the ei with an extra ref, NULL if ei was NULL. + */ +struct fscrypt_extent_info *fscrypt_get_extent_info(struct fscrypt_extent_info *ei) +{ + if (ei) + refcount_inc(&ei->refs); + return ei; +} +EXPORT_SYMBOL_GPL(fscrypt_get_extent_info); diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index 701259991277..dadfa880a291 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -209,6 +209,12 @@ static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, return false; } + if (inode->i_sb->s_cop->has_per_extent_encryption) { + fscrypt_warn(inode, + "v1 policies aren't supported on file systems that use extent encryption"); + return false; + } + return true; } @@ -238,6 +244,11 @@ static bool fscrypt_supported_v2_policy(const struct fscrypt_policy_v2 *policy, count += !!(policy->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64); count += !!(policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32); + if (count > 0 && inode->i_sb->s_cop->has_per_extent_encryption) { + fscrypt_warn(inode, + "Encryption flags aren't supported on file systems that use extent encryption"); + return false; + } if (count > 1) { fscrypt_warn(inode, "Mutually exclusive encryption flags (0x%02x)", policy->flags); @@ -789,6 +800,42 @@ int fscrypt_set_context(struct inode *inode, void *fs_data) } EXPORT_SYMBOL_GPL(fscrypt_set_context); +/** + * fscrypt_set_extent_context() - Set the fscrypt extent context of a new extent + * @inode: the inode this extent belongs to + * @ei: the fscrypt_extent_info for the given extent + * @buf: the buffer to copy the fscrypt extent context into + * + * This should be called after fscrypt_prepare_new_extent(), using the + * fscrypt_extent_info that was created at that point. + * + * buf must be at most FSCRYPT_SET_CONTEXT_MAX_SIZE. + * + * Return: the size of the fscrypt_extent_context, errno if the inode has the + * wrong policy version. + */ +ssize_t fscrypt_context_for_new_extent(struct inode *inode, + struct fscrypt_extent_info *ei, u8 *buf) +{ + struct fscrypt_extent_context *ctx = (struct fscrypt_extent_context *)buf; + const struct fscrypt_inode_info *ci = inode->i_crypt_info; + + BUILD_BUG_ON(sizeof(struct fscrypt_extent_context) > + FSCRYPT_SET_CONTEXT_MAX_SIZE); + + if (WARN_ON_ONCE(ci->ci_policy.version != 2)) + return -EINVAL; + + ctx->version = FSCRYPT_EXTENT_CONTEXT_V1; + ctx->encryption_mode = ci->ci_policy.v2.contents_encryption_mode; + memcpy(ctx->master_key_identifier, + ci->ci_policy.v2.master_key_identifier, + sizeof(ctx->master_key_identifier)); + memcpy(ctx->nonce, ei->nonce, FSCRYPT_FILE_NONCE_SIZE); + return sizeof(struct fscrypt_extent_context); +} +EXPORT_SYMBOL_GPL(fscrypt_context_for_new_extent); + /** * fscrypt_parse_test_dummy_encryption() - parse the test_dummy_encryption mount option * @param: the mount option diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 12f9e455d569..4b3916d76dc7 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -32,6 +32,7 @@ union fscrypt_policy; struct fscrypt_inode_info; +struct fscrypt_extent_info; struct fs_parameter; struct seq_file; @@ -97,6 +98,14 @@ struct fscrypt_operations { */ unsigned int supports_subblock_data_units : 1; + /* + * If set then extent based encryption will be used for this file + * system, and fs/crypto/ will enforce limits on the policies that are + * allowed to be chosen. Currently this means only plain v2 policies + * are supported. + */ + unsigned int has_per_extent_encryption : 1; + /* * This field exists only for backwards compatibility reasons and should * only be set by the filesystems that are setting it already. It @@ -308,6 +317,8 @@ int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); int fscrypt_context_for_new_inode(void *ctx, struct inode *inode); int fscrypt_set_context(struct inode *inode, void *fs_data); +ssize_t fscrypt_context_for_new_extent(struct inode *inode, + struct fscrypt_extent_info *ei, u8 *buf); struct fscrypt_dummy_policy { const union fscrypt_policy *policy; @@ -344,6 +355,11 @@ int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode, void fscrypt_put_encryption_info(struct inode *inode); void fscrypt_free_inode(struct inode *inode); int fscrypt_drop_inode(struct inode *inode); +struct fscrypt_extent_info *fscrypt_prepare_new_extent(struct inode *inode); +void fscrypt_put_extent_info(struct fscrypt_extent_info *ei); +struct fscrypt_extent_info *fscrypt_get_extent_info(struct fscrypt_extent_info *ei); +struct fscrypt_extent_info *fscrypt_load_extent_info(struct inode *inode, + u8 *ctx, size_t ctx_size); /* fname.c */ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname, @@ -555,6 +571,24 @@ fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy) { } +static inline ssize_t +fscrypt_context_for_new_extent(struct inode *inode, struct fscrypt_extent_info *ei, + u8 *buf) +{ + return -EOPNOTSUPP; +} + +static inline struct fscrypt_extent_info * +fscrypt_load_extent_info(struct inode *inode, u8 *ctx, size_t ctx_size) +{ + return ERR_PTR(-EOPNOTSUPP); +} + +static inline size_t fscrypt_extent_context_size(struct inode *inode) +{ + return 0; +} + /* keyring.c */ static inline void fscrypt_destroy_keyring(struct super_block *sb) { @@ -607,6 +641,20 @@ static inline int fscrypt_drop_inode(struct inode *inode) return 0; } +static inline struct fscrypt_extent_info * +fscrypt_prepare_new_extent(struct inode *inode) +{ + return ERR_PTR(-EOPNOTSUPP); +} + +static inline void fscrypt_put_extent_info(struct fscrypt_extent_info *ei) { } + +static inline struct fscrypt_extent_info * +fscrypt_get_extent_info(struct fscrypt_extent_info *ei) +{ + return ei; +} + /* fname.c */ static inline int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, @@ -788,6 +836,10 @@ void fscrypt_set_bio_crypt_ctx(struct bio *bio, const struct inode *inode, u64 first_lblk, gfp_t gfp_mask); +void fscrypt_set_bio_crypt_ctx_from_extent(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 first_lblk, gfp_t gfp_mask); + void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio, const struct buffer_head *first_bh, gfp_t gfp_mask); @@ -798,6 +850,10 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_mergeable_extent_bio(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 next_lblk); + bool fscrypt_dio_supported(struct inode *inode); u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks); @@ -813,6 +869,10 @@ static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio, const struct inode *inode, u64 first_lblk, gfp_t gfp_mask) { } +static inline void fscrypt_set_bio_crypt_ctx_from_extent(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 first_lblk, gfp_t gfp_mask) { } + static inline void fscrypt_set_bio_crypt_ctx_bh( struct bio *bio, const struct buffer_head *first_bh, @@ -825,6 +885,13 @@ static inline bool fscrypt_mergeable_bio(struct bio *bio, return true; } +static inline bool fscrypt_mergeable_extent_bio(struct bio *bio, + const struct fscrypt_extent_info *ei, + u64 next_lblk) +{ + return true; +} + static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh) { From patchwork Wed Jan 24 17:18:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529448 Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF9987E781 for ; Wed, 24 Jan 2024 17:19:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116766; cv=none; b=pBE2wg5yz+uGeIbjMLbBkNY61ZX4q4whmL96t587H/nqmxm+mBeYIgnppC7wr9lggFCe4U0i17JXWaS88q5D0huPPuOucKvMqI9ol6Cyl4Xuqluol4FsSYEOq/0BFLkjoR5jPiUS8chUrmYdIE4V9pxAT+z7PndgHOsKXkwt8WI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116766; c=relaxed/simple; bh=ekMpzHwQIrCuGBB2Zq2BvYOSsjtqURynD2EbscpeJ/4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ANeE0ZGJYvVAZGAo7LaZSIX5zd+HBhc79mvO+MtMnRXztNjvRIPk58hu3jchJz8Vwy8F6MuWNZ+KURjMqu1pUQh2UgcIwj4hDycgNNvfNOOTBNpD+d2uHpfSIIgaf/b+c82vti06q9OzGeD205CxjZc5xKZ2LAG6NtKQUajRJWA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=ohtvNq7X; arc=none smtp.client-ip=209.85.128.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="ohtvNq7X" Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-5f69383e653so56933247b3.1 for ; Wed, 24 Jan 2024 09:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116764; x=1706721564; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dux0do5jDp6Yi0VHeyOod1beQ1gQTM0o+sZNmEB04qE=; b=ohtvNq7XOoDxp8APbRVl47ve3p3lnBVwoz2BajAA5lAN1D81heCR/PXEk7zHnIG7Px JewKeqpIUgyWveOYHn9pQvXIMEtE1/ALL5ZArjYsGmHNhNrHSm45+cwiJJrJNyNukGmH VPR5ajR0Vv2e4Ib498V3iry0r8sbEAWzULLPH7f8l0fiBXeUvLN1sIH96SdyTJ+JFqqE phiqNg77iBgg8LNnc4ZvOa+VQZMS69FcZcSP7Wpl73+FcE+wBkgQ3Hp1n82EZ6GclzHK 13gOqRsbwvtgRie1eGplaPZ5B9+p05KDzdDvEnxHns4eqbmDWNGu8PRA94/MjhuqT6I+ BWcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116764; x=1706721564; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dux0do5jDp6Yi0VHeyOod1beQ1gQTM0o+sZNmEB04qE=; b=CQGjSn31oA2FIp8cmkvHJV24vP816Z25lxkI/WVsaHyL8UsrTA0itf+1wXJ+FiRIc7 hnLDNx4uqJrEs1f5X4EgmE8/dS93dn5277pSJLbYg/tz+hUmVva/74ZBZyYXoSt0Ka55 /QAHM6/Hbq4eJ9JPPeZobqQpoC98ITDfh5N/ZaOKIuGmfTGZuEG+jcwlYQJzBaS7wClA 8vFsNykxuoduDZErCNA1eeBQfIUgojrg4LJFiSWhMa31HgKWGHRp5doyW/qchgUqk4Ef cjTC3TIOs8fgq9c6hg5sUkxDv9UYxqOqOrFsswQG2AUNBQMupsBVbQHs/HR7lOjmQtTA QIIw== X-Gm-Message-State: AOJu0Yys0LXBwlYRpy0+gHx8UtJldBN177fnDkbaPzA1DN8JXEAFT+8h pNcv8zDy+BGmGL+bzJJu1VX99PxQKbDNNPCUb7aIlfx/gV29PDGXes2CiTiP1OigjIh5bENnbNu 5 X-Google-Smtp-Source: AGHT+IGoLzUK5UGIfX9LNbzYVNLRK9w0LFtpbB3+ls8PeiPGF8dj7iMpwSvPEyEjVyl5diiUPJdwfQ== X-Received: by 2002:a81:c24b:0:b0:602:9eb8:1b20 with SMTP id t11-20020a81c24b000000b006029eb81b20mr1037675ywg.64.1706116763794; Wed, 24 Jan 2024 09:19:23 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id a72-20020a0dd84b000000b005ffe2119b63sm65034ywe.48.2024.01.24.09.19.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:23 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 02/52] fscrypt: allow inline encryption for extent based encryption Date: Wed, 24 Jan 2024 12:18:24 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Instead of requiring -o inlinecrypt to enable inline encryption, allow having s_cop->has_per_extent_encryption to indicate that this file system supports inline encryption. Signed-off-by: Josef Bacik --- fs/crypto/inline_crypt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 50294cece233..c64ef93b6157 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -106,8 +106,11 @@ int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci) if (ci->ci_mode->blk_crypto_mode == BLK_ENCRYPTION_MODE_INVALID) return 0; - /* The filesystem must be mounted with -o inlinecrypt */ - if (!(sb->s_flags & SB_INLINECRYPT)) + /* + * The filesystem must be mounted with -o inlinecrypt or have + * has_per_extent_encryption enabled. + */ + if (!(sb->s_flags & SB_INLINECRYPT) && !sb->s_cop->has_per_extent_encryption) return 0; /* From patchwork Wed Jan 24 17:18:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529450 Received: from mail-yw1-f171.google.com (mail-yw1-f171.google.com [209.85.128.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 042817E79D for ; Wed, 24 Jan 2024 17:19:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116767; cv=none; b=uF2aghdiBVW7+v8frPJX3N9cNri6lS/yWo+d6iROVnGYiYbqq5nkPpbv/4k/mjr+lCGIEO+19UInon9XCkU5EH3NLSO0js3iDOkoE5KOkzKksX72FpO4OyCoYdrxes6+X36Ucy+ySII5diwV3JIuHMClkcw6URIcljyUdyFKkSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116767; c=relaxed/simple; bh=eZne7HqhhXiufV0PXcYC5it68SFKId/5gP76TZ1Lfv8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ed+XKA/kneUXh01/gJZx3IW5FXjBFOEuv64cevRVOXgXnTfBkpeGfGPRVCMb4aVgB9l5CcuHcK5LsfizPoX189NfC7vgQairI6fYvGssz6ZyGTp7AY/rrWWdyvL/4uDQSKW+ojoRgPzKjxyS45tRtacjpNtOlRAakkigz8kvb3U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=h1EsWj4R; arc=none smtp.client-ip=209.85.128.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="h1EsWj4R" Received: by mail-yw1-f171.google.com with SMTP id 00721157ae682-6002317a427so26656527b3.2 for ; Wed, 24 Jan 2024 09:19:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116765; x=1706721565; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wx2LTxH6RR4gk4E8SP8w9w53uVWI0FYojuhik/P720o=; b=h1EsWj4RlrhUjuL37js2qE2DW+7pd29NASOKE3/8o2Wb0EGf1Svl61BzyDk8vKu3zt NFZGL3wR0CBvACluMUQT4CM5MgYSQmJXR2hjggwz1UIqsaRHcBcM+d9s5fgHSBaxtdl3 iMi2p/wyiddH0D6DmBPgm7HyXQRiXHWdxp7gF+el6eCgETzyK8Gfi7m+ecbPAWok82H1 P8Alsdf4MDuFYL9xj95QBgsgY5enEWegmKNBw5MTnevZ38jayf1IKGxgFfd22Q2EFA+w Nmhsn5tevqW0Avk+t2svmulmQq6e266QR3zeB2B/VpZ2mqp+ehwaodKLh/5M7z1BAH6u +uRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116765; x=1706721565; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wx2LTxH6RR4gk4E8SP8w9w53uVWI0FYojuhik/P720o=; b=YsuUeyq6jhVQhxguMsW6wX9QJ3PQ2YBIjhu/2MIv5QohwB98/3+r2T2bQ+J1I+w8js 5jRMUVgXwp96L3gj//QWBDpFYk/t02yrzV62NjxG7VoN8ZlVQQ2dAGCx2fxoLDD5ntJ6 2lngTqnBqApjC9PApjVeba88pSxtzK/otuwC2eP01IzXtO1jwfpiWqSye2W3mF8VClvB Xrx6cNyh/shTrSVS/BlGWh7nhokITpEyRiG+GJ/YhXFqWOuZBYdI//GenO6cil2AgpSN chWg/0mSIc/wKALd5zKYQ84GMoIfT2HPCkCcW/u0sl9/MPcNe8Wm1sZtudB+kP0Ihhli PkIA== X-Gm-Message-State: AOJu0YyehQum9dnXpW4mml61AagRbsfh0bUnBnAMsO+++yPnBHe3my19 mYMz2FtRc2DN06vPmGbYu2CFPk00gricR5l0ND+td3wrQk81liuNVdObOyfIpwHu/71pkC4hbn7 / X-Google-Smtp-Source: AGHT+IExPOwNP2rbnd1p3UUmOLkDQaqosENvfi4yeTgy73JlNSkfKwZf0nlKV3ySecQw5Va/aYGowQ== X-Received: by 2002:a81:6d82:0:b0:5ff:abd5:c81b with SMTP id i124-20020a816d82000000b005ffabd5c81bmr1080496ywc.70.1706116764785; Wed, 24 Jan 2024 09:19:24 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id fr5-20020a05690c358500b005fffb25df43sm65444ywb.22.2024.01.24.09.19.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:24 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 03/52] fscrypt: add a fscrypt_inode_open helper Date: Wed, 24 Jan 2024 12:18:25 -0500 Message-ID: <4a372419c3fe6ad425e1b124c342a054e9d6db23.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We have fscrypt_file_open() which is meant to be called on files being opened so that their key is loaded when we start reading data from them. However for btrfs send we are opening the inode directly without a filp, so we need a different helper to make sure we can load the fscrypt context for the inode before reading its contents. We need a different helper as opposed to simply using fscrypt_has_permitted_context() directly because of '-o test_dummy_encryption', which allows for encrypted files to be created with !IS_ENCRYPTED set on the directory (the root directory in this case). fscrypt_file_open() already does the appropriate check where it simply doesn't call fscrypt_has_permitted_context() if the parent directory isn't marked with IS_ENCRYPTED in order to facilitate this invariant when using '-o test_dummy_encryption'. Signed-off-by: Josef Bacik --- fs/crypto/hooks.c | 46 +++++++++++++++++++++++++++++++---------- include/linux/fscrypt.h | 8 +++++++ 2 files changed, 43 insertions(+), 11 deletions(-) diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c index 52504dd478d3..6b4291d5eb44 100644 --- a/fs/crypto/hooks.c +++ b/fs/crypto/hooks.c @@ -7,6 +7,38 @@ #include "fscrypt_private.h" +/** + * __fscrypt_file_open() - prepare for filesystem-internal access to a + * possibly-encrypted regular file + * @dir: the inode for the directory via which the file is being accessed + * @inode: the inode being "opened" + * + * This is like fscrypt_file_open(), but instead of taking the 'struct file' + * being opened it takes the parent directory explicitly. This is intended for + * use cases such as "send/receive" which involve the filesystem accessing file + * contents without setting up a 'struct file'. + * + * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code + */ +int __fscrypt_file_open(struct inode *dir, struct inode *inode) +{ + int err; + + err = fscrypt_require_key(inode); + if (err) + return err; + + if (IS_ENCRYPTED(dir) && + !fscrypt_has_permitted_context(dir, inode)) { + fscrypt_warn(inode, + "Inconsistent encryption context (parent directory: %lu)", + dir->i_ino); + err = -EPERM; + } + return err; +} +EXPORT_SYMBOL_GPL(__fscrypt_file_open); + /** * fscrypt_file_open() - prepare to open a possibly-encrypted regular file * @inode: the inode being opened @@ -32,18 +64,10 @@ int fscrypt_file_open(struct inode *inode, struct file *filp) int err; struct dentry *dir; - err = fscrypt_require_key(inode); - if (err) - return err; - dir = dget_parent(file_dentry(filp)); - if (IS_ENCRYPTED(d_inode(dir)) && - !fscrypt_has_permitted_context(d_inode(dir), inode)) { - fscrypt_warn(inode, - "Inconsistent encryption context (parent directory: %lu)", - d_inode(dir)->i_ino); - err = -EPERM; - } + + err = __fscrypt_file_open(d_inode(dir), inode); + dput(dir); return err; } diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 4b3916d76dc7..22211f87e7be 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -393,6 +393,7 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, /* hooks.c */ int fscrypt_file_open(struct inode *inode, struct file *filp); +int __fscrypt_file_open(struct inode *dir, struct inode *inode); int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, struct dentry *dentry); int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, @@ -737,6 +738,13 @@ static inline int fscrypt_file_open(struct inode *inode, struct file *filp) return 0; } +static inline int __fscrypt_file_open(struct inode *dir, struct inode *inode) +{ + if (IS_ENCRYPTED(inode)) + return -EOPNOTSUPP; + return 0; +} + static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, struct dentry *dentry) { From patchwork Wed Jan 24 17:18:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529451 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04D947F7F7 for ; Wed, 24 Jan 2024 17:19:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116768; cv=none; b=h6dmdHG16glzXYXF0dmhJ/+UfL+Vng2QFgliDzuGez0scdQCqCr6H7+e2qjACUIFCBkJSacNofCw3OHq9kEnm4047rELeGn3kCiFQBtYuEhTsdk2YhOrIRaY/RsW8H98Be6sAnsOBgW1BkeyUf7N8K1pZ+pTSRUDriUwRF/2qfQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116768; c=relaxed/simple; bh=fsTRPzPPNtADwe6bMkzvE0XnuvVM4nS8InZWr6g3/kw=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=adbt/Z94f/Fn+p7GNNaEwCaiSabetI7jUifnKMTMZDqHyGoA0SiCwfKafSqPWQcm9QozrrRCHYDWiTGZGoJ5ZFf4FeZrtEJIBW6rJC+WWQvDIAt4Qm5ohijrUnLb0fD9o3VW/A1YEV2oRQp1v7sTJBndRznC7qtWD8GGN2OkwuM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=YAdKCVoh; arc=none smtp.client-ip=209.85.128.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="YAdKCVoh" Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-5ffcb478512so29554247b3.0 for ; Wed, 24 Jan 2024 09:19:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116766; x=1706721566; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=czRmVICY/IIfuBtDU4yq6xRU3DL72lqTeE0pFRDLv1I=; b=YAdKCVohh8p+cHBK2gWx8hNHN8ocDz0TgE4YcI/dEGrHXOkt0Xe+huehEEbJgkjuk/ cM9nDcbKQ1o+hxODzLGAv8PdINK0duCxxAl1Mz3CeqR3etn0HRpl8S719dfPD+GhqaHp IWlZObR0hRCydHyIGMRDZqSyiFTkCofJb3Sb9pPRf+r0B++ltBDeHBDF62xU9ry4Zw97 j1ev1hBUpJ5QfSJcXwdhyHs6fKO8mceELpQPAwInvHAAKxUSThgK3jGfMDr8w5XhaB4X hjkaBZ8jTvR8+i/JTxxTYNX51THk1r541Kc+xLOd+s1BV6FYVyqX/pAqguscVpUlqCQb RIrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116766; x=1706721566; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=czRmVICY/IIfuBtDU4yq6xRU3DL72lqTeE0pFRDLv1I=; b=aXurbZxklyLZmwZhln4r9bM18KWDPZDXgjRYB+zE/kQ6yw1EqtRXZytjfGcXbXP7a3 0gdtAkGFVVDfRrHt7VQQT1bkp/R+tu1nm95ngpLxdKumkT60Nd2j0KQg2qZbDvHJnouL 61FsYvdSsjLz3bmZKfAQbhNbMqul8Q0NGrgyRnS5JwncmbRhGSfWdp23qxf1wXjYQhoL 3aSJMF9xKJlAkJ2Ax6QU6W1kslSzsTNtqzWInqZe6gqXWvnFEB51J7ahkS9S2pkpHSqp OtJRmdRRibedTfbGgjIfQY7qJtxLYYFdojJ7Z9IyP1eaIUm/kfI6000mqMpBpOFloKRO vAtQ== X-Gm-Message-State: AOJu0YzD4IKWrkcBzXKtSA5WGN4EHvB9EEFbXQCRviCMEmZDI8LNM44C QCkDU02oX8aZ467jcck8W49/ektECf7QhFAfsXwvEEiHp4gDASfhLXK5OEUCgYXRNGWOWck0wfj z X-Google-Smtp-Source: AGHT+IG2q3uIfW5neemMIBAqY88UPjOUEqnpc2G0Gyg9+doF+gvEIMsSFkHq5TcvedBXp6RkUyxckw== X-Received: by 2002:a81:ca50:0:b0:602:a429:72d2 with SMTP id y16-20020a81ca50000000b00602a42972d2mr745366ywk.22.1706116765784; Wed, 24 Jan 2024 09:19:25 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cd8-20020a05690c088800b005ffd0571b06sm66013ywb.4.2024.01.24.09.19.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:25 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 04/52] fscrypt: conditionally don't wipe mk secret until the last active user is done Date: Wed, 24 Jan 2024 12:18:26 -0500 Message-ID: <5f28e46ce99d918a16f5bf4d8190870d0fffefc4.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Previously we were wiping the master key secret when we do FS_IOC_REMOVE_ENCRYPTION_KEY, and then using the fact that it was cleared as the mechanism from keeping new users from being setup. This works with inode based encryption, as the per-inode key is derived at setup time, so the secret disappearing doesn't affect any currently open files from being able to continue working. However for extent based encryption we do our key derivation at page writeout and readpage time, which means we need the master key secret to be available while we still have our file open. Since the master key lifetime is controlled by a flag, move the clearing of the secret to the mk_active_users cleanup stage if we have extent based encryption enabled on this super block. This counter represents the actively open files that still exist on the file system, and thus should still be able to operate normally. Once the last user is closed we can clear the secret. Until then no new users are allowed, and this allows currently open files to continue to operate until they're closed. Signed-off-by: Josef Bacik --- fs/crypto/keyring.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index 0edf0b58daa7..b38b72544453 100644 --- a/fs/crypto/keyring.c +++ b/fs/crypto/keyring.c @@ -105,6 +105,14 @@ void fscrypt_put_master_key_activeref(struct super_block *sb, WARN_ON_ONCE(mk->mk_present); WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes)); + /* We can't wipe the master key secret until the last activeref is + * dropped on the master key with per-extent encryption since the key + * derivation continues to happen as long as there are active refs. + * Wipe it here now that we're done using it. + */ + if (sb->s_cop->has_per_extent_encryption) + wipe_master_key_secret(&mk->mk_secret); + for (i = 0; i <= FSCRYPT_MODE_MAX; i++) { fscrypt_destroy_prepared_key( sb, &mk->mk_direct_keys[i]); @@ -129,7 +137,15 @@ static void fscrypt_initiate_key_removal(struct super_block *sb, struct fscrypt_master_key *mk) { WRITE_ONCE(mk->mk_present, false); - wipe_master_key_secret(&mk->mk_secret); + + /* + * Per-extent encryption requires the master key to stick around until + * writeout has completed as we derive the per-extent keys at writeout + * time. Once the activeref drops to 0 we'll wipe the master secret + * key. + */ + if (!sb->s_cop->has_per_extent_encryption) + wipe_master_key_secret(&mk->mk_secret); fscrypt_put_master_key_activeref(sb, mk); } From patchwork Wed Jan 24 17:18:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529452 Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E84057E77D for ; Wed, 24 Jan 2024 17:19:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116769; cv=none; b=bVDqYIjGyybb8Kjl+qFA0FNFPtcxjNrD2se6O/kKIVAWNVwGfpTMkjWm3gR5t8oQrPUch8GXBZDCRizYQOsXO1qzzz9wOk+zq12Tev+jPuj5YYVuAkbknXjPA51sulfC6dIoR3tRVvS1YlZX9N731OwJdzwitzRpemJnfnqE4Io= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116769; c=relaxed/simple; bh=NRtqBo1zZ9FtLyhcMXvIlgxi5Ardhc8yFVAbGYyMT3E=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mHbc7ktyKvz5F8k2m9RLHo8POxpiuj/RiHsVKUOfSA27ZUYXjG7z4VM0Ix61U7ttfxQ/GRt8yL0cRoWQNKeHk8pp9JyZfNTuStwbW3AfQo62Ty1yTJY9LSo5+9X9wpXZ6XUvchXOZOaUN4w6dGBjLBSZf/99fNFlZi5SLrcVbGc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=RrCShjNP; arc=none smtp.client-ip=209.85.128.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="RrCShjNP" Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-5f0629e67f4so60995967b3.3 for ; Wed, 24 Jan 2024 09:19:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116767; x=1706721567; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9PjmqcLEuXSOXKfkjuR746lyxkzTxGmUspoCgA9qnaM=; b=RrCShjNP8IT/DcVc8fXKuvJPHiuC+YlsYL+ob5ZsTirlxzQasIBX7b+Ao8WQt9AwrJ nuDYrNQPCu9zequf/vJlqrQxlgA3JYAmclacNw7v2iCMulxkx9SjFT5YNOaSmYqMdJ1h 0nMDP0wf/6HV2rIQlqfRT9QzfVsKz0lpXfA6mLktuLFtCZu3kP0ODafkuYsFYIPg+brS gLXzDlr71fq95xUruwyCrBnSbvkbJiVIGCciRUpsUiW9IVSvQr43gbXW5EYhv1GebX0A BICBaNTPW/9DI1gAtemvTsOAiEwlCE3mRsK5B/A1wp6m6aUa5cBswH2i07W+GAmE1FA0 xgzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116767; x=1706721567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9PjmqcLEuXSOXKfkjuR746lyxkzTxGmUspoCgA9qnaM=; b=ZoiplDBUynzUF1s7zKGaw/fZ4CspGFraiwQoTYoI1PcIwQgRbSSvYoxLcGRmeByIvt eUFj+xzAL5zPATnixcqu0t3ZRt0j8T0KVAY3HAtJEzcjqR1KZa0DmagULthdC7Ec5xWC gaaQBJxZsOrYfhBi/cPm/1uya5awTM/KyGTmEeQ7Ws91to/CsbzYzDv/Q8QnuMkM4il9 pEXEdrGEnMYeyqKATsQCRtEVsMfsPk3hWIYXGmBxaLilWEFPcQjNE3/LcFj5cWiHZPu0 qgaCdQjX/R0NmwCO9akiMMbqEsO5W+LfvHTpqTPb+qceUQavscKwHGm9/s93B/ElfyIf jzJQ== X-Gm-Message-State: AOJu0YxkL9lWky9ttTwdMHqsuPYwg7F/071bwg0UHqSMsSnnYFrK1jd0 rvpdHI6jVEd0NMDexDRuD3J1+mr3fI8KDeZ3CwhaSj0ZCou81qD/BpX0C+6GH7vd4f+KxhfcuK+ L X-Google-Smtp-Source: AGHT+IHYFFJ9HREQJtp5Rm+SZXRKC3GVkXJghExNurG2fIJDnBBysGjzfO/ZEIdNLwtTCMgX8OZkUw== X-Received: by 2002:a81:c310:0:b0:5ff:76ef:688a with SMTP id r16-20020a81c310000000b005ff76ef688amr953126ywk.61.1706116766667; Wed, 24 Jan 2024 09:19:26 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id ey1-20020a05690c300100b005ffcb4765c9sm64873ywb.28.2024.01.24.09.19.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:26 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 05/52] blk-crypto: add a process bio callback Date: Wed, 24 Jan 2024 12:18:27 -0500 Message-ID: <66c781f3b2afdf2c558efdf33a7bba8bcfe47ce7.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Btrfs does checksumming, and the checksums need to match the bytes on disk. In order to facilitate this add a process bio callback for the blk-crypto layer. This allows the file system to specify a callback and then can process the encrypted bio as necessary. For btrfs, writes will have the checksums calculated and saved into our relevant data structures for storage once the write completes. For reads we will validate the checksums match what is on disk and error out if there is a mismatch. This is incompatible with native encryption obviously, so make sure we don't use native encryption if this callback is set. Signed-off-by: Josef Bacik --- block/blk-crypto-fallback.c | 43 +++++++++++++++++++++++++++++++++++++ block/blk-crypto-internal.h | 8 +++++++ block/blk-crypto-profile.c | 2 ++ block/blk-crypto.c | 6 +++++- fs/crypto/inline_crypt.c | 2 +- include/linux/blk-crypto.h | 15 +++++++++++-- 6 files changed, 72 insertions(+), 4 deletions(-) diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c index e6468eab2681..ee0e12815a12 100644 --- a/block/blk-crypto-fallback.c +++ b/block/blk-crypto-fallback.c @@ -209,12 +209,15 @@ blk_crypto_fallback_alloc_cipher_req(struct blk_crypto_keyslot *slot, static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr) { + struct bio_crypt_ctx *bc; struct bio *bio = *bio_ptr; unsigned int i = 0; unsigned int num_sectors = 0; struct bio_vec bv; struct bvec_iter iter; + bc = bio->bi_crypt_context; + bio_for_each_segment(bv, bio, iter) { num_sectors += bv.bv_len >> SECTOR_SHIFT; if (++i == BIO_MAX_VECS) @@ -223,6 +226,16 @@ static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr) if (num_sectors < bio_sectors(bio)) { struct bio *split_bio; + /* + * We cannot split bio's that have process_bio, as they require + * the original bio. The upper layer must make sure to limit + * the submitted bio's appropriately. + */ + if (bc->bc_key->crypto_cfg.process_bio) { + bio->bi_status = BLK_STS_RESOURCE; + return false; + } + split_bio = bio_split(bio, num_sectors, GFP_NOIO, &crypto_bio_split); if (!split_bio) { @@ -346,6 +359,15 @@ static bool blk_crypto_fallback_encrypt_bio(struct bio **bio_ptr) } } + /* Process the encrypted bio before we submit it. */ + if (bc->bc_key->crypto_cfg.process_bio) { + blk_st = bc->bc_key->crypto_cfg.process_bio(src_bio, enc_bio); + if (blk_st != BLK_STS_OK) { + src_bio->bi_status = blk_st; + goto out_free_bounce_pages; + } + } + enc_bio->bi_private = src_bio; enc_bio->bi_end_io = blk_crypto_fallback_encrypt_endio; *bio_ptr = enc_bio; @@ -391,6 +413,15 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work) unsigned int i; blk_status_t blk_st; + /* Process the bio first before trying to decrypt. */ + if (bc->bc_key->crypto_cfg.process_bio) { + blk_st = bc->bc_key->crypto_cfg.process_bio(bio, bio); + if (blk_st != BLK_STS_OK) { + bio->bi_status = blk_st; + goto out_no_keyslot; + } + } + /* * Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for * this bio's algorithm and key. @@ -440,6 +471,18 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work) bio_endio(bio); } +/** + * blk_crypto_profile_is_fallback - check if this profile is the fallback + * profile + * @profile: the profile we're checking + * + * This is just a quick check to make sure @profile is the fallback profile. + */ +bool blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile) +{ + return profile == blk_crypto_fallback_profile; +} + /** * blk_crypto_fallback_decrypt_endio - queue bio for fallback decryption * diff --git a/block/blk-crypto-internal.h b/block/blk-crypto-internal.h index 93a141979694..5696d1fbda24 100644 --- a/block/blk-crypto-internal.h +++ b/block/blk-crypto-internal.h @@ -213,6 +213,8 @@ bool blk_crypto_fallback_bio_prep(struct bio **bio_ptr); int blk_crypto_fallback_evict_key(const struct blk_crypto_key *key); +bool blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile); + #else /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */ static inline int @@ -235,6 +237,12 @@ blk_crypto_fallback_evict_key(const struct blk_crypto_key *key) return 0; } +static inline bool +blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile) +{ + return false; +} + #endif /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */ #endif /* __LINUX_BLK_CRYPTO_INTERNAL_H */ diff --git a/block/blk-crypto-profile.c b/block/blk-crypto-profile.c index 7fabc883e39f..bc1acabca51b 100644 --- a/block/blk-crypto-profile.c +++ b/block/blk-crypto-profile.c @@ -352,6 +352,8 @@ bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile, return false; if (profile->max_dun_bytes_supported < cfg->dun_bytes) return false; + if (cfg->process_bio && !blk_crypto_profile_is_fallback(profile)) + return false; return true; } diff --git a/block/blk-crypto.c b/block/blk-crypto.c index 4d760b092deb..50556952df19 100644 --- a/block/blk-crypto.c +++ b/block/blk-crypto.c @@ -321,6 +321,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio, * @dun_bytes: number of bytes that will be used to specify the DUN when this * key is used * @data_unit_size: the data unit size to use for en/decryption + * @process_bio: the call back if the upper layer needs to process the encrypted + * bio * * Return: 0 on success, -errno on failure. The caller is responsible for * zeroizing both blk_key and raw_key when done with them. @@ -328,7 +330,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio, int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, enum blk_crypto_mode_num crypto_mode, unsigned int dun_bytes, - unsigned int data_unit_size) + unsigned int data_unit_size, + blk_crypto_process_bio_t process_bio) { const struct blk_crypto_mode *mode; @@ -350,6 +353,7 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, blk_key->crypto_cfg.crypto_mode = crypto_mode; blk_key->crypto_cfg.dun_bytes = dun_bytes; blk_key->crypto_cfg.data_unit_size = data_unit_size; + blk_key->crypto_cfg.process_bio = process_bio; blk_key->data_unit_size_bits = ilog2(data_unit_size); blk_key->size = mode->keysize; memcpy(blk_key->raw, raw_key, mode->keysize); diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index c64ef93b6157..52c4a24e2657 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -171,7 +171,7 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key, err = blk_crypto_init_key(blk_key, raw_key, crypto_mode, fscrypt_get_dun_bytes(ci), - 1U << ci->ci_data_unit_bits); + 1U << ci->ci_data_unit_bits, NULL); if (err) { fscrypt_err(inode, "error %d initializing blk-crypto key", err); goto fail; diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h index 5e5822c18ee4..bf7d2e85f0bf 100644 --- a/include/linux/blk-crypto.h +++ b/include/linux/blk-crypto.h @@ -6,7 +6,7 @@ #ifndef __LINUX_BLK_CRYPTO_H #define __LINUX_BLK_CRYPTO_H -#include +#include enum blk_crypto_mode_num { BLK_ENCRYPTION_MODE_INVALID, @@ -17,6 +17,14 @@ enum blk_crypto_mode_num { BLK_ENCRYPTION_MODE_MAX, }; +/* + * orig_bio must be the bio that was submitted from the upper layer as the upper + * layer could have used a specific bioset and expect the orig_bio to be from + * its bioset. + */ +typedef blk_status_t (*blk_crypto_process_bio_t)(struct bio *orig_bio, + struct bio *enc_bio); + #define BLK_CRYPTO_MAX_KEY_SIZE 64 /** * struct blk_crypto_config - an inline encryption key's crypto configuration @@ -26,11 +34,13 @@ enum blk_crypto_mode_num { * ciphertext. This is always a power of 2. It might be e.g. the * filesystem block size or the disk sector size. * @dun_bytes: the maximum number of bytes of DUN used when using this key + * @proces_bio: optional callback to process encrypted bios. */ struct blk_crypto_config { enum blk_crypto_mode_num crypto_mode; unsigned int data_unit_size; unsigned int dun_bytes; + blk_crypto_process_bio_t process_bio; }; /** @@ -90,7 +100,8 @@ bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc, int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, enum blk_crypto_mode_num crypto_mode, unsigned int dun_bytes, - unsigned int data_unit_size); + unsigned int data_unit_size, + blk_crypto_process_bio_t process_bio); int blk_crypto_start_using_key(struct block_device *bdev, const struct blk_crypto_key *key); From patchwork Wed Jan 24 17:18:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529453 Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8E5F8120E for ; Wed, 24 Jan 2024 17:19:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116770; cv=none; b=Jztzd3sXc3YkeBSSPN8/qNNAoxjPuXBRK4mI+lx6AKSnde/IcfA3i0JGMsTynltVTEQklMG2m8JOQQ46wFWO6ilG5bA9PBt1UVg454W67QXJO9zJry2IEaAz36IrQZ1WubSfHXVW17bzhjFtxalXR7oe7MiQY/Sje4YKbps7nbU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116770; c=relaxed/simple; bh=/cP3hvQ7ssw6Z0Dj3R3GpX1wEm9lki+CxQB3N65VW0A=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rdR5iurYONmn4S0UCiOTpoTU8bT0HZ96f+mmEz1pUXCk5NU5sAlkFNn21rsEzL7GTGxL5ckaYUQQip00Z7E3fxbChYHcFTUPmS44gbfLiv6NdS0sa7qkVDUprhAah4k9T8LYxnGbZH21WF4OsmyYWLTjPw2nko/W13PGrVc0bRQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=gEF6GLkk; arc=none smtp.client-ip=209.85.219.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="gEF6GLkk" Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-db3a09e96daso4986442276.3 for ; Wed, 24 Jan 2024 09:19:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116767; x=1706721567; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RFQ0e9hCGetkHNdr5YnTdx0eP/4gCHtSmlT6TIRDZYw=; b=gEF6GLkkYannpT065ImrmuGe7ZvJ0As2IMKpBfq1ZeLM1jbBviX0VxRoHp1A3y3/rX FeMo/QIJ4+De4Tj4K7qjHXQ05lObyEegskDfcCNrwd+t5pUGO4B9zJOW2jUIFm2lWEUB lXaQfldMS4sXpTzho9WkDUSvUdS8+XHDtr79SYtSBGvsxRL5yxNOtuog/dDSDq75lpwU I9gfGEHSvhiZoO4KHlEHOOL4AMjXHyvodwTiWqB4JLmk1rSecjt9Tl9bxWcl9uH02320 WAQloVDNzXsnuWbzNmOt27NZcxFUmkPQhjb9Q0+uDjqkByyaADQ6AqHDnc8hZzCk78Qh aCFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116767; x=1706721567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RFQ0e9hCGetkHNdr5YnTdx0eP/4gCHtSmlT6TIRDZYw=; b=Z4VWZQB370DwHzbdoBlwD6Ey6BYUYGbcr6kWAgyYRz3krTSB5Ppqef2MR1/vGFVZ+m mzofGX08SMbIXc43hj7HWAbGvTo6uvrzJ5wj9KLQ+V5J75PpVPWTGgnfgh2Yo2Cg/gGt JRS0VcGQRNIH2+ga9rNq1HK7XbuEg4h2qlOOLWbXqZr+6puM9hMJXoRh3/6ZzkfoamAR jb59vfghd1j/+lLJ2DJRBeEd6Skqz1ovUbkfZxIEkJTitlaaRpLMGeDMhYyhse/n0Fj6 OayNcIkjrsInFtbLp4OTOUydpwFG2ulYcHusLoQvPv/ReVPLNeudCk9dLvwnp3U8s4p/ UaDg== X-Gm-Message-State: AOJu0YzcwqQSqfs+77UoS6VfGKnz91mxiboRjdHNYoZFBpH4gXhl3vNq nUb09eJztyLKr4CCuZigVzNglwGWXBmMmijJKiySmuaYV4GDhFaV6qMesov3/1rYU8dfGA2rJjr P X-Google-Smtp-Source: AGHT+IFOSIJgorYfwjqNotdeGDlxmfy90Cbu4BNH85sILCf5Uw9ZjF0Sgm4Wt12nqSJ9/qU+mft+Dw== X-Received: by 2002:a05:6902:2082:b0:dc2:5516:c77b with SMTP id di2-20020a056902208200b00dc25516c77bmr1061615ybb.79.1706116767672; Wed, 24 Jan 2024 09:19:27 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id d82-20020a254f55000000b00dbd9eee633dsm2967630ybb.59.2024.01.24.09.19.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:27 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 06/52] fscrypt: add a process_bio hook to fscrypt_operations Date: Wed, 24 Jan 2024 12:18:28 -0500 Message-ID: <2c638e5fa1b7868dbf79d932b15364c3c30ca9de.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This will allow file systems to set a process_bio hook for inline encryption. This will be utilized by btrfs in order to make sure the checksumming work is done on the encrypted bio's. Signed-off-by: Josef Bacik --- fs/crypto/inline_crypt.c | 3 ++- include/linux/fscrypt.h | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 52c4a24e2657..b8598007b1be 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -171,7 +171,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key, err = blk_crypto_init_key(blk_key, raw_key, crypto_mode, fscrypt_get_dun_bytes(ci), - 1U << ci->ci_data_unit_bits, NULL); + 1U << ci->ci_data_unit_bits, + sb->s_cop->process_bio); if (err) { fscrypt_err(inode, "error %d initializing blk-crypto key", err); goto fail; diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 22211f87e7be..ea3033956208 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -16,6 +16,7 @@ #include #include #include +#include #include /* @@ -199,6 +200,19 @@ struct fscrypt_operations { */ struct block_device **(*get_devices)(struct super_block *sb, unsigned int *num_devs); + + /* + * A callback if the file system requires the ability to process the + * encrypted bio, used only with inline encryption. + * + * @orig_bio: the original bio submitted. + * @enc_bio: the encrypted bio. + * + * For writes the enc_bio will be different from the orig_bio, for reads + * they will be the same. For reads we get the bio before it is + * decrypted, for writes we get the bio before it is submitted. + */ + blk_crypto_process_bio_t process_bio; }; static inline struct fscrypt_inode_info * From patchwork Wed Jan 24 17:18:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529454 Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 035A481AD7 for ; Wed, 24 Jan 2024 17:19:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116771; cv=none; b=K3x+B382sx9/F9HYuL0ccecv3E56ZXXhbCN6vPNKTm6DvSxM3GD5pparuphSVeixNTACfLRmkoWz1R1X0Wic1G536Vn6XeUDMqHVhMTAHwBWFEF3DWOMt8YZcsYe2Cl2RmwhMF7FJtZrsJA1wTn01GhjCM5m8rNu6IHPrDOhSKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116771; c=relaxed/simple; bh=Uu7YV5yLr+hEql+nzXLoNu2mALbE3xnZm69CLggz7r4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UTeZXo/Nw9EARGCh5jl5J/YkQhAEAyxc0CWVwdbMFLgGX1DrEO3fkIJBL6ccbTCWWa6l0ZdjsxjKsD9j4v+YOd0P/CdBBJE2G7TkQ3Ix2BG/XWnjAXcF5ONQSrX2UhKZWpkkIMYjXXyfWOts7zx3RuNPk9MnXnFeDo+lGQcaEX0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=vEWmGDll; arc=none smtp.client-ip=209.85.219.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="vEWmGDll" Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dc25e12cc63so4734497276.0 for ; Wed, 24 Jan 2024 09:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116769; x=1706721569; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dpViKIiaU00vd91Jd8ebfAvhrj8KwHij6IqIKuBGBFs=; b=vEWmGDlls+cxq28XlcsssZVUXouHcvlekkWm39ZZ+SKsXcW2O4KQqJO/fCSLZKlzda qRk6ldHtxs4lPZdFfkdxxHvnIxTK3OnREXbuOhKfn+WZV/Uq5OaE7OHRDQdCVa3BznHN cli+qrkgL1+r+aso64kye+5I3nQqKl6tdfGGPqbpVv9sL6u7WRq6hKIcYswLoDaDr3In BP1fd4uyUNwJP2Z7zjRnvASdi4VnBsfruJrNwM+VjHpR3hsumirRJADzH03K7A0g3DVq ngsEI1dF96bc3xtEAczo7U7VvAXqNsHM7+qWJEDHYfGDiBZJ67H/Amg6u9RT7WTcGYTW yPew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116769; x=1706721569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dpViKIiaU00vd91Jd8ebfAvhrj8KwHij6IqIKuBGBFs=; b=gZ2+rCJq08c9AMrTicLme/yDtr5oS26ZVZ6W+GEfTHvmLZ5RUDIWIQ52OXtvhaM4DR Ng0nF+C9wY0CGMv77ttPe9RXGOz0m0iLaEjyWOPzlzXHxi5+bowGjDJ3R8BwjgjSGAWl W7VW0BJA8PYaDF33E+n2DHILOToLhP1loGRx6IlxBsRYDe1npIQFoyGNNq1+rhTkv6Zm caE/9aoNof4Ujld9U376RNQSbdTBr0ypKQag6eQT6E8moucaRx+8064dKfSvMoYS/nnZ PfzS7jhVcSgsl5P+EX+cSWIacfjOvrfkTVK4g6mlzDEi9Ka8KVCeKSrEMDWkNeeZIQEH GKNg== X-Gm-Message-State: AOJu0YwWz0oGofUtWf7nYzwJLNK7tappfbdAcYYB/zOEs/mb+Ii3uUc/ yJc2Y+Hl/d6x9jdw1cInhxyS6ooBmWyZHGwnfhflqXlRQFZ2Yaul4iReYNS1GRXnJt50Kwq1iUP + X-Google-Smtp-Source: AGHT+IE6+aUQj2Vu/z1LuyBy5pWU9s8FQ1RxgYLn7+HV7gzojx2HElf2LVFdGXHnSD4XDTeUfIjl9Q== X-Received: by 2002:a81:52d3:0:b0:5ff:7f14:a5af with SMTP id g202-20020a8152d3000000b005ff7f14a5afmr748320ywb.16.1706116768678; Wed, 24 Jan 2024 09:19:28 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id i5-20020a815405000000b005de8c10f283sm61461ywb.102.2024.01.24.09.19.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:28 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 07/52] fscrypt: expose fscrypt_nokey_name Date: Wed, 24 Jan 2024 12:18:29 -0500 Message-ID: <132b64edf1e6b705995fb1a6dc2f194527f6be75.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval btrfs stores its data structures, including filenames in directories, in its own buffer implementation, struct extent_buffer, composed of several non-contiguous pages. We could copy filenames into a temporary buffer and use fscrypt_match_name() against that buffer, such extensive memcpying would be expensive. Instead, exposing fscrypt_nokey_name as in this change allows btrfs to recapitulate fscrypt_match_name() using methods on struct extent_buffer instead of dealing with a raw byte array. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/crypto/fname.c | 36 ------------------------------------ include/linux/fscrypt.h | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 7b3fc189593a..3e8210036f15 100644 --- a/fs/crypto/fname.c +++ b/fs/crypto/fname.c @@ -25,42 +25,6 @@ */ #define FSCRYPT_FNAME_MIN_MSG_LEN 16 -/* - * struct fscrypt_nokey_name - identifier for directory entry when key is absent - * - * When userspace lists an encrypted directory without access to the key, the - * filesystem must present a unique "no-key name" for each filename that allows - * it to find the directory entry again if requested. Naively, that would just - * mean using the ciphertext filenames. However, since the ciphertext filenames - * can contain illegal characters ('\0' and '/'), they must be encoded in some - * way. We use base64url. But that can cause names to exceed NAME_MAX (255 - * bytes), so we also need to use a strong hash to abbreviate long names. - * - * The filesystem may also need another kind of hash, the "dirhash", to quickly - * find the directory entry. Since filesystems normally compute the dirhash - * over the on-disk filename (i.e. the ciphertext), it's not computable from - * no-key names that abbreviate the ciphertext using the strong hash to fit in - * NAME_MAX. It's also not computable if it's a keyed hash taken over the - * plaintext (but it may still be available in the on-disk directory entry); - * casefolded directories use this type of dirhash. At least in these cases, - * each no-key name must include the name's dirhash too. - * - * To meet all these requirements, we base64url-encode the following - * variable-length structure. It contains the dirhash, or 0's if the filesystem - * didn't provide one; up to 149 bytes of the ciphertext name; and for - * ciphertexts longer than 149 bytes, also the SHA-256 of the remaining bytes. - * - * This ensures that each no-key name contains everything needed to find the - * directory entry again, contains only legal characters, doesn't exceed - * NAME_MAX, is unambiguous unless there's a SHA-256 collision, and that we only - * take the performance hit of SHA-256 on very long filenames (which are rare). - */ -struct fscrypt_nokey_name { - u32 dirhash[2]; - u8 bytes[149]; - u8 sha256[SHA256_DIGEST_SIZE]; -}; /* 189 bytes => 252 bytes base64url-encoded, which is <= NAME_MAX (255) */ - /* * Decoded size of max-size no-key name, i.e. a name that was abbreviated using * the strong hash and thus includes the 'sha256' field. This isn't simply diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index ea3033956208..fc8b2156e444 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -56,6 +56,42 @@ struct fscrypt_name { #define fname_name(p) ((p)->disk_name.name) #define fname_len(p) ((p)->disk_name.len) +/* + * struct fscrypt_nokey_name - identifier for directory entry when key is absent + * + * When userspace lists an encrypted directory without access to the key, the + * filesystem must present a unique "no-key name" for each filename that allows + * it to find the directory entry again if requested. Naively, that would just + * mean using the ciphertext filenames. However, since the ciphertext filenames + * can contain illegal characters ('\0' and '/'), they must be encoded in some + * way. We use base64url. But that can cause names to exceed NAME_MAX (255 + * bytes), so we also need to use a strong hash to abbreviate long names. + * + * The filesystem may also need another kind of hash, the "dirhash", to quickly + * find the directory entry. Since filesystems normally compute the dirhash + * over the on-disk filename (i.e. the ciphertext), it's not computable from + * no-key names that abbreviate the ciphertext using the strong hash to fit in + * NAME_MAX. It's also not computable if it's a keyed hash taken over the + * plaintext (but it may still be available in the on-disk directory entry); + * casefolded directories use this type of dirhash. At least in these cases, + * each no-key name must include the name's dirhash too. + * + * To meet all these requirements, we base64url-encode the following + * variable-length structure. It contains the dirhash, or 0's if the filesystem + * didn't provide one; up to 149 bytes of the ciphertext name; and for + * ciphertexts longer than 149 bytes, also the SHA-256 of the remaining bytes. + * + * This ensures that each no-key name contains everything needed to find the + * directory entry again, contains only legal characters, doesn't exceed + * NAME_MAX, is unambiguous unless there's a SHA-256 collision, and that we only + * take the performance hit of SHA-256 on very long filenames (which are rare). + */ +struct fscrypt_nokey_name { + u32 dirhash[2]; + u8 bytes[149]; + u8 sha256[32]; +}; /* 189 bytes => 252 bytes base64url-encoded, which is <= NAME_MAX (255) */ + /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 From patchwork Wed Jan 24 17:18:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529455 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3708823B6 for ; Wed, 24 Jan 2024 17:19:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116772; cv=none; b=Ar8rwcPnWjQSCQ9w9T1lYWvARAFDbunChAZ20RFnNVWBRk24xnldH04/cZUmjFEEwgkeGmWFO9Bj3IwcAc5TA+E1ZJG3ELzJ9BEo6oG5B5lJ4Bm81s9CObNUGVtTEiCZaM4d6PfaMEAq47fTH6GZjc4KIBLa2+xC3845IFoYOG0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116772; c=relaxed/simple; bh=1unsrFxzdWyc52oIzARPeb8T+L3Ofl84YwZcEuDqfE4=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OJwA5JGbagGaQtWdwW+duX5N3f8QVUKH7del+R+q2GAcEeblS0bFwgT+VeQA+10fs+z/7TO9STED3VpG/sO8hw2JD0jxCUZs6Cn9s84UW2tA5U7CcnyPC7EM2SpANBc49K/y2mWmUWv95dddweAS8qK0UF5VKjCd7EECQn0IUeI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=th51FyVG; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="th51FyVG" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-60036bfdbfeso23999687b3.3 for ; Wed, 24 Jan 2024 09:19:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116769; x=1706721569; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9sW2iDvsXcgI5hN33rhcxkjxObmQ5zKHgm8H4uzuR/g=; b=th51FyVGCvpYWj6Ivntw7KX894aV1vraFyaF2vdbRZVJrl/ukCeeUlgT5A85T0a0Cd UqweQjHbQroV4qzXEwc9KTL10bx43jCMHx41rBJd1aVRTTKZryCfUoDaSCEYlYCsiKey A2S9SImWczl88/Yt7a1taOWFmxe47idJmAkeNMuos8jrUfrVs8RhPC36USeN3EqKpEvC mX+4y+BRxeT5Xio0Bw67P1Ghf05zfPV6sQEFAvkLxZmuetdJjJkOgoCYZ4HSZ0n6fq64 gNM4RMXgiw6UYKx0dXZ4dgNGqleThyoe+1AiONG3UteiBItS7r5aLfxjLr87k6LiJ4NY XsXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116769; x=1706721569; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9sW2iDvsXcgI5hN33rhcxkjxObmQ5zKHgm8H4uzuR/g=; b=QK/5KMSoZSkTS3u9Z7Gw+ooAqppJBrrdEdDeVx1eSenGaHwC1nhzjgbxNnus4xz6qW geEU+M2TLSn6tpl81wybnXaNYQW8M0AQ5uThreXQxgI2WkusXAjg13IbobhxqEdQ/AYw KTfq8c4Fd+OtkOnh8EU4Owig+UO79FLNyuPJJJcRxOjIaZ4S+shnlNihmTj3OcVgZZJ8 wjrcF0n8JLbWC18lOjORBkO36r7q9F3ottQhreJHPTagKGMsdYLUGWIt2sx1qt4CF7gC ZNqLIWgSBI+/j4G82I1vvA1LdNb5MBP+bp3i8H33dPaNMEwUJfMEKVSFtMJHTzXC5Ymg +8FA== X-Gm-Message-State: AOJu0Yw/sXeEbQo0zfofwTuxGM95mmG0xZnMJo8xldBv3CgivCaJJL+m TEFZ337KjBCXQG8IWY7EMZCeIvBSiPjQtKb6rgPmywOlcZXqJ8bowkvIs290M46pw3PVfXOAT03 8 X-Google-Smtp-Source: AGHT+IEeFzUDVojL6FW41YhfVqE+xto/neDRrcVM4vDbD+4qMBh2cd4g/z3ssIimIuounyNBec5N3w== X-Received: by 2002:a0d:e687:0:b0:5ee:7a7d:fd11 with SMTP id p129-20020a0de687000000b005ee7a7dfd11mr1128940ywe.21.1706116769703; Wed, 24 Jan 2024 09:19:29 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id a2-20020a818a02000000b005ff7f3a9c0dsm61493ywg.119.2024.01.24.09.19.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:29 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 08/52] fscrypt: add documentation about extent encryption Date: Wed, 24 Jan 2024 12:18:30 -0500 Message-ID: <7b2cc4dd423c3930e51b1ef5dd209164ff11c05a.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a couple of sections to the fscrypt documentation about per-extent encryption. Signed-off-by: Josef Bacik --- Documentation/filesystems/fscrypt.rst | 41 +++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index e86b886b64d0..4421c43a3fcd 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -256,6 +256,21 @@ alternative master keys or to support rotating master keys. Instead, the master keys may be wrapped in userspace, e.g. as is done by the `fscrypt `_ tool. +Per-extent encryption keys +-------------------------- + +For certain file systems, such as btrfs, it's desired to derive a +per-extent encryption key. This is to enable features such as snapshots +and reflink, where you could have different inodes pointing at the same +extent. When a new extent is created fscrypt randomly generates a +16-byte nonce and the file system stores it along side the extent. +Then, it uses a KDF (as described in `Key derivation function`_) to +derive the extent's key from the master key and nonce. + +Currently the inode's master key and encryption policy must match the +extent, so you cannot share extents between inodes that were encrypted +differently. + DIRECT_KEY policies ------------------- @@ -1395,6 +1410,27 @@ by the kernel and is used as KDF input or as a tweak to cause different files to be encrypted differently; see `Per-file encryption keys`_ and `DIRECT_KEY policies`_. +Extent encryption context +------------------------- + +The extent encryption context mirrors the important parts of the above +`Encryption context`_, with a few ommisions. The struct is defined as +follows:: + + struct fscrypt_extent_context { + u8 version; + u8 encryption_mode; + u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]; + u8 nonce[FSCRYPT_FILE_NONCE_SIZE]; + }; + +Currently all fields much match the containing inode's encryption +context, with the exception of the nonce. + +Additionally extent encryption is only supported with +FSCRYPT_EXTENT_CONTEXT_V2 using the standard policy, all other policies +are disallowed. + Data path changes ----------------- @@ -1418,6 +1454,11 @@ buffer. Some filesystems, such as UBIFS, already use temporary buffers regardless of encryption. Other filesystems, such as ext4 and F2FS, have to allocate bounce pages specially for encryption. +Inline encryption is not optional for extent encryption based file +systems, the amount of objects required to be kept around is too much. +Inline encryption handles the object lifetime details which results in a +cleaner implementation. + Filename hashing and encoding ----------------------------- From patchwork Wed Jan 24 17:18:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529456 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C29AC823C2 for ; Wed, 24 Jan 2024 17:19:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116773; cv=none; b=oIj+UJw/AbnnuXp2gvdSPkjgELaQzrGIUgmj/ZSSClqaM2M0ArstFP1JOiYfzUS6MAmvGVifiCInoViIfD6ksZz6/d0TVaVuS9gDqpqXwrazNDXswEuwL5JtopYX41Ci1jsmXfIuCW27NreSBz+bFAusWdEZrGiQi1k2awGbAIU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116773; c=relaxed/simple; bh=A91SEGVZ6w8WPo7EkD2yYVnZBgZRBSpmv8xgu+YqsXc=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sTXFyjMYv8iu7ceGnVUbJ7RKSFRVHje9xgpd38EsuGDhf80ab7psT5IfjL5Nql9X/ed+fxK90+teJFdwmWFDLAb4rLIqQfcqh8/Yb713TeRgEa5KrCkYt54ZZftCYVN7Zj5gl8B7EnAmOgdXeNWmkbff5Etb5XySxhnG9ZGMOfY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=Punq1HmE; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="Punq1HmE" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-5ffb07bdce2so44411757b3.2 for ; Wed, 24 Jan 2024 09:19:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116770; x=1706721570; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=j7kcq+nbIyIhOBXk7WmxEmQC1W0JDTL0FPaZQmHC68U=; b=Punq1HmESyIS4TDnp7r5q0FCXYwFAhfBfJb6lonCtLVGvYRYPi0tBbE4ntru/12mrN FeEC1oxJvRculDSNdU4/z2W+A+S3A0yKIbB7JCVk6soONV/+CPKPmsfEweajthTN+v39 d4b2QykegR8euhLMTh75sPJMau00OFyoESka65QB9JEtWLhpXL0XQTXYGPEZAerg+iHN CZs8TnCVrAxfx/bMQiLSzPUIyiext8C5HDWFQHPVWCPZmTwPIMJ9MJ9R5o2sWnXnX29M 0SHqwLVFceyNKmmqbPUYRR56Obl9CD5EjanbMUBLXd6ViHWmBcm9bok7+s0FmXsP4hP+ zUNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116770; x=1706721570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j7kcq+nbIyIhOBXk7WmxEmQC1W0JDTL0FPaZQmHC68U=; b=MitV849psymuVRQqugr9/xq+LV8u6xADOUeA8mGRjITGA+4rOvdkJcbEEV4Y4HghOt WsLEdGLvZGuKqZcz/7/VmSjrGMBmwE3jvKdniAT9HjxQ48ztN3u5eZvb/7E3QO0EOEWj 7jitzJd7hwfOp5Z8OlAOCWomOTeNjz05LlV4sGJbOmK26nuKyisIwTGowenldSsHLDi2 +tuYKGnAsYSokAqG5qkUwD5JOhbZ+1xIDpAPhJU168+9k6Uwjmv7apEHh6QKqoPEUxVu B7rYWtIgsra+Yj0NJ1yaXjfPDbeCh9pQUxiE3p65aJDXng2YCeijFxs8QO7EdMjujmr8 85Vw== X-Gm-Message-State: AOJu0Ywv50/qOIb3I5B2Kx3uJh/Nf5+rEttUh36QYwJ+aDUacRvuZYow DTScMackTjrI/WCcwckDzHq82vZ+ujEcXb77WZFj3Ikb3XWMvaze+TlcptjPF44HoOSlElYejBf U X-Google-Smtp-Source: AGHT+IG2gzsPxrsdfQd9vQlqr9SIVXfSycekDIRJ7PhijTnfkvmYeakkrotuMT+WhLEMaZ2aoTzIrA== X-Received: by 2002:a0d:e252:0:b0:5ef:f83d:ab23 with SMTP id l79-20020a0de252000000b005eff83dab23mr1202472ywe.5.1706116770603; Wed, 24 Jan 2024 09:19:30 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cn23-20020a05690c0d1700b005ff95e9a554sm60004ywb.127.2024.01.24.09.19.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:30 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 09/52] btrfs: add infrastructure for safe em freeing Date: Wed, 24 Jan 2024 12:18:31 -0500 Message-ID: <6cf44f7860e94de68df242e69f4c5250bd061cff.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When we add fscrypt support we're going to have fscrypt objects hanging off of extent_maps. This includes a block key, which if we're the last one freeing the key we may have to unregister it from the block layer. This requires taking a semaphore in the block layer, which means we can't free em's under the extent map tree lock. Thankfully we only do this in two places, one where we're dropping a range of extent maps, and when we're freeing logged extents. Add a free_extent_map_safe() which will add the em to a list in the em_tree if we free'd the object. Currently this is unconditional but will be changed to conditional on the fscrypt object we will add in a later patch. To process these delayed objects add a free_pending_extent_maps() that is called after the lock has been dropped on the em_tree. This will process the extent maps on the freed list and do the appropriate freeing work in a safe manner. Signed-off-by: Josef Bacik Reviewed-by: Boris Burkov --- fs/btrfs/extent_map.c | 76 +++++++++++++++++++++++++++++++++++++++++-- fs/btrfs/extent_map.h | 10 ++++++ fs/btrfs/tree-log.c | 6 ++-- 3 files changed, 87 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index b61099bf97a8..f8705103819c 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -35,7 +35,9 @@ void __cold extent_map_exit(void) void extent_map_tree_init(struct extent_map_tree *tree) { tree->map = RB_ROOT_CACHED; + tree->flags = 0; INIT_LIST_HEAD(&tree->modified_extents); + INIT_LIST_HEAD(&tree->freed_extents); rwlock_init(&tree->lock); } @@ -52,9 +54,15 @@ struct extent_map *alloc_extent_map(void) RB_CLEAR_NODE(&em->rb_node); refcount_set(&em->refs, 1); INIT_LIST_HEAD(&em->list); + INIT_LIST_HEAD(&em->free_list); return em; } +static void __free_extent_map(struct extent_map *em) +{ + kmem_cache_free(extent_map_cache, em); +} + /* * Drop the reference out on @em by one and free the structure if the reference * count hits zero. @@ -66,10 +74,69 @@ void free_extent_map(struct extent_map *em) if (refcount_dec_and_test(&em->refs)) { WARN_ON(extent_map_in_tree(em)); WARN_ON(!list_empty(&em->list)); - kmem_cache_free(extent_map_cache, em); + __free_extent_map(em); } } +/* + * Drop a ref for the extent map in the given tree. + * + * @tree: tree that the em is a part of. + * @em: the em to drop the reference to. + * + * Drop the reference count on @em by one, if the reference count hits 0 and + * there is an object on the em that can't be safely freed in the current + * context (if we are holding the extent_map_tree->lock for example), then add + * it to the freed_extents list on the extent_map_tree for later processing. + * + * This must be followed by a free_pending_extent_maps() to clear the pending + * frees. + */ +void free_extent_map_safe(struct extent_map_tree *tree, + struct extent_map *em) +{ + lockdep_assert_held_write(&tree->lock); + + if (!em) + return; + + if (refcount_dec_and_test(&em->refs)) { + WARN_ON(extent_map_in_tree(em)); + WARN_ON(!list_empty(&em->list)); + list_add_tail(&em->free_list, &tree->freed_extents); + set_bit(EXTENT_MAP_TREE_PENDING_FREES, &tree->flags); + } +} + +/* + * Free the em objects that exist on the em tree + * + * @tree: the tree to free the objects from. + * + * If there are any objects on the em->freed_extents list go ahead and free them + * here in a safe way. This is to be coupled with any uses of + * free_extent_map_safe(). + */ +void free_pending_extent_maps(struct extent_map_tree *tree) +{ + struct extent_map *em; + + /* Avoid taking the write lock if we don't have any pending frees. */ + if (!test_and_clear_bit(EXTENT_MAP_TREE_PENDING_FREES, &tree->flags)) + return; + + write_lock(&tree->lock); + while ((em = list_first_entry_or_null(&tree->freed_extents, + struct extent_map, free_list))) { + list_del_init(&em->free_list); + write_unlock(&tree->lock); + __free_extent_map(em); + cond_resched(); + write_lock(&tree->lock); + } + write_unlock(&tree->lock); +} + /* Do the math around the end of an extent, handling wrapping. */ static u64 range_end(u64 start, u64 len) { @@ -654,10 +721,12 @@ static void drop_all_extent_maps_fast(struct extent_map_tree *tree) em = rb_entry(node, struct extent_map, rb_node); em->flags &= ~(EXTENT_FLAG_PINNED | EXTENT_FLAG_LOGGING); remove_extent_mapping(tree, em); - free_extent_map(em); + free_extent_map_safe(tree, em); cond_resched_rwlock_write(&tree->lock); } write_unlock(&tree->lock); + + free_pending_extent_maps(tree); } /* @@ -875,13 +944,14 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, free_extent_map(em); next: /* Once for us (for our lookup reference). */ - free_extent_map(em); + free_extent_map_safe(em_tree, em); em = next_em; } write_unlock(&em_tree->lock); + free_pending_extent_maps(em_tree); free_extent_map(split); free_extent_map(split2); } diff --git a/fs/btrfs/extent_map.h b/fs/btrfs/extent_map.h index e380fc08bbe4..d31f2a03670e 100644 --- a/fs/btrfs/extent_map.h +++ b/fs/btrfs/extent_map.h @@ -55,11 +55,18 @@ struct extent_map { u32 flags; refcount_t refs; struct list_head list; + struct list_head free_list; +}; + +enum extent_map_flags { + EXTENT_MAP_TREE_PENDING_FREES, }; struct extent_map_tree { struct rb_root_cached map; + unsigned long flags; struct list_head modified_extents; + struct list_head freed_extents; rwlock_t lock; }; @@ -122,6 +129,9 @@ int split_extent_map(struct btrfs_inode *inode, u64 start, u64 len, u64 pre, struct extent_map *alloc_extent_map(void); void free_extent_map(struct extent_map *em); +void free_extent_map_safe(struct extent_map_tree *tree, + struct extent_map *em); +void free_pending_extent_maps(struct extent_map_tree *tree); int __init extent_map_init(void); void __cold extent_map_exit(void); int unpin_extent_cache(struct btrfs_inode *inode, u64 start, u64 len, u64 gen); diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 331fc7429952..916e54b91ecc 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4884,7 +4884,7 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, */ if (ret) { clear_em_logging(tree, em); - free_extent_map(em); + free_extent_map_safe(tree, em); continue; } @@ -4893,11 +4893,13 @@ static int btrfs_log_changed_extents(struct btrfs_trans_handle *trans, ret = log_one_extent(trans, inode, em, path, ctx); write_lock(&tree->lock); clear_em_logging(tree, em); - free_extent_map(em); + free_extent_map_safe(tree, em); } WARN_ON(!list_empty(&extents)); write_unlock(&tree->lock); + free_pending_extent_maps(tree); + if (!ret) ret = btrfs_log_prealloc_extents(trans, inode, path); if (ret) From patchwork Wed Jan 24 17:18:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529457 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D59F82D71 for ; Wed, 24 Jan 2024 17:19:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116774; cv=none; b=iFyCAaXkDs0NdKaZPK5x3VFMeeaSUVvm+Ff5WR9UYvdU3Ka1wXjp7hbtYlHF1JPgrXHX1bo1ANHWD5bNyt+WsT2Rm5nbORndFJsrkIZRv5/nCTKkd2QHrnW9R/eaS2HgJGiYcPUlnXjMhIuM+/60JTlvCSIXfW0WcB5lNvY9+YY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116774; c=relaxed/simple; bh=Cl0q0mHy+OuiyGgyIEFPo6cO6ZyClhg2rMG5vgFqyBU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TYvxYoMPyPnO5ttXeC6FMn5HdxM9yhkBfZV/lpetl+DuH79lF8u3J3vBW8d90Us2KR3rEct+aaW1js4nbR4Ax72hnU6J4u1cOyRwFA8lvPcMNCc5bi5PUSC8X6f0bL2C39Xj3KXTUGZp3gAAZSyWeATOyybdDcLC9nawoEY2970= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=Q8RxY0Ht; arc=none smtp.client-ip=209.85.128.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="Q8RxY0Ht" Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-5fc2e997804so52224097b3.3 for ; Wed, 24 Jan 2024 09:19:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116771; x=1706721571; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JH2EKMKBSNEeu4gP5LCCBuqQDLw8uHSTnP4/ZUu0wsk=; b=Q8RxY0Hthrh3+r23ei+HgXXzPAdQ6BI3koQS2LINUDkwgf5Q4acPH0Ph3fNO6DwdNZ YjcToauxEDm3XIoGBAHhazT8NoH9JWVria1tw88wootRYwIcfNX5ySZow2AjWUZk/1eG x9ERp0PlabWy/n/UufQaK9h9IRiF95Jxgobbr2C5N3F3U58mhgRIgqt6jxA+DFyikJC6 DLHucZVnhuAZYAp5dsDYb+4uORs2HGf9cF1SRzK8gt0OF38wOg3Lv52sBGhE4X4SxE1+ MAtwKH1rCoCH2a3544+VId4SJU94QgROPtWaTbew2dVuskUgY14iyMRDGZY39ghh9sFc Iulg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116771; x=1706721571; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JH2EKMKBSNEeu4gP5LCCBuqQDLw8uHSTnP4/ZUu0wsk=; b=Q2e3dqWuzBQrPBU+o7atuC04GHdn49ixrp2ibixkI5iRnEFX5FoJqZ5IfrithPoseS JPDdr6Ac9EhZ1RPpm6eer42lPT9OUpC47TPm6sLxbUF2aeHgZRJ0TrfmGKmPKgOIIzpw xpLBMneTn3u6UTldkzkWezO+g1WZPvapY+uTM8JOHI+fUvwC/4et1xeNvJJVp9vZovLJ IFLcXk29woL9w6mRwrRD66yM5Sil2YBrSdog5lp9I8bmETsS0UtRjLcUkO6t0EKytvQM R6gDO69taZJVCDfx2Z0cJPPmT/pKHG49/WdGI0cnigkyWUHut3SL32+Ux/fVGhN2dQOC LolQ== X-Gm-Message-State: AOJu0YxfPvmmm4rDcX1nIrcDV/wrfSeJcyIoDpmJ8RgDhYANdwktwG9p KSxD3jj2XTteERaVR4rSeMXLbKlFhTh+Mj//bDZRG3i0MF2NULYrAH7txWa9788RrMr8HswA34V y X-Google-Smtp-Source: AGHT+IG5HHlloxTpZ1etIlGxjZuYbCsD+AZNFsXVdVAzAdqg6uRVsN8gycDkkoltiwNZOIYNoNrkaw== X-Received: by 2002:a81:4808:0:b0:5f4:fd2b:89b with SMTP id v8-20020a814808000000b005f4fd2b089bmr1179641ywa.16.1706116771473; Wed, 24 Jan 2024 09:19:31 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id fl15-20020a05690c338f00b005ff9d3ca38fsm67272ywb.1.2024.01.24.09.19.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:31 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 10/52] btrfs: disable various operations on encrypted inodes Date: Wed, 24 Jan 2024 12:18:32 -0500 Message-ID: <0d1c1c34c9a9e2999a1cb5c76ed72ddcb866595e.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval Initially, only normal data extents will be encrypted. This change forbids various other bits: - allows reflinking only if both inodes have the same encryption status - disable inline data on encrypted inodes Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik Reviewed-by: Boris Burkov --- fs/btrfs/inode.c | 3 ++- fs/btrfs/reflink.c | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index bedd8703bfa6..c6122c20ad3a 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -639,7 +639,8 @@ static noinline int cow_file_range_inline(struct btrfs_inode *inode, u64 size, * compressed) data fits in a leaf and the configured maximum inline * size. */ - if (size < i_size_read(&inode->vfs_inode) || + if (IS_ENCRYPTED(&inode->vfs_inode) || + size < i_size_read(&inode->vfs_inode) || size > fs_info->sectorsize || data_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info) || data_len > fs_info->max_inline) diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c index e38cb40e150c..c61e54983faf 100644 --- a/fs/btrfs/reflink.c +++ b/fs/btrfs/reflink.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include +#include #include #include "ctree.h" #include "fs.h" @@ -809,6 +810,12 @@ static int btrfs_remap_file_range_prep(struct file *file_in, loff_t pos_in, ASSERT(inode_in->i_sb == inode_out->i_sb); } + /* + * Can only reflink encrypted files if both files are encrypted. + */ + if (IS_ENCRYPTED(inode_in) != IS_ENCRYPTED(inode_out)) + return -EINVAL; + /* Don't make the dst file partly checksummed */ if ((BTRFS_I(inode_in)->flags & BTRFS_INODE_NODATASUM) != (BTRFS_I(inode_out)->flags & BTRFS_INODE_NODATASUM)) { From patchwork Wed Jan 24 17:18:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529458 Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77C3082D7B for ; Wed, 24 Jan 2024 17:19:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116774; cv=none; b=BEBmVt6qOqqUCcl48lxdBdBgFHCk02VReSahrXasUnF521TVOosfIwrf6/7nD7IZDP1Hl1WXnP2tiG1uXw/v4Soe0dWXjsHunSYtcONM2LD2YVUAM6TTFLmuzk/F2J2IVoDyhVqc5HNAWkbe3MrGH54RECLoAkvGHSZ52vZ0zCE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116774; c=relaxed/simple; bh=IzZbnNi2HvSrxNI5el6QIj8D5vc83fohl+628NeiNos=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WZcCOcPPtnmHQHt/r+rd+Y+3oRRNfrqp2kAo4RSuC/0UB5lWdiJL7OICfntPUVYob/gEc1axLzHTGUVJMP5fDAR/iK02Rsm4Ie3bxhyfFQrB78aYy4B9bChqTzam0raPSNhm66/cgl0yHuHB0oieWREJqRa7pMZDhvYaxHlfjds= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=WDkSf+zF; arc=none smtp.client-ip=209.85.219.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="WDkSf+zF" Received: by mail-yb1-f175.google.com with SMTP id 3f1490d57ef6-db4364ecd6aso3588738276.2 for ; Wed, 24 Jan 2024 09:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116772; x=1706721572; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FNcc1gRUx/9vClORZZm5lvfIUxidIgjQfVOu+2PLHfg=; b=WDkSf+zF8u1GYZtxYi1numd1YChdI1WehuPouqzjkoDpjO2I4oBM95QN2bNgxMsJ3i NhN9KjoA4yTItAi1+vaW1s87brUhyqBw7EWDx1+stJk0D7xA2+zb6s/bcmFZQA/iryDL /Ffo6OSfEYgCfdSH4gWbFbEgMyKSAjv1QEg1sLSzkGo0bqpMlGXZeFbzrudcHo8fVN1d UaTjrL3BN/qJCA3piYST/AX2PrUoPPQ7abkgXX21oP2t6Z/IpdXe12Y7MoRIS3a7NQAa 9mPfdeReY2EN9GrXNHZHNnBkGNlqgvNWOmpYxow1iSHgDEv/OijwPBqHm22XbQ1ARsZC zNCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116772; x=1706721572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FNcc1gRUx/9vClORZZm5lvfIUxidIgjQfVOu+2PLHfg=; b=JyXhDKsBcpLbeRT8SZLk1xOyZ0Nc/+bDfJFoZ9agUl2jNAJQY+tkw/r3d5W1sdFiai FzO65fnSULnVmpE75HuyTj9MaWE5zs2UFOyZULvzlzrfh4Cn7LjRxuQDlOF+DCp02BAb ibknOX9ZL55ds59ay+rFJTFEFblHxrUwwYUFw0IP61YiKaH8DNp1LSDYEZ0bsDlJxr1A I9I+ELp873sjml9RjpkcBj5VJTO6l1G8btt22BPbVpK1jpZcIpj9qRVsnSqsxTex1Bx6 96wpFPfy1bHergHO1vygrw+eRNQ98saN1IK5FQIFPGGq+pd4kIEcZeSBKi3mf8O1ixrF pxBw== X-Gm-Message-State: AOJu0YwhazosYYUmzHRfmI1LtgwcHcD9WhyXxF6ZX/2VR3RN0nn7KP9g j8v+FLxzT4s5TVPh5mK4Ir2o9LyPzYvbMfetHTqpq/5AKZYcoPRPt1JjXQ09UGU0wyDRRP/Ra+x B X-Google-Smtp-Source: AGHT+IEYRstLN/qS9tb/xBT/C23PpWQcoFuq4vGqD/W4TM5fMtNOxoJOjQ6Wmx6ay1kZafFDjLaYpA== X-Received: by 2002:a05:6902:1351:b0:dc6:8b4:7388 with SMTP id g17-20020a056902135100b00dc608b47388mr427152ybu.35.1706116772363; Wed, 24 Jan 2024 09:19:32 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id z13-20020a25664d000000b00dc278dca7cfsm2848813ybm.8.2024.01.24.09.19.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:32 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 11/52] btrfs: disable verity on encrypted inodes Date: Wed, 24 Jan 2024 12:18:33 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy Right now there isn't a way to encrypt things that aren't either filenames in directories or data on blocks on disk with extent encryption, so for now, disable verity usage with encryption on btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik Reviewed-by: Boris Burkov --- fs/btrfs/verity.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/btrfs/verity.c b/fs/btrfs/verity.c index 66e2270b0dae..352b2644b4af 100644 --- a/fs/btrfs/verity.c +++ b/fs/btrfs/verity.c @@ -588,6 +588,9 @@ static int btrfs_begin_enable_verity(struct file *filp) ASSERT(inode_is_locked(file_inode(filp))); + if (IS_ENCRYPTED(&inode->vfs_inode)) + return -EOPNOTSUPP; + if (test_bit(BTRFS_INODE_VERITY_IN_PROGRESS, &inode->runtime_flags)) return -EBUSY; From patchwork Wed Jan 24 17:18:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529459 Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88E6882D8C for ; Wed, 24 Jan 2024 17:19:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116776; cv=none; b=dVT9WNL4+TAhMvaL9toDCcxPYrjVbxg8k2JzpFoDQaG6eCcp8SvcvV9A3R1WuHsou8ggiwn5KYTEcFOXwLdZ0kZcxXFMXCOuHXcN3n2Rqsn/ItJWDXYa8r4eMQQgcUMqy5htUB2BDCoFVm/d/m2HQbSlCWA3eDVfYgdDg7CnLhQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116776; c=relaxed/simple; bh=oUi+m89p8eR3+DcBlLjOs4l2ysn1n+EQG+9xj0Y4iPw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=a5cykRTohQQkKDRsZ88v6AqpnjFmvBhbQLhCGowxLGcGgn5xNTPfMY49ZYYLVM7AN6xIEEXamqwNj+34WRSonl24VQR5V1T0rpj/YDdKG9lM6Mp+j1t8rIOiq93KsbkE0hQHkJoPKRQpn2qFlAzh1TwFUJl0VsVFFX++zdU0OR8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=KBPqO58c; arc=none smtp.client-ip=209.85.219.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="KBPqO58c" Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-dc239f84ba4so4802718276.3 for ; Wed, 24 Jan 2024 09:19:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116773; x=1706721573; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nbWHnUlOgnaKUICHA47PgrhKvZoIopN3D0WXq/jN9wU=; b=KBPqO58c8zkFqWGZmfTN0EomaCuWXn/cKDM5JGYEJy2IHv08s5Mln+NIic2pdBwx+H upijj/kY7BDuo3uCCWjh/ALsYOew1gpaAZREl+gKEfpcdLjk1Xl7pm6K/CuM+2cQRx+D oEIhdj6njGFx57YsMfiRu08BZHIs0eEBwqYasOuxKvzt5eqTyprkiBY+uF7wYJFAn+uk 7EI8dky1m3QsKcKkNiVsgV/QEIsaMU38mpuni0+9yWqxOyeFpkyVm8gzv4y/QGXuUeaB oCEP+Znq/SXHuvb70ntruG8oBdlT9Sd8Z/JLPvFLWdCoUyb33Cq/x/vt+aHyLQvorEil MmrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116773; x=1706721573; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nbWHnUlOgnaKUICHA47PgrhKvZoIopN3D0WXq/jN9wU=; b=q4vU7B546xSCITmeRBm2XIaP7LROGKaDuF88FBZ8eesbcTFCuFZUcZJipNSrp/I4Mi Q1hAUIFUMxviSWB1NPt/zRnviW38iLbej7iCm6LYNjhErwbz9cCoTE+hEv6n+yX47o/p 0jVHtGVtYeCPrBS9AHsubge2Bxhr3p6r6a9YuOV6l9NXoMi4wCRkkEzoATk99W8ZZRn3 1ifUDm/CK2VdDT4TMZRVvlRQf+IcaLEKyE67uakeJUDGfI0hiVWsCm2frnPy/gP1cEuQ qi0Zqe6VIWxaNkhH/0KMsfiOzpziiOFeb1wh/QsGyVGmV9VU7U+B8kD4FjNr1LEtDM8o j3pA== X-Gm-Message-State: AOJu0Yxt43wpmiIzLPGv1pT6tUzuF9WVzS1MaqpdPbcn4q7j/dftSIdY R3IowwGxRMD/1zhYSoaq+6mCAxFR4uGFlDJLfmfi0jiHL6Udb+N65vlIMLBfU9unXcyh129zhhq x X-Google-Smtp-Source: AGHT+IH8+E32UEiSZrcAQy+uK3apWVH6zAHh/TVB998HEbLx3RD+FKvCkd73HvkWIksCY4jry8NBaw== X-Received: by 2002:a25:3607:0:b0:dc2:1beb:7dc6 with SMTP id d7-20020a253607000000b00dc21beb7dc6mr988280yba.61.1706116773291; Wed, 24 Jan 2024 09:19:33 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id h20-20020a25b194000000b00dc22fa579c5sm2948500ybj.45.2024.01.24.09.19.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:33 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 12/52] btrfs: start using fscrypt hooks Date: Wed, 24 Jan 2024 12:18:34 -0500 Message-ID: <333de15efb2d7ec220293c4b5e3782fe85634c06.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval In order to appropriately encrypt, create, open, rename, and various symlink operations must call fscrypt hooks. These determine whether the inode should be encrypted and do other preparatory actions. The superblock must have fscrypt operations registered, so implement the minimal set also, and introduce the new fscrypt.[ch] files to hold the fscrypt-specific functionality. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/Makefile | 1 + fs/btrfs/btrfs_inode.h | 1 + fs/btrfs/file.c | 3 ++ fs/btrfs/fscrypt.c | 7 +++ fs/btrfs/fscrypt.h | 10 ++++ fs/btrfs/inode.c | 110 ++++++++++++++++++++++++++++++++++------- fs/btrfs/super.c | 2 + 7 files changed, 116 insertions(+), 18 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h diff --git a/fs/btrfs/Makefile b/fs/btrfs/Makefile index 525af975f61c..6e51d054c17a 100644 --- a/fs/btrfs/Makefile +++ b/fs/btrfs/Makefile @@ -39,6 +39,7 @@ btrfs-$(CONFIG_BTRFS_FS_POSIX_ACL) += acl.o btrfs-$(CONFIG_BTRFS_FS_REF_VERIFY) += ref-verify.o btrfs-$(CONFIG_BLK_DEV_ZONED) += zoned.o btrfs-$(CONFIG_FS_VERITY) += verity.o +btrfs-$(CONFIG_FS_ENCRYPTION) += fscrypt.o btrfs-$(CONFIG_BTRFS_FS_RUN_SANITY_TESTS) += tests/free-space-tests.o \ tests/extent-buffer-tests.o tests/btrfs-tests.o \ diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h index 83d78a6f3aa2..83de0909f460 100644 --- a/fs/btrfs/btrfs_inode.h +++ b/fs/btrfs/btrfs_inode.h @@ -460,6 +460,7 @@ struct btrfs_new_inode_args { struct posix_acl *default_acl; struct posix_acl *acl; struct fscrypt_name fname; + bool encrypt; }; int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index bd8d13740f41..252b6fae29f8 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3711,6 +3711,9 @@ static int btrfs_file_open(struct inode *inode, struct file *filp) filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC | FMODE_BUF_WASYNC | FMODE_CAN_ODIRECT; + ret = fscrypt_file_open(inode, filp); + if (ret) + return ret; ret = fsverity_file_open(inode, filp); if (ret) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c new file mode 100644 index 000000000000..48ab99dfe48d --- /dev/null +++ b/fs/btrfs/fscrypt.c @@ -0,0 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include "ctree.h" +#include "fscrypt.h" + +const struct fscrypt_operations btrfs_fscrypt_ops = { +}; diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h new file mode 100644 index 000000000000..7f4e6888bd43 --- /dev/null +++ b/fs/btrfs/fscrypt.h @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef BTRFS_FSCRYPT_H +#define BTRFS_FSCRYPT_H + +#include + +extern const struct fscrypt_operations btrfs_fscrypt_ops; + +#endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c6122c20ad3a..5f682a7aa761 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5063,6 +5063,10 @@ static int btrfs_setattr(struct mnt_idmap *idmap, struct dentry *dentry, if (err) return err; + err = fscrypt_prepare_setattr(dentry, attr); + if (err) + return err; + if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) { err = btrfs_setsize(inode, attr); if (err) @@ -5217,11 +5221,8 @@ void btrfs_evict_inode(struct inode *inode) trace_btrfs_inode_evict(inode); - if (!root) { - fsverity_cleanup_inode(inode); - clear_inode(inode); - return; - } + if (!root) + goto cleanup; evict_inode_truncate_pages(inode); @@ -5321,6 +5322,9 @@ void btrfs_evict_inode(struct inode *inode) * to retry these periodically in the future. */ btrfs_remove_delayed_node(BTRFS_I(inode)); + +cleanup: + fscrypt_put_encryption_info(inode); fsverity_cleanup_inode(inode); clear_inode(inode); } @@ -6111,6 +6115,12 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, return ret; } + ret = fscrypt_prepare_new_inode(dir, inode, &args->encrypt); + if (ret) { + fscrypt_free_filename(&args->fname); + return ret; + } + /* 1 to add inode item */ *trans_num_items = 1; /* 1 to add compression property */ @@ -6592,9 +6602,13 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, if (inode->i_nlink >= BTRFS_LINK_MAX) return -EMLINK; + err = fscrypt_prepare_link(old_dentry, dir, dentry); + if (err) + return err; + err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &fname); if (err) - goto fail; + return err; err = btrfs_set_inode_index(BTRFS_I(dir), &index); if (err) @@ -8568,6 +8582,7 @@ void btrfs_test_destroy_inode(struct inode *inode) void btrfs_free_inode(struct inode *inode) { kfree(BTRFS_I(inode)->file_extent_tree); + fscrypt_free_inode(inode); kmem_cache_free(btrfs_inode_cachep, BTRFS_I(inode)); } @@ -8638,8 +8653,7 @@ int btrfs_drop_inode(struct inode *inode) /* the snap/subvol tree is on deleting */ if (btrfs_root_refs(&root->root_item) == 0) return 1; - else - return generic_drop_inode(inode); + return generic_drop_inode(inode) || fscrypt_drop_inode(inode); } static void init_once(void *foo) @@ -9219,6 +9233,11 @@ static int btrfs_rename2(struct mnt_idmap *idmap, struct inode *old_dir, if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) return -EINVAL; + ret = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry, + flags); + if (ret) + return ret; + if (flags & RENAME_EXCHANGE) ret = btrfs_rename_exchange(old_dir, old_dentry, new_dir, new_dentry); @@ -9433,15 +9452,31 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, }; unsigned int trans_num_items; int err; - int name_len; int datasize; unsigned long ptr; struct btrfs_file_extent_item *ei; struct extent_buffer *leaf; + struct fscrypt_str disk_link; + size_t max_len; + u32 name_len = strlen(symname); - name_len = strlen(symname); - if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) - return -ENAMETOOLONG; + /* + * BTRFS_MAX_INLINE_DATA_SIZE() isn't actually telling the truth, we + * actually limit inline data extents to + * min(BTRFS_MAX_INLINE_DATA_SIZE(), sectorsize), so adjust max_len + * given this wonderful bit of inconsistency. + */ + max_len = min_t(size_t, BTRFS_MAX_INLINE_DATA_SIZE(fs_info), + fs_info->sectorsize); + + /* + * fscrypt sets disk_link.len to be len + 1, including a NUL terminator, but we + * don't store that '\0' character. + */ + err = fscrypt_prepare_symlink(dir, symname, name_len, max_len + 1, + &disk_link); + if (err) + return err; inode = new_inode(dir->i_sb); if (!inode) @@ -9450,8 +9485,8 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, inode->i_op = &btrfs_symlink_inode_operations; inode_nohighmem(inode); inode->i_mapping->a_ops = &btrfs_aops; - btrfs_i_size_write(BTRFS_I(inode), name_len); - inode_set_bytes(inode, name_len); + btrfs_i_size_write(BTRFS_I(inode), disk_link.len - 1); + inode_set_bytes(inode, disk_link.len - 1); new_inode_args.inode = inode; err = btrfs_new_inode_prepare(&new_inode_args, &trans_num_items); @@ -9478,10 +9513,23 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, inode = NULL; goto out; } + + if (IS_ENCRYPTED(inode)) { + err = fscrypt_encrypt_symlink(inode, symname, name_len, + &disk_link); + if (err) { + btrfs_abort_transaction(trans, err); + btrfs_free_path(path); + discard_new_inode(inode); + inode = NULL; + goto out; + } + } + key.objectid = btrfs_ino(BTRFS_I(inode)); key.offset = 0; key.type = BTRFS_EXTENT_DATA_KEY; - datasize = btrfs_file_extent_calc_inline_size(name_len); + datasize = btrfs_file_extent_calc_inline_size(disk_link.len - 1); err = btrfs_insert_empty_item(trans, root, path, &key, datasize); if (err) { @@ -9500,10 +9548,10 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, btrfs_set_file_extent_encryption(leaf, ei, 0); btrfs_set_file_extent_compression(leaf, ei, 0); btrfs_set_file_extent_other_encoding(leaf, ei, 0); - btrfs_set_file_extent_ram_bytes(leaf, ei, name_len); + btrfs_set_file_extent_ram_bytes(leaf, ei, disk_link.len - 1); ptr = btrfs_file_extent_inline_start(ei); - write_extent_buffer(leaf, symname, ptr, name_len); + write_extent_buffer(leaf, disk_link.name, ptr, disk_link.len - 1); btrfs_mark_buffer_dirty(trans, leaf); btrfs_free_path(path); @@ -9520,6 +9568,29 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, return err; } +static const char *btrfs_get_link(struct dentry *dentry, struct inode *inode, + struct delayed_call *done) +{ + struct page *cpage; + const char *paddr; + struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); + + if (!IS_ENCRYPTED(inode)) + return page_get_link(dentry, inode, done); + + if (!dentry) + return ERR_PTR(-ECHILD); + + cpage = read_mapping_page(inode->i_mapping, 0, NULL); + if (IS_ERR(cpage)) + return ERR_CAST(cpage); + + paddr = fscrypt_get_symlink(inode, page_address(cpage), + BTRFS_MAX_INLINE_DATA_SIZE(fs_info), done); + put_page(cpage); + return paddr; +} + static struct btrfs_trans_handle *insert_prealloc_file_extent( struct btrfs_trans_handle *trans_in, struct btrfs_inode *inode, @@ -11003,7 +11074,7 @@ static const struct inode_operations btrfs_special_inode_operations = { .update_time = btrfs_update_time, }; static const struct inode_operations btrfs_symlink_inode_operations = { - .get_link = page_get_link, + .get_link = btrfs_get_link, .getattr = btrfs_getattr, .setattr = btrfs_setattr, .permission = btrfs_permission, @@ -11013,4 +11084,7 @@ static const struct inode_operations btrfs_symlink_inode_operations = { const struct dentry_operations btrfs_dentry_operations = { .d_delete = btrfs_dentry_delete, +#ifdef CONFIG_FS_ENCRYPTION + .d_revalidate = fscrypt_d_revalidate, +#endif }; diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index c45fdaf24cd1..33bd29fa2696 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -50,6 +50,7 @@ #include "tests/btrfs-tests.h" #include "block-group.h" #include "discard.h" +#include "fscrypt.h" #include "qgroup.h" #include "raid56.h" #include "fs.h" @@ -928,6 +929,7 @@ static int btrfs_fill_super(struct super_block *sb, sb->s_vop = &btrfs_verityops; #endif sb->s_xattr = btrfs_xattr_handlers; + fscrypt_set_ops(sb, &btrfs_fscrypt_ops); sb->s_time_gran = 1; sb->s_iflags |= SB_I_CGROUPWB; From patchwork Wed Jan 24 17:18:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529460 Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C70585C49 for ; Wed, 24 Jan 2024 17:19:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116777; cv=none; b=fvdMs5bjMp9aV4pRLdpxbUTOnN2K9madJ/g0YzSotW/ytw8Zth+UphbsjwIUfCfQR44UKeunZpdn3bPBtOJJoN9oR6ClDY/cadgmM7SHBwj7jpSw12QqYTUzpOgwxra7C+LnJuWgPW5ZJR+bPmf51HuvUOUK5sBTvUrRqAonca0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116777; c=relaxed/simple; bh=Y42fGFl4F/pGNE1FifNlRyw6w7kTHKoaQmFNSt1rUuI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eZPM/lIxk0giDdv+je6VuHPWkhpvcjP8GZdwgYy3P/jdV0CnkoS/XbnEYs/wd2x2Rbuyl9dAUJe5mOMnpeHjbOnkQw5+SMNY1LRHd+LCl8d0wlbHWRIzK4x45iiHxtZNV55bH3mxC3Kl5pTboGjNHIdIC5X0DyNlUv4HO34SerQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=s98Qm8gX; arc=none smtp.client-ip=209.85.219.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="s98Qm8gX" Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-dc227feab99so5588733276.2 for ; Wed, 24 Jan 2024 09:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116774; x=1706721574; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=21xp00Q4FaE/AFbkjfhFZh6BgtFKeSZkw8ipfChaXro=; b=s98Qm8gXPg8Oqk95QLtqMtBONlO8Y7NN5rTvR82iBGY3yIrdWQHdcYU9jX4tIbchx4 v7TA1cL7q1RGzkR6BQvsa9p0156oksxb5BoVrFQXOk+MkNSaqN7GbbTckiYsS7ekY2GN IT3/k8VN/6Xu6WwCrA3gSWpliAmW+7fCE/Q9kPEirJRwsYKTiUNS3tERlAvKOwCz6BDs lwch559LMM91KKlgNgU5agQWHUTFsEeeN8qqTaL6xt43o5s8OjG3LQlZMxZnP6m1SpMJ ROUTXTYfu3/AHuaixDe0yuUFA+2Yiw2Cll2g0fq2cCxvQkZCKrN3zH5mvIvmnuBLIqe8 TuyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116774; x=1706721574; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21xp00Q4FaE/AFbkjfhFZh6BgtFKeSZkw8ipfChaXro=; b=w3sQ0JCneqa0BM+eL2U3iSIe0p5jPEhw6JThhduFuZPOOerQUiStwC5eJeHgSkGBeK 7o07JxW0KSYKPRG8b0mJ0gvPQGCX52B0Oqch/U/TWUC4bBRwvuMc3OZno1co8i375Iru OoOsn8zl7TAlZ2S1YhdELQpxCJMsiQtasSZg75nkYklKckbwNdrSTJM2en9hmTmccWB8 hia2iQQeq27LnVm4VebyQvur6wbBJd7hRykqdNip6+bQIhbwhfm3E/xyX3j/B+Ong4ry gZRvVC5ALxnYTu7lDbVf8hUAQde1dVYwIARF/HldPZmJc2gFHn+mTewRPQUzJKduwfiZ N4tQ== X-Gm-Message-State: AOJu0YxBIuq3wUelAK9Q0KperGkzUM437elo8dvCiemxtHdZOwEkHtJn ITpsmGz1AL5KQwvtqw4fvRTqiVggiBTmtBU3qiZawT8M1Tl8D5EbjQ0Jr0fp9YhmbS0DEwvMCby c X-Google-Smtp-Source: AGHT+IH1pqnImgL7kLTAuR7UcvCmuU2OD5/8qf1epxJCvZFirtODcHZTVErakCdPI9QZxo2N7bMUhA== X-Received: by 2002:a5b:a0a:0:b0:dc2:46cd:eeef with SMTP id k10-20020a5b0a0a000000b00dc246cdeeefmr822515ybq.130.1706116774230; Wed, 24 Jan 2024 09:19:34 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id g9-20020a5b0709000000b00dc23af43ff3sm2872016ybq.14.2024.01.24.09.19.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:33 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 13/52] btrfs: add inode encryption contexts Date: Wed, 24 Jan 2024 12:18:35 -0500 Message-ID: <5a88efb484b0874a7430b83bc6e5f6b9aa5858d5.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval fscrypt stores a context item with encrypted inodes that contains the related encryption information. fscrypt provides an arbitrary blob for the filesystem to store, and it does not clearly fit into an existing structure, so this goes in a new item type. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/fscrypt.c | 117 ++++++++++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 2 + fs/btrfs/inode.c | 19 ++++++ fs/btrfs/ioctl.c | 8 ++- include/uapi/linux/btrfs_tree.h | 10 +++ 5 files changed, 154 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 48ab99dfe48d..3f82352662e6 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -1,7 +1,124 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include "ctree.h" +#include "accessors.h" +#include "btrfs_inode.h" +#include "disk-io.h" +#include "fs.h" #include "fscrypt.h" +#include "ioctl.h" +#include "messages.h" +#include "transaction.h" +#include "xattr.h" + +static int btrfs_fscrypt_get_context(struct inode *inode, void *ctx, size_t len) +{ + struct btrfs_key key = { + .objectid = btrfs_ino(BTRFS_I(inode)), + .type = BTRFS_FSCRYPT_INODE_CTX_ITEM_KEY, + .offset = 0, + }; + struct btrfs_path *path; + struct extent_buffer *leaf; + unsigned long ptr; + int ret; + + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret) { + len = -ENOENT; + goto out; + } + + leaf = path->nodes[0]; + ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); + /* fscrypt provides max context length, but it could be less */ + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0])); + read_extent_buffer(leaf, ctx, ptr, len); + +out: + btrfs_free_path(path); + return len; +} + +static int btrfs_fscrypt_set_context(struct inode *inode, const void *ctx, + size_t len, void *fs_data) +{ + struct btrfs_trans_handle *trans = fs_data; + struct btrfs_key key = { + .objectid = btrfs_ino(BTRFS_I(inode)), + .type = BTRFS_FSCRYPT_INODE_CTX_ITEM_KEY, + .offset = 0, + }; + struct btrfs_path *path = NULL; + struct extent_buffer *leaf; + unsigned long ptr; + int ret; + + if (!trans) + trans = btrfs_start_transaction(BTRFS_I(inode)->root, 2); + if (IS_ERR(trans)) + return PTR_ERR(trans); + + path = btrfs_alloc_path(); + if (!path) { + ret = -ENOMEM; + goto out_err; + } + + ret = btrfs_search_slot(trans, BTRFS_I(inode)->root, &key, path, 0, 1); + if (ret < 0) + goto out_err; + + if (ret > 0) { + btrfs_release_path(path); + ret = btrfs_insert_empty_item(trans, BTRFS_I(inode)->root, path, &key, len); + if (ret) + goto out_err; + } + + leaf = path->nodes[0]; + ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); + + len = min_t(size_t, len, btrfs_item_size(leaf, path->slots[0])); + write_extent_buffer(leaf, ctx, ptr, len); + btrfs_mark_buffer_dirty(trans, leaf); + btrfs_release_path(path); + + if (fs_data) + return ret; + + BTRFS_I(inode)->flags |= BTRFS_INODE_ENCRYPT; + btrfs_sync_inode_flags_to_i_flags(inode); + inode_inc_iversion(inode); + inode_set_ctime_current(inode); + ret = btrfs_update_inode(trans, BTRFS_I(inode)); + if (ret) + goto out_abort; + btrfs_free_path(path); + btrfs_end_transaction(trans); + return 0; +out_abort: + btrfs_abort_transaction(trans, ret); +out_err: + if (!fs_data) + btrfs_end_transaction(trans); + btrfs_free_path(path); + return ret; +} + +static bool btrfs_fscrypt_empty_dir(struct inode *inode) +{ + return inode->i_size == BTRFS_EMPTY_DIR_SIZE; +} const struct fscrypt_operations btrfs_fscrypt_ops = { + .get_context = btrfs_fscrypt_get_context, + .set_context = btrfs_fscrypt_set_context, + .empty_dir = btrfs_fscrypt_empty_dir, }; diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 7f4e6888bd43..80adb7e56826 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -5,6 +5,8 @@ #include +#include "fs.h" + extern const struct fscrypt_operations btrfs_fscrypt_ops; #endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 5f682a7aa761..4999ae1db2a3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -62,6 +62,7 @@ #include "defrag.h" #include "dir-item.h" #include "file-item.h" +#include "fscrypt.h" #include "uuid-tree.h" #include "ioctl.h" #include "file.h" @@ -6102,6 +6103,9 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, struct inode *inode = args->inode; int ret; + if (fscrypt_is_nokey_name(args->dentry)) + return -ENOKEY; + if (!args->orphan) { ret = fscrypt_setup_filename(dir, &args->dentry->d_name, 0, &args->fname); @@ -6137,6 +6141,9 @@ int btrfs_new_inode_prepare(struct btrfs_new_inode_args *args, if (dir->i_security) (*trans_num_items)++; #endif + /* 1 to add fscrypt item */ + if (args->encrypt) + (*trans_num_items)++; if (args->orphan) { /* 1 to add orphan item */ (*trans_num_items)++; @@ -6322,6 +6329,11 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, BTRFS_I(inode)->i_otime_sec = ts.tv_sec; BTRFS_I(inode)->i_otime_nsec = ts.tv_nsec; + if (args->encrypt) { + BTRFS_I(inode)->flags |= BTRFS_INODE_ENCRYPT; + btrfs_sync_inode_flags_to_i_flags(inode); + } + /* * We're going to fill the inode item now, so at this point the inode * must be fully initialized. @@ -6396,6 +6408,13 @@ int btrfs_create_new_inode(struct btrfs_trans_handle *trans, goto discard; } } + if (args->encrypt) { + ret = fscrypt_set_context(inode, trans); + if (ret) { + btrfs_abort_transaction(trans, ret); + goto discard; + } + } inode_tree_add(BTRFS_I(inode)); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 3d476decde52..c333a49e5bad 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -156,6 +156,8 @@ static unsigned int btrfs_inode_flags_to_fsflags(struct btrfs_inode *binode) iflags |= FS_DIRSYNC_FL; if (flags & BTRFS_INODE_NODATACOW) iflags |= FS_NOCOW_FL; + if (flags & BTRFS_INODE_ENCRYPT) + iflags |= FS_ENCRYPT_FL; if (ro_flags & BTRFS_INODE_RO_VERITY) iflags |= FS_VERITY_FL; @@ -185,12 +187,14 @@ void btrfs_sync_inode_flags_to_i_flags(struct inode *inode) new_fl |= S_NOATIME; if (binode->flags & BTRFS_INODE_DIRSYNC) new_fl |= S_DIRSYNC; + if (binode->flags & BTRFS_INODE_ENCRYPT) + new_fl |= S_ENCRYPTED; if (binode->ro_flags & BTRFS_INODE_RO_VERITY) new_fl |= S_VERITY; set_mask_bits(&inode->i_flags, S_SYNC | S_APPEND | S_IMMUTABLE | S_NOATIME | S_DIRSYNC | - S_VERITY, new_fl); + S_VERITY | S_ENCRYPTED, new_fl); } /* @@ -203,7 +207,7 @@ static int check_fsflags(unsigned int old_flags, unsigned int flags) FS_NOATIME_FL | FS_NODUMP_FL | \ FS_SYNC_FL | FS_DIRSYNC_FL | \ FS_NOCOMP_FL | FS_COMPR_FL | - FS_NOCOW_FL)) + FS_NOCOW_FL | FS_ENCRYPT_FL)) return -EOPNOTSUPP; /* COMPR and NOCOMP on new/old are valid */ diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index d24e8e121507..f3fcca1c9449 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -164,6 +164,8 @@ #define BTRFS_VERITY_DESC_ITEM_KEY 36 #define BTRFS_VERITY_MERKLE_ITEM_KEY 37 +#define BTRFS_FSCRYPT_INODE_CTX_ITEM_KEY 41 + #define BTRFS_ORPHAN_ITEM_KEY 48 /* reserve 2-15 close to the inode for later flexibility */ @@ -424,6 +426,7 @@ static inline __u8 btrfs_dir_flags_to_ftype(__u8 flags) #define BTRFS_INODE_NOATIME (1U << 9) #define BTRFS_INODE_DIRSYNC (1U << 10) #define BTRFS_INODE_COMPRESS (1U << 11) +#define BTRFS_INODE_ENCRYPT (1U << 12) #define BTRFS_INODE_ROOT_ITEM_INIT (1U << 31) @@ -440,6 +443,7 @@ static inline __u8 btrfs_dir_flags_to_ftype(__u8 flags) BTRFS_INODE_NOATIME | \ BTRFS_INODE_DIRSYNC | \ BTRFS_INODE_COMPRESS | \ + BTRFS_INODE_ENCRYPT | \ BTRFS_INODE_ROOT_ITEM_INIT) #define BTRFS_INODE_RO_VERITY (1U << 0) @@ -1069,6 +1073,12 @@ enum { BTRFS_NR_FILE_EXTENT_TYPES = 3, }; +enum btrfs_encryption_type { + BTRFS_ENCRYPTION_NONE, + BTRFS_ENCRYPTION_FSCRYPT, + BTRFS_NR_ENCRYPTION_TYPES, +}; + struct btrfs_file_extent_item { /* * transaction id that created this extent From patchwork Wed Jan 24 17:18:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529461 Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C82282D7B for ; Wed, 24 Jan 2024 17:19:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116777; cv=none; b=R5efgI/UZUj6jPgLtRFTqzGIUgdGZJzCFehBcpBz9PydrP8HUGyLPGGHqxSclKq6yuQ+zJntzcOiF0oBE8+cjr0WNGBi/GwN7UCUPVcNahB57T2PiJJcXGNpzBo5d37F5J3dNq6e9UeTHPV/bexnL2F745GKSCsBgQ+cG5GSjJo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116777; c=relaxed/simple; bh=OlBHhKisUlPCrNnx9U+0wXpi8lJXa7vJWPFez8vMs0k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Cdbvicgbw0iTkIYs2iYcHZZ2w0zwwTvgx8gXuecrFwIF4lqG1lcVtFLr2aIcve+w+UvsejlwfMTynAWNkwNB9bYXnnLVRrF+7jH2qTyvZpFYACw8+MrL3OQKft1BplzR/Mt2GhhueeoOVqsRJXAFkj00xz71zU3x2y/O4hETCbE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=Er8S1GNR; arc=none smtp.client-ip=209.85.128.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="Er8S1GNR" Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-5ff7dd8d7ceso50975497b3.0 for ; Wed, 24 Jan 2024 09:19:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116775; x=1706721575; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=B90h+ogtiYX77+oD841lDmSgsgTD/UgNO6cKltWxjdk=; b=Er8S1GNRgQra2W8Ef3HyhC2TVcPX3WKq0UXzRCDVgLMGewpmMHRenSegkxdwNm7N7r DjyZWiqpe7Pga5AE+RiBGwpNYfxg8vHKceDbpm94xni2O2WEr0WRUcBx5zaekEaT6hSU zjhcMBurLqTsFvKleAwnJOU6GAqleBjLzrnQrsj3nMw4ZRFTcde4mQ7P911NjIH+LPda mz7E70NbTJCXGd7lPHaorqRwcQr1gUqSwgJTMJJj8iZf34zHHkfQJusqbclSm/xbndP4 LZNlYmL2JD04CrSSjy6aJkV3Pkzguinop6dv3UE+BtO4L7LrTOPmuuF1s9Y/VSNkmne3 lj7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116775; x=1706721575; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=B90h+ogtiYX77+oD841lDmSgsgTD/UgNO6cKltWxjdk=; b=Iq2UpM+Bs7S0HRy20Mg54jMsv5ih8Ow7Xgg/t6h6kT5622AMhaeVP7+CAmHZz7JJDA 2iCphsQRZLGZxoZeUznNFzct4kXErUYFHfn0EfpW9voOpJFK5wtLnsxbXSzbIlvEiRZ8 L/S/hXaa/k+ZT2RfLKJg5eotLJCpQqDBNdK7FIntxAzNbkZCduscGhZ2HSvCI0lhj+ym uKptlyq5U8Chsb4ojTWHKSTVvBLyGe4m2E0ESBJe2IO0Q44r4W9+rkGQBJShYBauxsJ7 xwr3O5SWjXjzdHvHOAFq8HRxF+b232KfbOe1W/1uu3FWO7uY5vAu97UXhZTiaViNoeX4 4Lcg== X-Gm-Message-State: AOJu0Yx5+FtLbaHNSQUlpuYvFOPfZtcNC0iGURN77vSF9WMunN9POAmT fE21j6pjRZPYxTBhZGMnbYBtj/5zjSgCw6HK5jImnRfIWuWklyOjUo5+Blcf7+lMRhGOlZt88gL 1 X-Google-Smtp-Source: AGHT+IE1JyRcZiCAeKUgBbJG3dRYafar61HDbvkTbNI+ammluJrx9CCeQW/xUVVzPOGQ7OYo41REug== X-Received: by 2002:a0d:e0c3:0:b0:5ff:7a74:412e with SMTP id j186-20020a0de0c3000000b005ff7a74412emr1147444ywe.38.1706116775115; Wed, 24 Jan 2024 09:19:35 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id ft9-20020a05690c360900b0060026481ad9sm73325ywb.0.2024.01.24.09.19.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:34 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 14/52] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Date: Wed, 24 Jan 2024 12:18:36 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval As encrypted files will be incompatible with older filesystem versions, new filesystems should be created with an incompat flag for fscrypt, which will gate access to the encryption ioctls. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/fs.h | 3 ++- fs/btrfs/super.c | 5 +++++ fs/btrfs/sysfs.c | 6 ++++++ include/uapi/linux/btrfs.h | 1 + 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/fs.h b/fs/btrfs/fs.h index f8bb73d6ab68..1340e71d026c 100644 --- a/fs/btrfs/fs.h +++ b/fs/btrfs/fs.h @@ -232,7 +232,8 @@ enum { #define BTRFS_FEATURE_INCOMPAT_SUPP \ (BTRFS_FEATURE_INCOMPAT_SUPP_STABLE | \ BTRFS_FEATURE_INCOMPAT_RAID_STRIPE_TREE | \ - BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2) + BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2 | \ + BTRFS_FEATURE_INCOMPAT_ENCRYPT) #else diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 33bd29fa2696..28fbe366717e 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2438,6 +2438,11 @@ static int __init btrfs_print_mod_info(void) ", fsverity=yes" #else ", fsverity=no" +#endif +#ifdef CONFIG_FS_ENCRYPTION + ", fscrypt=yes" +#else + ", fscrypt=no" #endif ; pr_info("Btrfs loaded%s\n", options); diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c index 84c05246ffd8..f75b00805462 100644 --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -304,6 +304,9 @@ BTRFS_FEAT_ATTR_INCOMPAT(raid_stripe_tree, RAID_STRIPE_TREE); #ifdef CONFIG_FS_VERITY BTRFS_FEAT_ATTR_COMPAT_RO(verity, VERITY); #endif +#ifdef CONFIG_FS_ENCRYPTION +BTRFS_FEAT_ATTR_INCOMPAT(encryption, ENCRYPT); +#endif /* CONFIG_FS_ENCRYPTION */ /* * Features which depend on feature bits and may differ between each fs. @@ -336,6 +339,9 @@ static struct attribute *btrfs_supported_feature_attrs[] = { #ifdef CONFIG_FS_VERITY BTRFS_FEAT_ATTR_PTR(verity), #endif +#ifdef CONFIG_FS_ENCRYPTION + BTRFS_FEAT_ATTR_PTR(encryption), +#endif /* CONFIG_FS_ENCRYPTION */ NULL }; diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h index f8bc34a6bcfa..25b01cf0a3b4 100644 --- a/include/uapi/linux/btrfs.h +++ b/include/uapi/linux/btrfs.h @@ -334,6 +334,7 @@ struct btrfs_ioctl_fs_info_args { #define BTRFS_FEATURE_INCOMPAT_ZONED (1ULL << 12) #define BTRFS_FEATURE_INCOMPAT_EXTENT_TREE_V2 (1ULL << 13) #define BTRFS_FEATURE_INCOMPAT_RAID_STRIPE_TREE (1ULL << 14) +#define BTRFS_FEATURE_INCOMPAT_ENCRYPT (1ULL << 15) #define BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA (1ULL << 16) struct btrfs_ioctl_feature_flags { From patchwork Wed Jan 24 17:18:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529462 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BBD7F85C68 for ; Wed, 24 Jan 2024 17:19:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; cv=none; b=mxsabf2h7Q4O3h4Bf+UV0bIhWHYXhWvOdeuYMLzgSyP9aWBxUDaVXsTFaOUM3daiztthyrk/5f6xvNMVR5v8Sy4vmGowIv/VhdEJVrKtGcsWHSAr6+w25RsZrAzPhgYLzY+sYwdHNtTDnTgjP17MtlVEdJdgwgWEx1WMJZ6s1n0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; c=relaxed/simple; bh=ptJCe7hhVq76TPB0bGTdBW6OQTar+EY9x4jyONcyLhI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Roa6IWwginqrd7Fbm6AlMkHx4KvfsocWKyL99QT5DJGqLzTn3p92I+J7iIYfTWvNpXzYDr9Uj7dja5yrKdTh/lnFP/oqFJBaYDqvPjLHs2rmjBCXonIlEgxWe5uH+KQc5wG0bF1/jehy78NWHnplF6ggXuGZtYss3lbHyIya1po= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=mzupIAa5; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="mzupIAa5" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-600273605a9so30183877b3.1 for ; Wed, 24 Jan 2024 09:19:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116776; x=1706721576; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hP8GjdbBRIu2C0n5JwKz88O+jt6xyl4XpJqWdjHU4hc=; b=mzupIAa5rYCXRLpNNM+Z7TrQa8Cr9JL1830qvIIOYY8B8SqDpPYRsIZXhdSPREG89D uCi5uZbEg2f9bf9PTlq8WAbpsd+tSlAcwRbJLyKRAGzpCcJgYVvd9kivBPgm5MijXLvD ca06sikByEg/BcxVfqhysg7S9HLASnCQp9d9Ta52NItVQJjILBiJ1bMjIN93dQqPZzxp o53r3psSTuNLvM6BNhbV3TK0BWxSTlydbE/zabaQ7PCoxzLFwdrUikvMhHSKYnkOM6Ga DDN9lqgINE5lUDbbHV9/a4gIzPzQA6c89w1eAF0xEjTgdZw7ea6LSAPOkY462UXMasUW xzfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116776; x=1706721576; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hP8GjdbBRIu2C0n5JwKz88O+jt6xyl4XpJqWdjHU4hc=; b=pEqzHySwN1jKSpqCTM1tw2HfWZ69IXsVJ9SfYipiKg7xb+mWX6pySoAudSfb6GJA2v +83eU3p0KFKmFn6IIe1K0BmoEVnEyUHjl2P2107/JyMwEpu8305ChwBvdCVFUWa3AsOa +fxFBibwoVjBCz6aF4v/Aw6/3l2fmYGEgIhizfqhkyFU/Ryu5VzdZ9GoI+RHJIjaSyC3 DFcW2+8+7fVti7kQukHs8iCrzSYidrLxANN/jpSb8ypH11lA2EhJP1agQz6NqsAq7Oyg zdN3b6If6Q1DGjN7IJCRNMIp4VJG14KPOMX4YqeW0lCvW4AQXxn96+V6eOjYSsqERrY/ 105A== X-Gm-Message-State: AOJu0Yz59YymUaK3MVsgpOvgm0W+4lvra1x/NOIKjs9Vy87dpRC7KNyU ThjfiVtHChAPJiQMJEwN8YlI2zUOcDf107vx+RCTmESE6b29GNsKj3U+DHMVKWKEUO9Qxpw5SJN O X-Google-Smtp-Source: AGHT+IFmG1zTlGTHFA64ZLVRcOVeMHsrm60k7B8ZVGrgkVmTY1Im1C5sij97aDgdeN4ItOSvS81Ccw== X-Received: by 2002:a81:5f88:0:b0:5e7:e9d9:9c39 with SMTP id t130-20020a815f88000000b005e7e9d99c39mr1270193ywb.58.1706116776309; Wed, 24 Jan 2024 09:19:36 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cl9-20020a05690c0c0900b005ff7957f298sm65843ywb.25.2024.01.24.09.19.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:35 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 15/52] btrfs: adapt readdir for encrypted and nokey names Date: Wed, 24 Jan 2024 12:18:37 -0500 Message-ID: <52b31cd6e5c86f8fe3d08ce65bca5f40c3ce5c5a.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval Deleting an encrypted file must always be permitted, even if the user does not have the appropriate key. Therefore, for listing an encrypted directory, so-called 'nokey' names are provided, and these nokey names must be sufficient to look up and delete the appropriate encrypted files. See 'struct fscrypt_nokey_name' for more information on the format of these names. The first part of supporting nokey names is allowing lookups by nokey name. Only a few entry points need to support these: deleting a directory, file, or subvolume -- each of these call fscrypt_setup_filename() with a '1' argument, indicating that the key is not required and therefore a nokey name may be provided. If a nokey name is provided, the fscrypt_name returned by fscrypt_setup_filename() will not have its disk_name field populated, but will have various other fields set. This change alters the relevant codepaths to pass a complete fscrypt_name anywhere that it might contain a nokey name. When it does contain a nokey name, the first time the name is successfully matched to a stored name populates the disk name field of the fscrypt_name, allowing the caller to use the normal disk name codepaths afterward. Otherwise, the matching functionality is in close analogue to the function fscrypt_match_name(). Functions where most callers are providing a fscrypt_str are duplicated and adapted for a fscrypt_name, and functions where most callers are providing a fscrypt_name are changed to so require at all callsites. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/btrfs_inode.h | 2 +- fs/btrfs/delayed-inode.c | 29 ++++++- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 77 ++++++++++++++++--- fs/btrfs/dir-item.h | 11 ++- fs/btrfs/extent_io.c | 41 ++++++++++ fs/btrfs/extent_io.h | 3 + fs/btrfs/fscrypt.c | 35 +++++++++ fs/btrfs/fscrypt.h | 19 +++++ fs/btrfs/inode.c | 158 ++++++++++++++++++++++++++------------- fs/btrfs/root-tree.c | 8 +- fs/btrfs/root-tree.h | 2 +- fs/btrfs/tree-log.c | 3 +- 13 files changed, 321 insertions(+), 73 deletions(-) diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h index 83de0909f460..f5b81969ff5d 100644 --- a/fs/btrfs/btrfs_inode.h +++ b/fs/btrfs/btrfs_inode.h @@ -433,7 +433,7 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry); int btrfs_set_inode_index(struct btrfs_inode *dir, u64 *index); int btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const struct fscrypt_str *name); + struct fscrypt_name *name); int btrfs_add_link(struct btrfs_trans_handle *trans, struct btrfs_inode *parent_inode, struct btrfs_inode *inode, const struct fscrypt_str *name, int add_backref, u64 index); diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c index 08102883f560..076106d392c1 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -1769,7 +1769,9 @@ int btrfs_should_delete_dir_index(struct list_head *del_list, /* * Read dir info stored in the delayed tree. */ -int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, +int btrfs_readdir_delayed_dir_index(struct inode *inode, + struct fscrypt_str *fstr, + struct dir_context *ctx, struct list_head *ins_list) { struct btrfs_dir_item *di; @@ -1779,6 +1781,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, int name_len; int over = 0; unsigned char d_type; + size_t fstr_len = fstr->len; /* * Changing the data of the delayed item is impossible. So @@ -1803,8 +1806,28 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, d_type = fs_ftype_to_dtype(btrfs_dir_flags_to_ftype(di->type)); btrfs_disk_key_to_cpu(&location, &di->location); - over = !dir_emit(ctx, name, name_len, - location.objectid, d_type); + if (di->type & BTRFS_FT_ENCRYPTED) { + int ret; + struct fscrypt_str iname = FSTR_INIT(name, name_len); + + fstr->len = fstr_len; + /* + * The hash is only used when the encryption key is not + * available. But if we have delayed insertions, then we + * must have the encryption key available or we wouldn't + * have been able to create entries in the directory. + * So, we don't calculate the hash. + */ + ret = fscrypt_fname_disk_to_usr(inode, 0, 0, &iname, + fstr); + if (ret) + return ret; + over = !dir_emit(ctx, fstr->name, fstr->len, + location.objectid, d_type); + } else { + over = !dir_emit(ctx, name, name_len, location.objectid, + d_type); + } if (refcount_dec_and_test(&curr->refs)) kfree(curr); diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h index 5cceb31bbd16..d369f6997df7 100644 --- a/fs/btrfs/delayed-inode.h +++ b/fs/btrfs/delayed-inode.h @@ -16,6 +16,8 @@ #include #include "ctree.h" +struct fscrypt_str; + enum btrfs_delayed_item_type { BTRFS_DELAYED_INSERTION_ITEM, BTRFS_DELAYED_DELETION_ITEM @@ -155,7 +157,9 @@ void btrfs_readdir_put_delayed_items(struct inode *inode, struct list_head *del_list); int btrfs_should_delete_dir_index(struct list_head *del_list, u64 index); -int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, +int btrfs_readdir_delayed_dir_index(struct inode *inode, + struct fscrypt_str *fstr, + struct dir_context *ctx, struct list_head *ins_list); /* Used during directory logging. */ diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index 9c07d5c3e5ad..a64cfddff7f0 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -6,6 +6,7 @@ #include "messages.h" #include "ctree.h" #include "disk-io.h" +#include "fscrypt.h" #include "transaction.h" #include "accessors.h" #include "dir-item.h" @@ -230,6 +231,47 @@ struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, return di; } +/* + * Lookup for a directory item by fscrypt_name. + * + * @trans: The transaction handle to use. + * @root: The root of the target tree. + * @path: Path to use for the search. + * @dir: The inode number (objectid) of the directory. + * @name: The fscrypt_name associated to the directory entry + * @mod: Used to indicate if the tree search is meant for a read only + * lookup or for a deletion lookup, so its value should be 0 or + * -1, respectively. + * + * Returns: NULL if the dir item does not exists, an error pointer if an error + * happened, or a pointer to a dir item if a dir item exists for the given name. + */ +struct btrfs_dir_item *btrfs_lookup_dir_item_fname(struct btrfs_trans_handle *trans, + struct btrfs_root *root, + struct btrfs_path *path, u64 dir, + struct fscrypt_name *name, int mod) +{ + struct btrfs_key key; + struct btrfs_dir_item *di = NULL; + int ret = 0; + + key.objectid = dir; + key.type = BTRFS_DIR_ITEM_KEY; + key.offset = btrfs_name_hash(name->disk_name.name, name->disk_name.len); + /* XXX get the right hash for no-key names */ + + ret = btrfs_search_slot(trans, root, &key, path, mod, -mod); + if (ret == 0) + di = btrfs_match_dir_item_fname(root->fs_info, path, name); + + if (ret == -ENOENT || (di && IS_ERR(di) && PTR_ERR(di) == -ENOENT)) + return NULL; + if (ret < 0) + di = ERR_PTR(ret); + + return di; +} + int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, const struct fscrypt_str *name) { @@ -287,9 +329,9 @@ int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, } /* - * Lookup for a directory index item by name and index number. + * Lookup for a directory index item by fscrypt_name and index number. * - * @trans: The transaction handle to use. Can be NULL if @mod is 0. + * @trans: The transaction handle to use. * @root: The root of the target tree. * @path: Path to use for the search. * @dir: The inode number (objectid) of the directory. @@ -327,7 +369,7 @@ btrfs_lookup_dir_index_item(struct btrfs_trans_handle *trans, struct btrfs_dir_item * btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, - u64 dirid, const struct fscrypt_str *name) + u64 dirid, struct fscrypt_name *name) { struct btrfs_dir_item *di; struct btrfs_key key; @@ -340,9 +382,7 @@ btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, btrfs_for_each_slot(root, &key, &key, path, ret) { if (key.objectid != dirid || key.type != BTRFS_DIR_INDEX_KEY) break; - - di = btrfs_match_dir_item_name(root->fs_info, path, - name->name, name->len); + di = btrfs_match_dir_item_fname(root->fs_info, path, name); if (di) return di; } @@ -378,9 +418,9 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, * this walks through all the entries in a dir item and finds one * for a specific name. */ -struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, - struct btrfs_path *path, - const char *name, int name_len) +struct btrfs_dir_item *btrfs_match_dir_item_fname(struct btrfs_fs_info *fs_info, + struct btrfs_path *path, + struct fscrypt_name *name) { struct btrfs_dir_item *dir_item; unsigned long name_ptr; @@ -399,8 +439,8 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, btrfs_dir_data_len(leaf, dir_item); name_ptr = (unsigned long)(dir_item + 1); - if (btrfs_dir_name_len(leaf, dir_item) == name_len && - memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0) + if (btrfs_fscrypt_match_name(name, leaf, name_ptr, + btrfs_dir_name_len(leaf, dir_item))) return dir_item; cur += this_len; @@ -410,6 +450,21 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, return NULL; } +/* + * helper function to look at the directory item pointed to by 'path' + * this walks through all the entries in a dir item and finds one + * for a specific name. + */ +struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, + struct btrfs_path *path, + const char *name, int name_len) +{ + struct fscrypt_name fname = { + .disk_name = FSTR_INIT((char *) name, name_len) + }; + return btrfs_match_dir_item_fname(fs_info, path, &fname); +} + /* * given a pointer into a directory item, delete it. This * handles items that have more than one entry in them. diff --git a/fs/btrfs/dir-item.h b/fs/btrfs/dir-item.h index e40a226373d7..1d6ab8c3b879 100644 --- a/fs/btrfs/dir-item.h +++ b/fs/btrfs/dir-item.h @@ -6,6 +6,7 @@ #include struct fscrypt_str; +struct fscrypt_name; int btrfs_check_dir_item_collision(struct btrfs_root *root, u64 dir, const struct fscrypt_str *name); @@ -16,6 +17,11 @@ struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, u64 dir, const struct fscrypt_str *name, int mod); +struct btrfs_dir_item *btrfs_lookup_dir_item_fname( + struct btrfs_trans_handle *trans, + struct btrfs_root *root, + struct btrfs_path *path, u64 dir, + struct fscrypt_name *name, int mod); struct btrfs_dir_item *btrfs_lookup_dir_index_item( struct btrfs_trans_handle *trans, struct btrfs_root *root, @@ -23,7 +29,7 @@ struct btrfs_dir_item *btrfs_lookup_dir_index_item( u64 index, const struct fscrypt_str *name, int mod); struct btrfs_dir_item *btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, u64 dirid, - const struct fscrypt_str *name); + struct fscrypt_name *name); int btrfs_delete_one_dir_name(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_path *path, @@ -42,6 +48,9 @@ struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_fs_info *fs_info, struct btrfs_path *path, const char *name, int name_len); +struct btrfs_dir_item *btrfs_match_dir_item_fname(struct btrfs_fs_info *fs_info, + struct btrfs_path *path, + struct fscrypt_name *name); static inline u64 btrfs_name_hash(const char *name, int len) { diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index c1b15a8efef5..19c4f0657098 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -4320,6 +4320,47 @@ static void assert_eb_folio_uptodate(const struct extent_buffer *eb, int i) } } +/* Take a sha256 of a portion of an extent buffer. */ +void extent_buffer_sha256(const struct extent_buffer *eb, + unsigned long start, + unsigned long len, u8 *out) +{ + size_t cur; + size_t offset; + char *kaddr; + unsigned long i = get_eb_folio_index(eb, start); + struct sha256_state sctx; + + if (check_eb_range(eb, start, len)) + return; + + if (eb->addr) { + sha256(eb->addr + start, len, out); + return; + } + + offset = get_eb_offset_in_folio(eb, start); + + /* + * TODO: This should maybe be using the crypto API, not the fallback, + * but fscrypt uses the fallback and this is only used in emulation of + * fscrypt's buffer sha256 method. + */ + sha256_init(&sctx); + while (len > 0) { + assert_eb_folio_uptodate(eb, i); + + cur = min(len, PAGE_SIZE - offset); + kaddr = folio_address(eb->folios[i]); + sha256_update(&sctx, (u8 *)(kaddr + offset), cur); + + len -= cur; + offset = 0; + i++; + } + sha256_final(&sctx, out); +} + static void __write_extent_buffer(const struct extent_buffer *eb, const void *srcv, unsigned long start, unsigned long len, bool use_memmove) diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h index 4437607f2b06..80f40f027f1e 100644 --- a/fs/btrfs/extent_io.h +++ b/fs/btrfs/extent_io.h @@ -287,6 +287,9 @@ static inline int extent_buffer_uptodate(const struct extent_buffer *eb) int memcmp_extent_buffer(const struct extent_buffer *eb, const void *ptrv, unsigned long start, unsigned long len); +void extent_buffer_sha256(const struct extent_buffer *eb, + unsigned long start, + unsigned long len, u8 *out); void read_extent_buffer(const struct extent_buffer *eb, void *dst, unsigned long start, unsigned long len); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 3f82352662e6..8f22c5f257ff 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -1,17 +1,52 @@ // SPDX-License-Identifier: GPL-2.0 #include +#include #include "ctree.h" #include "accessors.h" #include "btrfs_inode.h" #include "disk-io.h" +#include "ioctl.h" #include "fs.h" #include "fscrypt.h" #include "ioctl.h" #include "messages.h" +#include "root-tree.h" #include "transaction.h" #include "xattr.h" +/* + * This function is extremely similar to fscrypt_match_name() but uses an + * extent_buffer. + */ +bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, + struct extent_buffer *leaf, unsigned long de_name, + u32 de_name_len) +{ + const struct fscrypt_nokey_name *nokey_name = + (const struct fscrypt_nokey_name *)fname->crypto_buf.name; + u8 digest[SHA256_DIGEST_SIZE]; + + if (likely(fname->disk_name.name)) { + if (de_name_len != fname->disk_name.len) + return false; + return !memcmp_extent_buffer(leaf, fname->disk_name.name, + de_name, de_name_len); + } + + if (de_name_len <= sizeof(nokey_name->bytes)) + return false; + + if (memcmp_extent_buffer(leaf, nokey_name->bytes, de_name, + sizeof(nokey_name->bytes))) + return false; + + extent_buffer_sha256(leaf, de_name + sizeof(nokey_name->bytes), + de_name_len - sizeof(nokey_name->bytes), digest); + + return !memcmp(digest, nokey_name->sha256, sizeof(digest)); +} + static int btrfs_fscrypt_get_context(struct inode *inode, void *ctx, size_t len) { struct btrfs_key key = { diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 80adb7e56826..1647bbbcd609 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -4,9 +4,28 @@ #define BTRFS_FSCRYPT_H #include +#include "extent_io.h" #include "fs.h" +#ifdef CONFIG_FS_ENCRYPTION +bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, + struct extent_buffer *leaf, + unsigned long de_name, u32 de_name_len); + +#else +static inline bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, + struct extent_buffer *leaf, + unsigned long de_name, + u32 de_name_len) +{ + if (de_name_len != fname_len(fname)) + return false; + return !memcmp_extent_buffer(leaf, fname->disk_name.name, de_name, + de_name_len); +} +#endif /* CONFIG_FS_ENCRYPTION */ + extern const struct fscrypt_operations btrfs_fscrypt_ops; #endif /* BTRFS_FSCRYPT_H */ diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4999ae1db2a3..5db3a92688fb 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -4053,7 +4053,7 @@ int btrfs_update_inode_fallback(struct btrfs_trans_handle *trans, static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const struct fscrypt_str *name, + struct fscrypt_name *name, struct btrfs_rename_ctx *rename_ctx) { struct btrfs_root *root = dir->root; @@ -4071,7 +4071,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, goto out; } - di = btrfs_lookup_dir_item(trans, root, path, dir_ino, name, -1); + di = btrfs_lookup_dir_item_fname(trans, root, path, dir_ino, name, -1); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto err; @@ -4099,11 +4099,14 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, } } - ret = btrfs_del_inode_ref(trans, root, name, ino, dir_ino, &index); + ret = btrfs_del_inode_ref(trans, root, &name->disk_name, ino, dir_ino, + &index); if (ret) { + /* This should print a base-64 encoded name if relevant? */ btrfs_info(fs_info, "failed to delete reference to %.*s, inode %llu parent %llu", - name->len, name->name, ino, dir_ino); + name->disk_name.len, name->disk_name.name, ino, + dir_ino); btrfs_abort_transaction(trans, ret); goto err; } @@ -4124,8 +4127,10 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, * operations on the log tree, increasing latency for applications. */ if (!rename_ctx) { - btrfs_del_inode_ref_in_log(trans, root, name, inode, dir_ino); - btrfs_del_dir_entries_in_log(trans, root, name, dir, index); + btrfs_del_inode_ref_in_log(trans, root, &name->disk_name, + inode, dir_ino); + btrfs_del_dir_entries_in_log(trans, root, &name->disk_name, + dir, index); } /* @@ -4143,7 +4148,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, if (ret) goto out; - btrfs_i_size_write(dir, dir->vfs_inode.i_size - name->len * 2); + btrfs_i_size_write(dir, dir->vfs_inode.i_size - name->disk_name.len * 2); inode_inc_iversion(&inode->vfs_inode); inode_inc_iversion(&dir->vfs_inode); inode_set_mtime_to_ts(&dir->vfs_inode, inode_set_ctime_current(&dir->vfs_inode)); @@ -4154,7 +4159,7 @@ static int __btrfs_unlink_inode(struct btrfs_trans_handle *trans, int btrfs_unlink_inode(struct btrfs_trans_handle *trans, struct btrfs_inode *dir, struct btrfs_inode *inode, - const struct fscrypt_str *name) + struct fscrypt_name *name) { int ret; @@ -4205,7 +4210,7 @@ static int btrfs_unlink(struct inode *dir, struct dentry *dentry) false); ret = btrfs_unlink_inode(trans, BTRFS_I(dir), BTRFS_I(d_inode(dentry)), - &fname.disk_name); + &fname); if (ret) goto end_trans; @@ -4242,8 +4247,6 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, if (ret) return ret; - /* This needs to handle no-key deletions later on */ - if (btrfs_ino(inode) == BTRFS_FIRST_FREE_OBJECTID) { objectid = inode->root->root_key.objectid; } else if (btrfs_ino(inode) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) { @@ -4260,8 +4263,8 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, goto out; } - di = btrfs_lookup_dir_item(trans, root, path, dir_ino, - &fname.disk_name, -1); + di = btrfs_lookup_dir_item_fname(trans, root, path, dir_ino, + &fname, -1); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto out; @@ -4287,7 +4290,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, * call btrfs_del_root_ref, and it _shouldn't_ fail. */ if (btrfs_ino(inode) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) { - di = btrfs_search_dir_index_item(root, path, dir_ino, &fname.disk_name); + di = btrfs_search_dir_index_item(root, path, dir_ino, &fname); if (IS_ERR_OR_NULL(di)) { if (!di) ret = -ENOENT; @@ -4304,7 +4307,7 @@ static int btrfs_unlink_subvol(struct btrfs_trans_handle *trans, } else { ret = btrfs_del_root_ref(trans, objectid, root->root_key.objectid, dir_ino, - &index, &fname.disk_name); + &index, &fname); if (ret) { btrfs_abort_transaction(trans, ret); goto out; @@ -4631,7 +4634,7 @@ static int btrfs_rmdir(struct inode *dir, struct dentry *dentry) /* now the directory is empty */ err = btrfs_unlink_inode(trans, BTRFS_I(dir), BTRFS_I(d_inode(dentry)), - &fname.disk_name); + &fname); if (!err) { btrfs_i_size_write(BTRFS_I(inode), 0); /* @@ -5337,32 +5340,23 @@ void btrfs_evict_inode(struct inode *inode) * If no dir entries were found, returns -ENOENT. * If found a corrupted location in dir entry, returns -EUCLEAN. */ -static int btrfs_inode_by_name(struct btrfs_inode *dir, struct dentry *dentry, +static int btrfs_inode_by_name(struct btrfs_inode *dir, + struct fscrypt_name *fname, struct btrfs_key *location, u8 *type) { struct btrfs_dir_item *di; struct btrfs_path *path; struct btrfs_root *root = dir->root; int ret = 0; - struct fscrypt_name fname; path = btrfs_alloc_path(); if (!path) return -ENOMEM; - ret = fscrypt_setup_filename(&dir->vfs_inode, &dentry->d_name, 1, &fname); - if (ret < 0) - goto out; - /* - * fscrypt_setup_filename() should never return a positive value, but - * gcc on sparc/parisc thinks it can, so assert that doesn't happen. - */ - ASSERT(ret == 0); - /* This needs to handle no-key deletions later on */ - di = btrfs_lookup_dir_item(NULL, root, path, btrfs_ino(dir), - &fname.disk_name, 0); + di = btrfs_lookup_dir_item_fname(NULL, root, path, btrfs_ino(dir), + fname, 0); if (IS_ERR_OR_NULL(di)) { ret = di ? PTR_ERR(di) : -ENOENT; goto out; @@ -5374,13 +5368,13 @@ static int btrfs_inode_by_name(struct btrfs_inode *dir, struct dentry *dentry, ret = -EUCLEAN; btrfs_warn(root->fs_info, "%s gets something invalid in DIR_ITEM (name %s, directory ino %llu, location(%llu %u %llu))", - __func__, fname.disk_name.name, btrfs_ino(dir), - location->objectid, location->type, location->offset); + __func__, fname->usr_fname->name, + btrfs_ino(dir), location->objectid, + location->type, location->offset); } if (!ret) *type = btrfs_dir_ftype(path->nodes[0], di); out: - fscrypt_free_filename(&fname); btrfs_free_path(path); return ret; } @@ -5658,20 +5652,27 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) struct btrfs_root *root = BTRFS_I(dir)->root; struct btrfs_root *sub_root = root; struct btrfs_key location; + struct fscrypt_name fname; u8 di_type = 0; int ret = 0; if (dentry->d_name.len > BTRFS_NAME_LEN) return ERR_PTR(-ENAMETOOLONG); - ret = btrfs_inode_by_name(BTRFS_I(dir), dentry, &location, &di_type); - if (ret < 0) + ret = fscrypt_prepare_lookup(dir, dentry, &fname); + if (ret) return ERR_PTR(ret); + ret = btrfs_inode_by_name(BTRFS_I(dir), &fname, &location, &di_type); + if (ret < 0) { + inode = ERR_PTR(ret); + goto cleanup; + } + if (location.type == BTRFS_INODE_ITEM_KEY) { inode = btrfs_iget(dir->i_sb, location.objectid, root); if (IS_ERR(inode)) - return inode; + goto cleanup; /* Do extra check against inode mode with di_type */ if (btrfs_inode_type(inode) != di_type) { @@ -5680,9 +5681,10 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) inode->i_mode, btrfs_inode_type(inode), di_type); iput(inode); - return ERR_PTR(-EUCLEAN); + inode = ERR_PTR(-EUCLEAN); + goto cleanup; } - return inode; + goto cleanup; } ret = fixup_tree_root_location(fs_info, BTRFS_I(dir), dentry, @@ -5697,7 +5699,7 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) btrfs_put_root(sub_root); if (IS_ERR(inode)) - return inode; + goto cleanup; down_read(&fs_info->cleanup_work_sem); if (!sb_rdonly(inode->i_sb)) @@ -5709,6 +5711,8 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) } } +cleanup: + fscrypt_free_filename(&fname); return inode; } @@ -5897,18 +5901,32 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) LIST_HEAD(del_list); int ret; char *name_ptr; - int name_len; + u32 name_len; int entries = 0; int total_len = 0; bool put = false; struct btrfs_key location; + struct fscrypt_str fstr = FSTR_INIT(NULL, 0); + u32 fstr_len = 0; if (!dir_emit_dots(file, ctx)) return 0; + if (BTRFS_I(inode)->flags & BTRFS_INODE_ENCRYPT) { + ret = fscrypt_prepare_readdir(inode); + if (ret) + return ret; + ret = fscrypt_fname_alloc_buffer(BTRFS_NAME_LEN, &fstr); + if (ret) + return ret; + fstr_len = fstr.len; + } + path = btrfs_alloc_path(); - if (!path) - return -ENOMEM; + if (!path) { + ret = -ENOMEM; + goto err_fstr; + } addr = private->filldir_buf; path->reada = READA_FORWARD; @@ -5925,6 +5943,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) struct dir_entry *entry; struct extent_buffer *leaf = path->nodes[0]; u8 ftype; + u32 nokey_len; if (found_key.objectid != key.objectid) break; @@ -5938,8 +5957,13 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) continue; di = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dir_item); name_len = btrfs_dir_name_len(leaf, di); - if ((total_len + sizeof(struct dir_entry) + name_len) >= - PAGE_SIZE) { + nokey_len = DIV_ROUND_UP(name_len * 4, 3); + /* + * If name is encrypted, and we don't have the key, we could + * need up to 4/3rds the bytes to print it. + */ + if ((total_len + sizeof(struct dir_entry) + nokey_len) + >= PAGE_SIZE) { btrfs_release_path(path); ret = btrfs_filldir(private->filldir_buf, entries, ctx); if (ret) @@ -5953,8 +5977,36 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) ftype = btrfs_dir_flags_to_ftype(btrfs_dir_flags(leaf, di)); entry = addr; name_ptr = (char *)(entry + 1); - read_extent_buffer(leaf, name_ptr, - (unsigned long)(di + 1), name_len); + if (btrfs_dir_flags(leaf, di) & BTRFS_FT_ENCRYPTED) { + struct fscrypt_str oname = FSTR_INIT(name_ptr, + nokey_len); + u32 hash = 0, minor_hash = 0; + + read_extent_buffer(leaf, fstr.name, + (unsigned long)(di + 1), name_len); + fstr.len = name_len; + /* + * We're iterating through DIR_INDEX items, so we don't + * have the DIR_ITEM hash handy. Only compute it if + * we'll need it -- the nokey name stores it, so that + * we can look up the appropriate item by nokey name + * later on. + */ + if (!fscrypt_has_encryption_key(inode)) { + u64 name_hash = btrfs_name_hash(fstr.name, + fstr.len); + hash = name_hash; + minor_hash = name_hash >> 32; + } + ret = fscrypt_fname_disk_to_usr(inode, hash, minor_hash, + &fstr, &oname); + if (ret) + goto err; + name_len = oname.len; + } else { + read_extent_buffer(leaf, name_ptr, + (unsigned long)(di + 1), name_len); + } put_unaligned(name_len, &entry->name_len); put_unaligned(fs_ftype_to_dtype(ftype), &entry->type); btrfs_dir_item_key_to_cpu(leaf, di, &location); @@ -5974,7 +6026,8 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (ret) goto nopos; - ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list); + fstr.len = fstr_len; + ret = btrfs_readdir_delayed_dir_index(inode, &fstr, ctx, &ins_list); if (ret) goto nopos; @@ -6005,6 +6058,8 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) if (put) btrfs_readdir_put_delayed_items(inode, &ins_list, &del_list); btrfs_free_path(path); +err_fstr: + fscrypt_fname_free_buffer(&fstr); return ret; } @@ -6463,6 +6518,7 @@ int btrfs_add_link(struct btrfs_trans_handle *trans, struct btrfs_root *root = parent_inode->root; u64 ino = btrfs_ino(inode); u64 parent_ino = btrfs_ino(parent_inode); + struct fscrypt_name fname = { .disk_name = *name }; if (unlikely(ino == BTRFS_FIRST_FREE_OBJECTID)) { memcpy(&key, &inode->root->root_key, sizeof(key)); @@ -6518,7 +6574,7 @@ int btrfs_add_link(struct btrfs_trans_handle *trans, int err; err = btrfs_del_root_ref(trans, key.objectid, root->root_key.objectid, parent_ino, - &local_index, name); + &local_index, &fname); if (err) btrfs_abort_transaction(trans, err); } else if (add_backref) { @@ -8912,7 +8968,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, } else { /* src is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(old_dir), BTRFS_I(old_dentry->d_inode), - old_name, &old_rename_ctx); + &old_fname, &old_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, BTRFS_I(old_inode)); } @@ -8927,7 +8983,7 @@ static int btrfs_rename_exchange(struct inode *old_dir, } else { /* dest is an inode */ ret = __btrfs_unlink_inode(trans, BTRFS_I(new_dir), BTRFS_I(new_dentry->d_inode), - new_name, &new_rename_ctx); + &new_fname, &new_rename_ctx); if (!ret) ret = btrfs_update_inode(trans, BTRFS_I(new_inode)); } @@ -9172,7 +9228,7 @@ static int btrfs_rename(struct mnt_idmap *idmap, } else { ret = __btrfs_unlink_inode(trans, BTRFS_I(old_dir), BTRFS_I(d_inode(old_dentry)), - &old_fname.disk_name, &rename_ctx); + &old_fname, &rename_ctx); if (!ret) ret = btrfs_update_inode(trans, BTRFS_I(old_inode)); } @@ -9190,7 +9246,7 @@ static int btrfs_rename(struct mnt_idmap *idmap, } else { ret = btrfs_unlink_inode(trans, BTRFS_I(new_dir), BTRFS_I(d_inode(new_dentry)), - &new_fname.disk_name); + &new_fname); } if (!ret && new_inode->i_nlink == 0) ret = btrfs_orphan_add(trans, diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c index 603ad1459368..d131934123f5 100644 --- a/fs/btrfs/root-tree.c +++ b/fs/btrfs/root-tree.c @@ -10,6 +10,7 @@ #include "messages.h" #include "transaction.h" #include "disk-io.h" +#include "fscrypt.h" #include "print-tree.h" #include "qgroup.h" #include "space-info.h" @@ -334,7 +335,7 @@ int btrfs_del_root(struct btrfs_trans_handle *trans, int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, u64 ref_id, u64 dirid, u64 *sequence, - const struct fscrypt_str *name) + struct fscrypt_name *name) { struct btrfs_root *tree_root = trans->fs_info->tree_root; struct btrfs_path *path; @@ -356,13 +357,14 @@ int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, if (ret < 0) { goto out; } else if (ret == 0) { + u32 name_len; leaf = path->nodes[0]; ref = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_root_ref); ptr = (unsigned long)(ref + 1); + name_len = btrfs_root_ref_name_len(leaf, ref); if ((btrfs_root_ref_dirid(leaf, ref) != dirid) || - (btrfs_root_ref_name_len(leaf, ref) != name->len) || - memcmp_extent_buffer(leaf, name->name, ptr, name->len)) { + !btrfs_fscrypt_match_name(name, leaf, ptr, name_len)) { ret = -ENOENT; goto out; } diff --git a/fs/btrfs/root-tree.h b/fs/btrfs/root-tree.h index 8b2c3859e464..5ba7b36cf826 100644 --- a/fs/btrfs/root-tree.h +++ b/fs/btrfs/root-tree.h @@ -15,7 +15,7 @@ int btrfs_add_root_ref(struct btrfs_trans_handle *trans, u64 root_id, const struct fscrypt_str *name); int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, u64 ref_id, u64 dirid, u64 *sequence, - const struct fscrypt_str *name); + struct fscrypt_name *name); int btrfs_del_root(struct btrfs_trans_handle *trans, const struct btrfs_key *key); int btrfs_insert_root(struct btrfs_trans_handle *trans, struct btrfs_root *root, const struct btrfs_key *key, diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 916e54b91ecc..c1ceaed65622 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -901,9 +901,10 @@ static int unlink_inode_for_log_replay(struct btrfs_trans_handle *trans, struct btrfs_inode *inode, const struct fscrypt_str *name) { + struct fscrypt_name fname = { .disk_name = *name, }; int ret; - ret = btrfs_unlink_inode(trans, dir, inode, name); + ret = btrfs_unlink_inode(trans, dir, inode, &fname); if (ret) return ret; /* From patchwork Wed Jan 24 17:18:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529463 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9081886125 for ; Wed, 24 Jan 2024 17:19:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; cv=none; b=sCBlG4FZtGUltaLJY0yNSDunCppnZhNAR3HWVYN8p3wMxqE7J/M/tmn3WA5soW7E0CcKFqen5Mud7b8qrpwE7YtWJ2Z4kNMaQ7jeHq7mPVqSINzNfSR3mpuncPdtpBDhAaPmMZJp2zigeNnQWB6twJ7IqJO+x6urvHEih3kcON4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; c=relaxed/simple; bh=8UJoSISST2M8H9gQ4PbQmeMqipSq8kSVoYEai3riRBk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=e1FjB8MQcipwP9aTPlcBgtmKQNoHaDoCHHjt844D2vXpH1HDjzpPSipP76xNkJGy4lJsX5RJdnIaL7FVGZ2X1r4KJlEpMFoxszjDF8JkSbLeNWsjqm3Du3sVYRl3uJHOK6rO0fLm0aJmja5WPPD9voN5HmZ/f2D5Fod9p8OMoWw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=ZRGDiWri; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="ZRGDiWri" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-5ffcb478512so29556257b3.0 for ; Wed, 24 Jan 2024 09:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116777; x=1706721577; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Yw08K3DKsF3YQaIlHLn48T7ybYb2Lkz78eTR3CsHweU=; b=ZRGDiWrikjl23TOOICOUiIUgbBvj+U5usqhv1gUB3U4olTh6qJakjgvXs3jubAzWAR BrDu0IcCQ1/PToUo5pDJm4rvkX/449Q6Gcz0w4wYGRzu9wGDUUkJ+u6YzrGEuBfhnXlT szpmIpPdywRBSW99UM/8wcm5pMdsuzx87qr6RcEieX4oBxssWi03yQeJ6wzgPUXT2AqB R3bJdWgPphzgJ4MSH/lBoyO/UWrMWyIJ4eJVFUN+CVwOAX/fK+ck+hiwY0bMcq8rqxx2 0ie9Ta3/IdhfWn8PKs/3mEOTI/wiX+WavKz0e8BYKv1+6XXE3x95BGF6T+g64uSNV6vF Im1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116777; x=1706721577; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Yw08K3DKsF3YQaIlHLn48T7ybYb2Lkz78eTR3CsHweU=; b=B9qtmHTYQwBvYYi5m1WbGgUNVyUBp+0S/uFUVdSiZCzxDBPh6IBxKQYJq83nEAiyex ch+qglNsuRhKPpsuRnoxs6QYVcLprGRXF00EH8VckSI+eiXWxSajXv6QyLetAE9hRPLl f1AKU1DkRA6St0BKQ5JM/e/ter0AJIZyzfOSeLBhRNplK998Eh/z/wDKKP4sJDrGkgHJ jZmFh7lDfeHOlZZJMpxNi7AdksoD4KqLT55Gh85LA43yCSNe5jnApJvGxH7ZkOK+aJlK WBe9HODXPML196cw2HaTOAZVuacGiLCUOKhEI+yWCa1U38s9gomt24adwJ2nB0dHR6Fw iJaQ== X-Gm-Message-State: AOJu0Yz/HMXv+dAiTmdhlfVRzXQkuW1cjjWYofYW7FxE+YZXvag5H/vX ij9DKNJzMcpCIpvrqb71xosEyadJ28J291UalnqyGOLihMtBklKVQjvG7Shv/dQPFAxqlYvNlKb G X-Google-Smtp-Source: AGHT+IFCMr9yl08HMQDcZfFxxUuPljZ5OvjBKsYB9bK8WwCNfrSMF55DaB1JgFMK4FDOZLPKiN4tVQ== X-Received: by 2002:a81:a18d:0:b0:602:ac9e:d626 with SMTP id y135-20020a81a18d000000b00602ac9ed626mr166588ywg.21.1706116777214; Wed, 24 Jan 2024 09:19:37 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id o129-20020a817387000000b006000b154233sm61603ywc.89.2024.01.24.09.19.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:36 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 16/52] btrfs: handle nokey names. Date: Wed, 24 Jan 2024 12:18:38 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy For encrypted or unencrypted names, we calculate the offset for the dir item by hashing the name for the dir item. However, this doesn't work for a long nokey name, where we do not have the complete ciphertext. Instead, fscrypt stores the filesystem-provided hash in the nokey name, and we can extract it from the fscrypt_name structure in such a case. Additionally, for nokey names, if we find the nokey name on disk we can update the fscrypt_name with the disk name, so add that to searching for diritems. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/dir-item.c | 37 +++++++++++++++++++++++++++++++++++-- fs/btrfs/fscrypt.c | 27 +++++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 11 +++++++++++ 3 files changed, 73 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c index a64cfddff7f0..897fb5477369 100644 --- a/fs/btrfs/dir-item.c +++ b/fs/btrfs/dir-item.c @@ -231,6 +231,28 @@ struct btrfs_dir_item *btrfs_lookup_dir_item(struct btrfs_trans_handle *trans, return di; } +/* + * If appropriate, populate the disk name for a fscrypt_name looked up without + * a key. + * + * @path: The path to the extent buffer in which the name was found. + * @di: The dir item corresponding. + * @fname: The fscrypt_name to perhaps populate. + * + * Returns: 0 if the name is already populated or the dir item doesn't exist + * or the name was successfully populated, else an error code. + */ +static int ensure_disk_name_from_dir_item(struct btrfs_path *path, + struct btrfs_dir_item *di, + struct fscrypt_name *name) +{ + if (name->disk_name.name || !di) + return 0; + + return btrfs_fscrypt_get_disk_name(path->nodes[0], di, + &name->disk_name); +} + /* * Lookup for a directory item by fscrypt_name. * @@ -257,8 +279,12 @@ struct btrfs_dir_item *btrfs_lookup_dir_item_fname(struct btrfs_trans_handle *tr key.objectid = dir; key.type = BTRFS_DIR_ITEM_KEY; - key.offset = btrfs_name_hash(name->disk_name.name, name->disk_name.len); - /* XXX get the right hash for no-key names */ + + if (!name->disk_name.name) + key.offset = name->hash | ((u64)name->minor_hash << 32); + else + key.offset = btrfs_name_hash(name->disk_name.name, + name->disk_name.len); ret = btrfs_search_slot(trans, root, &key, path, mod, -mod); if (ret == 0) @@ -266,6 +292,8 @@ struct btrfs_dir_item *btrfs_lookup_dir_item_fname(struct btrfs_trans_handle *tr if (ret == -ENOENT || (di && IS_ERR(di) && PTR_ERR(di) == -ENOENT)) return NULL; + if (ret == 0) + ret = ensure_disk_name_from_dir_item(path, di, name); if (ret < 0) di = ERR_PTR(ret); @@ -382,7 +410,12 @@ btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path, btrfs_for_each_slot(root, &key, &key, path, ret) { if (key.objectid != dirid || key.type != BTRFS_DIR_INDEX_KEY) break; + di = btrfs_match_dir_item_fname(root->fs_info, path, name); + if (di) + ret = ensure_disk_name_from_dir_item(path, di, name); + if (ret) + break; if (di) return di; } diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 8f22c5f257ff..c38e12eee279 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -15,6 +15,33 @@ #include "transaction.h" #include "xattr.h" +/* + * From a given location in a leaf, read a name into a qstr (usually a + * fscrypt_name's disk_name), allocating the required buffer. Used for + * nokey names. + */ +int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, + struct btrfs_dir_item *dir_item, + struct fscrypt_str *name) +{ + unsigned long de_name_len = btrfs_dir_name_len(leaf, dir_item); + unsigned long de_name = (unsigned long)(dir_item + 1); + /* + * For no-key names, we use this opportunity to find the disk + * name, so future searches don't need to deal with nokey names + * and we know what the encrypted size is. + */ + name->name = kmalloc(de_name_len, GFP_NOFS); + + if (!name->name) + return -ENOMEM; + + read_extent_buffer(leaf, name->name, de_name, de_name_len); + + name->len = de_name_len; + return 0; +} + /* * This function is extremely similar to fscrypt_match_name() but uses an * extent_buffer. diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 1647bbbcd609..c08fd52c99b4 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -9,11 +9,22 @@ #include "fs.h" #ifdef CONFIG_FS_ENCRYPTION +int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, + struct btrfs_dir_item *di, + struct fscrypt_str *qstr); + bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, struct extent_buffer *leaf, unsigned long de_name, u32 de_name_len); #else +static inline int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, + struct btrfs_dir_item *di, + struct fscrypt_str *qstr) +{ + return 0; +} + static inline bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, struct extent_buffer *leaf, unsigned long de_name, From patchwork Wed Jan 24 17:18:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529464 Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 815BA82D7B for ; Wed, 24 Jan 2024 17:19:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; cv=none; b=g/nX/EXYknQeh+tLPmzc67d3Cq9HE8Vr+ZDQPTFn/s/ESIPWAPdS+tZsHs67es7SqwE52I3RAp69G13jbQScY+1G1MG06Fu5gypum1D4RDwwyO4WcYV+oHVax67czAI495CZVAJzbaouiUsULn645GDXjrVbBVT9tOZ1JGIpeRQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116780; c=relaxed/simple; bh=P49GXiyKc8W4Lrn+MTF92Id+QL/2VKmBbIUOPcqatzY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=P/jXBJad+RqGeIyn1nmX1xxXW5XQx8VdfRTjjxs05V385uq8T+1/SIgXscsaZMTSymZvcxxRZt7Y8QfEp6IY2vm6kUFKxPzTIZSxUD4BTTkY+B/onoeXKBxKZi7+JdZSyztwIQgPwdG7q5KhkdiJa3oNR/EuPUBlLoMT3akngoY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=sp6l0TS1; arc=none smtp.client-ip=209.85.219.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="sp6l0TS1" Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-dc371d6eb5aso1817750276.0 for ; Wed, 24 Jan 2024 09:19:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116778; x=1706721578; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HNKcKJc9HZ2bbZfCnXMb9oy7iE+uI1bDr5JHtenpe6U=; b=sp6l0TS15nSqm6GoOKrayel9pD+OH18RzenVRNDCGE//e6LVM2t+jdogbfCh8xOxu6 Zl4ifFfU56lz2/+het0qW7LZ+uDL69Tfi5rmVPETGTE7KC6/Fx/jZCHl2sA7cZJ2aEIS 622PUc6evGD4v8yVWfzQ840coe8MRQ/roECBV6tfpi74z8CbZL4Z68cnV6o5meXPWYIt FsdHlSfQHQCfll/mVangFOF0rS122RT+AjizD5Ss4QLptOMsYIqp2uc04yUzOezMCbxb 7U3/DcD+vjAyLBbuKij/OvkowfUO8dW4Wn1+PLe/766urXyQ0MT2NEUTKLpMyoNZbUkH K9ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116778; x=1706721578; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HNKcKJc9HZ2bbZfCnXMb9oy7iE+uI1bDr5JHtenpe6U=; b=a9WqBnvNw6aY5PT/cHA/yMB4VG19/dnhU2x2y5iZf6zxW8NnrKDv+fe7laRv4tykw5 h+5AA73fSp+1Ng2J76rGzF3NLWG8YsGmIqvFyndxl+GQYTqfgFbCn3AblMz55r74NSCI qlVAn8b+nY1q5RblkQ8H0idtoReOEgv4iUIFyOKKUPsX668HrktMIzuieRXZ7ZatwjFh FKu0IEFEN+CW/LYBFXNEUcBNkcMtZya5zDAI5suy6az9X3LJ/zTT1SOUhM2WEFNKPTAz eTMtuNitr8dfzBBof3hjjT5eGwlFMm38gS2/iLzPOZ030jKKtVTcJAKt8BadhIWoaEYK Vilg== X-Gm-Message-State: AOJu0Yx6v9/xReUt/XN/G73xJpA8d2pTWHFWGGgOJvOYelOMboTVOaBr vHFR6SWPkvgsz/sa9g2zfNLqio7JBK+IO2IndMCjvacJT9+XYKWva9ZF0okYDizAJ4BExFXZx6u p X-Google-Smtp-Source: AGHT+IH8ht7DUP1Bie6l96yrNIxLySMaCSngiX1uLZt8JO16wy0dJeESEo3V8FMSogNpCH4ps62h/w== X-Received: by 2002:a25:df10:0:b0:dbe:351a:5221 with SMTP id w16-20020a25df10000000b00dbe351a5221mr765313ybg.123.1706116778217; Wed, 24 Jan 2024 09:19:38 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id s65-20020a25c244000000b00dc2310abe8bsm2959907ybf.38.2024.01.24.09.19.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:37 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Omar Sandoval , Sweet Tea Dorminy Subject: [PATCH v5 17/52] btrfs: implement fscrypt ioctls Date: Wed, 24 Jan 2024 12:18:39 -0500 Message-ID: <6182b77868d0c9f9447641f869658ef017c1f467.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Omar Sandoval These ioctls allow encryption to actually be used. The set_encryption_policy ioctl is the thing which actually turns on encryption, and therefore sets the ENCRYPT flag in the superblock. This prevents the filesystem from being loaded on older kernels. fscrypt provides CONFIG_FS_ENCRYPTION-disabled versions of all these functions which just return -EOPNOTSUPP, so the ioctls don't need to be compiled out if CONFIG_FS_ENCRYPTION isn't enabled. We could instead gate this ioctl on the superblock having the flag set, if we wanted to require mkfs with the encrypt flag in order to have a filesystem with any encryption. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c333a49e5bad..07c9e04cd0d8 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -4595,6 +4595,34 @@ long btrfs_ioctl(struct file *file, unsigned int return btrfs_ioctl_get_fslabel(fs_info, argp); case FS_IOC_SETFSLABEL: return btrfs_ioctl_set_fslabel(file, argp); + case FS_IOC_SET_ENCRYPTION_POLICY: { + if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) + return -EOPNOTSUPP; + if (sb_rdonly(fs_info->sb)) + return -EROFS; + /* + * If we crash before we commit, nothing encrypted could have + * been written so it doesn't matter whether the encrypted + * state persists. + */ + btrfs_set_fs_incompat(fs_info, ENCRYPT); + return fscrypt_ioctl_set_policy(file, (const void __user *)arg); + } + case FS_IOC_GET_ENCRYPTION_POLICY: + return fscrypt_ioctl_get_policy(file, (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_POLICY_EX: + return fscrypt_ioctl_get_policy_ex(file, (void __user *)arg); + case FS_IOC_ADD_ENCRYPTION_KEY: + return fscrypt_ioctl_add_key(file, (void __user *)arg); + case FS_IOC_REMOVE_ENCRYPTION_KEY: + return fscrypt_ioctl_remove_key(file, (void __user *)arg); + case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: + return fscrypt_ioctl_remove_key_all_users(file, + (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_KEY_STATUS: + return fscrypt_ioctl_get_key_status(file, (void __user *)arg); + case FS_IOC_GET_ENCRYPTION_NONCE: + return fscrypt_ioctl_get_nonce(file, (void __user *)arg); case FITRIM: return btrfs_ioctl_fitrim(fs_info, argp); case BTRFS_IOC_SNAP_CREATE: From patchwork Wed Jan 24 17:18:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529465 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BD927E79A for ; Wed, 24 Jan 2024 17:19:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116781; cv=none; b=K/jg/8eTdGGNE+puWl4fUopSLr3tfmgTEvO8dxHLbPt+pn3VgZiadhBb0zuhxNhAwZALpc7i7YxqjKSwMgIHuxjXUbx43oOcFypQ+EkKi1BMMLehbRbnHeIEsHxYqNsB5T+3DKSTC+LwbCDqu3Wup8rgaBrSPXcQrGuGQmX1ufE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116781; c=relaxed/simple; bh=NZRyzKRzNZ4Jx3CjS7t3Q2bBeJ7+CY5fV75V1z1QV3c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LSwb2lus8+Tz6FcNNQcfQ7CxoiFu2NbPId/9S32UQorxMKYp/StCAC0HsZsW8Ee+IUYxuUUoaZmMbfihUBZDqiHLF612qYBv/rpwzgA1cOxppv+DZ3m6tHH97EVsxrefIT2ApGnBb49tW63J9mekS20f8lhSNWG/1stATUP1vPM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=1mos43+D; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="1mos43+D" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-5ff7ec8772dso49931947b3.0 for ; Wed, 24 Jan 2024 09:19:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116779; x=1706721579; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Jy9agr8g7LNh5MpRHg1aNLlpzBp6ZezqPeMd1029Udo=; b=1mos43+D/RmmSJ5RZ8Jtb9HsHlTz0OlO29uBN9Eic6t/x3H9eG62jICfwNjr8dpEaf EGzjQx/kfwDegHkmLn1m6VNtAvmvLrVGno4Nn4Yk3PrBpru26bVvbOBlJrLnxCX2xHuj 4D14zaaNpozvwTW0mB7txHcPCcmkjm5Pb78Eqis7S+VoWklcZ8H+Og35rcP9XspdBJ8x hTDImO0nK72E3oslKdclK/AMHuuJ4gLadJrsrEOt9cKJePCE0RmyAmfMA/P2C2vCCG0M M0FN0WXA1SqhAtsl76QOO1/PCOvvq5HEU0O3bHcuoSTuD+kf7kVTUmLCyJhSX1V6hpNM sOAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116779; x=1706721579; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jy9agr8g7LNh5MpRHg1aNLlpzBp6ZezqPeMd1029Udo=; b=EuAEoFrEOmk2oYFZbbeA3UYtZrWzQV4ZRhW5DK058jLBV3ES9nsd7zJFdvOvzMHX/m nCUXAYZnRS7JVpzYkTFqaizNXJFCuNMlup6ZNPph3TGKwuIPCIRB0JwGL+hePTQc9FYl gISeLizBb8cIQMWpRdQb7BiEPMAuBgtQXBhxiKnoDbHHY4gTy2dScayRLc6GtpalcGzM mlMdDmix7tge+4dFAEy3DdZ9y9UQhcITRaik3GGziDXOnOKMSI7uQCTvyIsPDva+haod G3FaIwaWa99529SxZd74csF7Ihuk1FR16MsQPkxyuz0AhRGfQoSVR93RSzUY0qCHeWOo TUVw== X-Gm-Message-State: AOJu0YxVqUiI+VUYkdbhQN+wvg1aeGjUpuLWzGhHWc9Foq1SYqwA+sny ymLtY3JsWVffpGk1mDABEhRUqiJh0LGfJzYoyKDrfVGrjxLZ+P4iOrt0mr/44kjuBoql0yRNjqI W X-Google-Smtp-Source: AGHT+IFLR6VhFXCJZW6u8s6juTThWl/Limr7I+kO1XiEGx9xi6JAT694Cz+poX8K2oP+FtQx/o1VWQ== X-Received: by 2002:a81:4817:0:b0:5ff:4c01:c622 with SMTP id v23-20020a814817000000b005ff4c01c622mr1129698ywa.87.1706116779122; Wed, 24 Jan 2024 09:19:39 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id i6-20020a819106000000b005ffb11e67bdsm63881ywg.62.2024.01.24.09.19.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:38 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 18/52] btrfs: gate encryption behind BTRFS_DEBUG Date: Wed, 24 Jan 2024 12:18:40 -0500 Message-ID: <5134ab713b080f78b90eae46671596f72bbb1815.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy Since this is a disk format change and is currently in development, gate the fscrypt ioctls for btrfs behind BTRFS_DEBUG. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 07c9e04cd0d8..95e2615bba51 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -4595,6 +4595,7 @@ long btrfs_ioctl(struct file *file, unsigned int return btrfs_ioctl_get_fslabel(fs_info, argp); case FS_IOC_SETFSLABEL: return btrfs_ioctl_set_fslabel(file, argp); +#ifdef CONFIG_BTRFS_DEBUG case FS_IOC_SET_ENCRYPTION_POLICY: { if (!IS_ENABLED(CONFIG_FS_ENCRYPTION)) return -EOPNOTSUPP; @@ -4623,6 +4624,7 @@ long btrfs_ioctl(struct file *file, unsigned int return fscrypt_ioctl_get_key_status(file, (void __user *)arg); case FS_IOC_GET_ENCRYPTION_NONCE: return fscrypt_ioctl_get_nonce(file, (void __user *)arg); +#endif /* CONFIG_BTRFS_DEBUG */ case FITRIM: return btrfs_ioctl_fitrim(fs_info, argp); case BTRFS_IOC_SNAP_CREATE: From patchwork Wed Jan 24 17:18:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529466 Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6C698613E for ; Wed, 24 Jan 2024 17:19:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116783; cv=none; b=QsS05TWSJt2DO9h0c5LnSDHb4JZ7z8RxF30WPJIK44ZBBFE9n4FCgw02CG2wjBsaPKgks+kBnbi0skI7/seg7Tp3vzTeXxo2i9aI037CqQr6YaoNr7Fa/aJzrka8fSuR9yHXup8CkmG5wsHU587xVmvWCEzOYoVuo7FnuCh5gJ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116783; c=relaxed/simple; bh=oS1MgH3lRCEp8fVEefp9ekMiukrY2HcvdAkncIOGYfU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iADWCOQqjSLjGwAjqsDn0OHNHM2v7vPCUVmsD9A7YJcGc6le1WFhFEpYNDGmC860eAdXYQvNc+AELENOBfvSpL5ugXXC3RW2L+n7DYhg2/wnfi+Oq9rKJq7vf5C6gQLLOoNFpQXnLroYhV66thHgkpoEQ1rSj51WykbsmCywyKI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=EyUVMKIv; arc=none smtp.client-ip=209.85.128.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="EyUVMKIv" Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-5ebca94cf74so56422457b3.0 for ; Wed, 24 Jan 2024 09:19:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116780; x=1706721580; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XHv6I4cDHnW0vlMJvKGhfHAhzUDioGRjA/BiwZZacn8=; b=EyUVMKIv+bA416+8QO8K34J6OOkFRCqw2zUrTpVTMFp0k4yRjBYZlR96AErJwIs9bq BdRy15P9XR+PKKIM6eu91mB4/KRR6ZVpuuzDmTUmpETRL9Hw/7WJAjQUb0Hjerv76S0L TonAx24wKh6BjokN7CQ4g+Xr0bcFRTu1QuMx2MHfksdakm6MI0yUlz2LF117G+DJ+Xif X7/m+KTASxpEWHuHQ1MJku3h2zZA1kGcmgmM/BwdfBCMtniD8dOBGdUcxCx7vknU9ow8 y4lpAQirohp3fXw3+ntDxo73ZwknZlHzpvDNjTVeofudL9DARFk94upHKLiOH0f0Oiqx uG3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116780; x=1706721580; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XHv6I4cDHnW0vlMJvKGhfHAhzUDioGRjA/BiwZZacn8=; b=JCaqLXRRCeM8z6wiluCMpizSZXXxOI7qb7NDi3eXbqt8PJ1FMe2CLRMXMdBdr/+rV6 e0/0YdZVTRioWQ91fbxLmVSNkoSTSsSrB/E9oxc/E0fF2NfXr0XXkOnMKos95tNFyw1U VVdTa6CB5L33RJ7/2FHy8ZNSqKzoyQF46NKJfXDfJwIPc4xCRlUD5O9V6LDs+xBbbq26 BFosDpZfP9bbRgvlyIcu2RkIhNVSBWPYB35+mNld2yjoL5jDduTRL2J4CcvcGxg0wylX MjBDyUlOGbBtAC+hM7nXDneDcsqgO25af3QvW4phx9m/8ytKEwFyxmNJOaQOP5ExEJ/2 nC+Q== X-Gm-Message-State: AOJu0YwIoL5hRb2dNkgXfETvEzf9lYVYuVgcemVoU3h5BeiW5faYgTKc uMeFPJd+zFIasyj+zSqSZxSdd+A40FSEVJZpHhTeT6u8JMM22ClfUbt0vCUeyTWNR05btIj0lyY L X-Google-Smtp-Source: AGHT+IErcX6og+2r1vzuPuo+OGpClj7kBE9aYVeYCRTTlgCGlY2iHvIO2evIV2kxmQlPTcqMXmSzeg== X-Received: by 2002:a0d:f186:0:b0:5fa:82bd:8642 with SMTP id a128-20020a0df186000000b005fa82bd8642mr881366ywf.29.1706116780573; Wed, 24 Jan 2024 09:19:40 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id dt5-20020a05690c250500b005ca99793930sm65576ywb.20.2024.01.24.09.19.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:39 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 19/52] btrfs: select encryption dependencies if FS_ENCRYPTION Date: Wed, 24 Jan 2024 12:18:41 -0500 Message-ID: <396f5067b2551a9f2de4b439509e1a285985d358.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We need this to make sure the appropriate encryption algorithms are turned on in our config if we have FS_ENCRYPTION enabled, and additionally we only support inline encryption with the fallback block crypto, so we need to make sure we pull in those dependencies. Signed-off-by: Josef Bacik --- fs/btrfs/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/btrfs/Kconfig b/fs/btrfs/Kconfig index 4fb925e8c981..5ff716beb997 100644 --- a/fs/btrfs/Kconfig +++ b/fs/btrfs/Kconfig @@ -18,6 +18,9 @@ config BTRFS_FS select FS_IOMAP select RAID6_PQ select XOR_BLOCKS + select FS_ENCRYPTION_ALGS if FS_ENCRYPTION + select FS_ENCRYPTION_INLINE_CRYPT if FS_ENCRYPTION + select BLK_INLINE_ENCRYPTION_FALLBACK if FS_ENCRYPTION depends on PAGE_SIZE_LESS_THAN_256KB help From patchwork Wed Jan 24 17:18:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529467 Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6B598614E for ; Wed, 24 Jan 2024 17:19:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116784; cv=none; b=F/7GSG6jnis1pj8V8z52YVT2+3rw1Jyf3sNBLtFoWyRVOFiTU+zvtEupLQf9WfF85p/aIPFQ1/71+UygOIPLCXUXv9yNYGLgZ2sowjNaSf6PMb8D/Bk9NBGMHjqVVgBc9EsbFV0/6nuEqnQ28rYdmFgoFV/3snPUbZDvgCUR2to= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116784; c=relaxed/simple; bh=zBS4tj7p6wdi2S2c9rzrJwH3Pnq2y1YRCgBE8bZkkOY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cTGHMfdoL+0dAysyVVf9UXRLFMBvl5W1mYqW8t3YXZjRUmD4VvNquHY0/aNrSP2Q2TxwiQONHZ4alMe8k5NqP8WaJnWvkYpvh+4dQdZAmotvWcOYe6GetyEFh7DaD3M3DmyahlB3gqGSlTsjScjU9vT0mRwxMofVuMgyIDQxMGs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=sPvIB5bA; arc=none smtp.client-ip=209.85.128.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="sPvIB5bA" Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-600094c5703so31879267b3.3 for ; Wed, 24 Jan 2024 09:19:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116782; x=1706721582; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5RsNjk6X+NawRnX4gaFC9qEi6vvGwYRfRvQ1fbFNQbQ=; b=sPvIB5bAIaP26/Kcf6iR9fffeRkyJmjtFwocgKjoFoc4holea6ZaRhiTd4dsnpPeDj colDLs/xg+vURHhDHEH9V00XqKyIL33evxrHVkIYx4539L6AnakKjSMTJybwK+uV3hmJ XYbXxzV64EqgETgnOm2xtabTTRu1cQMphs7Alu3jrVmHgXEcLsDNtVa0o18aNJWR7X+1 VXV4ItR5PK+qYDjzEvAl5gdfhFqBe/Luj14aIy98hb8AJuR8r7JmGgTcd+qtzZAMZgQG XQc9uoNXKxtmzUIv92CSHO+ABw1S2ktnYvVTOpWlCoUMUqxjoJuwaaTprMavP0UnwRvQ K96w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116782; x=1706721582; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5RsNjk6X+NawRnX4gaFC9qEi6vvGwYRfRvQ1fbFNQbQ=; b=PuJl0Rpo6ytiJpfKYpPm7fCnExI8tCVJCWwKZV+yt7oae+XXKP+9fCxKIPhSQDIhmp 4Rucm1eAf32Ux1oM7q8EjZZH+cxLfLvAtrG0YhnJEvS8T1I2xNmxChNWT5fox1QMw9cp rjKG4LbtT3dN9yW3FqMfgSCcbe+eYvMaGM8tc1V4rG7IOQK2Cp5DxXBgFarmSIsgEUus DmMaByfVER8uHqBeh0Vz2D+jIJAvcg9bxAyfEJ+8qx6yuYODYTdoFxXCI9q/X3om1CR6 W2JIe4z/7xAkmntpaFp0we+WgpPd6GpAHmdBXeAaRGaoRoHvB5wqvmoSbGfsZ+HAej5Q hlTg== X-Gm-Message-State: AOJu0YwsNfzsILYfRxecPdkMGdvrSjX9D2a6Jbcg3MaeVNT1sEXE9D0c 7aOVKvOH1fxk1OkWQe2VXeJR4MjIsgqRUfEHOq8w+/3Umtcap2cHVnG1Rw/sh7uyLXnqKCPY6nS L X-Google-Smtp-Source: AGHT+IE/AlZ3SPRnMrjGAmpNTbkbQy4qzD5lIG3ZFfzV247v051CN4gHVFV7OWSh9/skCP14OXRU/Q== X-Received: by 2002:a0d:d504:0:b0:5ef:463c:8eea with SMTP id x4-20020a0dd504000000b005ef463c8eeamr997894ywd.20.1706116781603; Wed, 24 Jan 2024 09:19:41 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id ci26-20020a05690c0a9a00b005ff6419ec70sm60316ywb.109.2024.01.24.09.19.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:41 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 20/52] btrfs: add get_devices hook for fscrypt Date: Wed, 24 Jan 2024 12:18:42 -0500 Message-ID: <47ff044fae65cb2b06a6bb6ffc91027511c4d1f4.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy Since extent encryption requires inline encryption, even though we expect to use the inlinecrypt software fallback most of the time, we need to enumerate all the devices in use by btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/fscrypt.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index c38e12eee279..7129a6ce0780 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -12,7 +12,9 @@ #include "ioctl.h" #include "messages.h" #include "root-tree.h" +#include "super.h" #include "transaction.h" +#include "volumes.h" #include "xattr.h" /* @@ -179,8 +181,43 @@ static bool btrfs_fscrypt_empty_dir(struct inode *inode) return inode->i_size == BTRFS_EMPTY_DIR_SIZE; } +static struct block_device **btrfs_fscrypt_get_devices(struct super_block *sb, + unsigned int *num_devs) +{ + struct btrfs_fs_info *fs_info = btrfs_sb(sb); + struct btrfs_fs_devices *fs_devices = fs_info->fs_devices; + int nr_devices = fs_devices->open_devices; + struct block_device **devs; + struct btrfs_device *device; + int i = 0; + + devs = kmalloc_array(nr_devices, sizeof(*devs), GFP_NOFS | GFP_NOWAIT); + if (!devs) + return ERR_PTR(-ENOMEM); + + rcu_read_lock(); + list_for_each_entry_rcu(device, &fs_devices->devices, dev_list) { + if (!test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, + &device->dev_state) || + !device->bdev || + test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state)) + continue; + + devs[i++] = device->bdev; + + if (i >= nr_devices) + break; + + } + rcu_read_unlock(); + + *num_devs = i; + return devs; +} + const struct fscrypt_operations btrfs_fscrypt_ops = { .get_context = btrfs_fscrypt_get_context, .set_context = btrfs_fscrypt_set_context, .empty_dir = btrfs_fscrypt_empty_dir, + .get_devices = btrfs_fscrypt_get_devices, }; From patchwork Wed Jan 24 17:18:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529468 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4C2D86154 for ; Wed, 24 Jan 2024 17:19:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116785; cv=none; b=hhL+30Q7q/f56jWM+PqmtU7xDQfqemc/gkZd58XXZFLYTtHNK9124t21qIFQknAlOKw527xqSuTaKKtVafPKEmizhbsIBZigmo2boCv8yWs5S42y1BgXqKCKJVXtnJtjbj1HnSgVJH4rPbBxTrtIkzz/opKleshVFUO2nV4uT98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116785; c=relaxed/simple; bh=OYNFjlSFttfo/bsa8p5w+OIMAuv/NeiC0lBXuZyDXpk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZLzz9oSgL0qmVKwKUyndGuxfUhiG2BhdcSVIDeXo+HsUiXSvmYu14WuipbFBPBV5OZpgakm7qT+l7UK2J7KpYz6MCtuDKHe5AInij5eMsbMuQ0DiQIdJASeJSqsozSTixz/d8ZtoUOljgqqgcZKc9KKPgD05cw7KWES/syj9NEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=IcKD4s8I; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="IcKD4s8I" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-602ab446cd8so1871017b3.1 for ; Wed, 24 Jan 2024 09:19:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116782; x=1706721582; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kIWva0MuCS/RGv+Jd7LtFZ9O1HpJPZuUrn9Ep/eHzeA=; b=IcKD4s8IaxxaT4DHjrN7iufPr/LPQ0+jyyk+mEtqovP4oKU2/hXnSsn04LiL8WK3fO ovkXBHVkYDi86wqZILO8MNlVpf4c3GfjQK79wEcZ3oZiiRWwwLdwzmUqoAOSkO7MTJvL WqVCj6QfgO/pEUGsHsBiE+00wNZfg5SiZGf6rQsrY9aGE+bxXxjFWo8Mia5HuttWrocL yyRPu6Kg1wUvJXUvTknjofeBHCCiWyZh1BSl8grgNhRFmaoLLL9cSqkgM4LyvOYJcuop 5AN8y8qMLD3Qo/dTsLF8VgxPks6DSOwmi3DnoWlG55QXs2bkOWKVbGrHM51o5ZpXi6Hu OZ7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116782; x=1706721582; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kIWva0MuCS/RGv+Jd7LtFZ9O1HpJPZuUrn9Ep/eHzeA=; b=QmI9IliHpJEi6xVfHVhDsxKbQipQm2fUn3CoR0T/knZJkp/eXzv2WfiOdA6jHIFN1h qJrU5iO6kkY2Snoufm8QpBROIVqBKI/Oqc2UDrc/8gh7sfeG/YE5EOXLgAmDO7KirgLh YgNS5YvwgPSCJ7+nUwZOCgwZfVdVQSHRspGyTIz51PPiqzGreeAXTS9hxm8dI3lIJ4wA lJh/8ktCH3kCQGZegx7XemA68Z0oCDzoN/4eIhVPSjvr67Utv7g91w+ilOEFdOwA573j oHMS7VNH6k8nn0iouIP7j0h2QgQ0nhCXU+k8D+173n79qtdDAH4wSjbxSixBwN3vGJg6 hzMA== X-Gm-Message-State: AOJu0YyCodihmwssgesRLEqKbhzcJYw9MUaTCEIHDpBTwA+W7baxI3eW 1S8FMjf8+lCJbh2NkGyNDnkAqvVruwm5NlaTUV1cbDnvpKswolGaAUVTril54p7Y9LMdaRGEKMn / X-Google-Smtp-Source: AGHT+IF/GAxUs6y7Dgvrp5+bClxQsYrfWizBClt1+cbWe3rXMxSP+OzeUl0IJQ82InnwsyEp/1uLJQ== X-Received: by 2002:a0d:d60a:0:b0:5ff:63ae:4f56 with SMTP id y10-20020a0dd60a000000b005ff63ae4f56mr1103776ywd.17.1706116782501; Wed, 24 Jan 2024 09:19:42 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id fq8-20020a05690c350800b005a7d46770f2sm61495ywb.83.2024.01.24.09.19.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:42 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 21/52] btrfs: set file extent encryption excplicitly Date: Wed, 24 Jan 2024 12:18:43 -0500 Message-ID: <1bf1cb768bc8bc54b3855e271412077c60f23c50.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy This puts the long-preserved 1-byte encryption field to work, storing whether the extent is encrypted. Update the tree-checker to allow for the encryption bit to be set to our valid types. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/accessors.h | 2 ++ fs/btrfs/inode.c | 8 ++++++-- fs/btrfs/tree-checker.c | 8 +++++--- fs/btrfs/tree-log.c | 2 ++ include/uapi/linux/btrfs_tree.h | 8 +++++++- 5 files changed, 22 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/accessors.h b/fs/btrfs/accessors.h index ed7aa32972ad..cbc176d1dac1 100644 --- a/fs/btrfs/accessors.h +++ b/fs/btrfs/accessors.h @@ -949,6 +949,8 @@ BTRFS_SETGET_STACK_FUNCS(stack_file_extent_disk_num_bytes, struct btrfs_file_extent_item, disk_num_bytes, 64); BTRFS_SETGET_STACK_FUNCS(stack_file_extent_compression, struct btrfs_file_extent_item, compression, 8); +BTRFS_SETGET_STACK_FUNCS(stack_file_extent_encryption, + struct btrfs_file_extent_item, encryption, 8); BTRFS_SETGET_FUNCS(file_extent_type, struct btrfs_file_extent_item, type, 8); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 5db3a92688fb..ec48c24fe630 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -3001,7 +3001,9 @@ static int insert_ordered_extent_file_extent(struct btrfs_trans_handle *trans, btrfs_set_stack_file_extent_num_bytes(&stack_fi, num_bytes); btrfs_set_stack_file_extent_ram_bytes(&stack_fi, ram_bytes); btrfs_set_stack_file_extent_compression(&stack_fi, oe->compress_type); - /* Encryption and other encoding is reserved and all 0 */ + btrfs_set_stack_file_extent_encryption(&stack_fi, + BTRFS_ENCRYPTION_NONE); + /* Other encoding is reserved and always 0 */ /* * For delalloc, when completing an ordered extent we update the inode's @@ -9689,7 +9691,9 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( btrfs_set_stack_file_extent_num_bytes(&stack_fi, len); btrfs_set_stack_file_extent_ram_bytes(&stack_fi, len); btrfs_set_stack_file_extent_compression(&stack_fi, BTRFS_COMPRESS_NONE); - /* Encryption and other encoding is reserved and all 0 */ + btrfs_set_stack_file_extent_encryption(&stack_fi, + BTRFS_ENCRYPTION_NONE); + /* Other encoding is reserved and always 0 */ ret = btrfs_qgroup_release_data(inode, file_offset, len, &qgroup_released); if (ret < 0) diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 6eccf8496486..1141b5d92ac9 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -211,6 +211,7 @@ static int check_extent_data_item(struct extent_buffer *leaf, u32 sectorsize = fs_info->sectorsize; u32 item_size = btrfs_item_size(leaf, slot); u64 extent_end; + u8 policy; if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) { file_extent_err(leaf, slot, @@ -262,10 +263,11 @@ static int check_extent_data_item(struct extent_buffer *leaf, BTRFS_NR_COMPRESS_TYPES - 1); return -EUCLEAN; } - if (unlikely(btrfs_file_extent_encryption(leaf, fi))) { + policy = btrfs_file_extent_encryption(leaf, fi); + if (unlikely(policy >= BTRFS_NR_ENCRYPTION_TYPES)) { file_extent_err(leaf, slot, - "invalid encryption for file extent, have %u expect 0", - btrfs_file_extent_encryption(leaf, fi)); + "invalid encryption for file extent, have %u expect range [0, %u]", + policy, BTRFS_NR_ENCRYPTION_TYPES - 1); return -EUCLEAN; } if (btrfs_file_extent_type(leaf, fi) == BTRFS_FILE_EXTENT_INLINE) { diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index c1ceaed65622..51059e5a282c 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4627,6 +4627,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, u64 extent_offset = em->start - em->orig_start; u64 block_len; int ret; + u8 encryption = BTRFS_ENCRYPTION_NONE; btrfs_set_stack_file_extent_generation(&fi, trans->transid); if (em->flags & EXTENT_FLAG_PREALLOC) @@ -4649,6 +4650,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, btrfs_set_stack_file_extent_num_bytes(&fi, em->len); btrfs_set_stack_file_extent_ram_bytes(&fi, em->ram_bytes); btrfs_set_stack_file_extent_compression(&fi, compress_type); + btrfs_set_stack_file_extent_encryption(&fi, encryption); ret = log_extent_csums(trans, inode, log, em, ctx); if (ret) diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index f3fcca1c9449..effa93df6b90 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -1101,8 +1101,14 @@ struct btrfs_file_extent_item { * but not for stat. */ __u8 compression; + + /* + * Type of encryption in use. Unencrypted value is 0. + */ __u8 encryption; - __le16 other_encoding; /* spare for later use */ + + /* spare for later use */ + __le16 other_encoding; /* are we inline data or a real extent? */ __u8 type; From patchwork Wed Jan 24 17:18:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529469 Received: from mail-yb1-f172.google.com (mail-yb1-f172.google.com [209.85.219.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8A868615A for ; Wed, 24 Jan 2024 17:19:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116786; cv=none; b=RLXiyB+G+fasmCmZnQYYHx1SIwYH/uLGOIFcdKGtEicbTut8rCR7NEwjvCurUPbFwq4b2xnIfVaOjGO9VqS2tIdTl1Ei70AiHYO9/Q1/2iJo/ZxIr97EKJD4xa1zXMnfdEdsu1/NvAlU9VCf+Vwrqrkzj8litEEl7x74oqduCa4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116786; c=relaxed/simple; bh=hrNQu4mnakMIZuyKKqOI+iknSbEDrWsWvhcbEqkzJ9Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XJTQb0oNHwWyo5B81IXieMFNlpsQ5WgzXjbQdRYKvmRAy8ThXhrJpWAWmxGHLNidpcRGVFJLU7t36uN9ppiAx/kXkxfbDn6Vmo6dXDfDaM6IvLh+xB+DY/QQWhmuAKujzr51kxrTAAG62y5RLRc6hlRlzdKbILCq4NPXD59qF5g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=Hi5B9abE; arc=none smtp.client-ip=209.85.219.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="Hi5B9abE" Received: by mail-yb1-f172.google.com with SMTP id 3f1490d57ef6-dc25e12cc63so4734703276.0 for ; Wed, 24 Jan 2024 09:19:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116783; x=1706721583; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mV4LEpfg6hJ6jYS3VyS9aEhz/ooSLEpFPflsXCnrmzo=; b=Hi5B9abEyh0kisuifXnapgoQm0xM5i065ZqzaiIOWX0BEtTDcu00Dk64ajLSLkHSyB jUiKYvRkQ9cMkCEEaFroH1olCAmahW2TDMiAzSj8BOwfxeCtuPNA73TbvztWXJJuwONP +jbYV/9oM2ScZ2Ktx51Dbqxxhu9rfq/nf+4LWoLAkFaFHHHs2Ofj3i3dvQjmNak1gCDt ihvo8k1UhieM5mtiQjAe86cQ3gW0tZrrxxUH5V36aUXl+BK2lDq0zHAUhcnWa4isa4xC b9uNSUUHddxWmDdk63qKB19OjCqnWgkBne6PqJxYK7R3VDPrRIzQ1Q+8eVKBRzbNCecu KVLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116783; x=1706721583; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mV4LEpfg6hJ6jYS3VyS9aEhz/ooSLEpFPflsXCnrmzo=; b=tYyTjSd8sYGST4zZif8eNZwSqOsu05pLnhpXXv+JdPmbkPgcfTVTfVISJBtG24pRNW KoYgdfc4jjCE+WQfdPQdhWEjDO++DwciVPP/PFyqYMcWQFycdyImgcCtlguxERnfKeZF 4aXyhV+bUN6mHDyMqTK8ps5qXTvnofbw/Ylf3LAgo2U4bqEPmM9YwYnsD+TGLc0EsOsE 8Ger1zN/I5DReqfSh0c6xZQ7umwvH224Un6ntAdHcUp99q5t3Sb86PTyxyK3hafPbBKd iI73t4evnVrIQvK8F5+0gNWnFcmche4L9woaFAWgkSjJkA27zYK/TT7nEynETwLV58ZY yXVQ== X-Gm-Message-State: AOJu0YzsAGEvcSP5S15XQbsV7ikAcfvzIZ219hWEBzVAuwxrh4vy3Y0z SqldBn4gjbnRe1kp81wlyeXanoENp+yeIsijHQAo0ULlPI6ETH1FAGk9Ti+6e/X8DRrCBJK12dB 2 X-Google-Smtp-Source: AGHT+IFvhgg+W/x6OYccd+wsg14m2jyzVFfh0OYrtj70qGE+0iYMNgA/LzYeaEgpFy/7gr1rhuUYDg== X-Received: by 2002:a5b:ac7:0:b0:dc2:4e85:6d68 with SMTP id a7-20020a5b0ac7000000b00dc24e856d68mr755157ybr.12.1706116783512; Wed, 24 Jan 2024 09:19:43 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id g193-20020a25dbca000000b00dc25528fe9fsm2944218ybf.9.2024.01.24.09.19.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:43 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 22/52] btrfs: add fscrypt_info and encryption_type to extent_map Date: Wed, 24 Jan 2024 12:18:44 -0500 Message-ID: <9818cd4134d048d2d641b9b8ae10be6c6af51956.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy Each extent_map will end up with a pointer to its associated fscrypt_info if any, which should have the same lifetime as the extent_map. We are also going to need to track the encryption_type for the file extent items. Add the fscrypt_info to the extent_map, and the subsequent code for transferring it in the split and merge cases, as well as the code necessary to free them. A future patch will add the code to load them as appropriate. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/extent_map.c | 34 +++++++++++++++++++++++++++++++--- fs/btrfs/extent_map.h | 16 ++++++++++++++++ fs/btrfs/file-item.c | 1 + fs/btrfs/inode.c | 1 + 4 files changed, 49 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index f8705103819c..b351184700c1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -60,6 +60,7 @@ struct extent_map *alloc_extent_map(void) static void __free_extent_map(struct extent_map *em) { + fscrypt_put_extent_info(em->fscrypt_info); kmem_cache_free(extent_map_cache, em); } @@ -100,12 +101,24 @@ void free_extent_map_safe(struct extent_map_tree *tree, if (!em) return; - if (refcount_dec_and_test(&em->refs)) { - WARN_ON(extent_map_in_tree(em)); - WARN_ON(!list_empty(&em->list)); + if (!refcount_dec_and_test(&em->refs)) + return; + + WARN_ON(extent_map_in_tree(em)); + WARN_ON(!list_empty(&em->list)); + + /* + * We could take a lock freeing the fscrypt_info, so add this to the + * list of freed_extents to be freed later. + */ + if (em->fscrypt_info) { list_add_tail(&em->free_list, &tree->freed_extents); set_bit(EXTENT_MAP_TREE_PENDING_FREES, &tree->flags); + return; } + + /* Nothing scary here, just free the object. */ + __free_extent_map(em); } /* @@ -273,6 +286,10 @@ static bool can_merge_extent_map(const struct extent_map *em) if (!list_empty(&em->list)) return false; + /* We can't merge encrypted extents. */ + if (em->fscrypt_info) + return false; + return true; } @@ -288,6 +305,10 @@ static bool mergeable_maps(const struct extent_map *prev, const struct extent_ma if (next->block_start < EXTENT_MAP_LAST_BYTE - 1) return next->block_start == extent_map_block_end(prev); + /* Don't merge adjacent encrypted maps. */ + if (prev->fscrypt_info || next->fscrypt_info) + return false; + /* HOLES and INLINE extents. */ return next->block_start == prev->block_start; } @@ -852,6 +873,8 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->generation = gen; split->flags = flags; + split->fscrypt_info = + fscrypt_get_extent_info(em->fscrypt_info); replace_extent_mapping(em_tree, em, split, modified); free_extent_map(split); split = split2; @@ -892,6 +915,8 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->orig_block_len = 0; } + split->fscrypt_info = + fscrypt_get_extent_info(em->fscrypt_info); if (extent_map_in_tree(em)) { replace_extent_mapping(em_tree, em, split, modified); @@ -1053,6 +1078,7 @@ int split_extent_map(struct btrfs_inode *inode, u64 start, u64 len, u64 pre, split_pre->ram_bytes = split_pre->len; split_pre->flags = flags; split_pre->generation = em->generation; + split_pre->fscrypt_info = fscrypt_get_extent_info(em->fscrypt_info); replace_extent_mapping(em_tree, em, split_pre, 1); @@ -1071,6 +1097,8 @@ int split_extent_map(struct btrfs_inode *inode, u64 start, u64 len, u64 pre, split_mid->ram_bytes = split_mid->len; split_mid->flags = flags; split_mid->generation = em->generation; + split_mid->fscrypt_info = fscrypt_get_extent_info(em->fscrypt_info); + add_extent_mapping(em_tree, split_mid, 1); /* Once for us */ diff --git a/fs/btrfs/extent_map.h b/fs/btrfs/extent_map.h index d31f2a03670e..7d9d1f715d27 100644 --- a/fs/btrfs/extent_map.h +++ b/fs/btrfs/extent_map.h @@ -18,6 +18,7 @@ enum { ENUM_BIT(EXTENT_FLAG_COMPRESS_ZLIB), ENUM_BIT(EXTENT_FLAG_COMPRESS_LZO), ENUM_BIT(EXTENT_FLAG_COMPRESS_ZSTD), + ENUM_BIT(EXTENT_FLAG_ENCRYPT_FSCRYPT), /* pre-allocated extent */ ENUM_BIT(EXTENT_FLAG_PREALLOC), /* Logging this extent */ @@ -54,6 +55,7 @@ struct extent_map { u64 generation; u32 flags; refcount_t refs; + struct fscrypt_extent_info *fscrypt_info; struct list_head list; struct list_head free_list; }; @@ -72,6 +74,20 @@ struct extent_map_tree { struct btrfs_inode; +static inline void extent_map_set_encryption(struct extent_map *em, + enum btrfs_encryption_type type) +{ + if (type == BTRFS_ENCRYPTION_FSCRYPT) + em->flags |= EXTENT_FLAG_ENCRYPT_FSCRYPT; +} + +static inline enum btrfs_encryption_type extent_map_encryption(const struct extent_map *em) +{ + if (em->flags & EXTENT_FLAG_ENCRYPT_FSCRYPT) + return BTRFS_ENCRYPTION_FSCRYPT; + return BTRFS_ENCRYPTION_NONE; +} + static inline void extent_map_set_compression(struct extent_map *em, enum btrfs_compression_type type) { diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index 81ac1d474bf1..8bb6be8f2445 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -1304,6 +1304,7 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, if (type == BTRFS_FILE_EXTENT_PREALLOC) em->flags |= EXTENT_FLAG_PREALLOC; } + extent_map_set_encryption(em, btrfs_file_extent_encryption(leaf, fi)); } else if (type == BTRFS_FILE_EXTENT_INLINE) { em->block_start = EXTENT_MAP_INLINE; em->start = extent_start; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index ec48c24fe630..ac6365d378cc 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7373,6 +7373,7 @@ static struct extent_map *create_io_em(struct btrfs_inode *inode, u64 start, em->flags |= EXTENT_FLAG_FILLING; else if (type == BTRFS_ORDERED_COMPRESSED) extent_map_set_compression(em, compress_type); + extent_map_set_encryption(em, BTRFS_ENCRYPTION_NONE); ret = btrfs_replace_extent_map_range(inode, em, true); if (ret) { From patchwork Wed Jan 24 17:18:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529470 Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A043186AC4 for ; Wed, 24 Jan 2024 17:19:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116786; cv=none; b=Q3dl4sFCm6h9OBQOQN+WqX3RHM3JEpcxdD10FuL8EaE4izRLOiCTKQONsfNEeUVzReXYslYQdWXozKEjd0WFBPbV2JhX9X0giClSDkv9h6yWyuqfLvpIPLjf1FkbE2g0opPvPJTNn7QiT/B2wez2jrOC/MaX+p8frt19az4vb0o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116786; c=relaxed/simple; bh=3bqo6uIlM7VzNondcvUjpG0wyPXYmqH4gSZ8I4GtssU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eispGRD1Ca0aqB4hxGNBJjTQ2P4S8SVEpH+VUwZcE39PuXiiP9UePbj1OE24WpqD9KDm0HEVUUz8Vmg0sNVyPU/s6tJdHeAZaFy9peLcuQ1YhaO9lwdO3f0sYwbPLwmda3CKZMSD5KRmxgu5v+UgwLLBUXRTAsQ9gmjmpzBnZAE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=fEbgKZFt; arc=none smtp.client-ip=209.85.128.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="fEbgKZFt" Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-6002317a427so26659187b3.2 for ; Wed, 24 Jan 2024 09:19:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116784; x=1706721584; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6bB2XJl2JZgzIeBCR7t+2npeajEWLjf4KpV2gm7yg5Q=; b=fEbgKZFtNljJ68D7XKnDxf6bp7okiAErNPSLX3xTGVjE+BLHQtqUbjtyHnFZeLkR2B 8Pj7g/+FLJwitsfZ+ghQr+5YPB1NYcLlQ5Oddpydf3JtWqy+3zhSBa3hUHLgxgWVrqUi PyWnN1151yLhq3fifPaR0sM+qlvD4LqkCD1cSO6C9WiwRgdBYKoFBi/L3wG/u9yqv51/ APmDd0mEgRynt0PTyH6kqqW+zxnY5u9doUbEuMal49TiSy94C6bk9N4LlUImvjuT7/Ml exHgLAV0LXVDhR3HLBthgSxKhQArrbvjYvDg+8u4QcmaiA2nN0EyKA/mttj6Gd4MwKzr BhNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116784; x=1706721584; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6bB2XJl2JZgzIeBCR7t+2npeajEWLjf4KpV2gm7yg5Q=; b=uSdu+Utcx47j4edGUCQImr8V4Qr7tt03H8v2zYl1ByEiMpb7gs5mUnAbQFSEQ4G523 0D/XZKXP5iOeMhLY/ugW3/cMjMvCyLgAFUIChzrGOskOyAB9G9drLgaKn3e+tVT795lY o7quu1+brhFAVNc4OYoqhLrMXHWIFG5gx1MUdAJMv1Zv6k9iRjdyIYoaYKpwzdEx1v9+ w3iUG22NLtGgXdFRqvWgSe0+inJxyLVqgTduKPP0sw41pXHEPhXH/afAkcujXW4pXWTS zRbJB5d4Q4YpbgEqH6Op5mSPW/11FOmXgepZw6JPccfCydoyYpD6CQsYJi8RyBGuFG06 t3jw== X-Gm-Message-State: AOJu0Yy2cLYwgI/CpQ9PnW4i8AlB4Xmx8KjmYJlQDuESyAP7nKbn4S9Q WTV9hSQbQ5ZTblwTRk64Xo3w3APzGHBOePF1hNFu80qJZCLl4waUavfl10x1WeuDGPNFTOqeEO2 v X-Google-Smtp-Source: AGHT+IHiKOYfXrYYmy/Q/YkzeQLKiu8yGe6gutwX9jELYtzTyuSZSirmNmBhrfKdmoWUN5fqCU4nhQ== X-Received: by 2002:a0d:edc3:0:b0:5ff:48fc:94f8 with SMTP id w186-20020a0dedc3000000b005ff48fc94f8mr1092209ywe.39.1706116784545; Wed, 24 Jan 2024 09:19:44 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id ey1-20020a05690c300100b005ffcb4765c9sm65027ywb.28.2024.01.24.09.19.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:44 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 23/52] btrfs: add fscrypt_info and encryption_type to ordered_extent Date: Wed, 24 Jan 2024 12:18:45 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We're going to need these to update the file extent items once the writes are complete. Add them and add the pieces necessary to assign them and free everything. Signed-off-by: Josef Bacik --- fs/btrfs/ordered-data.c | 2 ++ fs/btrfs/ordered-data.h | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index 59850dc17b22..a9879d35a3af 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -182,6 +182,7 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( entry->bytes_left = num_bytes; entry->inode = igrab(&inode->vfs_inode); entry->compress_type = compress_type; + entry->encryption_type = BTRFS_ENCRYPTION_NONE; entry->truncated_len = (u64)-1; entry->qgroup_rsv = qgroup_rsv; entry->flags = flags; @@ -566,6 +567,7 @@ void btrfs_put_ordered_extent(struct btrfs_ordered_extent *entry) list_del(&sum->list); kvfree(sum); } + fscrypt_put_extent_info(entry->fscrypt_info); kmem_cache_free(btrfs_ordered_extent_cache, entry); } } diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h index 127ef8bf0ffd..85ba9a381880 100644 --- a/fs/btrfs/ordered-data.h +++ b/fs/btrfs/ordered-data.h @@ -108,6 +108,9 @@ struct btrfs_ordered_extent { /* compression algorithm */ int compress_type; + /* encryption mode */ + int encryption_type; + /* Qgroup reserved space */ int qgroup_rsv; @@ -117,6 +120,9 @@ struct btrfs_ordered_extent { /* the inode we belong to */ struct inode *inode; + /* the fscrypt_info for this extent, if necessary */ + struct fscrypt_extent_info *fscrypt_info; + /* list of checksums for insertion when the extent io is done */ struct list_head list; From patchwork Wed Jan 24 17:18:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529471 Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0B3386ACE for ; Wed, 24 Jan 2024 17:19:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116788; cv=none; b=RxbiQDI3IVEmrvzz2+lkdAmVb6/5syIM0VhtTuPy8qiOatmLrWvy5oLAw4Q6JM74kpNwKidb59iwH1fhTZWh3v7NlnQ2GtHN8zdj7rYuPW3lRVrT0jdNn3xyEOjv+ynDEKlSrJVkECvXVH3ZXf/oPD+csSQtrhn2TjyIpA4rt9c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116788; c=relaxed/simple; bh=W/dcK8XrdiW15t5iza0nDoBFy7MkG87/wzlZh3tdovo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qFJJ0ooI60FFs3NPCazq6F+mJy9lfQwoWAK7mTIDdYtsCBQ/cQ1E57WC8G9M9iEYq92x+bInTrG6ByenrLPUWdh3xbqbMkUyHqJ4F0sQiPrkv6XmmTt5upiQy7v3BDUWt1tfNELmGtpV4ykWkWR9m2GjTin0QRZROJXZ++3H0m8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=E2PaqjKV; arc=none smtp.client-ip=209.85.128.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="E2PaqjKV" Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-5ebca94cf74so56423727b3.0 for ; Wed, 24 Jan 2024 09:19:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116785; x=1706721585; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3GXmJXhfjQ35H9z3pkF/FNc90hl98T9V9g1dLT/QRF4=; b=E2PaqjKVvx+DL6ZArJw3Q6kixKsQa4O4ztb8g9jORoYTlTFKjYIyjim8jHx/XiXrm9 7htzI3Ngu6tpKPyduxXilM/ph1qO+80jGMWLzy3PwJKdDRYhAzCkrh0fQHlTmmUJa+z3 ylPa8hADCZNuZAIW2iSmeijgfWnQkaFVicD+itYJHhJk117EqCJn2zom47A2Mz4KOkc5 p+OGQtzkRrklMel6CN+HVAoTKkEPLTBWq3ZBXKPrZ4LHbE6yjrheilq4BEOyqFVWexci 12ZPWCjJtipHyBTqgRsKkx7ykxpc8UZlSIUlTGuoCUh3xs7WrF3ZbCmxCBkonhs635NG viMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116785; x=1706721585; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3GXmJXhfjQ35H9z3pkF/FNc90hl98T9V9g1dLT/QRF4=; b=sgG4dlzKBpA8Z5ltG4MHx2KwPcfPlgllqUQuemjVr9r0j6hLQo52E8vr/jtV7o4hyv F1XUkN4BLEGtakKCfTbfYUhkpr+q8VCt+VHAWHzyFZ6ZgVfXJ1MRoRu3qxlzRJY6L3PK HVkVpNuawIoSunx/iqk+k+2yXNLesL6o9Y/8vLR8z5UexfgoRNBWrXz5/lvMhjUizzm/ sjN0yYI/xXINwp/nbyr3WLyTw8Ue3RSiJbqkJtBf0Bm7iYd7nhpAwbFpADXD7ZLR/UFa xeAN/p7oe9mhnOS97XOxMWLL/wnmHomuuRz7hLEkpDRwV3gmUdmGpT9z6qRwm2u4Bf0E FEtg== X-Gm-Message-State: AOJu0Ywx2Y+ra8p15xtWb0C25Ziztf72L5mnmXIOtcNtFtF4RIhR2SaN 8K2fgZ8vnvkQfj/1/ITQevtxuWyFyWQDw2gpAa8ZePDOp4OCUr8iqoqa+ttpVct8DArDdCPgBMB H X-Google-Smtp-Source: AGHT+IFhDAvZZ3fkRLS+Rt7xDmSuec3GJAXSC+ZpTRqhUQihVfI0SMwax+Ew6MSnQj/D1o5xsEQvAQ== X-Received: by 2002:a81:a1c1:0:b0:5ff:6487:1b7f with SMTP id y184-20020a81a1c1000000b005ff64871b7fmr925911ywg.99.1706116785592; Wed, 24 Jan 2024 09:19:45 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id l123-20020a0de281000000b005ffbb3031a3sm65904ywe.74.2024.01.24.09.19.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:45 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 24/52] btrfs: plumb through setting the fscrypt_info for ordered extents Date: Wed, 24 Jan 2024 12:18:46 -0500 Message-ID: <80c5dabfe190b84e31a95160021da64ebcf7ecf7.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We're going to be getting fscrypt_info from the extent maps, update the helpers to take an fscrypt_info argument and use that to set the encryption type on the ordered extent. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 20 +++++++++++--------- fs/btrfs/ordered-data.c | 32 ++++++++++++++++++++------------ fs/btrfs/ordered-data.h | 9 +++++---- 3 files changed, 36 insertions(+), 25 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index ac6365d378cc..3b14ba55e293 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1171,7 +1171,8 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, } free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, start, /* file_offset */ + ordered = btrfs_alloc_ordered_extent(inode, NULL, + start, /* file_offset */ async_extent->ram_size, /* num_bytes */ async_extent->ram_size, /* ram_bytes */ ins.objectid, /* disk_bytenr */ @@ -1434,9 +1435,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode, } free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, start, ram_size, - ram_size, ins.objectid, cur_alloc_size, - 0, 1 << BTRFS_ORDERED_REGULAR, + ordered = btrfs_alloc_ordered_extent(inode, NULL, + start, ram_size, ram_size, ins.objectid, + cur_alloc_size, 0, + 1 << BTRFS_ORDERED_REGULAR, BTRFS_COMPRESS_NONE); if (IS_ERR(ordered)) { ret = PTR_ERR(ordered); @@ -2167,7 +2169,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, free_extent_map(em); } - ordered = btrfs_alloc_ordered_extent(inode, cur_offset, + ordered = btrfs_alloc_ordered_extent(inode, NULL, cur_offset, nocow_args.num_bytes, nocow_args.num_bytes, nocow_args.disk_bytenr, nocow_args.num_bytes, 0, is_prealloc @@ -7060,7 +7062,7 @@ static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, if (IS_ERR(em)) goto out; } - ordered = btrfs_alloc_ordered_extent(inode, start, len, len, + ordered = btrfs_alloc_ordered_extent(inode, NULL, start, len, len, block_start, block_len, 0, (1 << type) | (1 << BTRFS_ORDERED_DIRECT), @@ -10563,9 +10565,9 @@ ssize_t btrfs_do_encoded_write(struct kiocb *iocb, struct iov_iter *from, } free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, start, num_bytes, ram_bytes, - ins.objectid, ins.offset, - encoded->unencoded_offset, + ordered = btrfs_alloc_ordered_extent(inode, NULL, start, + num_bytes, ram_bytes, ins.objectid, + ins.offset, encoded->unencoded_offset, (1 << BTRFS_ORDERED_ENCODED) | (1 << BTRFS_ORDERED_COMPRESSED), compression); diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index a9879d35a3af..1cd04c57b7a2 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -146,9 +146,11 @@ static inline struct rb_node *ordered_tree_search(struct btrfs_inode *inode, } static struct btrfs_ordered_extent *alloc_ordered_extent( - struct btrfs_inode *inode, u64 file_offset, u64 num_bytes, - u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, - u64 offset, unsigned long flags, int compress_type) + struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 file_offset, u64 num_bytes, u64 ram_bytes, + u64 disk_bytenr, u64 disk_num_bytes, u64 offset, + unsigned long flags, int compress_type) { struct btrfs_ordered_extent *entry; int ret; @@ -182,10 +184,12 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( entry->bytes_left = num_bytes; entry->inode = igrab(&inode->vfs_inode); entry->compress_type = compress_type; - entry->encryption_type = BTRFS_ENCRYPTION_NONE; entry->truncated_len = (u64)-1; entry->qgroup_rsv = qgroup_rsv; entry->flags = flags; + entry->fscrypt_info = fscrypt_get_extent_info(fscrypt_info); + entry->encryption_type = entry->fscrypt_info ? + BTRFS_ENCRYPTION_FSCRYPT : BTRFS_ENCRYPTION_NONE; refcount_set(&entry->refs, 1); init_waitqueue_head(&entry->wait); INIT_LIST_HEAD(&entry->list); @@ -248,6 +252,7 @@ static void insert_ordered_extent(struct btrfs_ordered_extent *entry) * Add an ordered extent to the per-inode tree. * * @inode: Inode that this extent is for. + * @fscrypt_info: The fscrypt_extent_info for this extent, if necessary. * @file_offset: Logical offset in file where the extent starts. * @num_bytes: Logical length of extent in file. * @ram_bytes: Full length of unencoded data. @@ -264,17 +269,19 @@ static void insert_ordered_extent(struct btrfs_ordered_extent *entry) * Return: the new ordered extent or error pointer. */ struct btrfs_ordered_extent *btrfs_alloc_ordered_extent( - struct btrfs_inode *inode, u64 file_offset, - u64 num_bytes, u64 ram_bytes, u64 disk_bytenr, - u64 disk_num_bytes, u64 offset, unsigned long flags, - int compress_type) + struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 file_offset, u64 num_bytes, u64 ram_bytes, + u64 disk_bytenr, u64 disk_num_bytes, u64 offset, + unsigned long flags, int compress_type) { struct btrfs_ordered_extent *entry; ASSERT((flags & ~BTRFS_ORDERED_TYPE_FLAGS) == 0); - entry = alloc_ordered_extent(inode, file_offset, num_bytes, ram_bytes, - disk_bytenr, disk_num_bytes, offset, flags, + entry = alloc_ordered_extent(inode, fscrypt_info, file_offset, + num_bytes, ram_bytes, disk_bytenr, + disk_num_bytes, offset, flags, compress_type); if (!IS_ERR(entry)) insert_ordered_extent(entry); @@ -1170,8 +1177,9 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( if (WARN_ON_ONCE(ordered->disk_num_bytes != ordered->num_bytes)) return ERR_PTR(-EINVAL); - new = alloc_ordered_extent(inode, file_offset, len, len, disk_bytenr, - len, 0, flags, ordered->compress_type); + new = alloc_ordered_extent(inode, ordered->fscrypt_info, file_offset, + len, len, disk_bytenr, len, 0, flags, + ordered->compress_type); if (IS_ERR(new)) return new; diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h index 85ba9a381880..57ca8ce6eb6d 100644 --- a/fs/btrfs/ordered-data.h +++ b/fs/btrfs/ordered-data.h @@ -163,10 +163,11 @@ bool btrfs_dec_test_ordered_pending(struct btrfs_inode *inode, struct btrfs_ordered_extent **cached, u64 file_offset, u64 io_size); struct btrfs_ordered_extent *btrfs_alloc_ordered_extent( - struct btrfs_inode *inode, u64 file_offset, - u64 num_bytes, u64 ram_bytes, u64 disk_bytenr, - u64 disk_num_bytes, u64 offset, unsigned long flags, - int compress_type); + struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 file_offset, u64 num_bytes, u64 ram_bytes, + u64 disk_bytenr, u64 disk_num_bytes, u64 offset, + unsigned long flags, int compress_type); void btrfs_add_ordered_sum(struct btrfs_ordered_extent *entry, struct btrfs_ordered_sum *sum); struct btrfs_ordered_extent *btrfs_lookup_ordered_extent(struct btrfs_inode *inode, From patchwork Wed Jan 24 17:18:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529472 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B69E186AD9 for ; Wed, 24 Jan 2024 17:19:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116789; cv=none; b=EZKlgsJCeU7SQ3ZwswzriBQhYY1zy+6lv6vk5AVULvVzhvLpPr9X9FWE7qyfIusia4xk1FEkrSoioS1frH1LqiHJIyu5fjoNJPoSDzYVz6nY68dXfLLzdekc6qOf8qm0XejZ+xGYG9XPa3j7tW+s40BU0P1rnW1DszeNquwhLT4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116789; c=relaxed/simple; bh=xtRcK6dBJ30zEI5sHqGvI8ghQ9gBYXldNuOQz/LkXDM=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rkF6YbMEIUcgRHZAoiqcPWXAF5b2OaIgZ1uPvL+eNB9VJ7s05KOnzYSfhPMCwV8RplW8CLaxPv7Pk/HW7bKVBvrYSSkg8oKHmpFBAS9iGrp5SSHNNjWDTnsaxkDtuNZ9HtS5O2TvsVYFWG26gMsXo0rx0/dHagxO8ATvEqWV7TI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=yPgmDd/b; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="yPgmDd/b" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-5ffb07bdce2so44414537b3.2 for ; Wed, 24 Jan 2024 09:19:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116786; x=1706721586; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uI2sbf+skviJ+MRQkNvfInK+KNm9MopeERBHzdCxnSI=; b=yPgmDd/bfrRvgZGrJ8kW2HOTqPA5mzgT5jNqgDuqSIWGmdwTXg7GvsmKE/VmyjiSIe q2Pt/cSZonFu1TPiR09kyK7TEu4UzvFzVGSHr5aVqvAqwQAgNa5fowlBaoPGLbe1wigv 9i5Yincyb5V99WgDbkTQAU2+RI/HfP4dl58HZ+7JdiF8zkLbWaZiYOvB2nzmv+r5v9BR szy8tGZwmQB6OyjEQxu+wry3ckhXTHzWeSFNHv3U5wWskiw+56Eas/zwgCRjc4HIxKUD SloSLlTNiNoCS4cmO7DFmdSv3qq5hE/PiZoXofLOVMl0+7u4M6+xwVbzuopJCw9xU4/4 tsNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116786; x=1706721586; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uI2sbf+skviJ+MRQkNvfInK+KNm9MopeERBHzdCxnSI=; b=Z8oEY5WlDvjKlsUoCUH+fSligU5Jl25WoLgpDkIqKo2C1hzy7GzNGq0wcT4YiZP2n2 QH+f5hC8c9ii35xlN+A/M8C1Nov1Me1F7TGZQge+saV1GAF35mL5ek8BFXZLGyryvln5 XL6U4bg3hBVOoZK9wisTv4xI9rQBO3rsEaicqibl1dUy2NJb1cFvuYdmeB+eTJwAr6/Y 2X/756vXbqXOMRTf9xXHmQZPagNes3u5yoVkrSLgRpv9ot3lhOaC88nUxkGmzfvE/QtX RH2UjGAhyEnATYQGMJbBNvbLOBRBacb45mZx/4Aer6H6MGRi++c3JrevQClzTNvZeEIq hmjA== X-Gm-Message-State: AOJu0YypAgG0/KNOheIoCuXuJ1nnBJ+hKV0AOUYGqvOJc0Xoae4M7pN1 n+TZvClcGriSMCojqJolvXfD+WR3mAuvpMPzpBOuP/8UAkqj0rYNJvxS1HteZMN3UvcnybBy9Is K X-Google-Smtp-Source: AGHT+IGqP7GJB6Xn3aj39qX4y3gCE5abUb2pmY2ZRXn9htEziGpXTCXYH7owzhSm9zTu7/T0JRbv7w== X-Received: by 2002:a81:8314:0:b0:5ff:8dc8:2026 with SMTP id t20-20020a818314000000b005ff8dc82026mr1153924ywf.63.1706116786613; Wed, 24 Jan 2024 09:19:46 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id do1-20020a05690c23c100b005fc98de3763sm61505ywb.79.2024.01.24.09.19.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:46 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 25/52] btrfs: plumb the fscrypt extent context through create_io_em Date: Wed, 24 Jan 2024 12:18:47 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For prealloc extents we create an em, since we already have the context loaded from the original prealloc extent creation we need to pre-populate the extent map fscrypt info so it can be read properly later if the pages are evicted. Add the argument for create_io_em and set it to NULL until we're ready to populate it properly. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 3b14ba55e293..5d8cf2f83831 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -140,11 +140,12 @@ static noinline int run_delalloc_cow(struct btrfs_inode *inode, struct page *locked_page, u64 start, u64 end, struct writeback_control *wbc, bool pages_dirty); -static struct extent_map *create_io_em(struct btrfs_inode *inode, u64 start, - u64 len, u64 orig_start, u64 block_start, - u64 block_len, u64 orig_block_len, - u64 ram_bytes, int compress_type, - int type); +static struct extent_map *create_io_em(struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 start, u64 len, u64 orig_start, + u64 block_start, u64 block_len, + u64 orig_block_len, u64 ram_bytes, + int compress_type, int type); static int data_reloc_print_warning_inode(u64 inum, u64 offset, u64 num_bytes, u64 root, void *warn_ctx) @@ -1156,7 +1157,7 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, } /* Here we're doing allocation and writeback of the compressed pages */ - em = create_io_em(inode, start, + em = create_io_em(inode, NULL, start, async_extent->ram_size, /* len */ start, /* orig_start */ ins.objectid, /* block_start */ @@ -1421,7 +1422,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode, extent_reserved = true; ram_size = ins.offset; - em = create_io_em(inode, start, ins.offset, /* len */ + em = create_io_em(inode, NULL, start, ins.offset, /* len */ start, /* orig_start */ ins.objectid, /* block_start */ ins.offset, /* block_len */ @@ -2154,7 +2155,8 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, u64 orig_start = found_key.offset - nocow_args.extent_offset; struct extent_map *em; - em = create_io_em(inode, cur_offset, nocow_args.num_bytes, + em = create_io_em(inode, NULL, cur_offset, + nocow_args.num_bytes, orig_start, nocow_args.disk_bytenr, /* block_start */ nocow_args.num_bytes, /* block_len */ @@ -7055,8 +7057,9 @@ static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; if (type != BTRFS_ORDERED_NOCOW) { - em = create_io_em(inode, start, len, orig_start, block_start, - block_len, orig_block_len, ram_bytes, + em = create_io_em(inode, NULL, start, len, orig_start, + block_start, block_len, orig_block_len, + ram_bytes, BTRFS_COMPRESS_NONE, /* compress_type */ type); if (IS_ERR(em)) @@ -7344,11 +7347,12 @@ static int lock_extent_direct(struct inode *inode, u64 lockstart, u64 lockend, } /* The callers of this must take lock_extent() */ -static struct extent_map *create_io_em(struct btrfs_inode *inode, u64 start, - u64 len, u64 orig_start, u64 block_start, - u64 block_len, u64 orig_block_len, - u64 ram_bytes, int compress_type, - int type) +static struct extent_map *create_io_em(struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 start, u64 len, u64 orig_start, + u64 block_start, u64 block_len, + u64 orig_block_len, u64 ram_bytes, + int compress_type, int type) { struct extent_map *em; int ret; @@ -10555,7 +10559,7 @@ ssize_t btrfs_do_encoded_write(struct kiocb *iocb, struct iov_iter *from, goto out_delalloc_release; extent_reserved = true; - em = create_io_em(inode, start, num_bytes, + em = create_io_em(inode, NULL, start, num_bytes, start - encoded->unencoded_offset, ins.objectid, ins.offset, ins.offset, ram_bytes, compression, BTRFS_ORDERED_COMPRESSED); From patchwork Wed Jan 24 17:18:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529473 Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF99E86ADE for ; Wed, 24 Jan 2024 17:19:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116790; cv=none; b=WsSrumJ5CxqyB6SY0NxNsFcaZmXRb0RX+e3Vcq37W/PA9D64QF4UG/q//zL8TqtNOc0vNsPoMnztebn796iT/iMPmfvlPu30EzyGcMwc/aIGGw/kVXEq/yHdbQA046D4tX2uHycSJ5+R/Z9Za9nqFqWp1GA3E+brj7FMvRzxuuI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116790; c=relaxed/simple; bh=TGtfXeIU2gD7eCFbK+jfB6Hhv1wObrDLVykXBeDgEwo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XCjqMHzxtXmZQoAKdsFXmtfgNW1f7MjMIdsOePeJQ8Ll8sT+VdqFSgpCgfN6SyHvyMpt5QksSSBD/pSjJ9++oJ6FI3WxmAk+HuuiI2RLINkcoY2Ct95XMYtSt/FHxj3OTcCMf0Uw5xKOxMVV+jEp9le8tjuNtGuij27ah/uU0bI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=uHgunwNj; arc=none smtp.client-ip=209.85.219.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="uHgunwNj" Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-dc221f01302so4469863276.2 for ; Wed, 24 Jan 2024 09:19:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116787; x=1706721587; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9GHY4ebkbtBMe9vZyd7ROTUiJYsLs7M198UMZcUyLG0=; b=uHgunwNjex5Nmy+NZsKfVKlXlwnCodiuTp15NU3W9ytZNjMHlQKZ32EqHEX/0b27lq PiuCu4pLbm/aRgiBrFCTlB175DCIRAtrxHhoeU9DO+3oE96JoXDhOuLHb8XnP8jjQ6eY qnq8VuN/Vg1JnuiaQyg7UcylyNiYhn7nUNrb0HNqbdd7YzGyeJHKyzN6aBlNVF9ZfrVN W8nm0HE9/wX5EbfXols2LVusa3G9SiyiK163Mb2WtZ5uiPt+TA3c0QdhJp0sgRN5Ujv7 EWk1yjaLC2ShgvR39ODI9AdWhV7TmQi5iI685OrZiByAqrKjk55B2cZ9/6FY++20XXVB PMLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116787; x=1706721587; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9GHY4ebkbtBMe9vZyd7ROTUiJYsLs7M198UMZcUyLG0=; b=o7Wets9A1WhhGaTfmjcR7gZHAt0s8CSTGszLgHLfji9z4n2J8+2KCz0jgrL0kZvAFC biGEQtGdPHYkfFCSLM/r3bvPgHuNV5eE3/70hvuZYbXtDVKUUbz3r9V9MJ0xqEkPbvtb PoWZmMC2e8iIBSotUwHhtqOL50C6O6QMV1CjIPv/evQHMoSaTMT6BXUAgZO653AuN5Aq 2iFt88XJJAOsnIDMyy2suPKUXY+Jo6QMnGRL+p3yPfjPSdyaWD/NQKNy5CTbflzXV/zv //sJ3Jr1Fi7Ohso7h8KLYRjVkFdvmg1IhuogD0ziK7sNyXfot00km6QBgzleFSHOl5ep fVvg== X-Gm-Message-State: AOJu0Yw69cao1z+tuW4OmRZvoR1tPQyI/LRfUD5Q/OcgopQK04/nbg2X UzXIEgRY8mZsChGeQqb5eNte6PRKNbJuFi1sFkhvmWk9ueMM2x3LK5h52T8tUM/1LF/Ixtfmb/X G X-Google-Smtp-Source: AGHT+IHMY7JF6VntQrZClsJmtieW+3wdjl82LvlIaMzR5uexjeZtzGAIV5iyL78nkwgaOiFK48PetQ== X-Received: by 2002:a25:af0e:0:b0:dc2:546d:e096 with SMTP id a14-20020a25af0e000000b00dc2546de096mr990603ybh.41.1706116787605; Wed, 24 Jan 2024 09:19:47 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id t9-20020a252d09000000b00dc251f877a7sm2941261ybt.7.2024.01.24.09.19.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:47 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 26/52] btrfs: populate the ordered_extent with the fscrypt context Date: Wed, 24 Jan 2024 12:18:48 -0500 Message-ID: <33e650f3e91ed0318211301beb27fa613382f28e.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The fscrypt_extent_info will be tied to the extent_map lifetime, so it will be created when we create the IO em, or it'll already exist in the NOCOW case. Use this fscrypt_info when creating the ordered extent to make sure everything is passed through properly. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 77 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 21 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 5d8cf2f83831..7b3ef349661a 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1170,9 +1170,8 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, ret = PTR_ERR(em); goto out_free_reserve; } - free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, NULL, + ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, start, /* file_offset */ async_extent->ram_size, /* num_bytes */ async_extent->ram_size, /* ram_bytes */ @@ -1181,6 +1180,7 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, 0, /* offset */ 1 << BTRFS_ORDERED_COMPRESSED, async_extent->compress_type); + free_extent_map(em); if (IS_ERR(ordered)) { btrfs_drop_extent_map_range(inode, start, end, false); ret = PTR_ERR(ordered); @@ -1434,13 +1434,13 @@ static noinline int cow_file_range(struct btrfs_inode *inode, ret = PTR_ERR(em); goto out_reserve; } - free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, NULL, + ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, start, ram_size, ram_size, ins.objectid, cur_alloc_size, 0, 1 << BTRFS_ORDERED_REGULAR, BTRFS_COMPRESS_NONE); + free_extent_map(em); if (IS_ERR(ordered)) { ret = PTR_ERR(ordered); goto out_drop_extent_cache; @@ -2013,6 +2013,8 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, struct btrfs_key found_key; struct btrfs_file_extent_item *fi; struct extent_buffer *leaf; + struct extent_map *em = NULL; + struct fscrypt_extent_info *fscrypt_info = NULL; u64 extent_end; u64 ram_bytes; u64 nocow_end; @@ -2149,13 +2151,29 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, } } + /* + * We only want to do this lookup if we're encrypted, otherwise + * fsrypt_info will be null and we can avoid this lookup. + */ + if (IS_ENCRYPTED(&inode->vfs_inode)) { + em = btrfs_get_extent(inode, NULL, 0, cur_offset, + nocow_args.num_bytes); + if (IS_ERR(em)) { + btrfs_dec_nocow_writers(nocow_bg); + ret = PTR_ERR(em); + goto error; + } + fscrypt_info = fscrypt_get_extent_info(em->fscrypt_info); + free_extent_map(em); + em = NULL; + } + nocow_end = cur_offset + nocow_args.num_bytes - 1; is_prealloc = extent_type == BTRFS_FILE_EXTENT_PREALLOC; if (is_prealloc) { u64 orig_start = found_key.offset - nocow_args.extent_offset; - struct extent_map *em; - em = create_io_em(inode, NULL, cur_offset, + em = create_io_em(inode, fscrypt_info, cur_offset, nocow_args.num_bytes, orig_start, nocow_args.disk_bytenr, /* block_start */ @@ -2164,6 +2182,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, ram_bytes, BTRFS_COMPRESS_NONE, BTRFS_ORDERED_PREALLOC); if (IS_ERR(em)) { + fscrypt_put_extent_info(fscrypt_info); btrfs_dec_nocow_writers(nocow_bg); ret = PTR_ERR(em); goto error; @@ -2171,13 +2190,15 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, free_extent_map(em); } - ordered = btrfs_alloc_ordered_extent(inode, NULL, cur_offset, - nocow_args.num_bytes, nocow_args.num_bytes, - nocow_args.disk_bytenr, nocow_args.num_bytes, 0, + ordered = btrfs_alloc_ordered_extent(inode, fscrypt_info, + cur_offset, nocow_args.num_bytes, + nocow_args.num_bytes, nocow_args.disk_bytenr, + nocow_args.num_bytes, 0, is_prealloc ? (1 << BTRFS_ORDERED_PREALLOC) : (1 << BTRFS_ORDERED_NOCOW), BTRFS_COMPRESS_NONE); + fscrypt_put_extent_info(fscrypt_info); btrfs_dec_nocow_writers(nocow_bg); if (IS_ERR(ordered)) { if (is_prealloc) { @@ -7044,6 +7065,7 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, struct btrfs_dio_data *dio_data, + struct extent_map *orig_em, const u64 start, const u64 len, const u64 orig_start, @@ -7055,18 +7077,24 @@ static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, { struct extent_map *em = NULL; struct btrfs_ordered_extent *ordered; + struct fscrypt_extent_info *fscrypt_info = NULL; + + if (orig_em) + fscrypt_info = orig_em->fscrypt_info; if (type != BTRFS_ORDERED_NOCOW) { - em = create_io_em(inode, NULL, start, len, orig_start, + em = create_io_em(inode, fscrypt_info, start, len, orig_start, block_start, block_len, orig_block_len, ram_bytes, BTRFS_COMPRESS_NONE, /* compress_type */ type); if (IS_ERR(em)) goto out; + fscrypt_info = em->fscrypt_info; } - ordered = btrfs_alloc_ordered_extent(inode, NULL, start, len, len, - block_start, block_len, 0, + + ordered = btrfs_alloc_ordered_extent(inode, fscrypt_info, start, len, + len, block_start, block_len, 0, (1 << type) | (1 << BTRFS_ORDERED_DIRECT), BTRFS_COMPRESS_NONE); @@ -7110,9 +7138,10 @@ static struct extent_map *btrfs_new_extent_direct(struct btrfs_inode *inode, if (ret) return ERR_PTR(ret); - em = btrfs_create_dio_extent(inode, dio_data, start, ins.offset, start, - ins.objectid, ins.offset, ins.offset, - ins.offset, BTRFS_ORDERED_REGULAR); + em = btrfs_create_dio_extent(inode, dio_data, NULL, start, ins.offset, + start, ins.objectid, ins.offset, + ins.offset, ins.offset, + BTRFS_ORDERED_REGULAR); btrfs_dec_block_group_reservations(fs_info, ins.objectid); if (IS_ERR(em)) btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, @@ -7379,7 +7408,13 @@ static struct extent_map *create_io_em(struct btrfs_inode *inode, em->flags |= EXTENT_FLAG_FILLING; else if (type == BTRFS_ORDERED_COMPRESSED) extent_map_set_compression(em, compress_type); - extent_map_set_encryption(em, BTRFS_ENCRYPTION_NONE); + + if (fscrypt_info) { + extent_map_set_encryption(em, BTRFS_ENCRYPTION_FSCRYPT); + em->fscrypt_info = fscrypt_get_extent_info(fscrypt_info); + } else { + extent_map_set_encryption(em, BTRFS_ENCRYPTION_NONE); + } ret = btrfs_replace_extent_map_range(inode, em, true); if (ret) { @@ -7455,9 +7490,9 @@ static int btrfs_get_blocks_direct_write(struct extent_map **map, } space_reserved = true; - em2 = btrfs_create_dio_extent(BTRFS_I(inode), dio_data, start, len, - orig_start, block_start, - len, orig_block_len, + em2 = btrfs_create_dio_extent(BTRFS_I(inode), dio_data, em, + start, len, orig_start, + block_start, len, orig_block_len, ram_bytes, type); btrfs_dec_nocow_writers(bg); if (type == BTRFS_ORDERED_PREALLOC) { @@ -10567,14 +10602,14 @@ ssize_t btrfs_do_encoded_write(struct kiocb *iocb, struct iov_iter *from, ret = PTR_ERR(em); goto out_free_reserved; } - free_extent_map(em); - ordered = btrfs_alloc_ordered_extent(inode, NULL, start, + ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, start, num_bytes, ram_bytes, ins.objectid, ins.offset, encoded->unencoded_offset, (1 << BTRFS_ORDERED_ENCODED) | (1 << BTRFS_ORDERED_COMPRESSED), compression); + free_extent_map(em); if (IS_ERR(ordered)) { btrfs_drop_extent_map_range(inode, start, end, false); ret = PTR_ERR(ordered); From patchwork Wed Jan 24 17:18:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529474 Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BC8486AEB for ; Wed, 24 Jan 2024 17:19:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116790; cv=none; b=BnyglE3CMV5zs4PXYE23MuYro5jZqfHpkwB0MRSQvVxR5cTcAR+c7huENVPpfsaFa/FHggaVCG+Qx67v9gn6L374NQjEVFYPCEwx5lQBYaQRMiZmUqkz1o0+4HOG46ibZA4OjSpiiLATkJpf2OP1MCkA5VAE7yL5aJjh98uKohI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116790; c=relaxed/simple; bh=95Qk5i8acrftXlTC0r7+bzVkmi3Fu2KE62AGDWA7wKE=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Q4oEEN5Trr4FX3xr1y9bMRIQr5jt9SqM7IXlSG7Z/NaGTRcFt05Pz6pduUhRMSDbUVGUVNlUVb5SQreJAKR9t+ElaJKYSJwWU2M/g/GgNYkejvv3vnxQy7gbK/jRY/jMndZpy5SXt6N1Ktve/ItsepDTqgPR/yjZRiINracmotY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=xpOhk+Cf; arc=none smtp.client-ip=209.85.219.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="xpOhk+Cf" Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dc239f84ba4so4803048276.3 for ; Wed, 24 Jan 2024 09:19:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116788; x=1706721588; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jt2GJJZzDgpNmUkvzvr/Jr8FhWJjECt1Wk9RZ4YRcTI=; b=xpOhk+Cfn636U/NwNAAb8XSBHBbaBFrdTATBsqwK3CWl8LDnWP4JIlQqEClaxySEW8 kr5OrymQNRm1fCpjcsc1Lbh/v7IF+Pcs1pm+5Ta9X09QoaturvqhwYz2zDAxs4eMiGC3 eQyv1SxXMtfEQfV6bcacc2+3z0hBIoHJhJzz5LGkFG9QtgDZt+cd28CFK2/+9R8SXE5o /1sBiCKEhgGcFRjLAUc5HrMYhxAHbJsuM3Kd44UE3PnfH7q2EGnj2jd7viii9n2iUyam dRgRMLagSKimZ8Jlcl7tcWiiRVVkI9CTxcX4F232lLWBCCa2vuSXEiJlhSHfnsItzp/M 9cnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116788; x=1706721588; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jt2GJJZzDgpNmUkvzvr/Jr8FhWJjECt1Wk9RZ4YRcTI=; b=RuPOgO+319skiRJ5qe3rsZUxZ9Lg5Q37tZNNa0SuRNqkns03v75zeKlYdoMJW92/MB 1Hm2H2OJxupyznAIUjYUIzuwiXEDRphfi/ALiboLItf4fFp4A8OU1cTEi4W8NpWFc6JT tNubjtmq/h+6DiCbumyyp95cZ6XaJWfcT4hNfWtMt/teCTOv58lrcwl/23SVkm+8ysH4 zrZvW+CSDW0HrtIB4fELCDACdJj8hgsKJm663OUp7aI+Itwz6/AgQIN3mrifJbQkrx6s mASDjr8hPgT7L0VSjtgm+Il6cVbbjh5hlOq9j6yZJpeULh4LXpb280Vp4hP9Hf1kU7Oe qPEw== X-Gm-Message-State: AOJu0YymIjTFuGQ77ykeSMLwqqUYp9tfETFK8Un+7bIHefaiKtkX9eKb ESIVNpHtI0ZiPYhOAZXiayqj3fJcTY038xG44jf3IO1Wwau4Ns5TispYdpJaFXlcSCR43mi7qW2 n X-Google-Smtp-Source: AGHT+IF7ToRDh9GddqLGCSOWgvnKvOWrNF/gCms7NBD+kqcSzqUNWu/upZ7HhrDJEljVttj6gBXcJg== X-Received: by 2002:a25:aea5:0:b0:dc2:73f3:2ad9 with SMTP id b37-20020a25aea5000000b00dc273f32ad9mr941183ybj.80.1706116788488; Wed, 24 Jan 2024 09:19:48 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id l11-20020a25bccb000000b00dc2366900f9sm2831539ybm.65.2024.01.24.09.19.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:48 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 27/52] btrfs: keep track of fscrypt info and orig_start for dio reads Date: Wed, 24 Jan 2024 12:18:49 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We keep track of this information in the ordered extent for writes, but we need it for reads as well. Add fscrypt_extent_info and orig_start to the dio_data so we can populate this on reads. This will be used later when we attach the fscrypt context to the bios. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7b3ef349661a..cabcf03fe01f 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -83,6 +83,8 @@ struct btrfs_dio_data { ssize_t submitted; struct extent_changeset *data_reserved; struct btrfs_ordered_extent *ordered; + struct fscrypt_extent_info *fscrypt_info; + u64 orig_start; bool data_space_reserved; bool nocow_done; }; @@ -7767,6 +7769,10 @@ static int btrfs_dio_iomap_begin(struct inode *inode, loff_t start, release_len); } } else { + dio_data->fscrypt_info = + fscrypt_get_extent_info(em->fscrypt_info); + dio_data->orig_start = em->orig_start; + /* * We need to unlock only the end area that we aren't using. * The rest is going to be unlocked by the endio routine. @@ -7848,6 +7854,11 @@ static int btrfs_dio_iomap_end(struct inode *inode, loff_t pos, loff_t length, dio_data->ordered = NULL; } + if (dio_data->fscrypt_info) { + fscrypt_put_extent_info(dio_data->fscrypt_info); + dio_data->fscrypt_info = NULL; + } + if (write) extent_changeset_free(dio_data->data_reserved); return ret; From patchwork Wed Jan 24 17:18:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529475 Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 786E88003B for ; Wed, 24 Jan 2024 17:19:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116792; cv=none; b=Fcd9PHg/aQ20GAuaSg8OkXECjA4fKbPy/qaBB4Mu9Xk0ivoeSwW2ltSQJujLKY731hpLWmwFQ4fIh3AnCWvxObbtjkKIvYK+aNLcQUjajvm0rKFsT4AeOfZqrTbfRwujWWHP5kvV1aqcvb5NcgTSeq67tec6vQLE0Qwn9rkeUww= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116792; c=relaxed/simple; bh=61biOJzKFrRIG7hKBHQoERfUEuYuk5TQNt1GnagdIek=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iZgc3mvrKN2EqkxiphnBnuq/1JOkbkRO+BzVv+XUBEvT02tIhQyX0hS1Xp3po/dI6hQRqiOwY6YCGZb0EE7I3G/u1JVY13oE1pRtefhGH42kVCN8+cZuBOjyXvs8sYud5367OHfytS6PL/uloj9mDm3Rw53ENEm+pKsa21BNe2E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=xqs2prVe; arc=none smtp.client-ip=209.85.219.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="xqs2prVe" Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-dc21d7a7042so5011349276.2 for ; Wed, 24 Jan 2024 09:19:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116789; x=1706721589; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uWpCqua75ld3SCIeVUgY30PkhqvyQ34+YzyIxStNa7w=; b=xqs2prVeI/gN7xGJbwSleGysEzPPz+ea4eFZHuqM4ghvQNPXSPbPzAuZJIST/52prW XCq8oau4vpijMhlj9Zab9Z0njdSECP6cxkMsJguCQC+NFEXR2IJ+TYORuy/xssSAL7PV WehAhqWK+FQSvYSCi8QGk2um4sWqxyyQqthN5x+SIRvtyUj8QOXMfCr8ZOPWtjrUpOGk kfEbFdJtz4FNrLKZGCKIZA6nKrFFuJJKr5CKnkLSZPd5sFt4zC9amQnRbyDUgBXEHWoN NC9Ke+LVeXFbSU5J97ZqaHCUPWdOZ/8ixYTL42BFSRv+BeDYSfim38DRKiABNIp1FFYo ErYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116789; x=1706721589; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uWpCqua75ld3SCIeVUgY30PkhqvyQ34+YzyIxStNa7w=; b=ZEoUGlqdNBCRdibOPFIWinsohYe0mSZmsc7Wlep43Z8IYdX42IAft3MGJY0Hm/Wf1K F5ISKnxysSwKC9lN7pvmrl1OpHH2qt8OvNi8Jb93sNpmoVyWu60ArtS5ICRy6AEkegGR URY+18J+HncnHHuLVoCCx/E1hnPalXxABu9f2m6SUVG2xx/zcM0E54kAoexxkgHdj1HP 4EfsTGpPymTBfQ1qF53G9ItFrSgmlcTdfGkaE+oNZuxUiqGCvyRfr0TEXoF05Dcfsbgr 6sAyA4uOMedB5+rnNSTQ1Cph9AnPUkxCg18q7NFQGl69NKEcys8HHV+CU856sAZm38SZ Belw== X-Gm-Message-State: AOJu0YwpOwsE0JPANM5Yv+aNx20Kkj/GmsbUiD7cnj+zfkgMObLPvfyj pg+egbwvs6hA2hN+9VYkYNWgdseYWyV/2kVFuDOf4f5h3Rgi0NkAKchcu0/bX9HiHG7DRZ+t4DI G X-Google-Smtp-Source: AGHT+IFyBZ5Rvvkgygg4ovLWUD5Qxn/emhsRqsFV57uVrjCzZwuZ98xf3nG0QGsuZRmVBkLSmBTBeQ== X-Received: by 2002:a05:6902:1c5:b0:dc3:72ca:8985 with SMTP id u5-20020a05690201c500b00dc372ca8985mr890143ybh.115.1706116789384; Wed, 24 Jan 2024 09:19:49 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id h20-20020a25b194000000b00dc22fa579c5sm2948628ybj.45.2024.01.24.09.19.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:49 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 28/52] btrfs: add an optional encryption context to the end of file extents Date: Wed, 24 Jan 2024 12:18:50 -0500 Message-ID: <7ee9171262857336011bf0e121846617c5181fa4.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The fscrypt encryption context can be extended to include different things in the future. To facilitate future expansion add an optional btrfs_encryption_info to the end of the file extent. This will hold the size of the context and then will have the binary context tacked onto the end of the extent item. Add the appropriate accessors to make it easy to read this information if we have encryption set, and then update the tree-checker to validate that if this is indeed set properly that the size matches properly. Signed-off-by: Josef Bacik --- fs/btrfs/accessors.h | 48 +++++++++++++++++++++++++++ fs/btrfs/tree-checker.c | 58 ++++++++++++++++++++++++++++----- include/uapi/linux/btrfs_tree.h | 17 +++++++++- 3 files changed, 113 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/accessors.h b/fs/btrfs/accessors.h index cbc176d1dac1..a858f556cf05 100644 --- a/fs/btrfs/accessors.h +++ b/fs/btrfs/accessors.h @@ -932,6 +932,10 @@ BTRFS_SETGET_STACK_FUNCS(super_uuid_tree_generation, struct btrfs_super_block, BTRFS_SETGET_STACK_FUNCS(super_nr_global_roots, struct btrfs_super_block, nr_global_roots, 64); +/* struct btrfs_file_extent_encryption_info */ +BTRFS_SETGET_FUNCS(encryption_info_size, struct btrfs_encryption_info, size, + 32); + /* struct btrfs_file_extent_item */ BTRFS_SETGET_STACK_FUNCS(stack_file_extent_type, struct btrfs_file_extent_item, type, 8); @@ -973,6 +977,50 @@ BTRFS_SETGET_FUNCS(file_extent_encryption, struct btrfs_file_extent_item, BTRFS_SETGET_FUNCS(file_extent_other_encoding, struct btrfs_file_extent_item, other_encoding, 16); +static inline struct btrfs_encryption_info *btrfs_file_extent_encryption_info( + const struct btrfs_file_extent_item *ei) +{ + unsigned long offset = (unsigned long)ei; + + offset += offsetof(struct btrfs_file_extent_item, encryption_info); + return (struct btrfs_encryption_info *)offset; +} + +static inline unsigned long btrfs_file_extent_encryption_ctx_offset( + const struct btrfs_file_extent_item *ei) +{ + unsigned long offset = (unsigned long)ei; + + offset += offsetof(struct btrfs_file_extent_item, encryption_info); + return offset + offsetof(struct btrfs_encryption_info, context); +} + +static inline u32 btrfs_file_extent_encryption_ctx_size( + const struct extent_buffer *eb, + const struct btrfs_file_extent_item *ei) +{ + return btrfs_encryption_info_size(eb, + btrfs_file_extent_encryption_info(ei)); +} + +static inline void btrfs_set_file_extent_encryption_ctx_size( + const struct extent_buffer *eb, + struct btrfs_file_extent_item *ei, + u32 val) +{ + btrfs_set_encryption_info_size(eb, + btrfs_file_extent_encryption_info(ei), + val); +} + +static inline u32 btrfs_file_extent_encryption_info_size( + const struct extent_buffer *eb, + const struct btrfs_file_extent_item *ei) +{ + return btrfs_encryption_info_size(eb, + btrfs_file_extent_encryption_info(ei)); +} + /* btrfs_qgroup_status_item */ BTRFS_SETGET_FUNCS(qgroup_status_generation, struct btrfs_qgroup_status_item, generation, 64); diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 1141b5d92ac9..5e11132d49d6 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -212,6 +212,7 @@ static int check_extent_data_item(struct extent_buffer *leaf, u32 item_size = btrfs_item_size(leaf, slot); u64 extent_end; u8 policy; + u8 fe_type; if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) { file_extent_err(leaf, slot, @@ -242,12 +243,12 @@ static int check_extent_data_item(struct extent_buffer *leaf, SZ_4K); return -EUCLEAN; } - if (unlikely(btrfs_file_extent_type(leaf, fi) >= - BTRFS_NR_FILE_EXTENT_TYPES)) { + + fe_type = btrfs_file_extent_type(leaf, fi); + if (unlikely(fe_type >= BTRFS_NR_FILE_EXTENT_TYPES)) { file_extent_err(leaf, slot, "invalid type for file extent, have %u expect range [0, %u]", - btrfs_file_extent_type(leaf, fi), - BTRFS_NR_FILE_EXTENT_TYPES - 1); + fe_type, BTRFS_NR_FILE_EXTENT_TYPES - 1); return -EUCLEAN; } @@ -296,12 +297,51 @@ static int check_extent_data_item(struct extent_buffer *leaf, return 0; } - /* Regular or preallocated extent has fixed item size */ - if (unlikely(item_size != sizeof(*fi))) { - file_extent_err(leaf, slot, + if (policy == BTRFS_ENCRYPTION_FSCRYPT) { + size_t fe_size = sizeof(*fi) + + sizeof(struct btrfs_encryption_info); + u32 ctxsize; + + if (unlikely(item_size < fe_size)) { + file_extent_err(leaf, slot, + "invalid item size for encrypted file extent, have %u expect = %zu + size of u32", + item_size, sizeof(*fi)); + return -EUCLEAN; + } + + ctxsize = btrfs_file_extent_encryption_info_size(leaf, fi); + if (unlikely(item_size != (fe_size + ctxsize))) { + file_extent_err(leaf, slot, + "invalid item size for encrypted file extent, have %u expect = %zu + context of size %u", + item_size, fe_size, ctxsize); + return -EUCLEAN; + } + + if (unlikely(ctxsize > BTRFS_MAX_EXTENT_CTX_SIZE)) { + file_extent_err(leaf, slot, + "invalid file extent context size, have %u expect a maximum of %u", + ctxsize, BTRFS_MAX_EXTENT_CTX_SIZE); + return -EUCLEAN; + } + + /* + * Only regular and prealloc extents should have an encryption + * context. + */ + if (unlikely(fe_type != BTRFS_FILE_EXTENT_REG && + fe_type != BTRFS_FILE_EXTENT_PREALLOC)) { + file_extent_err(leaf, slot, + "invalid type for encrypted file extent, have %u", + btrfs_file_extent_type(leaf, fi)); + return -EUCLEAN; + } + } else { + if (unlikely(item_size != sizeof(*fi))) { + file_extent_err(leaf, slot, "invalid item size for reg/prealloc file extent, have %u expect %zu", - item_size, sizeof(*fi)); - return -EUCLEAN; + item_size, sizeof(*fi)); + return -EUCLEAN; + } } if (unlikely(CHECK_FE_ALIGNED(leaf, slot, fi, ram_bytes, sectorsize) || CHECK_FE_ALIGNED(leaf, slot, fi, disk_bytenr, sectorsize) || diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h index effa93df6b90..86362b7f8d25 100644 --- a/include/uapi/linux/btrfs_tree.h +++ b/include/uapi/linux/btrfs_tree.h @@ -1073,12 +1073,24 @@ enum { BTRFS_NR_FILE_EXTENT_TYPES = 3, }; +/* + * Currently just the FSCRYPT_SET_CONTEXT_MAX_SIZE, which is larger than the + * current extent context size from fscrypt, so this should give us plenty of + * breathing room for expansion later. + */ +#define BTRFS_MAX_EXTENT_CTX_SIZE 40 + enum btrfs_encryption_type { BTRFS_ENCRYPTION_NONE, BTRFS_ENCRYPTION_FSCRYPT, BTRFS_NR_ENCRYPTION_TYPES, }; +struct btrfs_encryption_info { + __le32 size; + __u8 context[0]; +}; + struct btrfs_file_extent_item { /* * transaction id that created this extent @@ -1134,7 +1146,10 @@ struct btrfs_file_extent_item { * always reflects the size uncompressed and without encoding. */ __le64 num_bytes; - + /* + * the encryption info, if any + */ + struct btrfs_encryption_info encryption_info[0]; } __attribute__ ((__packed__)); struct btrfs_csum_item { From patchwork Wed Jan 24 17:18:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529476 Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95D8B86AFD for ; Wed, 24 Jan 2024 17:19:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116793; cv=none; b=qtVrB33T9OcJ9g4Njz/9OB9+1jFGxrGhaGXlcybl4QniXnuzwEi+jI74qtMJim7vj4McXcNu/oWtXWtedNBOUfSFsWUIKEGuKc30x9AJoI4OyRqARYHdSUeAiU0EiY/xHPR1DvX9m+oarDUVyPxO5lHd0NQGfX08Y+E1AM+Q/WU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116793; c=relaxed/simple; bh=O48UEJErUB8bzqwTavFiM0JWcH59AFGhNcNbVzuUGnY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=atYv2xMSv2IxcgzY0AhAjdGowdyAQTQDCKDjBM99JtzVL32N7x+yzNa5fZzw+NA+piBAakiCG4qKWhTPbDaMp4g6NsRDxMDdszpWCrER8OdBB6XG8qalJIl9ob/Tcy+HrvFl7iunfYhHLNkHP2Y0xLNKoHqJTb1/nrjW77pHC00= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=z0hT4iHL; arc=none smtp.client-ip=209.85.219.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="z0hT4iHL" Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dc239f84ba4so4803089276.3 for ; Wed, 24 Jan 2024 09:19:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116790; x=1706721590; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1hiuLdL1spfs5ZgNwlx+7nWRX6d/XFRFdqqlEe/nroE=; b=z0hT4iHLIxX7cT8luKVDvzI+pYaJ5Hj06i2FdXjrBeyWxO4sqvmR6f8Be9/LzGz/+p JDvH3itvjtx7it7opPEHK2zSs6AjRSG/wdlheyw2oKYt27W1XFooxxueVESzfSXH15OZ Tpwx3iVUTAF/Wh95pxJABwbcXwH78r0+MN6rl5StPzhmHiiApzCo6BJ83uvIzQNOX6eM BJUXGVuT1d7sirTeeHHH7bHIMMZm3Vdb9UYDZutM84HhYJUxdxP98bbszTquzGqla2c0 wlwMo/t2pbdfLxRIzMW3hm/n2bEtYY+3C2gKHg6He0gzXAqJErexjK7N5anOydnyH4y2 CSYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116790; x=1706721590; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1hiuLdL1spfs5ZgNwlx+7nWRX6d/XFRFdqqlEe/nroE=; b=PoEzq+71xhSi9+/j2O22tXavG1sntauz5Hovh+k8oXn4IviaEKNp91K1vXsETYYtir InDBY95PzcEpDjx6c0op27uEoDrrRZ2HYquhgGnpOHLBO43eiXmwl3APd1mVsprCeymz pWhbE/IXGN13qS+3gOwMkl6AbCwaBsTk/Fy5n5ZyxYmKa8OIKNqIm/nJzr3B+Z76k9GB NT3V+QW2h/1vVbDWKRt6+70ltLXluYIUF6LbrsRNxR+otUoqomDIxcB3RhnS4C+S/6Pz giGJzyqK3/1N+JnB+E8JKsW09mjnZFCIK85y3onDPa/fSqVvTH8o8QlBoN0SrssEXQJx IWPw== X-Gm-Message-State: AOJu0YyOpf5Ui940Hicgp1TKrkSS4NcV/cOELnpJpx0C2cfPhyr0L3J9 Y+ZBhJ96lqgrpmgNOhS7wldkOZFKxQ95MsHFceuCMsJIOK4gCtUlG5Ijt8IAT7zonBpmBVoDr3/ M X-Google-Smtp-Source: AGHT+IH0OSV+urp1/SUDU7rLT11FRzRn8Qeor50OQYdhUe7ox2H7Si1js9tk87BzB6JGDf/FAX54bg== X-Received: by 2002:a5b:dce:0:b0:dbe:3c67:f018 with SMTP id t14-20020a5b0dce000000b00dbe3c67f018mr942868ybr.63.1706116790341; Wed, 24 Jan 2024 09:19:50 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id j3-20020a25ec03000000b00dc25d5f4c75sm2852251ybh.10.2024.01.24.09.19.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:50 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Cc: Sweet Tea Dorminy Subject: [PATCH v5 29/52] btrfs: explicitly track file extent length for replace and drop Date: Wed, 24 Jan 2024 12:18:51 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Sweet Tea Dorminy With the advent of storing fscrypt contexts with each encrypted extent, extents will have a variable length depending on encryption status. Make sure the replace and drop file extent item helpers encode this information so that everything gets updated properly. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ctree.h | 2 ++ fs/btrfs/file.c | 4 ++-- fs/btrfs/inode.c | 7 +++++-- fs/btrfs/reflink.c | 1 + fs/btrfs/tree-log.c | 5 +++-- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 70e828d33177..34ecf5966a5a 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -367,6 +367,8 @@ struct btrfs_replace_extent_info { u64 file_offset; /* Pointer to a file extent item of type regular or prealloc. */ char *extent_buf; + /* The length of @extent_buf */ + u32 extent_buf_size; /* * Set to true when attempting to replace a file range with a new extent * described by this structure, set to false when attempting to clone an diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 252b6fae29f8..2471b37ad57e 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -2264,14 +2264,14 @@ static int btrfs_insert_replace_extent(struct btrfs_trans_handle *trans, key.type = BTRFS_EXTENT_DATA_KEY; key.offset = extent_info->file_offset; ret = btrfs_insert_empty_item(trans, root, path, &key, - sizeof(struct btrfs_file_extent_item)); + extent_info->extent_buf_size); if (ret) return ret; leaf = path->nodes[0]; slot = path->slots[0]; write_extent_buffer(leaf, extent_info->extent_buf, btrfs_item_ptr_offset(leaf, slot), - sizeof(struct btrfs_file_extent_item)); + extent_info->extent_buf_size); extent = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); ASSERT(btrfs_file_extent_type(leaf, extent) != BTRFS_FILE_EXTENT_INLINE); btrfs_set_file_extent_offset(leaf, extent, extent_info->data_offset); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index cabcf03fe01f..cf22be63dcc6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2913,6 +2913,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, u64 num_bytes = btrfs_stack_file_extent_num_bytes(stack_fi); u64 ram_bytes = btrfs_stack_file_extent_ram_bytes(stack_fi); struct btrfs_drop_extents_args drop_args = { 0 }; + size_t fscrypt_context_size = 0; int ret; path = btrfs_alloc_path(); @@ -2932,7 +2933,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, drop_args.start = file_pos; drop_args.end = file_pos + num_bytes; drop_args.replace_extent = true; - drop_args.extent_item_size = sizeof(*stack_fi); + drop_args.extent_item_size = sizeof(*stack_fi) + fscrypt_context_size; ret = btrfs_drop_extents(trans, root, inode, &drop_args); if (ret) goto out; @@ -2943,7 +2944,7 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, ins.type = BTRFS_EXTENT_DATA_KEY; ret = btrfs_insert_empty_item(trans, root, path, &ins, - sizeof(*stack_fi)); + sizeof(*stack_fi) + fscrypt_context_size); if (ret) goto out; } @@ -9735,6 +9736,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( u64 len = ins->offset; u64 qgroup_released = 0; int ret; + size_t fscrypt_context_size = 0; memset(&stack_fi, 0, sizeof(stack_fi)); @@ -9767,6 +9769,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( extent_info.data_len = len; extent_info.file_offset = file_offset; extent_info.extent_buf = (char *)&stack_fi; + extent_info.extent_buf_size = sizeof(stack_fi) + fscrypt_context_size; extent_info.is_new_extent = true; extent_info.update_times = true; extent_info.qgroup_reserved = qgroup_released; diff --git a/fs/btrfs/reflink.c b/fs/btrfs/reflink.c index c61e54983faf..8995bb8832e4 100644 --- a/fs/btrfs/reflink.c +++ b/fs/btrfs/reflink.c @@ -500,6 +500,7 @@ static int btrfs_clone(struct inode *src, struct inode *inode, clone_info.data_len = datal; clone_info.file_offset = new_key.offset; clone_info.extent_buf = buf; + clone_info.extent_buf_size = size; clone_info.is_new_extent = false; clone_info.update_times = !no_time_update; ret = btrfs_replace_file_extents(BTRFS_I(inode), path, diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 51059e5a282c..43c3b972a4b1 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4627,6 +4627,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, u64 extent_offset = em->start - em->orig_start; u64 block_len; int ret; + size_t fscrypt_context_size = 0; u8 encryption = BTRFS_ENCRYPTION_NONE; btrfs_set_stack_file_extent_generation(&fi, trans->transid); @@ -4670,7 +4671,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, drop_args.start = em->start; drop_args.end = em->start + em->len; drop_args.replace_extent = true; - drop_args.extent_item_size = sizeof(fi); + drop_args.extent_item_size = sizeof(fi) + fscrypt_context_size; ret = btrfs_drop_extents(trans, log, inode, &drop_args); if (ret) return ret; @@ -4682,7 +4683,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, key.offset = em->start; ret = btrfs_insert_empty_item(trans, log, path, &key, - sizeof(fi)); + sizeof(fi) + fscrypt_context_size); if (ret) return ret; } From patchwork Wed Jan 24 17:18:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529477 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8094A1272A5 for ; Wed, 24 Jan 2024 17:19:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116793; cv=none; b=nAb4L4SNt/lh0qrneH9ns11VJbi/FeX5bvYfD/LJDkxvujDrPAXgJl/FzqmjQkX/cLOmQadfAKbIWd6bAMnNMAKKF/jo4DT8k6jD+l0NTBfq0yrR1LhvlchyD0qAjdKzZUqH1mi8caDHI2CuSjXf10tyVF6ce8iPAZiUr2P8n78= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116793; c=relaxed/simple; bh=ZRnQu3exkXkwnxG+yjkYAkkQ8T9CooxMfPsSp8G/AOE=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=K+iqN5mw9klLarik/TIC2JcWyDXQuhux/wQIcIQOCCXsuTk2zkHHASsYJyCtVPOe/X6Th/AHCW0C/L+kpOBQQfJ0RXcWnHhqOhzQ9J1EPFkNZMmYLOU3GQcsPPKABRemi5Fk8f4anCjCFxj/04kpT0PPeFOsDAhJTV7rbMK/U9o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=ctWLfe8r; arc=none smtp.client-ip=209.85.128.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="ctWLfe8r" Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-6000bbdbeceso33054277b3.2 for ; Wed, 24 Jan 2024 09:19:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116791; x=1706721591; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=D/wiyh1QIT2BsCtrC+Ms0ns85d4X+W1MMYQgMRRukyU=; b=ctWLfe8r0jfOAoFJNVQ/6dqy3aDEv4RaRZqa1XrDjVIL0T1CIGMVsxodMn1M5iX7aA JKFivYb2IhuVykDLyQu5Y5fdRVnXhqZNWKd91HiUmantXMpgpeYs6N846nDlZjm8/dDm tqWQLuXe1fk9FzXNFkD4rh8Jf8Pc0C7u9XbgnCoip1paK1Shrw5KjKxaac/VmDf/U76M otWPY7ZHwzP9/Cnu8eypf8OSvU1M7YQ7Bhb4MtAe8saXLubWxMNATae1ZB6WQZnXhaiX P1O3zApVGSOXWcKiaamvOlEBBjlx4cd2LSgFXupw/Qb2twPSzEVt1maz8DL3RXuFxIDu U3Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116791; x=1706721591; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D/wiyh1QIT2BsCtrC+Ms0ns85d4X+W1MMYQgMRRukyU=; b=R5uOA7P5hWpsdq9J3GEWGMfaNV44bgYP1L6PCLSLAtTsWIZEcgQe3CU26G1ifJ21iM CQEDnl+5xCQc9cgHdP6apNS1Z71TxP7gRfkT46VxqfR8iWHIHb0bwJMInYUAghtguT+d Cv4kVCuCNuSNNI2TcbM3ElV7g0DJEl1zjE8v/LePPdNGtnexmmpMPGrPk9nRP7QhfVpW 0mDi1uYnpNhf5TdjaSfc9OFz+sjJn8LJVLRIy1xONhsaBuBFC7HH9Ek493o2IVH0tGU0 om/G/PAjlX3blCfDOsAQ+INLVGcKKPCVmEKR/eUfvDkIoqrRkdoQyCP3+Gxr+0C8yaPo Lpcw== X-Gm-Message-State: AOJu0Yx4vqdE5unC4t785QaWLWIfEcwbNHgbuhOpM3bbkGSvM9pzDy04 +DTboMFcN/Cu/nglh0WO/HSaLLiR5kV3M7H+6/l7HyIUEYe5XLGN3X/7u26/VgU1JEJOj+6JnIZ m X-Google-Smtp-Source: AGHT+IF5QVABDHss/1hlMJdzyRmv5Nh6Y9wmpCANJ3EQBlrbY3FBDA1w/6hT5WcHPwawSyZ1ndfaDA== X-Received: by 2002:a81:8901:0:b0:5ff:4910:dbca with SMTP id z1-20020a818901000000b005ff4910dbcamr1025423ywf.77.1706116791268; Wed, 24 Jan 2024 09:19:51 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id v143-20020a814895000000b005ff99f7e10esm60961ywa.138.2024.01.24.09.19.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:51 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 30/52] btrfs: pass through fscrypt_extent_info to the file extent helpers Date: Wed, 24 Jan 2024 12:18:52 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that we have the fscrypt_extnet_info in all of the supporting structures, pass this through and set the file extent encryption bit accordingly from the supporting structures. In subsequent patches code will be added to populate these appropriately. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 18 +++++++++++------- fs/btrfs/tree-log.c | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index cf22be63dcc6..e4557c460ee0 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2897,7 +2897,9 @@ int btrfs_writepage_cow_fixup(struct page *page) } static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, - struct btrfs_inode *inode, u64 file_pos, + struct btrfs_inode *inode, + struct fscrypt_extent_info *fscrypt_info, + u64 file_pos, struct btrfs_file_extent_item *stack_fi, const bool update_inode_bytes, u64 qgroup_reserved) @@ -3029,8 +3031,7 @@ static int insert_ordered_extent_file_extent(struct btrfs_trans_handle *trans, btrfs_set_stack_file_extent_num_bytes(&stack_fi, num_bytes); btrfs_set_stack_file_extent_ram_bytes(&stack_fi, ram_bytes); btrfs_set_stack_file_extent_compression(&stack_fi, oe->compress_type); - btrfs_set_stack_file_extent_encryption(&stack_fi, - BTRFS_ENCRYPTION_NONE); + btrfs_set_stack_file_extent_encryption(&stack_fi, oe->encryption_type); /* Other encoding is reserved and always 0 */ /* @@ -3044,8 +3045,9 @@ static int insert_ordered_extent_file_extent(struct btrfs_trans_handle *trans, test_bit(BTRFS_ORDERED_TRUNCATED, &oe->flags); return insert_reserved_file_extent(trans, BTRFS_I(oe->inode), - oe->file_offset, &stack_fi, - update_inode_bytes, oe->qgroup_rsv); + oe->fscrypt_info, oe->file_offset, + &stack_fi, update_inode_bytes, + oe->qgroup_rsv); } /* @@ -9726,6 +9728,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( struct btrfs_trans_handle *trans_in, struct btrfs_inode *inode, struct btrfs_key *ins, + struct fscrypt_extent_info *fscrypt_info, u64 file_offset) { struct btrfs_file_extent_item stack_fi; @@ -9747,6 +9750,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( btrfs_set_stack_file_extent_ram_bytes(&stack_fi, len); btrfs_set_stack_file_extent_compression(&stack_fi, BTRFS_COMPRESS_NONE); btrfs_set_stack_file_extent_encryption(&stack_fi, + fscrypt_info ? BTRFS_ENCRYPTION_FSCRYPT : BTRFS_ENCRYPTION_NONE); /* Other encoding is reserved and always 0 */ @@ -9755,7 +9759,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( return ERR_PTR(ret); if (trans) { - ret = insert_reserved_file_extent(trans, inode, + ret = insert_reserved_file_extent(trans, inode, fscrypt_info, file_offset, &stack_fi, true, qgroup_released); if (ret) @@ -9849,7 +9853,7 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, last_alloc = ins.offset; trans = insert_prealloc_file_extent(trans, BTRFS_I(inode), - &ins, cur_offset); + &ins, NULL, cur_offset); /* * Now that we inserted the prealloc extent we can finally * decrement the number of reservations in the block group. diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 43c3b972a4b1..102e78886c60 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4628,7 +4628,7 @@ static int log_one_extent(struct btrfs_trans_handle *trans, u64 block_len; int ret; size_t fscrypt_context_size = 0; - u8 encryption = BTRFS_ENCRYPTION_NONE; + u8 encryption = extent_map_encryption(em); btrfs_set_stack_file_extent_generation(&fi, trans->transid); if (em->flags & EXTENT_FLAG_PREALLOC) From patchwork Wed Jan 24 17:18:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529478 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55DBC1272AC for ; Wed, 24 Jan 2024 17:19:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116795; cv=none; b=ns5GI3L70sTFO3HIaHbz9Lv9nh7dwj24XajCE0pJ/0MrRAqzlRhR4+k0WifZLDF0e8qKioHn6x3xg9v2x9l9heJX/xzYMLgjYDagNQUe5wAFbArGV+ZeXxVhai7MOD/lrCCcna8ddrLPOr54BOczI8qCFlPmWj69dPhCxJ5QyMM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116795; c=relaxed/simple; bh=VeKXwz2SlmB/wDaeV1BuWCcSxKoGrW5ChSWiIxAPDfU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aZ26tswSlRDCBCRRNmBADJhWbolYsyJUuScF01QPcquhKrQN5erUCQALYvurq8rZOxmsP+Qwo+CCWwa2CE3XdOjtS2+C4bnMO0NXr2fRAQi2jEWN22liqEYy5gGamvD1kPyN9LaFH+ZhVLgmq+g6pT4kWuiOvTNpNJ+Tg0knslE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=DM3tfr/J; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="DM3tfr/J" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-5ff9adbf216so49058897b3.1 for ; Wed, 24 Jan 2024 09:19:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116792; x=1706721592; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=k36IM3oogbJbX+Cca977QJLVZadx0c7notGaGN70m/A=; b=DM3tfr/JXhPsP1M2XOcdWpok5lJks/g9l7bKQ3jPc/MZIBps4PU2LyUvlJIoIAx3uR 6OojpRKE4Ngz9d9ligrKc5cB+05ul9e+CCq5X9mnA/wh5aMZ1lE4CV33wXvPeHwOscmz 0J9WkebnZJ+PQ9pLTubwngMqRf3+h0VeFgpJ5rB/yedEd7RKFT1YFJc7ZjDsJC1HWEOk 2mj6dfpmgLMiv3P/AKRyxH2EJd4AVtclxrEiihbhrZf05Pl15kGffZlieFdm5CtXje3U YfcPFvVLth1GQptYJByNyJkzIovA00Dt1Dagz099rbib6YtEruS9sMorHM581fQC4jn8 RMGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116792; x=1706721592; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k36IM3oogbJbX+Cca977QJLVZadx0c7notGaGN70m/A=; b=YIg3Pliz0LEkg/QbJkfBzULrKYh2sX4iDKYa9ISjDqhjxvlHWu4cEYH/6sCt31K5go QbO4ybbU7+fIF9D0rGNQCCUUR9LyOITQpG0bArj9mc9I/N6rT1L7pvZOWtiRzJjuNNm/ M0whFyOF3fNG3jaTgNr2A6VX75quZ36176g7y7F24Q24GieUwGZrcMWLkG16zCOhiIA1 UhxvYbyYunQUcQI/LkfddkE0OBpYBg0wtztlW8EypB3fvro1mmQblansSImS4QLKl8Xu fKzIIBh3Jo/O0Urz9fDYMsWxNzE8KQOrktkucQN6det0nLvAQ1IdU6J/o34GET1FA3uS FK7Q== X-Gm-Message-State: AOJu0Yy7RhEO9wqY9h/9S7G+EuvItAKrgAHsYrbysBxCVFP4MxUkSN4I N7LzQuEI+pCnRer0LvmpvrCvBAexj4xfrfiIF1+Z9ro9Fyx5Keu+bJj9VDyIVUowWtz5k/g2+BF I X-Google-Smtp-Source: AGHT+IGF8TlpBesyGTAgyt6W09vDglLWvwqnCdZvo+q6TpGKNJhuC8qN+k4UQuWbMiMQKzWD4reZeg== X-Received: by 2002:a0d:d614:0:b0:5ff:58f1:9944 with SMTP id y20-20020a0dd614000000b005ff58f19944mr1147179ywd.30.1706116792202; Wed, 24 Jan 2024 09:19:52 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cn23-20020a05690c0d1700b005ff95e9a554sm60208ywb.127.2024.01.24.09.19.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:51 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 31/52] btrfs: implement the fscrypt extent encryption hooks Date: Wed, 24 Jan 2024 12:18:53 -0500 Message-ID: <30eaad31964c88c3497a0c5bc8f2c727c1dc763a.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This patch implements the necessary hooks from fscrypt to support per-extent encryption. There's two main entry points btrfs_fscrypt_load_extent_info btrfs_fscrypt_save_extent_info btrfs_fscrypt_load_extent_info gets called when we create the extent maps from the file extent item at btrfs_get_extent() time. We read the extent context, and pass it into fscrypt to create the appropriate fscrypt_extent_info structure. This is then used on the bio's to make sure the encryption is done properly. btrfs_fscrypt_save_extent_info is used to generate the fscrypt context from fscrypt and save it into the file extent item when we create a new file extent item. Signed-off-by: Josef Bacik --- fs/btrfs/ctree.h | 3 +++ fs/btrfs/defrag.c | 10 +++++++- fs/btrfs/file-item.c | 15 ++++++++++-- fs/btrfs/file-item.h | 5 +++- fs/btrfs/file.c | 5 ++++ fs/btrfs/fscrypt.c | 58 ++++++++++++++++++++++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 35 ++++++++++++++++++++++++++ fs/btrfs/inode.c | 34 ++++++++++++++++++++++++-- fs/btrfs/tree-log.c | 13 +++++++++- 9 files changed, 171 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 34ecf5966a5a..54ef875765ff 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -369,6 +369,9 @@ struct btrfs_replace_extent_info { char *extent_buf; /* The length of @extent_buf */ u32 extent_buf_size; + /* The fscrypt_extent_info for a new extent. */ + u8 *fscrypt_ctx; + u32 fscrypt_context_size; /* * Set to true when attempting to replace a file range with a new extent * described by this structure, set to false when attempting to clone an diff --git a/fs/btrfs/defrag.c b/fs/btrfs/defrag.c index dd1b5a060366..c3be0d1203ba 100644 --- a/fs/btrfs/defrag.c +++ b/fs/btrfs/defrag.c @@ -16,6 +16,7 @@ #include "defrag.h" #include "file-item.h" #include "super.h" +#include "fscrypt.h" static struct kmem_cache *btrfs_inode_defrag_cachep; @@ -631,9 +632,12 @@ static struct extent_map *defrag_get_extent(struct btrfs_inode *inode, struct btrfs_path path = { 0 }; struct extent_map *em; struct btrfs_key key; + struct btrfs_fscrypt_ctx ctx; u64 ino = btrfs_ino(inode); int ret; + ctx.size = 0; + em = alloc_extent_map(); if (!em) { ret = -ENOMEM; @@ -728,7 +732,7 @@ static struct extent_map *defrag_get_extent(struct btrfs_inode *inode, goto next; /* Now this extent covers @start, convert it to em */ - btrfs_extent_item_to_extent_map(inode, &path, fi, em); + btrfs_extent_item_to_extent_map(inode, &path, fi, em, &ctx); break; next: ret = btrfs_next_item(root, &path); @@ -738,6 +742,10 @@ static struct extent_map *defrag_get_extent(struct btrfs_inode *inode, goto not_found; } btrfs_release_path(&path); + + ret = btrfs_fscrypt_load_extent_info(inode, em, &ctx); + if (ret) + goto err; return em; not_found: diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index 8bb6be8f2445..a00dc5f0273f 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -21,6 +21,7 @@ #include "accessors.h" #include "file-item.h" #include "super.h" +#include "fscrypt.h" #define __MAX_CSUM_ITEMS(r, size) ((unsigned long)(((BTRFS_LEAF_DATA_SIZE(r) - \ sizeof(struct btrfs_item) * 2) / \ @@ -1264,7 +1265,8 @@ int btrfs_csum_file_blocks(struct btrfs_trans_handle *trans, void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, const struct btrfs_path *path, struct btrfs_file_extent_item *fi, - struct extent_map *em) + struct extent_map *em, + struct btrfs_fscrypt_ctx *ctx) { struct btrfs_fs_info *fs_info = inode->root->fs_info; struct btrfs_root *root = inode->root; @@ -1275,6 +1277,7 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, u64 bytenr; u8 type = btrfs_file_extent_type(leaf, fi); int compress_type = btrfs_file_extent_compression(leaf, fi); + int encrypt_type = btrfs_file_extent_encryption(leaf, fi); btrfs_item_key_to_cpu(leaf, &key, slot); extent_start = key.offset; @@ -1304,7 +1307,15 @@ void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, if (type == BTRFS_FILE_EXTENT_PREALLOC) em->flags |= EXTENT_FLAG_PREALLOC; } - extent_map_set_encryption(em, btrfs_file_extent_encryption(leaf, fi)); + + extent_map_set_encryption(em, encrypt_type); + if (encrypt_type != BTRFS_ENCRYPTION_NONE) { + ctx->size = + btrfs_file_extent_encryption_ctx_size(leaf, fi); + read_extent_buffer(leaf, ctx->ctx, + btrfs_file_extent_encryption_ctx_offset(fi), + ctx->size); + } } else if (type == BTRFS_FILE_EXTENT_INLINE) { em->block_start = EXTENT_MAP_INLINE; em->start = extent_start; diff --git a/fs/btrfs/file-item.h b/fs/btrfs/file-item.h index 04bd2d34efb1..bb79014024bd 100644 --- a/fs/btrfs/file-item.h +++ b/fs/btrfs/file-item.h @@ -5,6 +5,8 @@ #include "accessors.h" +struct btrfs_fscrypt_ctx; + #define BTRFS_FILE_EXTENT_INLINE_DATA_START \ (offsetof(struct btrfs_file_extent_item, disk_bytenr)) @@ -63,7 +65,8 @@ int btrfs_lookup_csums_bitmap(struct btrfs_root *root, struct btrfs_path *path, void btrfs_extent_item_to_extent_map(struct btrfs_inode *inode, const struct btrfs_path *path, struct btrfs_file_extent_item *fi, - struct extent_map *em); + struct extent_map *em, + struct btrfs_fscrypt_ctx *ctx); int btrfs_inode_clear_file_extent_range(struct btrfs_inode *inode, u64 start, u64 len); int btrfs_inode_set_file_extent_range(struct btrfs_inode *inode, u64 start, u64 len); diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 2471b37ad57e..02436079c4f2 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -38,6 +38,7 @@ #include "ioctl.h" #include "file.h" #include "super.h" +#include "fscrypt.h" /* simple helper to fault in pages and copy. This should go away * and be replaced with calls into generic code. @@ -2278,6 +2279,10 @@ static int btrfs_insert_replace_extent(struct btrfs_trans_handle *trans, btrfs_set_file_extent_num_bytes(leaf, extent, replace_len); if (extent_info->is_new_extent) btrfs_set_file_extent_generation(leaf, extent, trans->transid); + if (extent_info->fscrypt_context_size) + btrfs_fscrypt_save_extent_info(inode, path, + extent_info->fscrypt_ctx, + extent_info->fscrypt_context_size); btrfs_mark_buffer_dirty(trans, leaf); btrfs_release_path(path); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 7129a6ce0780..00cbb64129c0 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -215,7 +215,65 @@ static struct block_device **btrfs_fscrypt_get_devices(struct super_block *sb, return devs; } +int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode, + struct extent_map *em, + struct btrfs_fscrypt_ctx *ctx) +{ + struct fscrypt_extent_info *info; + unsigned long nofs_flag; + + if (ctx->size == 0) + return 0; + + nofs_flag = memalloc_nofs_save(); + info = fscrypt_load_extent_info(&inode->vfs_inode, ctx->ctx, ctx->size); + memalloc_nofs_restore(nofs_flag); + if (IS_ERR(info)) + return PTR_ERR(info); + em->fscrypt_info = info; + return 0; +} + +void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, + struct btrfs_path *path, + u8 *ctx, ssize_t ctx_size) +{ + struct btrfs_file_extent_item *ei; + + /* + * ctx_size includes the btrfs_encryption_info size because we need that + * for inserting the item, subtract that from our ctx_size to get the + * actual size of the context. + */ + ctx_size -= sizeof(struct btrfs_encryption_info); + + ei = btrfs_item_ptr(path->nodes[0], path->slots[0], + struct btrfs_file_extent_item); + write_extent_buffer(path->nodes[0], ctx, + btrfs_file_extent_encryption_ctx_offset(ei), + ctx_size); + btrfs_set_file_extent_encryption_ctx_size(path->nodes[0], ei, ctx_size); +} + +ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *inode, + struct fscrypt_extent_info *info, + u8 *ctx) +{ + ssize_t ret; + + if (!info) + return 0; + + ret = fscrypt_context_for_new_extent(&inode->vfs_inode, info, ctx); + if (ret < 0) { + btrfs_err_rl(inode->root->fs_info, "invalid encrypt context"); + return ret; + } + return ret + sizeof(struct btrfs_encryption_info); +} + const struct fscrypt_operations btrfs_fscrypt_ops = { + .has_per_extent_encryption = 1, .get_context = btrfs_fscrypt_get_context, .set_context = btrfs_fscrypt_set_context, .empty_dir = btrfs_fscrypt_empty_dir, diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index c08fd52c99b4..21b5dfc6100d 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -8,6 +8,11 @@ #include "fs.h" +struct btrfs_fscrypt_ctx { + u8 ctx[BTRFS_MAX_EXTENT_CTX_SIZE]; + size_t size; +}; + #ifdef CONFIG_FS_ENCRYPTION int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, struct btrfs_dir_item *di, @@ -16,8 +21,28 @@ int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, struct extent_buffer *leaf, unsigned long de_name, u32 de_name_len); +int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode, + struct extent_map *em, + struct btrfs_fscrypt_ctx *ctx); +void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, + struct btrfs_path *path, + u8 *ctx, ssize_t ctx_size); +ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *inode, + struct fscrypt_extent_info *info, + u8 *ctx); #else +static inline void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, + struct btrfs_path *path, + u8 *ctx, ssize_t ctx_size) { } + +static inline int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode, + struct extent_map *em, + struct btrfs_fscrypt_ctx *ctx) +{ + return 0; +} + static inline int btrfs_fscrypt_get_disk_name(struct extent_buffer *leaf, struct btrfs_dir_item *di, struct fscrypt_str *qstr) @@ -35,6 +60,16 @@ static inline bool btrfs_fscrypt_match_name(struct fscrypt_name *fname, return !memcmp_extent_buffer(leaf, fname->disk_name.name, de_name, de_name_len); } + +static inline ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *inode, + struct fscrypt_extent_info *info, + u8 *ctx) +{ + if (!info) + return 0; + return -EINVAL; +} + #endif /* CONFIG_FS_ENCRYPTION */ extern const struct fscrypt_operations btrfs_fscrypt_ops; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e4557c460ee0..7fa38eaa5afd 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2915,9 +2915,16 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, u64 num_bytes = btrfs_stack_file_extent_num_bytes(stack_fi); u64 ram_bytes = btrfs_stack_file_extent_ram_bytes(stack_fi); struct btrfs_drop_extents_args drop_args = { 0 }; - size_t fscrypt_context_size = 0; + u8 fscrypt_ctx[FSCRYPT_SET_CONTEXT_MAX_SIZE]; + ssize_t fscrypt_context_size = 0; int ret; + fscrypt_context_size = btrfs_fscrypt_context_for_new_extent(inode, + fscrypt_info, + fscrypt_ctx); + if (fscrypt_context_size < 0) + return (int)fscrypt_context_size; + path = btrfs_alloc_path(); if (!path) return -ENOMEM; @@ -2956,6 +2963,10 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, btrfs_item_ptr_offset(leaf, path->slots[0]), sizeof(struct btrfs_file_extent_item)); + if (fscrypt_context_size) + btrfs_fscrypt_save_extent_info(inode, path, fscrypt_ctx, + fscrypt_context_size); + btrfs_mark_buffer_dirty(trans, leaf); btrfs_release_path(path); @@ -6892,6 +6903,7 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, struct btrfs_key found_key; struct extent_map *em = NULL; struct extent_map_tree *em_tree = &inode->extent_tree; + struct btrfs_fscrypt_ctx ctx; read_lock(&em_tree->lock); em = lookup_extent_mapping(em_tree, start, len); @@ -6905,6 +6917,9 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, else goto out; } + + ctx.size = 0; + em = alloc_extent_map(); if (!em) { ret = -ENOMEM; @@ -7009,7 +7024,7 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, goto insert; } - btrfs_extent_item_to_extent_map(inode, path, item, em); + btrfs_extent_item_to_extent_map(inode, path, item, em, &ctx); if (extent_type == BTRFS_FILE_EXTENT_REG || extent_type == BTRFS_FILE_EXTENT_PREALLOC) { @@ -7053,6 +7068,10 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, goto out; } + ret = btrfs_fscrypt_load_extent_info(inode, em, &ctx); + if (ret) + goto out; + write_lock(&em_tree->lock); ret = btrfs_add_extent_mapping(fs_info, em_tree, &em, start, len); write_unlock(&em_tree->lock); @@ -9732,6 +9751,7 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( u64 file_offset) { struct btrfs_file_extent_item stack_fi; + u8 fscrypt_ctx[FSCRYPT_SET_CONTEXT_MAX_SIZE]; struct btrfs_replace_extent_info extent_info; struct btrfs_trans_handle *trans = trans_in; struct btrfs_path *path; @@ -9767,6 +9787,14 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( return trans; } + fscrypt_context_size = btrfs_fscrypt_context_for_new_extent(inode, + fscrypt_info, + fscrypt_ctx); + if (fscrypt_context_size < 0) { + ret = (int)fscrypt_context_size; + goto free_qgroup; + } + extent_info.disk_offset = start; extent_info.disk_len = len; extent_info.data_offset = 0; @@ -9778,6 +9806,8 @@ static struct btrfs_trans_handle *insert_prealloc_file_extent( extent_info.update_times = true; extent_info.qgroup_reserved = qgroup_released; extent_info.insertions = 0; + extent_info.fscrypt_ctx = fscrypt_ctx; + extent_info.fscrypt_context_size = fscrypt_context_size; path = btrfs_alloc_path(); if (!path) { diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 102e78886c60..6fc16612b9b8 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -30,6 +30,7 @@ #include "file.h" #include "orphan.h" #include "tree-checker.h" +#include "fscrypt.h" #define MAX_CONFLICT_INODES 10 @@ -4623,13 +4624,20 @@ static int log_one_extent(struct btrfs_trans_handle *trans, struct btrfs_file_extent_item fi = { 0 }; struct extent_buffer *leaf; struct btrfs_key key; + u8 fscrypt_ctx[FSCRYPT_SET_CONTEXT_MAX_SIZE]; enum btrfs_compression_type compress_type; u64 extent_offset = em->start - em->orig_start; u64 block_len; int ret; - size_t fscrypt_context_size = 0; + ssize_t fscrypt_context_size = 0; u8 encryption = extent_map_encryption(em); + fscrypt_context_size = btrfs_fscrypt_context_for_new_extent(inode, + em->fscrypt_info, + fscrypt_ctx); + if (fscrypt_context_size < 0) + return (int)fscrypt_context_size; + btrfs_set_stack_file_extent_generation(&fi, trans->transid); if (em->flags & EXTENT_FLAG_PREALLOC) btrfs_set_stack_file_extent_type(&fi, BTRFS_FILE_EXTENT_PREALLOC); @@ -4691,6 +4699,9 @@ static int log_one_extent(struct btrfs_trans_handle *trans, write_extent_buffer(leaf, &fi, btrfs_item_ptr_offset(leaf, path->slots[0]), sizeof(fi)); + if (fscrypt_context_size) + btrfs_fscrypt_save_extent_info(inode, path, fscrypt_ctx, + fscrypt_context_size); btrfs_mark_buffer_dirty(trans, leaf); btrfs_release_path(path); From patchwork Wed Jan 24 17:18:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529479 Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 770681272BA for ; Wed, 24 Jan 2024 17:19:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116795; cv=none; b=ORC8lfaTRFWb8FhWHn3Tq1FVe2XEF0oNzQT5mvA8rr3VVEQxzRz9sbOho4NJ5ItW2rIMtq2yYK8Zubgln6BIX6ghchdNoh+cVrzVTBWT3eUMOWdCsD4ybIdRNYo1LY3dxGIG4NHQHQWtq3TDctmJq3cWLd7MtGHnki7C50GFXyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116795; c=relaxed/simple; bh=ISFQXNg84S5QdLTAk0E7kwRdicViZeD3qyiidpxErlg=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jdfTQwQJq+/0/saeclncUr/L0Ra6/j+ydWcFVvUVVf3vCcl9bK+bKOsGQA337pivu3v3CxHLXgXKIHlBmVGjg/puTYpbONHPnOlt//K/eybymOAkfkzfOEb3pO8sQd5eVTPHrCg+q+80/oBTJTAbSRiFEywMHsJQArWeVXBYBHM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=oIn+AuOV; arc=none smtp.client-ip=209.85.219.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="oIn+AuOV" Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-d9b9adaf291so4157654276.1 for ; Wed, 24 Jan 2024 09:19:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116793; x=1706721593; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=X2O1eKvEKn42C1szqxvSwRqikI3pX2uy9M6d9AXC5Xo=; b=oIn+AuOVtuTh9q4r67VYU6iwIQ7b6I8PRHzIL2w5HdbT6Ex+4tjLw7jX+N0AEg9ZCE HNTNM8LF8jpFOyH8uF6jb9RFkgFJRAgpKfGYFGdi+xJ95TxIo34zIiiSBrz4x6EdPdX7 JuCvI3TvhObYnZz/CXQ/5bMGIeISqsYtDZkmq8TqIA5uik4M1BVpx+3foZSntkccn0zK Hye0RznvcPstMX7BL3Rj/oeq9uteSerdVQjXifhkOh5nDC4WfwoRi4hVc8EIwUmZr6eT Y13LjVTvjONgIJon1lPyPCRdWoQ0/L1ExOXlRr/dhdX3FpHYwmNV+hwm7EeSdm3EwGKA CKVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116793; x=1706721593; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X2O1eKvEKn42C1szqxvSwRqikI3pX2uy9M6d9AXC5Xo=; b=d0rupKn5+KtKaVAkRE3B80bT/HaAfVv4gj0y3OcpCGMf9HyR0YMI89n3cS6xnx9oMb WzZOOJRsT6mJLi64Uo7Xn2OXpRpFm4lADIk4gbM6v3nO2erVSD5Lzp4IcVTE3DzyXejf mh56ELUgo7vifFIkZ8QcVDdgw6diIOqeH+4yjAOECMO1sx6NQTSE266xgmRsiP8/wvS+ swvNcIsz8796ghLScgxoE06fRMA1mvp636aa+K0sZyG0CuGEAN5fdgo/P+aF0woxgOHB ZSjRfEqENGU/p6Ed2xUM4O9ktzB6jTQgwQsgTfHAunQ/fz8bp4uUp8ZrMpZtoKjkh1e6 nMdg== X-Gm-Message-State: AOJu0YzAfJSpb6Tpqxu50Qiv6WxLGJNpp85TDDSO65t1Rxcrs1IzzFWJ HFloVdImjhzQjnnttYolurmbiSW2DmLqEZyc4eoSCX3LRfA/Vb86TiiYQCMZBKqDiL1drZzJuC7 Y X-Google-Smtp-Source: AGHT+IFnMGb4t/kjhbZ71NmWqPIX+8RyVlAf0A6uipplbdk2RUEgYxB3W8dTueoliKdBSzvtDRZUog== X-Received: by 2002:a25:2e0e:0:b0:dbd:b170:e119 with SMTP id u14-20020a252e0e000000b00dbdb170e119mr790482ybu.112.1706116793166; Wed, 24 Jan 2024 09:19:53 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id z15-20020a25868f000000b00dc252f785c3sm2871452ybk.17.2024.01.24.09.19.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:52 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 32/52] btrfs: setup fscrypt_extent_info for new extents Date: Wed, 24 Jan 2024 12:18:54 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 New extents for encrypted inodes must have a fscrypt_extent_info, which has the necessary keys and does all the registration at the block layer for them. This is passed through all of the infrastructure we've previously added to make sure the context gets saved properly with the file extents. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 7fa38eaa5afd..71098063bb9f 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7436,6 +7436,16 @@ static struct extent_map *create_io_em(struct btrfs_inode *inode, if (fscrypt_info) { extent_map_set_encryption(em, BTRFS_ENCRYPTION_FSCRYPT); em->fscrypt_info = fscrypt_get_extent_info(fscrypt_info); + } else if (IS_ENCRYPTED(&inode->vfs_inode)) { + struct fscrypt_extent_info *fscrypt_info; + + extent_map_set_encryption(em, BTRFS_ENCRYPTION_FSCRYPT); + fscrypt_info = fscrypt_prepare_new_extent(&inode->vfs_inode); + if (IS_ERR(fscrypt_info)) { + free_extent_map(em); + return ERR_CAST(fscrypt_info); + } + em->fscrypt_info = fscrypt_info; } else { extent_map_set_encryption(em, BTRFS_ENCRYPTION_NONE); } @@ -9858,6 +9868,9 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, if (trans) own_trans = false; while (num_bytes > 0) { + struct fscrypt_extent_info *fscrypt_info = NULL; + int encryption_type = BTRFS_ENCRYPTION_NONE; + cur_bytes = min_t(u64, num_bytes, SZ_256M); cur_bytes = max(cur_bytes, min_size); /* @@ -9872,6 +9885,20 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, if (ret) break; + if (IS_ENCRYPTED(inode)) { + fscrypt_info = fscrypt_prepare_new_extent(inode); + if (IS_ERR(fscrypt_info)) { + btrfs_dec_block_group_reservations(fs_info, + ins.objectid); + btrfs_free_reserved_extent(fs_info, + ins.objectid, + ins.offset, 0); + ret = PTR_ERR(fscrypt_info); + break; + } + encryption_type = BTRFS_ENCRYPTION_FSCRYPT; + } + /* * We've reserved this space, and thus converted it from * ->bytes_may_use to ->bytes_reserved. Any error that happens @@ -9883,7 +9910,8 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, last_alloc = ins.offset; trans = insert_prealloc_file_extent(trans, BTRFS_I(inode), - &ins, NULL, cur_offset); + &ins, fscrypt_info, + cur_offset); /* * Now that we inserted the prealloc extent we can finally * decrement the number of reservations in the block group. @@ -9893,6 +9921,7 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, btrfs_dec_block_group_reservations(fs_info, ins.objectid); if (IS_ERR(trans)) { ret = PTR_ERR(trans); + fscrypt_put_extent_info(fscrypt_info); btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 0); break; @@ -9900,6 +9929,7 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, em = alloc_extent_map(); if (!em) { + fscrypt_put_extent_info(fscrypt_info); btrfs_drop_extent_map_range(BTRFS_I(inode), cur_offset, cur_offset + ins.offset - 1, false); btrfs_set_inode_full_sync(BTRFS_I(inode)); @@ -9915,6 +9945,8 @@ static int __btrfs_prealloc_file_range(struct inode *inode, int mode, em->ram_bytes = ins.offset; em->flags |= EXTENT_FLAG_PREALLOC; em->generation = trans->transid; + em->fscrypt_info = fscrypt_info; + extent_map_set_encryption(em, encryption_type); ret = btrfs_replace_extent_map_range(BTRFS_I(inode), em, true); free_extent_map(em); From patchwork Wed Jan 24 17:18:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529480 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 57CB01272BF for ; Wed, 24 Jan 2024 17:19:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116796; cv=none; b=ZGSRhjIQONDIgKSojjWJ16fwLdI2vIrfi0OpIjamt28rjLlK71F80R1gBOj6TrNIC4y1gf9wDIqwMUommWVM0o/vNecsPr3B177UdFSeh0pNTsMVQBn9XIaimbujCmR7XybONqobmoklTxQWFiC8aSy4yUgVODww7dGeHfZmEZQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116796; c=relaxed/simple; bh=pknzlpzbBEhJv2FXVFZoOJx792Jf3PZ6KUbmKoOYKQE=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mC6TM75JC+8SNXyBGyyVsrWPhtf/D8oIt1HP55HLdqbhtNY8X5/yBNZgv69qkWZt5do1+guyNhkJMxzSogZD6QLCSeN6TY1PZcBtO21TFDa69JoBI75l92QlxbCd6TFuoe4w7qjDaNF1p+FLQaiyrx311R+Dh4PQKx9r06ytH2Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=BaG9J5la; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="BaG9J5la" Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-5ff84214fc7so56223147b3.0 for ; Wed, 24 Jan 2024 09:19:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116794; x=1706721594; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7dFo+f19GBEAYwqiY7zLRHf4iTz8jOu/JlGsrnAeq6Y=; b=BaG9J5la67PmOM7Y9lmuT6TYHR7OX3VORTsFPUPYemgceYjLvyVvyJRIBL2mAz0VAz LIpbPGi7H8AFk91gq0iSY74NQwsEOZjXweJZwUmux44xAycNcW2WlqHh/cnCPqIvXfZ1 TtswTQc7iCa9Ov25svwAtXWvKL7ZFVTSFRwQeyNBvjAVLl9zzVbQny+raSNReBeg0/XV x8mHNG4nMnligbYdiS8Y/GWwZujfi2TaJZ6JUSwVRHBEuIER3HsetgfYw7dnj/1BRuWY QEJr+FBtnOdwqv+pZpLNzu202pA+MyexRSKy+oRRaSIvjDZvuwFAHuaTWxJFqvOEvIkA 9QOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116794; x=1706721594; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7dFo+f19GBEAYwqiY7zLRHf4iTz8jOu/JlGsrnAeq6Y=; b=BDHm8XBp45O3g9vSn0Gs6r3POb4QgR9xGIM+NT6NVny9oAErllYUymBkLSFaKIqaO6 Stw55VtQyQ8d+anSo7k30W1QTU1YdHB0MsCSc4V4Np4Y/+keESmDMYPW3rJ5FzHNK1/W Y9GLs/ZRWYZ/0VgbtoheF9CfS86Qeevtr4BZGh1G1XImQxcRGyGRU7LzZ+VWbOm5LLB1 4xaPuU0jrSdQ+bf4ZD8Vaq9gh8tpzBjhwzilmjJ4R5U+M0AI+J+5h7kRkB5XUSSiTg46 Uccg05mlwdXsJtYSG22S+ZWS2pmu+PTwMytt5bVhe009PLOV8Vr/WnfS9i9JBbstkAvt KOaw== X-Gm-Message-State: AOJu0Yyk5RUNr4YDZph6AD4Yx5VR3FMTJ3Ob+V3axGPXKFuXGhcWlL84 RJbWXgD7sUXYplZI63dFHLxHGm0wEelFJcSs5HLLVfCOJhWBTmAYU22Hp4daAk32a7LGG9gXcuS Z X-Google-Smtp-Source: AGHT+IGGo28S3TYL52x1+tYOpzh7LjFOZ7dOqsFS7XvLDZdxRgLyLlrkIQ4L86JOiPxXAG94A4+QfQ== X-Received: by 2002:a81:a14d:0:b0:5ff:9675:1e00 with SMTP id y74-20020a81a14d000000b005ff96751e00mr1004510ywg.43.1706116794078; Wed, 24 Jan 2024 09:19:54 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cb9-20020a05690c090900b005f75cf6281fsm65990ywb.5.2024.01.24.09.19.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:53 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 33/52] btrfs: populate ordered_extent with the orig offset Date: Wed, 24 Jan 2024 12:18:55 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For extent encryption we have to use a logical block nr as input for the IV. For btrfs we're using the offset into the extent we're operating on. For most ordered extents this is the same as the file_offset, however for prealloc and NOCOW we have to use the original offset. Add this as an argument and plumb it through everywhere, this will be used when setting up the bio. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 15 ++++++++++----- fs/btrfs/ordered-data.c | 32 ++++++++++++++++++++++---------- fs/btrfs/ordered-data.h | 12 +++++++++--- 3 files changed, 41 insertions(+), 18 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 71098063bb9f..a84ff55b7eb5 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1175,6 +1175,7 @@ static void submit_one_async_extent(struct async_chunk *async_chunk, ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, start, /* file_offset */ + start, /* orig_start */ async_extent->ram_size, /* num_bytes */ async_extent->ram_size, /* ram_bytes */ ins.objectid, /* disk_bytenr */ @@ -1438,8 +1439,8 @@ static noinline int cow_file_range(struct btrfs_inode *inode, } ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, - start, ram_size, ram_size, ins.objectid, - cur_alloc_size, 0, + start, start, ram_size, ram_size, + ins.objectid, cur_alloc_size, 0, 1 << BTRFS_ORDERED_REGULAR, BTRFS_COMPRESS_NONE); free_extent_map(em); @@ -2193,7 +2194,9 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, } ordered = btrfs_alloc_ordered_extent(inode, fscrypt_info, - cur_offset, nocow_args.num_bytes, + cur_offset, + found_key.offset - nocow_args.extent_offset, + nocow_args.num_bytes, nocow_args.num_bytes, nocow_args.disk_bytenr, nocow_args.num_bytes, 0, is_prealloc @@ -7117,8 +7120,9 @@ static struct extent_map *btrfs_create_dio_extent(struct btrfs_inode *inode, fscrypt_info = em->fscrypt_info; } - ordered = btrfs_alloc_ordered_extent(inode, fscrypt_info, start, len, - len, block_start, block_len, 0, + ordered = btrfs_alloc_ordered_extent(inode, fscrypt_info, start, + orig_start, len, len, block_start, + block_len, 0, (1 << type) | (1 << BTRFS_ORDERED_DIRECT), BTRFS_COMPRESS_NONE); @@ -10684,6 +10688,7 @@ ssize_t btrfs_do_encoded_write(struct kiocb *iocb, struct iov_iter *from, } ordered = btrfs_alloc_ordered_extent(inode, em->fscrypt_info, start, + start - encoded->unencoded_offset, num_bytes, ram_bytes, ins.objectid, ins.offset, encoded->unencoded_offset, (1 << BTRFS_ORDERED_ENCODED) | diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index 1cd04c57b7a2..c33012ec79d9 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -148,9 +148,9 @@ static inline struct rb_node *ordered_tree_search(struct btrfs_inode *inode, static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_inode *inode, struct fscrypt_extent_info *fscrypt_info, - u64 file_offset, u64 num_bytes, u64 ram_bytes, - u64 disk_bytenr, u64 disk_num_bytes, u64 offset, - unsigned long flags, int compress_type) + u64 file_offset, u64 orig_offset, u64 num_bytes, + u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, + u64 offset, unsigned long flags, int compress_type) { struct btrfs_ordered_extent *entry; int ret; @@ -176,6 +176,7 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(-ENOMEM); entry->file_offset = file_offset; + entry->orig_offset = orig_offset; entry->num_bytes = num_bytes; entry->ram_bytes = ram_bytes; entry->disk_bytenr = disk_bytenr; @@ -254,6 +255,7 @@ static void insert_ordered_extent(struct btrfs_ordered_extent *entry) * @inode: Inode that this extent is for. * @fscrypt_info: The fscrypt_extent_info for this extent, if necessary. * @file_offset: Logical offset in file where the extent starts. + * @orig_offset: Logical offset of the original extent (PREALLOC or NOCOW) * @num_bytes: Logical length of extent in file. * @ram_bytes: Full length of unencoded data. * @disk_bytenr: Offset of extent on disk. @@ -271,17 +273,17 @@ static void insert_ordered_extent(struct btrfs_ordered_extent *entry) struct btrfs_ordered_extent *btrfs_alloc_ordered_extent( struct btrfs_inode *inode, struct fscrypt_extent_info *fscrypt_info, - u64 file_offset, u64 num_bytes, u64 ram_bytes, - u64 disk_bytenr, u64 disk_num_bytes, u64 offset, - unsigned long flags, int compress_type) + u64 file_offset, u64 orig_offset, u64 num_bytes, + u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, + u64 offset, unsigned long flags, int compress_type) { struct btrfs_ordered_extent *entry; ASSERT((flags & ~BTRFS_ORDERED_TYPE_FLAGS) == 0); entry = alloc_ordered_extent(inode, fscrypt_info, file_offset, - num_bytes, ram_bytes, disk_bytenr, - disk_num_bytes, offset, flags, + orig_offset, num_bytes, ram_bytes, + disk_bytenr, disk_num_bytes, offset, flags, compress_type); if (!IS_ERR(entry)) insert_ordered_extent(entry); @@ -1178,8 +1180,8 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( return ERR_PTR(-EINVAL); new = alloc_ordered_extent(inode, ordered->fscrypt_info, file_offset, - len, len, disk_bytenr, len, 0, flags, - ordered->compress_type); + ordered->orig_offset, len, len, disk_bytenr, + len, 0, flags, ordered->compress_type); if (IS_ERR(new)) return new; @@ -1200,6 +1202,16 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + /* + * ->orig_offset is the original offset of the original extent, which + * for PREALLOC or NOCOW stays the same, but if we're a regular extent + * that means this is a new extent and thus ->orig_offset must equal + * ->file_offset. This is only important for encryption as we only use + * it for setting the offset for the bio encryption context. + */ + if (test_bit(BTRFS_ORDERED_REGULAR, &ordered->flags)) + ordered->orig_offset = ordered->file_offset; + if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0); new->bytes_left = 0; diff --git a/fs/btrfs/ordered-data.h b/fs/btrfs/ordered-data.h index 57ca8ce6eb6d..a8ce181288f7 100644 --- a/fs/btrfs/ordered-data.h +++ b/fs/btrfs/ordered-data.h @@ -83,6 +83,12 @@ struct btrfs_ordered_extent { /* logical offset in the file */ u64 file_offset; + /* + * The original logical offset of the extent, this is for NOCOW and + * PREALLOC extents, otherwise it'll be the same as file_offset. + */ + u64 orig_offset; + /* * These fields directly correspond to the same fields in * btrfs_file_extent_item. @@ -165,9 +171,9 @@ bool btrfs_dec_test_ordered_pending(struct btrfs_inode *inode, struct btrfs_ordered_extent *btrfs_alloc_ordered_extent( struct btrfs_inode *inode, struct fscrypt_extent_info *fscrypt_info, - u64 file_offset, u64 num_bytes, u64 ram_bytes, - u64 disk_bytenr, u64 disk_num_bytes, u64 offset, - unsigned long flags, int compress_type); + u64 file_offset, u64 orig_offset, u64 num_bytes, + u64 ram_bytes, u64 disk_bytenr, u64 disk_num_bytes, + u64 offset, unsigned long flags, int compress_type); void btrfs_add_ordered_sum(struct btrfs_ordered_extent *entry, struct btrfs_ordered_sum *sum); struct btrfs_ordered_extent *btrfs_lookup_ordered_extent(struct btrfs_inode *inode, From patchwork Wed Jan 24 17:18:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529482 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2FAD1272DC for ; Wed, 24 Jan 2024 17:19:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116799; cv=none; b=ibCdtLl+Xs9/0b5fvJFCw3pIHytgpZm1cb614YURTn0lVKvpMSXcllVNTpwlqV4Q98/3s8g/LluGXG9/K9tfhQT8pXF78HHC9gUOsKRax3bD6WAg151hHKRgLXbJ5VPJx9GrtKgh4/NkIz8OyY+7fm/L0jewNwU/4PL9bbkLwIk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116799; c=relaxed/simple; bh=rLS84C8rNkGqB9Esla4F9HnNaRwj2+833wNcTq8HVWI=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NXeAfL71DB+k8UO2mx7yM27EPY40JFOtaisb9wRdVHTQ+Do+mBITeAWcx9T9Jo5QxJfriuKMIW5m3M80YuZGZvJzJblafsn7+gkI7YvBHygiRyoUS8E25tCvt2xX+0f6FtaWVQDFkvTH0JE0p8rrZPakb36AZl4iDxmqUppYhHI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=jbUsQSyP; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="jbUsQSyP" Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-5f0629e67f4so61001017b3.3 for ; Wed, 24 Jan 2024 09:19:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116796; x=1706721596; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zDEqPk0kWMR3iz0QvMpGYMU1WA6eE2R/mgYIl1+rHn4=; b=jbUsQSyPhbG13uh4nRQ/d+/3m4p7iDPourvukqp2Lf+nm0W9KN+3T68iTa2+s/IMPb KGndZnNovw3ze1ZAtDvAcvfuJUmnVKwFkCgLMXcDHKBGeYvg3EvbBq4ydR0xbqAHLQ/W /JU4IfyljzrLmeXssvQBE7+wlhcd96Ay0nJpplWQnnYo18akYjHFTCPZW8je/+RVVwCg izlfxfOXqDVzGd7RqHsmtPFRungkf2dDV1FhW59OJB6tNr/HLVN9yx5rrFv/Oc6DptI6 HjBRzx8nRjRpoJXnCAlAlKUoTKExa1w1tYTgLUpyFLMPOx/ZE3z7ZBX3OtqJP8Th+wCr uYsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116796; x=1706721596; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zDEqPk0kWMR3iz0QvMpGYMU1WA6eE2R/mgYIl1+rHn4=; b=c5ihbHimED9spt0hPav78D7SIaKS+Xzf/oXPlQPg2CzGgDTYiluzTbLZPOoPfKylDN KcNH404x6aOI6LXVo/7wc2kaO56z5t4LMiJy5kEpNMAARKuAjgMI8IVpjsff+Huq91cl crbrXlv0mBW2uYO5mZDN2eNG4ROvbdom2bIBu5XvkplRW825aB0kwQY6zKaLlb5jGoZZ gjPgKRYFaUhXFGIPSpQWGCP1FlTEHOQMVMAPwuDBSGFo2wS7BZQ53aWbI6PBcKm3ob+U pSEejWI7XZrX1VZ3EMseEiZDYlTK0bwhakm4YoAlHSu5k2cDMbaZD4h3I4AWW6qGwi9l LhhQ== X-Gm-Message-State: AOJu0Yzv1+K8jMG5QcZDEG3bXtjKtNLoElXpOi+zpT4kP/VmaGtom3tz qBYopJqY0qjunR0Wd7D2RqWgq1LmNoNzKtkpo2s95G79Gl7eaJXfjgjlVy/LVkDpIx60Z4hh2ei s X-Google-Smtp-Source: AGHT+IFGRXTBevhIg+6AX6A1xVh1aYdS1mq4HWxm4xcwmeJLZLFPyKN71urX6fUpl1N9itsKRNJLlA== X-Received: by 2002:a0d:d346:0:b0:5ff:55dd:bf65 with SMTP id v67-20020a0dd346000000b005ff55ddbf65mr1087624ywd.65.1706116795076; Wed, 24 Jan 2024 09:19:55 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id cj28-20020a05690c0b1c00b005ff9f60b8besm61291ywb.84.2024.01.24.09.19.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:54 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 34/52] btrfs: set the bio fscrypt context when applicable Date: Wed, 24 Jan 2024 12:18:56 -0500 Message-ID: <9ca883acc746b5aba980d1d19317168a7491aba6.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Now that we have the fscrypt_info plumbed through everywhere, add the code to setup the bio encryption context from the extent context. We use the per-extent fscrypt_extent_info for encryption/decryption. We use the offset into the extent as the lblk for fscrypt. So the start of the extent has the lblk of 0, 4k into the extent has the lblk of 4k, etc. This is done to allow things like relocation to continue to work properly. Signed-off-by: Josef Bacik --- fs/btrfs/compression.c | 6 ++++ fs/btrfs/extent_io.c | 76 +++++++++++++++++++++++++++++++++++++++++- fs/btrfs/fscrypt.c | 36 ++++++++++++++++++++ fs/btrfs/fscrypt.h | 22 ++++++++++++ fs/btrfs/inode.c | 10 ++++++ 5 files changed, 149 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 68345f73d429..5988813c5bd0 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -37,6 +37,7 @@ #include "zoned.h" #include "file-item.h" #include "super.h" +#include "fscrypt.h" static struct bio_set btrfs_compressed_bioset; @@ -396,6 +397,9 @@ void btrfs_submit_compressed_write(struct btrfs_ordered_extent *ordered, cb->bbio.ordered = ordered; btrfs_add_compressed_bio_pages(cb); + btrfs_set_bio_crypt_ctx_from_extent(&cb->bbio.bio, inode, + ordered->fscrypt_info, 0); + btrfs_submit_bio(&cb->bbio, 0); } @@ -600,6 +604,8 @@ void btrfs_submit_compressed_read(struct btrfs_bio *bbio) cb->compress_type = extent_map_compression(em); cb->orig_bbio = bbio; + btrfs_set_bio_crypt_ctx_from_extent(&cb->bbio.bio, inode, + em->fscrypt_info, 0); free_extent_map(em); cb->nr_pages = DIV_ROUND_UP(compressed_len, PAGE_SIZE); diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 19c4f0657098..43680f26ddbe 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -36,6 +36,7 @@ #include "dev-replace.h" #include "super.h" #include "transaction.h" +#include "fscrypt.h" static struct kmem_cache *extent_buffer_cache; @@ -103,6 +104,10 @@ struct btrfs_bio_ctrl { blk_opf_t opf; btrfs_bio_end_io_t end_io_func; struct writeback_control *wbc; + + /* This is set for reads and we have encryption. */ + struct fscrypt_extent_info *fscrypt_info; + u64 orig_start; }; static void submit_one_bio(struct btrfs_bio_ctrl *bio_ctrl) @@ -739,10 +744,31 @@ static bool btrfs_bio_is_contig(struct btrfs_bio_ctrl *bio_ctrl, struct page *page, u64 disk_bytenr, unsigned int pg_offset) { - struct bio *bio = &bio_ctrl->bbio->bio; + struct inode *inode = page->mapping->host; + struct btrfs_bio *bbio = bio_ctrl->bbio; + struct bio *bio = &bbio->bio; struct bio_vec *bvec = bio_last_bvec_all(bio); const sector_t sector = disk_bytenr >> SECTOR_SHIFT; + if (IS_ENCRYPTED(inode)) { + u64 file_offset = page_offset(page) + pg_offset; + u64 offset = 0; + struct fscrypt_extent_info *fscrypt_info = NULL; + + /* bio_ctrl->fscrypt_info is only set in the READ case. */ + if (bio_ctrl->fscrypt_info) { + offset = file_offset - bio_ctrl->orig_start; + fscrypt_info = bio_ctrl->fscrypt_info; + } else if (bbio->ordered) { + fscrypt_info = bbio->ordered->fscrypt_info; + offset = file_offset - bbio->ordered->orig_offset; + } + + if (!btrfs_mergeable_encrypted_bio(bio, inode, fscrypt_info, + offset)) + return false; + } + if (bio_ctrl->compress_type != BTRFS_COMPRESS_NONE) { /* * For compression, all IO should have its logical bytenr set @@ -773,6 +799,8 @@ static void alloc_new_bio(struct btrfs_inode *inode, { struct btrfs_fs_info *fs_info = inode->root->fs_info; struct btrfs_bio *bbio; + struct fscrypt_extent_info *fscrypt_info = NULL; + u64 offset = 0; bbio = btrfs_bio_alloc(BIO_MAX_VECS, bio_ctrl->opf, fs_info, bio_ctrl->end_io_func, NULL); @@ -792,6 +820,8 @@ static void alloc_new_bio(struct btrfs_inode *inode, ordered->file_offset + ordered->disk_num_bytes - file_offset); bbio->ordered = ordered; + fscrypt_info = ordered->fscrypt_info; + offset = file_offset - ordered->orig_offset; } /* @@ -802,7 +832,13 @@ static void alloc_new_bio(struct btrfs_inode *inode, */ bio_set_dev(&bbio->bio, fs_info->fs_devices->latest_dev->bdev); wbc_init_bio(bio_ctrl->wbc, &bbio->bio); + } else { + fscrypt_info = bio_ctrl->fscrypt_info; + offset = file_offset - bio_ctrl->orig_start; } + + btrfs_set_bio_crypt_ctx_from_extent(&bbio->bio, inode, fscrypt_info, + offset); } /* @@ -846,6 +882,19 @@ static void submit_extent_page(struct btrfs_bio_ctrl *bio_ctrl, len = bio_ctrl->len_to_oe_boundary; } + /* + * Encryption has to allocate bounce buffers to encrypt the bio, + * and we need to make sure that it doesn't split the bio so we + * retain all of our special info in the btrfs_bio, so submit + * any bio that gets up to BIO_MAX_VECS worth of segments. + */ + if (IS_ENCRYPTED(&inode->vfs_inode) && + bio_data_dir(&bio_ctrl->bbio->bio) == WRITE && + bio_segments(&bio_ctrl->bbio->bio) == BIO_MAX_VECS) { + submit_one_bio(bio_ctrl); + continue; + } + if (bio_add_page(&bio_ctrl->bbio->bio, page, len, pg_offset) != len) { /* bio full: move on to a new one */ submit_one_bio(bio_ctrl); @@ -1040,6 +1089,8 @@ static int btrfs_do_readpage(struct page *page, struct extent_map **em_cached, bool force_bio_submit = false; u64 disk_bytenr; + bio_ctrl->fscrypt_info = NULL; + ASSERT(IS_ALIGNED(cur, fs_info->sectorsize)); if (cur >= last_byte) { iosize = PAGE_SIZE - pg_offset; @@ -1112,6 +1163,22 @@ static int btrfs_do_readpage(struct page *page, struct extent_map **em_cached, if (prev_em_start) *prev_em_start = em->start; + /* + * We use the extent offset for the IV when decrypting the page, + * so we have to set the extent_offset based on the orig_start + * for this extent. Also save the fscrypt_info so the bio ctx + * can be set properly. If this inode isn't encrypted this + * won't do anything. + * + * If we're compressed we'll handle all of this in + * btrfs_submit_compressed_read. + */ + if (compress_type == BTRFS_COMPRESS_NONE) { + bio_ctrl->orig_start = em->orig_start; + bio_ctrl->fscrypt_info = + fscrypt_get_extent_info(em->fscrypt_info); + } + free_extent_map(em); em = NULL; @@ -1123,6 +1190,9 @@ static int btrfs_do_readpage(struct page *page, struct extent_map **em_cached, end_page_read(page, true, cur, iosize); cur = cur + iosize; pg_offset += iosize; + + /* This shouldn't be set, but clear it just in case. */ + fscrypt_put_extent_info(bio_ctrl->fscrypt_info); continue; } /* the get_extent function already copied into the page */ @@ -1131,6 +1201,9 @@ static int btrfs_do_readpage(struct page *page, struct extent_map **em_cached, end_page_read(page, true, cur, iosize); cur = cur + iosize; pg_offset += iosize; + + /* This shouldn't be set, but clear it just in case. */ + fscrypt_put_extent_info(bio_ctrl->fscrypt_info); continue; } @@ -1143,6 +1216,7 @@ static int btrfs_do_readpage(struct page *page, struct extent_map **em_cached, submit_one_bio(bio_ctrl); submit_extent_page(bio_ctrl, disk_bytenr, page, iosize, pg_offset); + fscrypt_put_extent_info(bio_ctrl->fscrypt_info); cur = cur + iosize; pg_offset += iosize; } diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 00cbb64129c0..b93fce2db3d5 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -272,6 +272,42 @@ ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *inode, return ret + sizeof(struct btrfs_encryption_info); } +void btrfs_set_bio_crypt_ctx_from_extent(struct bio *bio, + struct btrfs_inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset) +{ + if (!fi) + return; + + /* + * fscrypt uses bytes >> s_blocksize_bits for the block numbers, so we + * have to adjust everything based on our sectorsize so that the DUN + * calculations are correct. + */ + logical_offset = div64_u64(logical_offset, + inode->root->fs_info->sectorsize); + fscrypt_set_bio_crypt_ctx_from_extent(bio, fi, logical_offset, + GFP_NOFS); +} + +bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset) +{ + if (!fi) + return true; + + /* + * fscrypt uses bytes >> s_blocksize_bits for the block numbers, so we + * have to adjust everything based on our sectorsize so that the DUN + * calculations are correct. + */ + logical_offset = div64_u64(logical_offset, + BTRFS_I(inode)->root->fs_info->sectorsize); + return fscrypt_mergeable_extent_bio(bio, fi, logical_offset); +} + const struct fscrypt_operations btrfs_fscrypt_ops = { .has_per_extent_encryption = 1, .get_context = btrfs_fscrypt_get_context, diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 21b5dfc6100d..4da80090361f 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -30,6 +30,13 @@ void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *inode, struct fscrypt_extent_info *info, u8 *ctx); +void btrfs_set_bio_crypt_ctx_from_extent(struct bio *bio, + struct btrfs_inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset); +bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset); #else static inline void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, @@ -70,6 +77,21 @@ static inline ssize_t btrfs_fscrypt_context_for_new_extent(struct btrfs_inode *i return -EINVAL; } +static inline void btrfs_set_bio_crypt_ctx_from_extent(struct bio *bio, + struct btrfs_inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset) +{ +} + +static inline bool btrfs_mergeable_encrypted_bio(struct bio *bio, + struct inode *inode, + struct fscrypt_extent_info *fi, + u64 logical_offset) +{ + return true; +} + #endif /* CONFIG_FS_ENCRYPTION */ extern const struct fscrypt_operations btrfs_fscrypt_ops; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index a84ff55b7eb5..6d882b2de7e2 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7934,6 +7934,8 @@ static void btrfs_dio_submit_io(const struct iomap_iter *iter, struct bio *bio, struct btrfs_dio_private *dip = container_of(bbio, struct btrfs_dio_private, bbio); struct btrfs_dio_data *dio_data = iter->private; + struct fscrypt_extent_info *fscrypt_info = NULL; + u64 offset = 0; btrfs_bio_init(bbio, BTRFS_I(iter->inode)->root->fs_info, btrfs_dio_end_io, bio->bi_private); @@ -7955,6 +7957,9 @@ static void btrfs_dio_submit_io(const struct iomap_iter *iter, struct bio *bio, if (iter->flags & IOMAP_WRITE) { int ret; + offset = file_offset - dio_data->ordered->orig_offset; + fscrypt_info = dio_data->ordered->fscrypt_info; + ret = btrfs_extract_ordered_extent(bbio, dio_data->ordered); if (ret) { btrfs_finish_ordered_extent(dio_data->ordered, NULL, @@ -7964,8 +7969,13 @@ static void btrfs_dio_submit_io(const struct iomap_iter *iter, struct bio *bio, iomap_dio_bio_end_io(bio); return; } + } else { + fscrypt_info = dio_data->fscrypt_info; + offset = file_offset - dio_data->orig_start; } + btrfs_set_bio_crypt_ctx_from_extent(&bbio->bio, bbio->inode, + fscrypt_info, offset); btrfs_submit_bio(bbio, 0); } From patchwork Wed Jan 24 17:18:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529481 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4082B1272D4 for ; Wed, 24 Jan 2024 17:19:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116798; cv=none; b=kM/S40dQ9+4/FVLCvR6JAgWcLQG+8vx0t1FQRdNZ575DlPeNvcEUbo3Vm0yQuCq7Dv+HVA5aP5Arewu++UFgtKC1emiqiKZuaWXYH+TPvHmtFaPh6KDMoj2yvk5JPUo6rNt1HYiCWVSJM6cdJgemAxDoC9IQOGDwT/gAKuWfCf8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116798; c=relaxed/simple; bh=wAYaqIwI5+uBXKQTWA8jqpYbxYa0zQQ5N+yfQ5uTc7w=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lXNeG8w90EmPfyghk42BR9nCHQmXkOM2kHdQuAj3cdtAX5fwBjzKoxAZfnnRY8u/O1QBM1tEylOTmzeKZs4uRerCqkAc9z1qJKYBGHZ547DS0ztloCRgSfDYoip7W06V9bkhBkQk0mRmtW3OnFKzO8Ui8DIIvregUTIBVBrLVRU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=J7yFUs4F; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="J7yFUs4F" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-5f69383e653so56937197b3.1 for ; Wed, 24 Jan 2024 09:19:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116796; x=1706721596; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=5teHbpuiGJxA/6pn6TS+uYj83hc+FQ+fxWhnMmn8Q3o=; b=J7yFUs4F7NYm1OWt65ypB3zU51jzmm/RqITX7I9fPyKhoZXi55GXxRN4pTqAxNhgzP /rMYWjvQTtZ6I+dg02HgQneM7tIFXfnbGqppaue9W2mzxaMtA348Z4mP4sxgcw7bEh5f HmxfoUyeaEi9h1kHyYzLgIlhbQtlkbhAlRpOecSpAjRQd4K169TsjxMO7joS0dsMt3nB M+VPyG6zvcIlN53qKPxnwly7o2WywZqt1jYphh00s7IE0V98YGQVX/AvXm3qAS3rB18I wsDdWi+8dpL71TLL5p+BTom6rwYktHw78MyiZjFzzpTMyQmy+uqs1w293hTBxbIHi+Yh /vUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116796; x=1706721596; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5teHbpuiGJxA/6pn6TS+uYj83hc+FQ+fxWhnMmn8Q3o=; b=nt/zf7DYyvGW2pCDvtXJLVXziOeS9gEot8sGWXykhiM+yzuToOcF04KPORaX2O+6Wu ljQOobzc0vT0UOf3FDQWyS5H/sKaXW/8kzufTAXBFzJRMVeXByH0CgUEkziN7o43mJyJ fMnQhTPxjrhd9bRIWcR4OJM5tBHFoe0UjsNxW4tt/EohtasC7nh3t0h1AmXSQVVzyEde MePiDVTDPpy/ENC3Zt0JnS9wiQD7nKxyH/fQqioOjA0eIZfWgyPejMlWH4ZVMQEDI5XF WpcM4+KLQd0aYO/RCG/URuFBa6QcFIxrOoPWdfI5zKdObIyVJz7h3W0lbD3BO1g9XwLz Fg5w== X-Gm-Message-State: AOJu0YwC36GqQNk6Bp6EbL4WUHXpRSbi3UIY5ECo2LpMGqknEindkt1m 8if75mJLVMqBBY2q+NZQUMq+R6E+MkTCUizlL/U5BOQcBbOm2xDFHA3w7rK6yrYGIQRDO0M+PZp I X-Google-Smtp-Source: AGHT+IH/KvxbqhRR1jiL84hLDice9gC3ZIXd9KX8Vez2iQvYwPfDHnl3nmQJH+U8l/9TXF6cAJuFaw== X-Received: by 2002:a81:844b:0:b0:5f7:b18e:9298 with SMTP id u72-20020a81844b000000b005f7b18e9298mr1149149ywf.67.1706116795954; Wed, 24 Jan 2024 09:19:55 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id bf22-20020a05690c029600b005ef7ecd53absm65828ywb.39.2024.01.24.09.19.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:55 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 35/52] btrfs: add a bio argument to btrfs_csum_one_bio Date: Wed, 24 Jan 2024 12:18:57 -0500 Message-ID: <595a2e46dae3d18bceb5dfa60ac3ae23760fc800.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We only ever needed the bbio in btrfs_csum_one_bio, since that has the bio embedded in it. However with encryption we'll have a different bio with the encrypted data in it, and the original bbio. Update btrfs_csum_one_bio to take the bio we're going to csum as an argument, which will allow us to csum the encrypted bio and stuff the csums into the corresponding bbio to be used later when the IO completes. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 2 +- fs/btrfs/file-item.c | 3 +-- fs/btrfs/file-item.h | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index 2d20215548db..fc5c56a9d25f 100644 --- a/fs/btrfs/bio.c +++ b/fs/btrfs/bio.c @@ -537,7 +537,7 @@ static blk_status_t btrfs_bio_csum(struct btrfs_bio *bbio) { if (bbio->bio.bi_opf & REQ_META) return btree_csum_one_bio(bbio); - return btrfs_csum_one_bio(bbio); + return btrfs_csum_one_bio(bbio, &bbio->bio); } /* diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index a00dc5f0273f..6264cb837dcf 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -730,13 +730,12 @@ int btrfs_lookup_csums_bitmap(struct btrfs_root *root, struct btrfs_path *path, /* * Calculate checksums of the data contained inside a bio. */ -blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio) +blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio, struct bio *bio) { struct btrfs_ordered_extent *ordered = bbio->ordered; struct btrfs_inode *inode = bbio->inode; struct btrfs_fs_info *fs_info = inode->root->fs_info; SHASH_DESC_ON_STACK(shash, fs_info->csum_shash); - struct bio *bio = &bbio->bio; struct btrfs_ordered_sum *sums; char *data; struct bvec_iter iter; diff --git a/fs/btrfs/file-item.h b/fs/btrfs/file-item.h index bb79014024bd..e52d5d71d533 100644 --- a/fs/btrfs/file-item.h +++ b/fs/btrfs/file-item.h @@ -51,7 +51,7 @@ int btrfs_lookup_file_extent(struct btrfs_trans_handle *trans, int btrfs_csum_file_blocks(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct btrfs_ordered_sum *sums); -blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio); +blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio, struct bio *bio); blk_status_t btrfs_alloc_dummy_sum(struct btrfs_bio *bbio); int btrfs_lookup_csums_range(struct btrfs_root *root, u64 start, u64 end, struct list_head *list, int search_commit, From patchwork Wed Jan 24 17:18:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529483 Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BB9881AA5 for ; Wed, 24 Jan 2024 17:19:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116799; cv=none; b=c850YmrL5Ebl9vklb496OmglXn6+CEDH4tPBwUdcos6M284H83rJtzoU5Fyr9jfrur8LRBwghlWo82wraa+MJ1dfJ2BHqUHr1ZpvVNtASvLnE1a0isxzVoVSho++ZqcPT7No2cstmjaRUREqjiGcwLB4lxQb1R70kJfgJTK6dj0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116799; c=relaxed/simple; bh=ccxk9A0lLAH7hM0Kq5d4bG+71N269qXfLCbaeZdL+vQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=csR3o6niv0kUqTvFSvoTY7KkZb0dduVyMQaFFDiNow51zdgcyOHOpwA0XTmtq0N35MTkeL5DtWa75zoHr0Kpd8F4eOXG+39MXViazkPMad24r7bLyTVOPMK4QOffStbHWkXVuBRTporj7kis4kf5lEJktbFRCuTPioGGESwEonQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=a6aBxN46; arc=none smtp.client-ip=209.85.128.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="a6aBxN46" Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-5ff7ec8772dso49935237b3.0 for ; Wed, 24 Jan 2024 09:19:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116797; x=1706721597; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gzwurHsIxfPSp3qChyTj7+rJwRjra1JtBmEgFeG7iEQ=; b=a6aBxN46qEbdvhcgiwp0EuANZ8wICstPvOR5Mfx3cLW+uVGKqUfRsC2VzZTjEJ3RvJ APduYkzMGjS9Q9AJAWlbxpka3dwWKjjwcFjt9AtiH7KMJZr52wQaGLEB4Ua1EzZkLHOn prWtyp6bPS+4/vHfavXrD/QG/T7iQDDTHuTAHH9Hsv27FXRKTvbYgdAtEg7nUQhxmezk Av48WGV5wcC6Wzh5Sr7cf1IkNOAKkUcZVlGJ96pI+glo2hnF/cLQydJ+JNPQTXRHfQ+r Tacbgm3F3C0EzYfOsqYS/eQUmCTcTUp+0AL1vT5vq+OxD/9RS6nXn9ePamr7Y88zhWLf YWlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116797; x=1706721597; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gzwurHsIxfPSp3qChyTj7+rJwRjra1JtBmEgFeG7iEQ=; b=vtlNMYchIUnG+hDXQz/Ny7uUcoMbRtPt3mkewlzCmCXXsFgSTl8HFMXjprvgyMQNIb ru3y6mY6Px3aToLT95dZ9E988yvj9tJo2R65tIq4dAojUP23iZybLFx4o73HTM9fksrU TejrcH+Dl59HhfSI5IR7R6xLVFvtxkZBaB1HRU7ZrsL3nzZV0twsZU59Itd19MNE086w FFUlRQP97hFsbN4gA8hpHiKk36y3O8k/u1XUt/ChC667RHpnHPjh48m8T10NOf4dmkC8 7ArjC3uMt5dK/1LpY/bz+S10jCSpwqCNjk11JW/3Lzd3cion7VDYPUI3ferq+gSneTEG MM8g== X-Gm-Message-State: AOJu0Yw+Tj9126m0mmVaTh6Y1pZz77gZ+Z0NtSF2k5v/FutcUj4FrHt0 Z407DNmvIsb4JEl9aGcE19KeqX03Ac7/ogm7mjiTA7zkS196OTGshhrgjuTCkEtuBwgDyAJXuZw Y X-Google-Smtp-Source: AGHT+IHDXgfJ4fWPssh/BfzA/yK692bNzi2Go+ZkJ6sRjvWySvZD+/VuPH06r3rYV5x+lgrx0YMBRg== X-Received: by 2002:a0d:d90c:0:b0:5fb:cffb:9609 with SMTP id b12-20020a0dd90c000000b005fbcffb9609mr1094471ywe.6.1706116796964; Wed, 24 Jan 2024 09:19:56 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id gt19-20020a05690c451300b005ff7a3cc04dsm60323ywb.129.2024.01.24.09.19.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:56 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 36/52] btrfs: add orig_logical to btrfs_bio Date: Wed, 24 Jan 2024 12:18:58 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When checksumming the encrypted bio on writes we need to know which logical address this checksum is for. At the point where we get the encrypted bio the bi_sector is the physical location on the target disk, so we need to save the original logical offset in the btrfs_bio. Then we can use this when csum'ing the bio instead of the bio->iter.bi_sector. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 10 ++++++++++ fs/btrfs/bio.h | 3 +++ fs/btrfs/file-item.c | 2 +- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index fc5c56a9d25f..cb998048edce 100644 --- a/fs/btrfs/bio.c +++ b/fs/btrfs/bio.c @@ -96,6 +96,8 @@ static struct btrfs_bio *btrfs_split_bio(struct btrfs_fs_info *fs_info, if (bbio_has_ordered_extent(bbio)) { refcount_inc(&orig_bbio->ordered->refs); bbio->ordered = orig_bbio->ordered; + bbio->orig_logical = orig_bbio->orig_logical; + orig_bbio->orig_logical += map_length; } atomic_inc(&orig_bbio->pending_ios); return bbio; @@ -678,6 +680,14 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num) goto fail; } + /* + * For fscrypt writes we will get the encrypted bio after we've remapped + * our bio to the physical disk location, so we need to save the + * original bytenr so we know what we're checksumming. + */ + if (bio_op(bio) == REQ_OP_WRITE && is_data_bbio(bbio)) + bbio->orig_logical = logical; + map_length = min(map_length, length); if (use_append) map_length = min(map_length, fs_info->max_zone_append_size); diff --git a/fs/btrfs/bio.h b/fs/btrfs/bio.h index bbaed317161a..a5c5371e99e2 100644 --- a/fs/btrfs/bio.h +++ b/fs/btrfs/bio.h @@ -54,11 +54,14 @@ struct btrfs_bio { * - pointer to the checksums for this bio * - original physical address from the allocator * (for zone append only) + * - original logical address, used for checksumming fscrypt + * bios. */ struct { struct btrfs_ordered_extent *ordered; struct btrfs_ordered_sum *sums; u64 orig_physical; + u64 orig_logical; }; /* For metadata reads: parentness verification. */ diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index 6264cb837dcf..a7e545e7461f 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -756,7 +756,7 @@ blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio, struct bio *bio) sums->len = bio->bi_iter.bi_size; INIT_LIST_HEAD(&sums->list); - sums->logical = bio->bi_iter.bi_sector << SECTOR_SHIFT; + sums->logical = bbio->orig_logical; index = 0; shash->tfm = fs_info->csum_shash; From patchwork Wed Jan 24 17:18:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529484 Received: from mail-yw1-f169.google.com (mail-yw1-f169.google.com [209.85.128.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13004128368 for ; Wed, 24 Jan 2024 17:19:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116800; cv=none; b=RAk1HYd6HCXdmVQ+h26oJGFICUaeWb8SKvntEkKGR+4g7Goz9kmT6aSs3ot85qxCvMgS8qI8ZUgDRAs4/Pb6mq3B0PqC0ylg+A0UTTpUS9O4+nXR43HDHhmGtBJnYEe3EuWUn/OwlCXXinIvFIV5KLliltoAxwxxDPXVwYjfXII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116800; c=relaxed/simple; bh=pRf4KgFhQJewGEorxJym3Mu/c0nVfTOwgrDzgDVQx4Y=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KR/z+PiTck8GO/05bDQsOiNQHlFR2nP7ZR8hmZNmVKkSamHLhY/uHkDltORFmApR3af0tuied7UgHdhG937wwOjoGJumFoBnmViXOep6Qm2YgUsxKkgsSR5mKo3ac+TG60bEYZb/YmT/VPNt0TKtKgs/ED2ZcnWgKmlc9ecBe04= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=wir9TC9k; arc=none smtp.client-ip=209.85.128.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="wir9TC9k" Received: by mail-yw1-f169.google.com with SMTP id 00721157ae682-6002a655d77so27159297b3.2 for ; Wed, 24 Jan 2024 09:19:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116798; x=1706721598; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kVTpEWY3MntzlRLR3byKAO+alzS64oNCXCog2sNJ60M=; b=wir9TC9kWHDPw92B03UiMrWQ8SedXmgWcPAXIFpQqCX637tiYpFF8vN49shu4ngYad gNDGvkKs2t1qsyJ+SUSFX8aU+VBxeBsQlSO4g8LDts9GCPzt2L006yB47vS1DlqN0rgP 3whRQ+zv8yl0p95qnOP26kVgtNzrDwJbyKpTelRtIPxtIZQQcGXiCw6TONw1VynfnsUn PW3vduc1gKo5TDaZp2S0IGmwGS67v8b/JC3RKvgiw3izPGeBeGbufsDNZisPCD07uUtB XJFE4BJ2Ax7fnescJHuGZW0J6Vw79lIoYiRxjOhi2x0s+5EeNik2qha1FuQ1znQ1hMcX SwXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116798; x=1706721598; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kVTpEWY3MntzlRLR3byKAO+alzS64oNCXCog2sNJ60M=; b=jUAm5d9gKNGySnZ8yi3KUloixgyFzQ5SLgwfKxMusI3mq559CJkWhiljA3FcjiWIHI EejWqbWiDurY3XKc1bhMS/Y0k+BAxnd4THDFHrE2VPtnbfIa9ftlJMhoIuW1rSFsvIn/ 9SSkuQsk3DksLgxuR2jtWdEhTVw2EuE6ZdypH33bGJ0WN36hVvn0IeAWNqDTPsibzLM9 VdrqywgEdakUgFPqZMZdTxqXaSbaSiRKWwPNwjnTelsGAgBhdJu5nnUniTXTi1VEN5ot SZt0m0i8Vw3egMB3BkkWwTeF8CTMkT4Lw+U+zDj0wAlPsV/xqAzxenqNb5NeedR5DKVS 0Gcg== X-Gm-Message-State: AOJu0YxISqjreR1AWfHkjQ7AGMff1gDgK9TsKZVJ3BbHz/negds8XoFh iijdh7iPaYtbMM9RBZ/EdkeGzPGVUDCZ7D2cFrjE5ycAO4K6UgPzf6da7VBpeCS+mY6UPf133Za 9 X-Google-Smtp-Source: AGHT+IFrGXJU4ZWL8kutG7gXAJKdnCQH7UZYj3wcchkZ1sK5KdwN0OfXMsv37LYbpQe+Ua92CCQ2OA== X-Received: by 2002:a81:4f49:0:b0:5ff:3f23:4f87 with SMTP id d70-20020a814f49000000b005ff3f234f87mr922139ywb.71.1706116797898; Wed, 24 Jan 2024 09:19:57 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id z130-20020a814c88000000b005ff877093easm60232ywa.143.2024.01.24.09.19.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:57 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 37/52] btrfs: limit encrypted writes to 256 segments Date: Wed, 24 Jan 2024 12:18:59 -0500 Message-ID: <1fc07b885453495bccea5a37e13d7d26333bd2af.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For the fallback encrypted writes it allocates a bounce buffer to encrypt, and if the bio is larger than 256 segments it splits the bio we send down. This wreaks havoc on us because we need our actual original bio to be passed into the process_cb callback in order to get at our ordered extent. With the split we'll get some cloned bio that has none of our information. Handle this by returning the length we need to be truncated to and then splitting ourselves, which will handle giving us the correct btrfs_bio that we need. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 29 ++++++++++++++++++++++++++++- fs/btrfs/fscrypt.c | 24 ++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 6 ++++++ 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index cb998048edce..1fb8a198e093 100644 --- a/fs/btrfs/bio.c +++ b/fs/btrfs/bio.c @@ -15,6 +15,7 @@ #include "zoned.h" #include "file-item.h" #include "raid-stripe-tree.h" +#include "fscrypt.h" static struct bio_set btrfs_bioset; static struct bio_set btrfs_clone_bioset; @@ -664,6 +665,7 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num) u64 logical = bio->bi_iter.bi_sector << SECTOR_SHIFT; u64 length = bio->bi_iter.bi_size; u64 map_length = length; + u64 max_bio_len = length; bool use_append = btrfs_use_zone_append(bbio); struct btrfs_io_context *bioc = NULL; struct btrfs_io_stripe smap; @@ -673,6 +675,31 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num) smap.is_scrub = !bbio->inode; btrfs_bio_counter_inc_blocked(fs_info); + + /* + * The blk-crypto-fallback limits bio sizes to 256 segments, because it + * has no way of controlling the pages it gets for the bounce bio it + * submits. + * + * If we don't pre-split our bio blk-crypto-fallback will do it for us, + * and then call into our checksum callback with a random cloned bio + * that isn't a btrfs_bio. + * + * To account for this we must truncate the bio ourselves, so we need to + * get our length at 256 segments and return that. We must do this + * before btrfs_map_block because the RAID5/6 code relies on having + * properly stripe aligned things, so we return the truncated length + * here so that btrfs_map_block() does the correct thing. Further down + * we actually truncate map_length to map_bio_len because map_length + * will be set to whatever the mapping length is for the underlying + * geometry. This will work properly with RAID5/6 as it will have + * already setup everything for the expected length, and everything else + * can handle with a truncated map_length. + */ + if (bio_has_crypt_ctx(bio)) + max_bio_len = btrfs_fscrypt_bio_length(bio, map_length); + + map_length = max_bio_len; error = btrfs_map_block(fs_info, btrfs_op(bio), logical, &map_length, &bioc, &smap, &mirror_num); if (error) { @@ -688,7 +715,7 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num) if (bio_op(bio) == REQ_OP_WRITE && is_data_bbio(bbio)) bbio->orig_logical = logical; - map_length = min(map_length, length); + map_length = min(map_length, max_bio_len); if (use_append) map_length = min(map_length, fs_info->max_zone_append_size); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index b93fce2db3d5..9f4811b2fb4e 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -308,6 +308,30 @@ bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode, return fscrypt_mergeable_extent_bio(bio, fi, logical_offset); } +/* + * The block crypto stuff allocates bounce buffers for encryption, so splits at + * BIO_MAX_VECS worth of segments. If we are larger than that number of + * segments then we need to limit the size to the size that BIO_MAX_VECS covers. + */ +int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length) +{ + unsigned int i = 0; + struct bio_vec bv; + struct bvec_iter iter; + u64 segments_length = 0; + + if (bio_op(bio) != REQ_OP_WRITE) + return map_length; + + bio_for_each_segment(bv, bio, iter) { + segments_length += bv.bv_len; + if (++i == BIO_MAX_VECS) + return segments_length; + } + + return map_length; +} + const struct fscrypt_operations btrfs_fscrypt_ops = { .has_per_extent_encryption = 1, .get_context = btrfs_fscrypt_get_context, diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 4da80090361f..703122e8d57f 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -37,6 +37,7 @@ void btrfs_set_bio_crypt_ctx_from_extent(struct bio *bio, bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode, struct fscrypt_extent_info *fi, u64 logical_offset); +int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length); #else static inline void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, @@ -92,6 +93,11 @@ static inline bool btrfs_mergeable_encrypted_bio(struct bio *bio, return true; } +static inline u64 btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length) +{ + return map_length; +} + #endif /* CONFIG_FS_ENCRYPTION */ extern const struct fscrypt_operations btrfs_fscrypt_ops; From patchwork Wed Jan 24 17:19:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529485 Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E5CA12837F for ; Wed, 24 Jan 2024 17:19:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116801; cv=none; b=qZNeJFlHzz1qEPwq3DYsCqYeEXrylHDJ5By5h1B/t/Kz1BcNQLjLO2aFA/YSYHRpasWZDizsk3HVwQLwHmg8zqRrV4yGYmGMhJh1AB+1ynV41czl0yUyNxXcsDhhI8xV0SjZlZvNCVBaPG5026JrrxipFQikylGSUKqxrMEYJug= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116801; c=relaxed/simple; bh=Onc25aLfG/B4s4fX0RnH+DiY2IRV5EGBNAFaIXEJs3g=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ndA/zhFIoLVmEofR1s4cOfytU7pt2azl4oGO9tJ9rv3fUNtpuv5/myZXn+uiKnbjTGrcWs7zGhCD353vGIYSihBKMuDtNt5X2iRlY6MJgdm8W4R3N6r+HsvYkXcfYbOHNwU/vQR0Yi3MlU2w74+MICHhVA1OGqv1vw3n9t0fDJQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=RqzaMhaF; arc=none smtp.client-ip=209.85.128.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="RqzaMhaF" Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-5ffb07bed9bso34644957b3.0 for ; Wed, 24 Jan 2024 09:19:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116799; x=1706721599; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=r84TOrL+swdWBjXzz8BVE6bEsJMqHiJjrZwciOqZ+eE=; b=RqzaMhaFPhSk49dGFc5VQ7s4Z12IpPwSrN6tqijacadmlVaUSLPTSLS3S32c/b3uUd opcnZvS15STSVKYup9oqfR1aNMnTKhtVKHSqGWePXejJOvmxr1H3KvVDogBOUklhzkGt +goiqvZkMWu+W/oNYJCARFy/7chynV48wL6ggCoE6/tV3+cuSBofyMI0P+gRACWNrCRj l4ePkI0pNn8BExwFU5GeXDO9FkvUQk/YfgWVGvFBRIfCO++GOElG9yQvM5KaQC4RRaH5 eUw8qD1ovIKTOAk3MNWc7x8OQsXEaqpjFrQTd9p2M/+GYmWSTnrY7cZfIul+NcTGdcDv J9zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116799; x=1706721599; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r84TOrL+swdWBjXzz8BVE6bEsJMqHiJjrZwciOqZ+eE=; b=tvBGDzALfICICohEz7qaNXeezzQp+DLucGmaeZk96Qm41sO+fF1yuy4GBcPZv2yT1E svs5OXYkaTQny/ieMjJ2LsXtsKINUx+Q1n8cc1LAreCdNqkUvdVry9O6hiDJ1qItjT2W RetaF7iozcu5c5d7sexxuFmsZ5IgaCHqRZt9RBi55QBcrU4nZi+ZsF1t62jGRLaUhOlD iMfOR+oyxk2YsbgFFf5a1nbRCDWZrvdIYZcHjtjNQbccz3Fnv6TWAuY3heEdJhGWXqHG 7vY5L8jtUN2R69ntB7bciN8ylWi+KrSzfOiulD8QAuiA0IiCaTTbSCqLjwewA7gQ9I6I Xpkw== X-Gm-Message-State: AOJu0Yzep7Q1WH1/MwfG1LoNJcmsAS11xNtSoY3KIIuXq6pnzRe9PEEv 99YEzYdPrnvyQsaWmjhP6HJ94RBU1Z6ys78Rr/2+tip8BiTOpO4Mn2rnmQTO50X6XiL5fKuE7z5 Y X-Google-Smtp-Source: AGHT+IGoXOcOUWFXDeKKQ5wflDef/WZMTmLPf7tHm/umb4HRrIUxgLrImIxkcTrB4TaBc9NPDphJkg== X-Received: by 2002:a0d:cb08:0:b0:5ff:9567:c81 with SMTP id n8-20020a0dcb08000000b005ff95670c81mr912006ywd.22.1706116798866; Wed, 24 Jan 2024 09:19:58 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id fu7-20020a05690c368700b00602a88f43cbsm65701ywb.7.2024.01.24.09.19.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:58 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 38/52] btrfs: implement process_bio cb for fscrypt Date: Wed, 24 Jan 2024 12:19:00 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We are going to be checksumming the encrypted data, so we have to implement the ->process_bio fscrypt callback. This will provide us with the original bio and the encrypted bio to do work on. For WRITE's this will happen after the encrypted bio has been encrypted. For READ's this will happen after the read has completed and before the decryption step is done. For write's this is straightforward, we can just pass in the encrypted bio to btrfs_csum_one_bio and then the csums will be added to the bbio as normal. For read's this is relatively straightforward, but requires some care. We assume (because that's how it works currently) that the encrypted bio match the original bio, this is important because we save the iter of the bio before we submit. If this changes in the future we'll need a hook to give us the bi_iter of the decryption bio before it's submitted. We check the csums before decryption. If it doesn't match we simply error out and we let the normal path handle the repair work. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 39 +++++++++++++++++++++++++++++++++++++-- fs/btrfs/bio.h | 3 +++ fs/btrfs/file-item.c | 14 ++++++++++++-- fs/btrfs/fscrypt.c | 29 +++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index 1fb8a198e093..e85c0f539ab7 100644 --- a/fs/btrfs/bio.c +++ b/fs/btrfs/bio.c @@ -288,6 +288,34 @@ static struct btrfs_failed_bio *repair_one_sector(struct btrfs_bio *failed_bbio, return fbio; } +blk_status_t btrfs_check_encrypted_read_bio(struct btrfs_bio *bbio, + struct bio *enc_bio) +{ + struct btrfs_inode *inode = bbio->inode; + struct btrfs_fs_info *fs_info = inode->root->fs_info; + u32 sectorsize = fs_info->sectorsize; + struct bvec_iter iter = bbio->saved_iter; + struct btrfs_device *dev = bbio->bio.bi_private; + u32 offset = 0; + + /* + * We have to use a copy of iter in case there's an error, + * btrfs_check_read_bio will handle submitting the repair bios. + */ + while (iter.bi_size) { + struct bio_vec bv = bio_iter_iovec(enc_bio, iter); + + bv.bv_len = min(bv.bv_len, sectorsize); + if (!btrfs_data_csum_ok(bbio, dev, offset, &bv)) + return BLK_STS_IOERR; + bio_advance_iter_single(enc_bio, &iter, sectorsize); + offset += sectorsize; + } + + bbio->csum_done = true; + return BLK_STS_OK; +} + static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *dev) { struct btrfs_inode *inode = bbio->inode; @@ -313,6 +341,10 @@ static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *de /* Clear the I/O error. A failed repair will reset it. */ bbio->bio.bi_status = BLK_STS_OK; + /* This was an encrypted bio and we've already done the csum check. */ + if (status == BLK_STS_OK && bbio->csum_done) + goto out; + while (iter->bi_size) { struct bio_vec bv = bio_iter_iovec(&bbio->bio, *iter); @@ -323,7 +355,7 @@ static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *de bio_advance_iter_single(&bbio->bio, iter, sectorsize); offset += sectorsize; } - +out: if (bbio->csum != bbio->csum_inline) kfree(bbio->csum); @@ -756,10 +788,13 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num) /* * Csum items for reloc roots have already been cloned at this * point, so they are handled as part of the no-checksum case. + * + * Encrypted inodes are csum'ed via the ->process_bio callback. */ if (inode && !(inode->flags & BTRFS_INODE_NODATASUM) && !test_bit(BTRFS_FS_STATE_NO_CSUMS, &fs_info->fs_state) && - !btrfs_is_data_reloc_root(inode->root)) { + !btrfs_is_data_reloc_root(inode->root) && + !IS_ENCRYPTED(&inode->vfs_inode)) { if (should_async_write(bbio) && btrfs_wq_submit_bio(bbio, bioc, &smap, mirror_num)) goto done; diff --git a/fs/btrfs/bio.h b/fs/btrfs/bio.h index a5c5371e99e2..9465c23acb84 100644 --- a/fs/btrfs/bio.h +++ b/fs/btrfs/bio.h @@ -45,6 +45,7 @@ struct btrfs_bio { struct { u8 *csum; u8 csum_inline[BTRFS_BIO_INLINE_CSUM_SIZE]; + bool csum_done; struct bvec_iter saved_iter; }; @@ -110,5 +111,7 @@ void btrfs_submit_repair_write(struct btrfs_bio *bbio, int mirror_num, bool dev_ int btrfs_repair_io_failure(struct btrfs_fs_info *fs_info, u64 ino, u64 start, u64 length, u64 logical, struct folio *folio, unsigned int folio_offset, int mirror_num); +blk_status_t btrfs_check_encrypted_read_bio(struct btrfs_bio *bbio, + struct bio *enc_bio); #endif diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c index a7e545e7461f..a8a8a4f943d1 100644 --- a/fs/btrfs/file-item.c +++ b/fs/btrfs/file-item.c @@ -337,6 +337,14 @@ static int search_csum_tree(struct btrfs_fs_info *fs_info, return ret; } +static inline bool inode_skip_csum(struct btrfs_inode *inode) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + + return (inode->flags & BTRFS_INODE_NODATASUM) || + test_bit(BTRFS_FS_STATE_NO_CSUMS, &fs_info->fs_state); +} + /* * Lookup the checksum for the read bio in csum tree. * @@ -356,8 +364,7 @@ blk_status_t btrfs_lookup_bio_sums(struct btrfs_bio *bbio) blk_status_t ret = BLK_STS_OK; u32 bio_offset = 0; - if ((inode->flags & BTRFS_INODE_NODATASUM) || - test_bit(BTRFS_FS_STATE_NO_CSUMS, &fs_info->fs_state)) + if (inode_skip_csum(inode)) return BLK_STS_OK; /* @@ -745,6 +752,9 @@ blk_status_t btrfs_csum_one_bio(struct btrfs_bio *bbio, struct bio *bio) int i; unsigned nofs_flag; + if (inode_skip_csum(inode)) + return BLK_STS_OK; + nofs_flag = memalloc_nofs_save(); sums = kvzalloc(btrfs_ordered_sum_size(fs_info, bio->bi_iter.bi_size), GFP_KERNEL); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 9f4811b2fb4e..560243d732e7 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -16,6 +16,7 @@ #include "transaction.h" #include "volumes.h" #include "xattr.h" +#include "file-item.h" /* * From a given location in a leaf, read a name into a qstr (usually a @@ -215,6 +216,33 @@ static struct block_device **btrfs_fscrypt_get_devices(struct super_block *sb, return devs; } +static blk_status_t btrfs_process_encrypted_bio(struct bio *orig_bio, + struct bio *enc_bio) +{ + struct btrfs_bio *bbio; + + /* + * If our bio is from the normal fs_bio_set then we know this is a + * mirror split and we can skip it, we'll get the real bio on the last + * mirror and we can process that one. + */ + if (orig_bio->bi_pool == &fs_bio_set) + return BLK_STS_OK; + + bbio = btrfs_bio(orig_bio); + + if (bio_op(orig_bio) == REQ_OP_READ) { + /* + * We have ->saved_iter based on the orig_bio, so if the block + * layer changes we need to notice this asap so we can update + * our code to handle the new world order. + */ + ASSERT(orig_bio == enc_bio); + return btrfs_check_encrypted_read_bio(bbio, enc_bio); + } + return btrfs_csum_one_bio(bbio, enc_bio); +} + int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode, struct extent_map *em, struct btrfs_fscrypt_ctx *ctx) @@ -338,4 +366,5 @@ const struct fscrypt_operations btrfs_fscrypt_ops = { .set_context = btrfs_fscrypt_set_context, .empty_dir = btrfs_fscrypt_empty_dir, .get_devices = btrfs_fscrypt_get_devices, + .process_bio = btrfs_process_encrypted_bio, }; From patchwork Wed Jan 24 17:19:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529486 Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE739128399 for ; Wed, 24 Jan 2024 17:20:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116802; cv=none; b=eGQTq53i/WF4up32D0Myi43KY3WnX9s+XazG4jbR755GNf5tcFXXZ4Gr9ydq1aGKGcmonJ6lCj8nfpNd4KfXiwlblIv5OttI7hypKfGNgBeg5VjR5imTia2gCeoAbAPbGGsPgL5ygdJHrXvIm4DNPwyPozQ9AHL2HSo8CQtwgVs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116802; c=relaxed/simple; bh=Q3We6Xu9OJtfaF1c2bMOiNV/+n80uMP/IN5D1/7sea0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=D1SBtQ1HC4QatGikZdUfJzU1VZoJUPiNczYoFIXAL7L+xDZT8lKccB1nX6FIgPUeg8fLrc5QVKCT3NXJMZ/3IO8St/6ASXCuwos9cVbOJOwlqDbwnJl1v1RVfjbXkKWr8XthLuxY8xVyDDcG7AiNaX+cz8QLG21n+7qFn6UpU1I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=bFNLkuxA; arc=none smtp.client-ip=209.85.219.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="bFNLkuxA" Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-dc372245aefso2029599276.2 for ; Wed, 24 Jan 2024 09:20:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116800; x=1706721600; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YRZ9zqAl+WJgmiBPMtKjCnt+nYdtvP2VMNUbXWG82do=; b=bFNLkuxAG/I23Bduff2uQTttLqmOayJDdQXrSrGo5SQHoTSiL1QrPY8dqXxtlH87yV K55SshIbCToVRTa3+zas/SXqbzPk19kuDl76SsPd2gCixfUffu4H41/uezDGqsiWIpoq jI/IYa5X4e0dS5onK/X3CikwtJ7XFCr5J2r8oB9f0CbrybOIL/vsmTHDOmzef3EczB4B C6Pz4YJU/IFjbIQeQbW6YbsXMMVxlkE1+rX9J1Nz/7I2s8/4Y82cpkR2JraIHXb+L32/ 9JB0UzNFk7EZ33anKliyaias7Pkq4fAUzVEQ7X0m2wDZLspZq5J1kaPEbUOlA9Ca90p+ VWMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116800; x=1706721600; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YRZ9zqAl+WJgmiBPMtKjCnt+nYdtvP2VMNUbXWG82do=; b=IETypYl0kppeBrjAdfBKzVcLkdao/hcFjYupc9gzkUng8MAO4QIG2F6F29ED8dUNgL oLPL07uw8wvDX5nLTYUxtqxv7WNLVv0nPqyYPLl60SsdWZdRaENvg1C98tYTINtKiy9g bkBc9TAij3MaTXeGeKPW+RljAvGZerVfVWbHEVy5mICm58hLieIumgMHCqulQJSvyCU1 7/6lkYFTCwy1mBekiW8edSKgvSBE+wfRHHEqEP4W4dmmcBTaY9appjItdBuvjZGZfj10 sF0VPzFo/FFLZNCwYWpS5mqYcF4sZBq8dNrxnjZEsx/iy4GnR4X22TByumI1nk8rNUey Klgw== X-Gm-Message-State: AOJu0YxCUGkoF7dtaT0xJI7XV7HNBBbbT5tgtcEiUfIrQuhc48BfFpcO uS+qW2NTNZ+2ITH8+gAdYB31f+Gowy3C2BaE9qdH1FSJUZsMV0anwJ7gsVcagrFXkTfriMpaTTc N X-Google-Smtp-Source: AGHT+IF5JwUQIGjZbLQ/yzj+PVNPq74TjIHs/4CJFB1EGY6KaEuyryggIbI2IqqDimtZKsRBgwVyVA== X-Received: by 2002:a0d:e811:0:b0:5ff:8811:b559 with SMTP id r17-20020a0de811000000b005ff8811b559mr1247266ywe.93.1706116799791; Wed, 24 Jan 2024 09:19:59 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id ey1-20020a05690c300100b005ffcb4765c9sm65160ywb.28.2024.01.24.09.19.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:19:59 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 39/52] btrfs: implement read repair for encryption Date: Wed, 24 Jan 2024 12:19:01 -0500 Message-ID: <310c0ebdc78613b6f379595e160206013f75b6dc.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In order to do read repair we will allocate sectorsize bio's and read them one at a time, repairing any sectors that don't match their csum. In order to do this we re-submit the IO's after it's failed, and at this point we still need the fscrypt_extent_info for these new bio's. Add the fscrypt_extent_info to the read part of the union in the btrfs_bio, and then pass this through all the places where we do reads. Additionally add the orig_start, because we need to be able to put the correct extent offset for the encryption context. With these in place we can utilize the normal read repair path. The only exception is that the actual repair of the bad copies has to be triggered from the ->process_bio callback, because this is the encrypted data. If we waited until the end_io we would have the decrypted data and we don't want to write that to the disk. This is the only change to the normal read repair path, we trigger the fixup of the broken sectors in ->process_bio, and then we skip that part if we successfully repair the sector in ->process_bio once we get to the endio. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 83 +++++++++++++++++++++++++++++++++++++----- fs/btrfs/bio.h | 10 ++++- fs/btrfs/compression.c | 3 ++ fs/btrfs/extent_io.c | 3 ++ fs/btrfs/inode.c | 2 + 5 files changed, 91 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index e85c0f539ab7..d90a9f0ce763 100644 --- a/fs/btrfs/bio.c +++ b/fs/btrfs/bio.c @@ -99,6 +99,10 @@ static struct btrfs_bio *btrfs_split_bio(struct btrfs_fs_info *fs_info, bbio->ordered = orig_bbio->ordered; bbio->orig_logical = orig_bbio->orig_logical; orig_bbio->orig_logical += map_length; + } else if (is_data_bbio(bbio)) { + bbio->fscrypt_info = + fscrypt_get_extent_info(orig_bbio->fscrypt_info); + bbio->orig_start = orig_bbio->orig_start; } atomic_inc(&orig_bbio->pending_ios); return bbio; @@ -107,8 +111,12 @@ static struct btrfs_bio *btrfs_split_bio(struct btrfs_fs_info *fs_info, /* Free a bio that was never submitted to the underlying device. */ static void btrfs_cleanup_bio(struct btrfs_bio *bbio) { - if (bbio_has_ordered_extent(bbio)) + if (bbio_has_ordered_extent(bbio)) { btrfs_put_ordered_extent(bbio->ordered); + } else if (is_data_bbio(bbio)) { + fscrypt_put_extent_info(bbio->fscrypt_info); + bbio->fscrypt_info = NULL; + } bio_put(&bbio->bio); } @@ -121,6 +129,10 @@ static void __btrfs_bio_end_io(struct btrfs_bio *bbio) btrfs_put_ordered_extent(ordered); } else { bbio->end_io(bbio); + if (is_data_bbio(bbio)) { + fscrypt_put_extent_info(bbio->fscrypt_info); + bbio->fscrypt_info = NULL; + } } } @@ -188,6 +200,23 @@ static void btrfs_repair_done(struct btrfs_failed_bio *fbio) } } +static void handle_repair(struct btrfs_bio *repair_bbio) +{ + struct btrfs_failed_bio *fbio = repair_bbio->private; + struct btrfs_inode *inode = repair_bbio->inode; + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct bio_vec *bv = bio_first_bvec_all(&repair_bbio->bio); + int mirror = repair_bbio->mirror_num; + + do { + mirror = prev_repair_mirror(fbio, mirror); + btrfs_repair_io_failure(fs_info, btrfs_ino(inode), + repair_bbio->file_offset, fs_info->sectorsize, + repair_bbio->saved_iter.bi_sector << SECTOR_SHIFT, + page_folio(bv->bv_page), bv->bv_offset, mirror); + } while (mirror != fbio->bbio->mirror_num); +} + static void btrfs_end_repair_bio(struct btrfs_bio *repair_bbio, struct btrfs_device *dev) { @@ -203,6 +232,13 @@ static void btrfs_end_repair_bio(struct btrfs_bio *repair_bbio, */ ASSERT(folio_order(page_folio(bv->bv_page)) == 0); + /* + * If we got here from the encrypted path with ->csum_done set then + * we've already csumed and repaired this sector, we're all done. + */ + if (repair_bbio->csum_done) + goto done; + if (repair_bbio->bio.bi_status || !btrfs_data_csum_ok(repair_bbio, dev, 0, bv)) { bio_reset(&repair_bbio->bio, NULL, REQ_OP_READ); @@ -215,18 +251,17 @@ static void btrfs_end_repair_bio(struct btrfs_bio *repair_bbio, goto done; } + btrfs_set_bio_crypt_ctx_from_extent(&repair_bbio->bio, + repair_bbio->inode, + repair_bbio->fscrypt_info, + repair_bbio->file_offset - + repair_bbio->orig_start); + btrfs_submit_bio(repair_bbio, mirror); return; } - do { - mirror = prev_repair_mirror(fbio, mirror); - btrfs_repair_io_failure(fs_info, btrfs_ino(inode), - repair_bbio->file_offset, fs_info->sectorsize, - repair_bbio->saved_iter.bi_sector << SECTOR_SHIFT, - page_folio(bv->bv_page), bv->bv_offset, mirror); - } while (mirror != fbio->bbio->mirror_num); - + handle_repair(repair_bbio); done: btrfs_repair_done(fbio); bio_put(&repair_bbio->bio); @@ -281,6 +316,14 @@ static struct btrfs_failed_bio *repair_one_sector(struct btrfs_bio *failed_bbio, btrfs_bio_init(repair_bbio, fs_info, NULL, fbio); repair_bbio->inode = failed_bbio->inode; repair_bbio->file_offset = failed_bbio->file_offset + bio_offset; + repair_bbio->fscrypt_info = + fscrypt_get_extent_info(failed_bbio->fscrypt_info); + repair_bbio->orig_start = failed_bbio->orig_start; + + btrfs_set_bio_crypt_ctx_from_extent(repair_bio, repair_bbio->inode, + failed_bbio->fscrypt_info, + repair_bbio->file_offset - + failed_bbio->orig_start); mirror = next_repair_mirror(fbio, failed_bbio->mirror_num); btrfs_debug(fs_info, "submitting repair read to mirror %d", mirror); @@ -312,7 +355,29 @@ blk_status_t btrfs_check_encrypted_read_bio(struct btrfs_bio *bbio, offset += sectorsize; } + /* + * Read repair is slightly different for encrypted bio's. This callback + * is before we decrypt the bio in the block crypto layer, we're not + * actually in the endio handler. + * + * We don't trigger the repair process here either, that is handled in + * the actual endio path because we don't want to create another psuedo + * endio path through this callback. This is because when we call + * btrfs_repair_done() we want to call the endio for the original bbio. + * Short circuiting that for the encrypted case would be ugly. We + * really want to the repair case to be handled generically. + * + * However for the actual repair part we need to use this page + * pre-decrypted, which is why we call the btrfs_repair_io_failure() + * code from this path. The repair path is synchronous so we are safe + * there. Then we simply mark the repair bbio as completed so the + * actual btrfs_end_repair_bio() code can skip the repair part. + */ + if (bbio->bio.bi_pool == &btrfs_repair_bioset) + handle_repair(bbio); bbio->csum_done = true; + fscrypt_put_extent_info(bbio->fscrypt_info); + bbio->fscrypt_info = NULL; return BLK_STS_OK; } diff --git a/fs/btrfs/bio.h b/fs/btrfs/bio.h index 9465c23acb84..ba737c660010 100644 --- a/fs/btrfs/bio.h +++ b/fs/btrfs/bio.h @@ -13,6 +13,7 @@ struct btrfs_bio; struct btrfs_fs_info; +struct fscrypt_extent_info; #define BTRFS_BIO_INLINE_CSUM_SIZE 64 @@ -40,13 +41,20 @@ struct btrfs_bio { union { /* * For data reads: checksumming and original I/O information. - * (for internal use in the btrfs_submit_bio machinery only) + * (for internal use in the btrfs_submit_bio machinery only). + * + * The fscrypt context is used for read repair, this is the only + * thing not internal to btrfs_submit_bio machinery. */ struct { u8 *csum; u8 csum_inline[BTRFS_BIO_INLINE_CSUM_SIZE]; bool csum_done; struct bvec_iter saved_iter; + + /* Used for read repair. */ + struct fscrypt_extent_info *fscrypt_info; + u64 orig_start; }; /* diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 5988813c5bd0..4a1e14efb937 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -603,6 +603,9 @@ void btrfs_submit_compressed_read(struct btrfs_bio *bbio) cb->compressed_len = compressed_len; cb->compress_type = extent_map_compression(em); cb->orig_bbio = bbio; + cb->bbio.fscrypt_info = + fscrypt_get_extent_info(em->fscrypt_info); + cb->bbio.orig_start = 0; btrfs_set_bio_crypt_ctx_from_extent(&cb->bbio.bio, inode, em->fscrypt_info, 0); diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 43680f26ddbe..3aee2dcc5864 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -835,6 +835,9 @@ static void alloc_new_bio(struct btrfs_inode *inode, } else { fscrypt_info = bio_ctrl->fscrypt_info; offset = file_offset - bio_ctrl->orig_start; + bbio->fscrypt_info = + fscrypt_get_extent_info(fscrypt_info); + bbio->orig_start = bio_ctrl->orig_start; } btrfs_set_bio_crypt_ctx_from_extent(&bbio->bio, inode, fscrypt_info, diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6d882b2de7e2..5377ca2c896f 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7972,6 +7972,8 @@ static void btrfs_dio_submit_io(const struct iomap_iter *iter, struct bio *bio, } else { fscrypt_info = dio_data->fscrypt_info; offset = file_offset - dio_data->orig_start; + bbio->fscrypt_info = fscrypt_get_extent_info(fscrypt_info); + bbio->orig_start = dio_data->orig_start; } btrfs_set_bio_crypt_ctx_from_extent(&bbio->bio, bbio->inode, From patchwork Wed Jan 24 17:19:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529487 Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B67E581AC7 for ; Wed, 24 Jan 2024 17:20:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116803; cv=none; b=Q+GR6kFAZcgcvdV4mLzvCkFQbsQzTjhK5D6chvK6Irhuo3CFR/O5RMx3gXGyfKJl3a8fn9w5akFHn3o/n1MKfCw330Uldj6lmBguIL7rw6j0N2ISlrH1HFiWZHSBJ6SP6CjVSrnIjJAzYXU90kgAMgC7f17XDbTE9T1XJj4G+Rg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116803; c=relaxed/simple; bh=ojpa3cxqYiII3mUVJLkF3OlQFxqXq8KkV0W4+PnJhQ0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F74fTVLLeYf/Fv0OeNTq+Es8qY67e3g6kS35yupE0V9isQBR6Cnx7K7H9mBTFQlrJ1T2paBGGeIOPBxSJ0sq1daQvZj52mdxOMW2lSvfhTd9kekLzN5OwnJMScvJT9wIrJOHKqRD6aejAj5R1Dt2Vyq/KG9zr5YtI0+DHHj7UbM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=0B+UcI+G; arc=none smtp.client-ip=209.85.219.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="0B+UcI+G" Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-dc21d7a7042so5011641276.2 for ; Wed, 24 Jan 2024 09:20:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116801; x=1706721601; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4WtC6Aldok1fR5PG9ch6LHkGpBRc+MixBcB6xgNDFOk=; b=0B+UcI+GB5PGDiAbhiDw3HjHeTgXjWmyqzAzmEqrgAqsBOSz7cLr572KJQYA3PwCck GGvCxOftRJBud6+HUN5K9v6pktkJq7tj4AwjNLJkrK3VG1ac858wF+XWlvJfUoMYrBGL CNV1+KY31N+mh2Rqz658qXHXuCYJWjuzoaBaqnx+N6kic1tDbauusg4puBkESQUImz4+ vndSBpdmo0RjGK06rQC4rbgE/EFsYOIVfW8Re+1kQ/Rf5W7NcBaZ715BT3dAoc1HlnTL /gg3N4IiMsvSBxX4Z+3D5NVcio0N9Yxmj9eMSSkRwXj8O4TcNYTUAMiVWpzNOL0jjzBX xIjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116801; x=1706721601; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4WtC6Aldok1fR5PG9ch6LHkGpBRc+MixBcB6xgNDFOk=; b=qrHAU+aFU96k3ZY7wFBnryrlgg0RKDNvsO+Tsh+9sQG9p90U0Lnn28nNxTwD6pRgG6 Z8rRNY/mJ+PPpxcemc4TsqbeZWo/Gc0EcpgGkkCeLoiFEDZZ4lLZoZdkUdihsyYpniHa k+Fo2XfoLb51BRdYsXf2g8zKEUTFiBOKsNEgquYiFjGtksZB3DvLUhDh+ju6ZIpIt/Ak e/pUsCvslPRi9MqAaCkM8DFRBMmYqbYnhuk216uPjWtHMr6mgnXJKhvidDZ2owdg15Hc J2cMISbZQiOM26lzI7YiZP2Q+IyEVfklF8TP19K7JQPCBsQ3rt8RRJpUUOhwQG/XNLsJ qOng== X-Gm-Message-State: AOJu0YxxpYaOIdFwPQ73dVkI8xEwvu7suNiFPKHgPGtAEZUDYuiQ52En 0c2vWZyhACAiruTSxtAYoIB71WUKeHGsfA2Waz6XphJJGsDAjl03pKoQJiLl6co3vEAE/s+lbL5 + X-Google-Smtp-Source: AGHT+IFJfk44bKxhnWRwngpWLsYV6Gm0LyOBtFlNuZih/B7Any72t8e4zr7XKckADcBvENmZAH9SaA== X-Received: by 2002:a05:6902:548:b0:dc2:1a2b:bc1 with SMTP id z8-20020a056902054800b00dc21a2b0bc1mr971480ybs.19.1706116800676; Wed, 24 Jan 2024 09:20:00 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id u11-20020a25840b000000b00dc218e084fbsm2842041ybk.28.2024.01.24.09.20.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:00 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 40/52] btrfs: add test_dummy_encryption support Date: Wed, 24 Jan 2024 12:19:02 -0500 Message-ID: <77449ee5a882db2945429946c74ea7e796122328.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In order to enable more thorough testing of fscrypt enable the test_dummy_encryption mount option. This is used by fscrypt users to easily enable fscrypt on the file system for testing without needing to do the key setup and everything. The only deviation from other file systems we make is we only support the fsparam_flag version of this mount option, as it defaults to v2. We don't want to have to bother with rejecting v1 related mount options. Signed-off-by: Josef Bacik --- fs/btrfs/disk-io.c | 1 + fs/btrfs/fs.h | 3 +++ fs/btrfs/fscrypt.c | 6 +++++ fs/btrfs/super.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 51c6127508af..70e33df8f975 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1290,6 +1290,7 @@ void btrfs_free_fs_info(struct btrfs_fs_info *fs_info) kfree(fs_info->super_copy); kfree(fs_info->super_for_commit); kfree(fs_info->subpage_info); + fscrypt_free_dummy_policy(&fs_info->dummy_enc_policy); kvfree(fs_info); } diff --git a/fs/btrfs/fs.h b/fs/btrfs/fs.h index 1340e71d026c..74752204f3ab 100644 --- a/fs/btrfs/fs.h +++ b/fs/btrfs/fs.h @@ -7,6 +7,7 @@ #include #include #include +#include #include "extent-io-tree.h" #include "extent_map.h" #include "async-thread.h" @@ -189,6 +190,7 @@ enum { BTRFS_MOUNT_IGNOREDATACSUMS = (1UL << 28), BTRFS_MOUNT_NODISCARD = (1UL << 29), BTRFS_MOUNT_NOSPACECACHE = (1UL << 30), + BTRFS_MOUNT_TEST_DUMMY_ENCRYPTION = (1UL << 31), }; /* @@ -828,6 +830,7 @@ struct btrfs_fs_info { spinlock_t eb_leak_lock; struct list_head allocated_ebs; #endif + struct fscrypt_dummy_policy dummy_enc_policy; }; static inline u64 btrfs_get_fs_generation(const struct btrfs_fs_info *fs_info) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 560243d732e7..6a6ecf4a49e2 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -243,6 +243,11 @@ static blk_status_t btrfs_process_encrypted_bio(struct bio *orig_bio, return btrfs_csum_one_bio(bbio, enc_bio); } +static const union fscrypt_policy *btrfs_get_dummy_policy(struct super_block *sb) +{ + return btrfs_sb(sb)->dummy_enc_policy.policy; +} + int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode, struct extent_map *em, struct btrfs_fscrypt_ctx *ctx) @@ -367,4 +372,5 @@ const struct fscrypt_operations btrfs_fscrypt_ops = { .empty_dir = btrfs_fscrypt_empty_dir, .get_devices = btrfs_fscrypt_get_devices, .process_bio = btrfs_process_encrypted_bio, + .get_dummy_policy = btrfs_get_dummy_policy, }; diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 28fbe366717e..861fbf48456a 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -88,6 +88,7 @@ struct btrfs_fs_context { unsigned long compress_type:4; unsigned int compress_level; refcount_t refs; + struct fscrypt_dummy_policy dummy_enc_policy; }; enum { @@ -122,6 +123,7 @@ enum { Opt_thread_pool, Opt_treelog, Opt_user_subvol_rm_allowed, + Opt_test_dummy_encryption, /* Rescue options */ Opt_rescue, @@ -253,6 +255,10 @@ static const struct fs_parameter_spec btrfs_fs_parameters[] = { fsparam_flag_no("enospc_debug", Opt_enospc_debug), #ifdef CONFIG_BTRFS_DEBUG fsparam_enum("fragment", Opt_fragment, btrfs_parameter_fragment), + + fsparam_flag("test_dummy_encryption", Opt_test_dummy_encryption), + fsparam_string("test_dummy_encryption", Opt_test_dummy_encryption), + #endif #ifdef CONFIG_BTRFS_FS_REF_VERIFY fsparam_flag("ref_verify", Opt_ref_verify), @@ -271,6 +277,7 @@ static int btrfs_parse_param(struct fs_context *fc, struct fs_parameter *param) struct btrfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; int opt; + int ret; opt = fs_parse(fc, btrfs_fs_parameters, param, &result); if (opt < 0) @@ -598,6 +605,22 @@ static int btrfs_parse_param(struct fs_context *fc, struct fs_parameter *param) return -EINVAL; } break; + case Opt_test_dummy_encryption: + /* + * We only support v2, so reject any v1 policies. + */ + if (param->type == fs_value_is_string && *param->string && + !strcmp(param->string, "v1")) { + btrfs_info(NULL, "v1 encryption isn't supported"); + return -EINVAL; + } + + btrfs_set_opt(ctx->mount_opt, TEST_DUMMY_ENCRYPTION); + ret = fscrypt_parse_test_dummy_encryption(param, + &ctx->dummy_enc_policy); + if (ret) + return ret; + break; #endif #ifdef CONFIG_BTRFS_FS_REF_VERIFY case Opt_ref_verify: @@ -945,6 +968,9 @@ static int btrfs_fill_super(struct super_block *sb, return err; } + if (fscrypt_is_dummy_policy_set(&fs_info->dummy_enc_policy)) + btrfs_set_fs_incompat(fs_info, ENCRYPT); + inode = btrfs_iget(sb, BTRFS_FIRST_FREE_OBJECTID, fs_info->fs_root); if (IS_ERR(inode)) { err = PTR_ERR(inode); @@ -1101,6 +1127,9 @@ static int btrfs_show_options(struct seq_file *seq, struct dentry *dentry) #endif if (btrfs_test_opt(info, REF_VERIFY)) seq_puts(seq, ",ref_verify"); + if (btrfs_test_opt(info, TEST_DUMMY_ENCRYPTION)) + fscrypt_show_test_dummy_encryption(seq, ',', dentry->d_sb); + seq_printf(seq, ",subvolid=%llu", BTRFS_I(d_inode(dentry))->root->root_key.objectid); subvol_name = btrfs_get_subvol_name_from_objectid(info, @@ -1368,6 +1397,18 @@ static void btrfs_ctx_to_info(struct btrfs_fs_info *fs_info, struct btrfs_fs_con fs_info->mount_opt = ctx->mount_opt; fs_info->compress_type = ctx->compress_type; fs_info->compress_level = ctx->compress_level; + + /* + * If there's nothing set, or if the fs_info already has one set, don't + * do anything. If the fs_info is set we'll free the dummy one when we + * free the ctx. + */ + if (!fscrypt_is_dummy_policy_set(&ctx->dummy_enc_policy) || + fscrypt_is_dummy_policy_set(&fs_info->dummy_enc_policy)) + return; + + fs_info->dummy_enc_policy = ctx->dummy_enc_policy; + memset(&ctx->dummy_enc_policy, 0, sizeof(ctx->dummy_enc_policy)); } static void btrfs_info_to_ctx(struct btrfs_fs_info *fs_info, struct btrfs_fs_context *ctx) @@ -1419,6 +1460,7 @@ static void btrfs_emit_options(struct btrfs_fs_info *info, btrfs_info_if_set(info, old, USEBACKUPROOT, "trying to use backup root at mount time"); btrfs_info_if_set(info, old, IGNOREBADROOTS, "ignoring bad roots"); btrfs_info_if_set(info, old, IGNOREDATACSUMS, "ignoring data csums"); + btrfs_info_if_set(info, old, TEST_DUMMY_ENCRYPTION, "test dummy encryption mode enabled"); btrfs_info_if_unset(info, old, NODATACOW, "setting datacow"); btrfs_info_if_unset(info, old, SSD, "not using ssd optimizations"); @@ -1448,6 +1490,23 @@ static void btrfs_emit_options(struct btrfs_fs_info *info, btrfs_info(info, "max_inline set to %llu", info->max_inline); } +static bool btrfs_check_test_dummy_encryption(struct fs_context *fc) +{ + struct btrfs_fs_context *ctx = fc->fs_private; + struct btrfs_fs_info *fs_info = btrfs_sb(fc->root->d_sb); + + if (!fscrypt_is_dummy_policy_set(&ctx->dummy_enc_policy)) + return true; + + if (fscrypt_dummy_policies_equal(&fs_info->dummy_enc_policy, + &ctx->dummy_enc_policy)) + return true; + + btrfs_warn(fs_info, + "Can't set or change test_dummy_encryption on remount"); + return false; +} + static int btrfs_reconfigure(struct fs_context *fc) { struct super_block *sb = fc->root->d_sb; @@ -1474,6 +1533,10 @@ static int btrfs_reconfigure(struct fs_context *fc) !btrfs_check_options(fs_info, &ctx->mount_opt, fc->sb_flags)) return -EINVAL; + if (!mount_reconfigure && + !btrfs_check_test_dummy_encryption(fc)) + return -EINVAL; + ret = btrfs_check_features(fs_info, !(fc->sb_flags & SB_RDONLY)); if (ret < 0) return ret; @@ -2105,6 +2168,7 @@ static void btrfs_free_fs_context(struct fs_context *fc) btrfs_free_fs_info(fs_info); if (ctx && refcount_dec_and_test(&ctx->refs)) { + fscrypt_free_dummy_policy(&ctx->dummy_enc_policy); kfree(ctx->subvol_name); kfree(ctx); } From patchwork Wed Jan 24 17:19:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529489 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA7721292E0 for ; Wed, 24 Jan 2024 17:20:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116805; cv=none; b=Qx0/x42OhKIwG2r4jJeRp5QSgqnwgIVE2r7HvqtzgVXeepvkWJZv6GqZIZlaj4lggyQsqc1LRj2TCKhHw9lEXdpfTNedgoycVR/oy0OgQCcaCszb7fAUejkSbhGIwWUFCJNsGelDmYgkovLGPEzJim0GM+XOIEiKn9/wbAF/g8A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116805; c=relaxed/simple; bh=H+o9F8jzIhnsi4JQHLAg23y5GrbRgWs5MeiKkmOUwZM=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Q7h+Gt3o/RLVxtmu/EgMfQv5nBln0rKYHqKsGDJiZ/eHwwbPRX8fScuBo7qHq40K6HPqxnsFQryEERbFY4/yXnh43oi/olI8wpiO5bs+YE99ECOCdJNkuXqLqwBojH1jG4CyGUprJ+FTopDKel22OpaDB9mrW+X3nNWH3OA2ihY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=KZepQo5q; arc=none smtp.client-ip=209.85.128.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="KZepQo5q" Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-5ffb528dc8dso33524067b3.1 for ; Wed, 24 Jan 2024 09:20:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116801; x=1706721601; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TCdBR2G5HfGtYuIo2ocQUjM3CkUrXp0t8Vms/+tMMV4=; b=KZepQo5qOZrtW9KBASxseViwiCADbieSp8C4rGFF4gyJCB+PnN+rUe/NYb9Td+7nPG p8XFbmW91vFPqZ3lE78pgsm6ntmT6FBsPQ2NNC7/2MRaU3aYnRKiw3lNdLt4JdRnQ3Jf Mggn3cv8Uy7rCYJFBbBn+bljMA08AH61Tv2L27Yj2ZBpIS7lLyIEihoeXPT20qYYSlEk ZxaRF8QejfaM7N797xKcJr2FXpQljiCDWhZJivq58CGhidlfaz+IVkk2WOcLgCBacEHT L5WKIIH6rjGL04nZ+ZqvYC1dgkohwqumDhnVcP1w12YdIlAMyd7UmD3cEAxCJxl16Nf0 c4Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116801; x=1706721601; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TCdBR2G5HfGtYuIo2ocQUjM3CkUrXp0t8Vms/+tMMV4=; b=XGaF8p8ZQtbNe+C/RxDZPQJN7L8JquXMljoBGw+pPNbyaxxfPzTA/HcqwNLqZwob9Q /YRuA3QGUoEFv0uWhCOfccCYUT8XXFdZKofo9+L/lprktsZnZT1HGhixoG27rN7syh0P 5tpjd80Q9ZTJ7RWMkfO3JvYXUMYLJzmMIzZcAhJ9A5ctgGllQtXbQxf91TuLRPxKaqBH CjLpmE4Eedzqvc8QZ8NF7MgK04WC1SwUbJ92G2rzH+LQMk0zNqK67hIsJn6ZuGHfciUq EAZaLFDw5tnJFINaYEMTTJ23eCeQTTX5i5jCuVgUrxqBgq0g2VC+QqAuaiNFwDwZNPzg ZKOA== X-Gm-Message-State: AOJu0YywQDPYHMGNpcnkvF4rK3IICSkBYSVxSk+IhA+oiL+VyyrNzqsw o17F48St6w2eXp4iEdM3T1jZ7T43HIxmdgp03I70RQkZFHmEvQj2oR8NMXIrse1fme6tD6V5Iok r X-Google-Smtp-Source: AGHT+IGubQv+cMkA5HQQvWBZ0mlo8Zqd16o2zyd481MfZ6dW/JoypLoMxFCC66l091HKND6A1PbGmA== X-Received: by 2002:a0d:dd06:0:b0:5ff:8ab2:89a7 with SMTP id g6-20020a0ddd06000000b005ff8ab289a7mr916259ywe.4.1706116801603; Wed, 24 Jan 2024 09:20:01 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id bg1-20020a05690c030100b005ffa352a84fsm65934ywb.21.2024.01.24.09.20.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:01 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 41/52] btrfs: don't rewrite ret from inode_permission Date: Wed, 24 Jan 2024 12:19:03 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In our user safe ino resolve ioctl we'll just turn any ret into -EACCES from inode_permission. This is redundant, and could potentially be wrong if we had an ENOMEM in the security layer or some such other error, so simply return the actual return value. Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 95e2615bba51..2740f0359446 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1989,10 +1989,8 @@ static int btrfs_search_path_in_tree_user(struct mnt_idmap *idmap, ret = inode_permission(idmap, temp_inode, MAY_READ | MAY_EXEC); iput(temp_inode); - if (ret) { - ret = -EACCES; + if (ret) goto out_put; - } if (key.offset == upper_limit.objectid) break; From patchwork Wed Jan 24 17:19:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529488 Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AFA79128399 for ; Wed, 24 Jan 2024 17:20:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116805; cv=none; b=WTCEXjr7jQCoGWuzk9UFd9vg7O7TH6rqC/Zp3m0K/kZ8Ni7UkUW3B10HquCnpOAlT1xj/PYVVmQUzwNqL68TqhYMQs6JPGHeg+9Ewy2iW46A9uy1zWjPChyT/YnIA7WqTND3CuLEBRk/ZMKuD4eXM2KGb4iRS+SeRi8a3Drw+HE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116805; c=relaxed/simple; bh=fonpqmZLmF4h0WfFK8NQtkdaGG4GMuivfti+cunM6fQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F+IOxXF7G5q0XjoBw8f15fhwLjJPzhSOwrUAS1XTeP6vzlRlD9Vl/DSlvC/Syd4nTBwWBQHxXs2T/zvtY0vQjkZnSf5yKMSBi1CvT/mXZb207cqvt0rz5ILZYmAxwGAcc+xaFl4OYfsphnB7bmrtz66Dmc6mwdhRxCRn91ZcXW0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=jmTacTCM; arc=none smtp.client-ip=209.85.219.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="jmTacTCM" Received: by mail-yb1-f173.google.com with SMTP id 3f1490d57ef6-dbed179f0faso5173029276.1 for ; Wed, 24 Jan 2024 09:20:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116802; x=1706721602; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7EkQomOIBdhqYXirHEDAB1AmrGwt8q/ZQPW8iaM0dwI=; b=jmTacTCMuwzQ9YpNFVCbiXonM7yZoLzgqPx3ltbjZzRMbmMr3Uog+PzJyS9eB/ggMb rWAMUFVhfJk+n10fbdOCe2UdQ5vA38g3dhz6jZc3STAvWAT/1ILm9DmaaS4HRxKeGVid cTrjnTwWi3hUleud9DVarFYemYgKiZ0gXmT5yq03tGVo1kVth3zpNKUVW59K5QuWNgHo 1Zor03mDsBYCuEohbdUlhJGPPuwKKvEJe0tnrWxRBvFmm1pHO5BIko2ye634IqQ5D/0r 8HbvU5goAZ4j1VHyb6z/+Hb/jHUgd7VhbV3Kpyz+w6ZQuLl9i2O3Ai1YU0AnJ/gXHAr7 2Dlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116802; x=1706721602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7EkQomOIBdhqYXirHEDAB1AmrGwt8q/ZQPW8iaM0dwI=; b=OX8r11dmwo/A8fKJ0tXM4g5rWT1wgBpTJnPIu8LxziKuQKbjOx3u+nUlAjkWLeY5NX VF5kCLHnWpvm1TD0iyOrqnu2VHA4MZISdtfBmJflHIGmQlrTG2kL5ufAQuB9yhc7CYrH W8jCvD6y//Xn8rvcbWcrTSzu2KN7D0KUONUap9rIAO3X+1JVgeDs3gt/hfQrzL5EhY/q /6WApzjN3JcSULEdgXOuAYrOBksHV/Y/hvTQODIeYdNurAtm+lYy6tRQpM2iKEYd2kxX AdF+FaMuzGbetB4CaJ4ikSjc/DBuYzY5FOieC7k0Uj/LowVKKakAOcS1t/+m1cR94MCa CAkA== X-Gm-Message-State: AOJu0YwlOfTmMLK2sSaarehAPjo2mS5Ltdd1miTWg65wcD1Zo0Kuqb3N bw7PSxvM1dgMRKi5ygaSlaQO3DZ5sMJ3YinHRgxqIEdLd7HI2kYYeBr2aG7TRnFJuAXQnoKN+SN + X-Google-Smtp-Source: AGHT+IHrGKYOaReNcz61RHI4RreLgS4fHbommpSq/csbJFrfvavU98WKHe3LIYbpTrRLh8AN4IYADw== X-Received: by 2002:a25:5f41:0:b0:dc2:65ea:3fec with SMTP id h1-20020a255f41000000b00dc265ea3fecmr797365ybm.38.1706116802536; Wed, 24 Jan 2024 09:20:02 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id j5-20020a25fb05000000b00dc23059cbfasm2860147ybe.42.2024.01.24.09.20.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:02 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 42/52] btrfs: move inode_to_path higher in backref.c Date: Wed, 24 Jan 2024 12:19:04 -0500 Message-ID: <49adcdd81c9a110d03e2ab33e919e0c922c9dd09.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We have a prototype and then the definition lower below, we don't need to do this, simply move the function to where the prototype is. Signed-off-by: Josef Bacik --- fs/btrfs/backref.c | 69 ++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 36 deletions(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index beed7e459dab..f58fe7c745c2 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -2578,8 +2578,40 @@ int iterate_inodes_from_logical(u64 logical, struct btrfs_fs_info *fs_info, build_ino_list, ctx); } +/* + * returns 0 if the path could be dumped (probably truncated) + * returns <0 in case of an error + */ static int inode_to_path(u64 inum, u32 name_len, unsigned long name_off, - struct extent_buffer *eb, struct inode_fs_paths *ipath); + struct extent_buffer *eb, struct inode_fs_paths *ipath) +{ + char *fspath; + char *fspath_min; + int i = ipath->fspath->elem_cnt; + const int s_ptr = sizeof(char *); + u32 bytes_left; + + bytes_left = ipath->fspath->bytes_left > s_ptr ? + ipath->fspath->bytes_left - s_ptr : 0; + + fspath_min = (char *)ipath->fspath->val + (i + 1) * s_ptr; + fspath = btrfs_ref_to_path(ipath->fs_root, ipath->btrfs_path, name_len, + name_off, eb, inum, fspath_min, bytes_left); + if (IS_ERR(fspath)) + return PTR_ERR(fspath); + + if (fspath > fspath_min) { + ipath->fspath->val[i] = (u64)(unsigned long)fspath; + ++ipath->fspath->elem_cnt; + ipath->fspath->bytes_left = fspath - fspath_min; + } else { + ++ipath->fspath->elem_missed; + ipath->fspath->bytes_missing += fspath_min - fspath; + ipath->fspath->bytes_left = 0; + } + + return 0; +} static int iterate_inode_refs(u64 inum, struct inode_fs_paths *ipath) { @@ -2704,41 +2736,6 @@ static int iterate_inode_extrefs(u64 inum, struct inode_fs_paths *ipath) return ret; } -/* - * returns 0 if the path could be dumped (probably truncated) - * returns <0 in case of an error - */ -static int inode_to_path(u64 inum, u32 name_len, unsigned long name_off, - struct extent_buffer *eb, struct inode_fs_paths *ipath) -{ - char *fspath; - char *fspath_min; - int i = ipath->fspath->elem_cnt; - const int s_ptr = sizeof(char *); - u32 bytes_left; - - bytes_left = ipath->fspath->bytes_left > s_ptr ? - ipath->fspath->bytes_left - s_ptr : 0; - - fspath_min = (char *)ipath->fspath->val + (i + 1) * s_ptr; - fspath = btrfs_ref_to_path(ipath->fs_root, ipath->btrfs_path, name_len, - name_off, eb, inum, fspath_min, bytes_left); - if (IS_ERR(fspath)) - return PTR_ERR(fspath); - - if (fspath > fspath_min) { - ipath->fspath->val[i] = (u64)(unsigned long)fspath; - ++ipath->fspath->elem_cnt; - ipath->fspath->bytes_left = fspath - fspath_min; - } else { - ++ipath->fspath->elem_missed; - ipath->fspath->bytes_missing += fspath_min - fspath; - ipath->fspath->bytes_left = 0; - } - - return 0; -} - /* * this dumps all file system paths to the inode into the ipath struct, provided * is has been created large enough. each path is zero-terminated and accessed From patchwork Wed Jan 24 17:19:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529490 Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A220F81AC7 for ; Wed, 24 Jan 2024 17:20:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116806; cv=none; b=HfxW9IO/vxfDM8JwI7i6oPR9jxJYWVvtkAenPKZVkeuKuqeNTbF4hxZzSAzwK2D7JH4idLJwFXGBwhj3qjssL7a75DxkO39ORuRqHhQBPvEJi2UNKYn1Zd5NAFQhKUyq1JWZWfFWgeQ3Se1o+xCJqx39/WP2zyf6giey7Lzm2w0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116806; c=relaxed/simple; bh=RsgzIVBsz01VwzkIxSD2+w4KA2XXIeeWH0vR/60+LQc=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OJzoJtxb8cu5O9JTVA9xxg36JjqTPA3ublxcwHCgoy+Ieg/vd4q9VMoX+PLutopYCLwnvrjn+3p2GsI9eEg0agq5XzENMPi13I7hQg2hPZyCXOZwJLK+rD+1NDaWNd2R7vKs063DrdIYIIOXzp/DFuHceL1z78OfFIGhQEV8ahs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=F3APG9kY; arc=none smtp.client-ip=209.85.219.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="F3APG9kY" Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-dc221f01302so4470179276.2 for ; Wed, 24 Jan 2024 09:20:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116803; x=1706721603; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OloT/erk4mHRgg9VGWOA3jcX3n+PreTy1AVXCpgYEsE=; b=F3APG9kYFsq3cAI95glBr2AgCk+/nG0Z4oLGKQduPdcAXzuvcGJHYskqS2gRaXku/p SWrvX/Ga4Nifk06Qv561HD7t8baVb6tVwVSVHY6T3kmr6C/c8yjdJgBdRV8P0RlCXjs4 5y9hZj/o9hWU2/ZQksXZ5YSIrav/LPRohTpoyiQRaTW8Awe7Bg+FcCjEEkG706N5Woit 5rwGcySPwX9zJDD4bfSUN3BCYgHluIgvQmDWTXmaRKFXl+VFrglsb/pxHc9DbmjmY5CD FvZrjIXPbetsbq/U0eUzNk7IxLfEVJX0oNy/pQBc71wWr3T4CwVIccF6yIRF003sA+MI 1pYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116803; x=1706721603; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OloT/erk4mHRgg9VGWOA3jcX3n+PreTy1AVXCpgYEsE=; b=HPrYte0uHrg11RaBgwFqLI03l3yhPoVI3X41sWSkld5Fa2Ch0v5dj1D9vBP0go9HZs qibkGWe02S1KQKLl0hBISPghzYuRTNi+HNicajBfZVbm8rESQh4OiDB42sKsNjiGC2eO O+1fxpH3D0NSYoIO5ZEAJBZZ1BPzg7NnLlUHYz6A2x1HIRpoK+fvprY8ASafNas6b6jf a0Gmxfk7Iw6ac4Iy0zJ6SBeQkRRFL+Tw9m+eaiL56NjEoY9YQSFg7o8A5GA+TBWeUlEd b9ULtHLJrgzN2TM359iQAFIgKh+a/7X+6FMM7zXWW0WYmWyM+GDKKwo7tva+ghQOqJ8z I9jA== X-Gm-Message-State: AOJu0YxSqunLLyTvn4KTaNf9qdbkDCBot8PmjOPIKwSbQ1SkLWoTgwej FY/wP8xvX6ZtAfUiKxcppV4Dm3qy8Kg8CYlI7nU2fkgm7J7NCotcfdPc5rrw6pQiqLUjnf6fP2U s X-Google-Smtp-Source: AGHT+IHaqWhrpDkjISBRATMkV1CIWIFl9HfeZzFRPLcxMZciRt/LBMMfWyBultpUP/fkkBsgmYZmPw== X-Received: by 2002:a25:8609:0:b0:dc2:3aec:d5ee with SMTP id y9-20020a258609000000b00dc23aecd5eemr1053429ybk.114.1706116803431; Wed, 24 Jan 2024 09:20:03 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id y185-20020a25dcc2000000b00d677aec54ffsm2935134ybe.60.2024.01.24.09.20.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:03 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 43/52] btrfs: make btrfs_ref_to_path handle encrypted filenames Date: Wed, 24 Jan 2024 12:19:05 -0500 Message-ID: <365d4f820f70b7cf69b1b9cae9b949a15c3350b0.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We use this helper for inode-resolve and path resolution in send, so update this helper to properly decrypt any encrypted names it finds. Signed-off-by: Josef Bacik --- fs/btrfs/backref.c | 45 +++++++++++++++++++++++++++++++++++++++++---- fs/btrfs/fscrypt.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ fs/btrfs/fscrypt.h | 11 +++++++++++ 3 files changed, 98 insertions(+), 4 deletions(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index f58fe7c745c2..9ed854b9f3fc 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -20,6 +20,7 @@ #include "extent-tree.h" #include "relocation.h" #include "tree-checker.h" +#include "fscrypt.h" /* Just arbitrary numbers so we can be sure one of these happened. */ #define BACKREF_FOUND_SHARED 6 @@ -2117,6 +2118,42 @@ int btrfs_find_one_extref(struct btrfs_root *root, u64 inode_objectid, return ret; } +static int copy_resolved_iref_to_buf(struct btrfs_root *fs_root, + struct extent_buffer *eb, + char *dest, u64 parent, + unsigned long name_off, u32 name_len, + s64 *bytes_left) +{ + struct btrfs_fs_info *fs_info = fs_root->fs_info; + struct fscrypt_str fname = FSTR_INIT(NULL, 0); + int ret; + + /* No encryption, just copy the name in. */ + if (!btrfs_fs_incompat(fs_info, ENCRYPT)) { + *bytes_left -= name_len; + if (*bytes_left >= 0) + read_extent_buffer(eb, dest + *bytes_left, + name_off, name_len); + return 0; + } + + ret = fscrypt_fname_alloc_buffer(BTRFS_NAME_LEN, &fname); + if (ret) + return ret; + + ret = btrfs_decrypt_name(fs_root, eb, name_off, name_len, parent, + &fname); + if (ret) + goto out; + + *bytes_left -= fname.len; + if (*bytes_left >= 0) + memcpy(dest + *bytes_left, fname.name, fname.len); +out: + fscrypt_fname_free_buffer(&fname); + return ret; +} + /* * this iterates to turn a name (from iref/extref) into a full filesystem path. * Elements of the path are separated by '/' and the path is guaranteed to be @@ -2148,10 +2185,10 @@ char *btrfs_ref_to_path(struct btrfs_root *fs_root, struct btrfs_path *path, dest[bytes_left] = '\0'; while (1) { - bytes_left -= name_len; - if (bytes_left >= 0) - read_extent_buffer(eb, dest + bytes_left, - name_off, name_len); + ret = copy_resolved_iref_to_buf(fs_root, eb, dest, parent, + name_off, name_len, &bytes_left); + if (ret) + break; if (eb != eb_in) { if (!path->skip_locking) btrfs_tree_read_unlock(eb); diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 6a6ecf4a49e2..83fa99a5be6e 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -365,6 +365,52 @@ int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length) return map_length; } +int btrfs_decrypt_name(struct btrfs_root *root, struct extent_buffer *eb, + unsigned long name_off, u32 name_len, + u64 parent_ino, struct fscrypt_str *name) +{ + struct btrfs_fs_info *fs_info = root->fs_info; + struct inode *dir; + struct fscrypt_str iname = FSTR_INIT(NULL, 0); + int ret; + + ASSERT(name_len <= BTRFS_NAME_LEN); + + ret = fscrypt_fname_alloc_buffer(name_len, &iname); + if (ret) + return ret; + + dir = btrfs_iget(fs_info->sb, parent_ino, root); + if (IS_ERR(dir)) { + ret = PTR_ERR(dir); + goto out; + } + + /* + * Directory isn't encrypted, the name isn't encrypted, we can just copy + * it into the buffer. + */ + if (!IS_ENCRYPTED(dir)) { + read_extent_buffer(eb, name->name, name_off, name_len); + name->len = name_len; + goto out_inode; + } + + read_extent_buffer(eb, iname.name, name_off, name_len); + + ret = fscrypt_prepare_readdir(dir); + if (ret) + goto out_inode; + + ASSERT(dir->i_crypt_info); + ret = fscrypt_fname_disk_to_usr(dir, 0, 0, &iname, name); +out_inode: + iput(dir); +out: + fscrypt_fname_free_buffer(&iname); + return ret; +} + const struct fscrypt_operations btrfs_fscrypt_ops = { .has_per_extent_encryption = 1, .get_context = btrfs_fscrypt_get_context, diff --git a/fs/btrfs/fscrypt.h b/fs/btrfs/fscrypt.h index 703122e8d57f..6fca223e7d9e 100644 --- a/fs/btrfs/fscrypt.h +++ b/fs/btrfs/fscrypt.h @@ -38,6 +38,9 @@ bool btrfs_mergeable_encrypted_bio(struct bio *bio, struct inode *inode, struct fscrypt_extent_info *fi, u64 logical_offset); int btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length); +int btrfs_decrypt_name(struct btrfs_root *root, struct extent_buffer *eb, + unsigned long name_off, u32 name_len, + u64 parent_ino, struct fscrypt_str *name); #else static inline void btrfs_fscrypt_save_extent_info(struct btrfs_inode *inode, @@ -98,6 +101,14 @@ static inline u64 btrfs_fscrypt_bio_length(struct bio *bio, u64 map_length) return map_length; } +static inline int btrfs_decrypt_name(struct btrfs_root *root, + struct extent_buffer *eb, + unsigned long name_off, u32 name_len, + u64 parent_ino, struct fscrypt_str *name) +{ + return -EINVAL; +} + #endif /* CONFIG_FS_ENCRYPTION */ extern const struct fscrypt_operations btrfs_fscrypt_ops; From patchwork Wed Jan 24 17:19:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529491 Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99F021292F3 for ; Wed, 24 Jan 2024 17:20:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116807; cv=none; b=iCt+/SX6IqzJm1zR+OnMfa5cmY8DPJEkpBP1Wamf36wilJPM1YpDVTvxndZLCC2+ySQp8k4bU0ARCq6glnUZICJW4i6UFXpNQYH1yMh5+iNll+yqVdS/xifeNGJ7fDMPjj/rELeES/lx8R9QQTJGN6qAqDxpeXQqRiRaMxrYPkE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116807; c=relaxed/simple; bh=0RvlsfLOSn3+Tptx/+KHsomQ6m2NCD5RtDAhF7RPT5Y=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WoYaNzw7cONHv2cjXHXjIV/1pcCCBcPD4joXJ3XlBavpe5Nym3zGW/RJ/jKtYAIuLf5z4HAT179qj/ms6VIq6uHQO2zKP1k5KRPFmtYDGaoQfg3GL6QFxhYmnPZlMjmhZij55l5vK9iSgy2GAZf+6wiMAihVK/CstzZ6Hfai3L8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=Lr/hgcy+; arc=none smtp.client-ip=209.85.128.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="Lr/hgcy+" Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-60032f9e510so18446587b3.2 for ; Wed, 24 Jan 2024 09:20:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116804; x=1706721604; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ZeC1YxJFTfa0zQ5hIQIZHx7xW86/p/Vd7B5Eiqx4Plo=; b=Lr/hgcy+DC4aXlu/T9nZjpSE6JUt89d6eUssXax/skFU2+RXTt1VcOiWJCCHq828Fv 9E4OAaRbhkT1FdMJSOPZGWvD4jcMi+OJhObEFKVcbeoOR4H53GWKdDIQeF5Jhx2MyW42 9QWtxluRpDhVGkDR5l/L6pvxxgHpFacuIa7cPa/N/4Zww4sK+uHNDKbFE+d5I7Kj6Cw4 iz6BLrLc6d6SD6GKgRmEceAOaQD8LBbyAQBxkgeXHXJWR5LW5FRbymxcU+SnGGVn3nAt WnfDgl6yIfOa+aoe16atxpuBR7V04gD0ZH5+wHAvZUvAo+7y2SWEe6rAiqN07AcPcBZY fGNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116804; x=1706721604; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZeC1YxJFTfa0zQ5hIQIZHx7xW86/p/Vd7B5Eiqx4Plo=; b=hlJH7Bj7JeFcn3LpBsNmUKb2ZtxAqpThpLaWJ5PNXyM38PfOQGFf8T27sCaY+e2cDt qc7Ei05YuvI/TEBK96opQ8K9NK7ZKKx44a/U7dUqIs9anPSoe0EvSYwStihFnrtpc7kp +yzUAvdHcSoeTxogVnkFbsjjLkCh0OeEMqFuDYY1xC6RsIg5d5Fa0noI2rxC9F6Yy22G wjkwSwpGb9AFtrXl6M05T5dBPRVIqBmQal06bR0TZSLWONWMf5d7yIi1708hZpIVeo8Y XenThOUdLWKT4NdkktjDOVvpwxGhNEHorOD5VXib3orXIDcZrovPW8YFVq8ZE6RI5hNv lvYw== X-Gm-Message-State: AOJu0Yw6PWE2u/07ARGVUu+9VGi/TpMG4LGiP01/0GoxynjVmHtuXRhr G1tKRdeLu0aYJovjoMf/LsoSK2A7um49MsMh6a/b5MGtKmGu8RvyffsDkDnRVgKONBRdo3puF8q m X-Google-Smtp-Source: AGHT+IFhVfwRbSQggUrFVDbhb45IeV65m2TER7oUFjuR4KmiKEal3XTLbaoJbpEIQKGHGdPfrT9lRw== X-Received: by 2002:a81:7b09:0:b0:5ff:b29d:4532 with SMTP id w9-20020a817b09000000b005ffb29d4532mr1141928ywc.35.1706116804499; Wed, 24 Jan 2024 09:20:04 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id d134-20020a0ddb8c000000b005ffd1bf706fsm61261ywe.96.2024.01.24.09.20.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:04 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 44/52] btrfs: don't search back for dir inode item in INO_LOOKUP_USER Date: Wed, 24 Jan 2024 12:19:06 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We don't need to search back to the inode item, the directory inode number is in key.offset, so simply use that. If we can't find the directory we'll get an ENOENT at the iget. Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 2740f0359446..f5dc281121d2 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1902,7 +1902,7 @@ static int btrfs_search_path_in_tree_user(struct mnt_idmap *idmap, struct btrfs_root_ref *rref; struct btrfs_root *root = NULL; struct btrfs_path *path; - struct btrfs_key key, key2; + struct btrfs_key key; struct extent_buffer *leaf; struct inode *temp_inode; char *ptr; @@ -1956,24 +1956,6 @@ static int btrfs_search_path_in_tree_user(struct mnt_idmap *idmap, read_extent_buffer(leaf, ptr, (unsigned long)(iref + 1), len); - /* Check the read+exec permission of this directory */ - ret = btrfs_previous_item(root, path, dirid, - BTRFS_INODE_ITEM_KEY); - if (ret < 0) { - goto out_put; - } else if (ret > 0) { - ret = -ENOENT; - goto out_put; - } - - leaf = path->nodes[0]; - slot = path->slots[0]; - btrfs_item_key_to_cpu(leaf, &key2, slot); - if (key2.objectid != dirid) { - ret = -ENOENT; - goto out_put; - } - /* * We don't need the path anymore, so release it and * avoid deadlocks and lockdep warnings in case @@ -1981,11 +1963,12 @@ static int btrfs_search_path_in_tree_user(struct mnt_idmap *idmap, * btree and lock the same leaf. */ btrfs_release_path(path); - temp_inode = btrfs_iget(sb, key2.objectid, root); + temp_inode = btrfs_iget(sb, key.offset, root); if (IS_ERR(temp_inode)) { ret = PTR_ERR(temp_inode); goto out_put; } + /* Check the read+exec permission of this directory */ ret = inode_permission(idmap, temp_inode, MAY_READ | MAY_EXEC); iput(temp_inode); From patchwork Wed Jan 24 17:19:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529492 Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C00D81292F7 for ; Wed, 24 Jan 2024 17:20:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116808; cv=none; b=OU4whaIHm6TI1bkDsSnQNqyCjQF7/BlY8NAQuIx3NoN165U0V5ApZ21fye2ZblE2ePNqR2S43fFFu3kbr6XkcpIBfi1lEHnsLxAivTN3MhEOu4qMgphQ1gD18ORVy9AEghx7GtgLo/vaeGw2kAjCnWu0OWjWb+2JpQ9SMO789VM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116808; c=relaxed/simple; bh=XeVoC5nsnwQ4owuS282EqW/XfwUhY0Yf+4iFPkccKWs=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iZ+h7FseFVvB3AaEEDv+ZSkXB5/Sb4s/aK2w8UGp7izT/uVrvY6dKdC6JXjYhghTuGc0f2Ic44NGRLhMhXzXbzNn3QkwZjBLH/wMZ4y91xE+MNLDMEUo0OveTKkaYsBcyjOOdWdCifPaKoN0vOHELDQfEzUiXnf3Q62dvKm1QgE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=RjlNDdWH; arc=none smtp.client-ip=209.85.219.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="RjlNDdWH" Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dafe04717baso4928126276.1 for ; Wed, 24 Jan 2024 09:20:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116805; x=1706721605; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BumCDgLCn/TsRwLhoul9wJ1aTS67uM60k+te264emjM=; b=RjlNDdWH1GkfR4Kw1lQrWOLqylFsbslzfuRYvhDynvngEB1//vsAkabEp8Jk1bSg0v AtqK0Czke5J3oxHFYgb2QpaP3A+izV4sQr+CLf3Opvi4a3GFOeChAw/WP4fjY+bYwhLE 4qZRXl8eKKgaLVAe1vzt1RsYcPlYlErKE8gg2Q1le+H7dUiNjtYqShT4UDcuZN2/SQ4f pbrF28DJa+nFDhY1m1q8ZkYRJjofvypgWOyKulwgmXqLD9owuF4iWFgn1mk5puiYyo23 8WAqb7XA9ugZvsFTymG3q2MQc7a54goFQvQvtkeW6Bf4F1pq7szGV+iN7p92qEN/sEeM BR3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116805; x=1706721605; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BumCDgLCn/TsRwLhoul9wJ1aTS67uM60k+te264emjM=; b=w1tLPqZ926LJ72cY+IK8sD35fY3IUtnCQ299QzGazTA7gCmYKcPsYu0c4ve7fajET1 t8yOC0jBnQHW4BlLjV+tclTaEx/6ib4XygjXBQL8d6PUgZc7bCEJ0Fotm9jfmjolkOtH uAwF6Pv3QAYIyiDnnRO9SC3hhOtzL6Hxz6EBxEUNnmU//IG2NQjhbouRjsjT3vfds4DL brVnh8XjtAPvzAf4IrdRq4DbFRrgvgD46GxkkYnShP3nNjvDS7Pjy5LOrLz6Yq6C6Noc lKsV5mZbDJt4Qh/QA3SdyrXFB9jwMgHMDyJkIBUWsztnA5ODCo3z2t/pkRVhOUPUAhde h0tw== X-Gm-Message-State: AOJu0YyeishY0MbU6UURDxxdlNUEYRWikji3xHt0SG20zOSMgMFXa/PQ s3WQq5qJK0JiOI7pAsKRzkk3yVL2u/1naMklo79HPntm47T4uapzN5BGCOaIeHodEPmKpJvKA9r t X-Google-Smtp-Source: AGHT+IG21sHEoRW0W8tmqQJWTnGw5rfYQQfu2AGD9JWTE/MLnwuS/E6vpQMPPuJ8I47OgBuIjne8xA== X-Received: by 2002:a25:e90f:0:b0:dc2:2895:6c79 with SMTP id n15-20020a25e90f000000b00dc228956c79mr1046202ybd.23.1706116805518; Wed, 24 Jan 2024 09:20:05 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id k12-20020a25b28c000000b00db39d501e8esm2945161ybj.61.2024.01.24.09.20.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:05 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 45/52] btrfs: deal with encrypted symlinks in send Date: Wed, 24 Jan 2024 12:19:07 -0500 Message-ID: <4d97f35d6f85ff041b09bed33b63446a92b7a20c.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Send needs to send the decrypted value of the symlinks, handle the case where the inode is encrypted and decrypt the symlink name into a buffer and copy this buffer into our fs_path struct. Signed-off-by: Josef Bacik --- fs/btrfs/send.c | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 141ab89fb63e..747d7d192b19 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -1732,9 +1732,8 @@ static int find_extent_clone(struct send_ctx *sctx, return ret; } -static int read_symlink(struct btrfs_root *root, - u64 ino, - struct fs_path *dest) +static int read_symlink_unencrypted(struct btrfs_root *root, u64 ino, + struct fs_path *dest) { int ret; struct btrfs_path *path; @@ -1800,6 +1799,48 @@ static int read_symlink(struct btrfs_root *root, return ret; } +static int read_symlink_encrypted(struct btrfs_root *root, u64 ino, + struct fs_path *dest) +{ + DEFINE_DELAYED_CALL(done); + const char *buf; + struct page *page; + struct inode *inode; + int ret = 0; + + inode = btrfs_iget(root->fs_info->sb, ino, root); + if (IS_ERR(inode)) + return PTR_ERR(inode); + + page = read_mapping_page(inode->i_mapping, 0, NULL); + if (IS_ERR(page)) { + ret = PTR_ERR(page); + goto out; + } + + buf = fscrypt_get_symlink(inode, page_address(page), + BTRFS_MAX_INLINE_DATA_SIZE(root->fs_info), + &done); + if (IS_ERR(buf)) + goto out_page; + ret = fs_path_add(dest, buf, strlen(buf)); +out_page: + put_page(page); + do_delayed_call(&done); +out: + iput(inode); + return ret; +} + + +static int read_symlink(struct btrfs_root *root, u64 ino, + struct fs_path *dest) +{ + if (btrfs_fs_incompat(root->fs_info, ENCRYPT)) + return read_symlink_encrypted(root, ino, dest); + return read_symlink_unencrypted(root, ino, dest); +} + /* * Helper function to generate a file name that is unique in the root of * send_root and parent_root. This is used to generate names for orphan inodes. From patchwork Wed Jan 24 17:19:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529493 Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5270129A70 for ; Wed, 24 Jan 2024 17:20:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116809; cv=none; b=fLncLDhYxUk/17AvhkRmD2iEEOIAyrq+4jx7cseFnDJNBcNb318197odXBM3KA9fAbKRa4cIcnI8bMFmgEkxnIYeqP+5f75X80hP4AAB7kk0tAjtV6YgmuxE3jMAggx8zlUvAblYteSO75VO+eZ0olQRL6UXtNTJs3+LbFw3kYg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116809; c=relaxed/simple; bh=kzmOd9qyz7M2etU/KVmWeC7D+NI/SjPjhbFCjZ+6xyg=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=upKlNA772Cm6yvJtsxRrxwwi18SA00atHbD3XweBpQyvJqkHzREp0gOyyCm3h3zYe6FELZWfl+SrlO7LccI4Va+xqmXtWjk1ydA11W76fhOUPoYEu/mbTayVe9ciRGRmUAXA+sS3P96IwOkwZCkRa2CLreooE1WLX92EccCVTCw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=qq+Mdwiq; arc=none smtp.client-ip=209.85.219.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="qq+Mdwiq" Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dc371b04559so2138673276.0 for ; Wed, 24 Jan 2024 09:20:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116806; x=1706721606; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lrViysrUVeEpvnxyPZhhVVPp6sfxzEf76UzZnKax2mI=; b=qq+MdwiqUjObx8sT5NhydMc2RbKQcmEbQKT64Pdw5RpDvJN76ZSScVKJK/fySS1V2s DrEYjm8tOM8GtyslMhAHqMmXF4NhOqMYIKvDBsqPG8i9Vn6WQKZUDh47cMb5p3OFpTv2 ovqaSHYfTdVOh6VulpnLzfQFUcaJnKRPrfvYbeAE47Mm5Q5xa5PldlVYiJd3Yslit9id WuWkFGxSwcZ3YFylc4V+4Vwvx0B1I0P+JKfaz4sZzqWbAG53Iu2VgnTbtaPRqn3pCgdZ oc2EGdD2UqCwNA6TOmCeD9iL00KnIb+pwGUncyMbqx+09+hPNNlC+nCqt7Y+0a44B91c 8Ijw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116806; x=1706721606; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lrViysrUVeEpvnxyPZhhVVPp6sfxzEf76UzZnKax2mI=; b=gqp7HNsIOluTOl8zNmXWCF/3ZozeuoNJSHccJf9DnCYD3OvuXqWnap4xDnJjrpwi2E /8AIbkz9vuOmrdq9HJZy7ibM8cQLmIBsfITgjMMX+XhRIB/qFqB9NfnkDYfrYVW46tXT FlKwkCh1PKjPue6qNFQFOgduCqBiNp6D7syVAMMiw6IX+ep3j8Gd+kyv59J31ZC+vXVi FsB4tdBHqNGdVoPy23UfGGcEzMxVAJH37sH1aj4MvWZiwU7zRqQ0K/nHgmgjY2MvsNti /WVLD2ZjApKAasOqswBs5xdqosirRjteMc6w+YOUtC7DzMlDabu8dbyAzjRqHpWjEfVs rrOw== X-Gm-Message-State: AOJu0YxPo/pc9Q1mySQGq4B/oWdYxLKz0GF9SJkWbhBA7kLI/bJt1Dep BluK8QdjX65BwDMZ3/qQp0J2vJg2sKxrBqhQ4pJa4LOC2txX5PdjFKawihZpLSxG0A3aVAa1X24 x X-Google-Smtp-Source: AGHT+IG4w5TZVU0JwYrvt9/UVIwDpe4yRSbQQ0sjbe7NXg/fPu2VI1SL4lOuPjKs3uaA6BK2OMLycw== X-Received: by 2002:a05:6902:348:b0:dbd:be40:2191 with SMTP id e8-20020a056902034800b00dbdbe402191mr894755ybs.42.1706116806623; Wed, 24 Jan 2024 09:20:06 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id m187-20020a2526c4000000b00dc2324b3cddsm2950153ybm.37.2024.01.24.09.20.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:06 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 46/52] btrfs: decrypt file names for send Date: Wed, 24 Jan 2024 12:19:08 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In send we're going to be looking up file names from back references and putting them into the send stream. If we are encrypted use the helper for decrypting names and copy the decrypted name into the buffer. Signed-off-by: Josef Bacik --- fs/btrfs/send.c | 51 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 747d7d192b19..f4680f72e148 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -33,6 +33,7 @@ #include "ioctl.h" #include "verity.h" #include "lru_cache.h" +#include "fscrypt.h" /* * Maximum number of references an extent can have in order for us to attempt to @@ -585,13 +586,42 @@ static int fs_path_add_path(struct fs_path *p, struct fs_path *p2) return ret; } -static int fs_path_add_from_extent_buffer(struct fs_path *p, +static int fs_path_add_from_encrypted(struct btrfs_root *root, + struct fs_path *p, + struct extent_buffer *eb, + unsigned long off, int len, + u64 parent_ino) +{ + struct fscrypt_str fname = FSTR_INIT(NULL, 0); + int ret; + + ret = fscrypt_fname_alloc_buffer(BTRFS_NAME_LEN, &fname); + if (ret) + return ret; + + ret = btrfs_decrypt_name(root, eb, off, len, parent_ino, &fname); + if (ret) + goto out; + + ret = fs_path_add(p, fname.name, fname.len); +out: + fscrypt_fname_free_buffer(&fname); + return ret; +} + +static int fs_path_add_from_extent_buffer(struct btrfs_root *root, + struct fs_path *p, struct extent_buffer *eb, - unsigned long off, int len) + unsigned long off, int len, + u64 parent_ino) { int ret; char *prepared; + if (root && btrfs_fs_incompat(root->fs_info, ENCRYPT)) + return fs_path_add_from_encrypted(root, p, eb, off, len, + parent_ino); + ret = fs_path_prepare_for_add(p, len, &prepared); if (ret < 0) goto out; @@ -1074,8 +1104,8 @@ static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path, } p->start = start; } else { - ret = fs_path_add_from_extent_buffer(p, eb, name_off, - name_len); + ret = fs_path_add_from_extent_buffer(root, p, eb, name_off, + name_len, dir); if (ret < 0) goto out; } @@ -1792,7 +1822,7 @@ static int read_symlink_unencrypted(struct btrfs_root *root, u64 ino, off = btrfs_file_extent_inline_start(ei); len = btrfs_file_extent_ram_bytes(path->nodes[0], ei); - ret = fs_path_add_from_extent_buffer(dest, path->nodes[0], off, len); + ret = fs_path_add_from_extent_buffer(NULL, dest, path->nodes[0], off, len, 0); out: btrfs_free_path(path); @@ -2090,18 +2120,19 @@ static int get_first_ref(struct btrfs_root *root, u64 ino, iref = btrfs_item_ptr(path->nodes[0], path->slots[0], struct btrfs_inode_ref); len = btrfs_inode_ref_name_len(path->nodes[0], iref); - ret = fs_path_add_from_extent_buffer(name, path->nodes[0], - (unsigned long)(iref + 1), - len); parent_dir = found_key.offset; + ret = fs_path_add_from_extent_buffer(root, name, path->nodes[0], + (unsigned long)(iref + 1), + len, parent_dir); } else { struct btrfs_inode_extref *extref; extref = btrfs_item_ptr(path->nodes[0], path->slots[0], struct btrfs_inode_extref); len = btrfs_inode_extref_name_len(path->nodes[0], extref); - ret = fs_path_add_from_extent_buffer(name, path->nodes[0], - (unsigned long)&extref->name, len); parent_dir = btrfs_inode_extref_parent(path->nodes[0], extref); + ret = fs_path_add_from_extent_buffer(root, name, path->nodes[0], + (unsigned long)&extref->name, len, + parent_dir); } if (ret < 0) goto out; From patchwork Wed Jan 24 17:19:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529494 Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com [209.85.128.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D48AA129A7C for ; Wed, 24 Jan 2024 17:20:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116810; cv=none; b=JvjMCW6FSwpRgxwK8PoZ6UCkS5auKaAafqaZDo9fbesydSdXH3uLHmMrXS11IF1PYugcqtnKFeDNpNF8GQJ1o2rPpkFoyZFrFuVHFGp3r7otIjxMNuTcv1Qjysfwg8xdxgqdMqPWP7N+T3vyfsvJnqCpx83qgH3UM16uzKWTqaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116810; c=relaxed/simple; bh=aMZ1sG1wIZ909hXg3gcCjxQ2chtHW6W4pOfZATtQZWo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=q+xdnBK98/ISQrQLz/VZzdGKQThK81chNH1SbyKDsmi9ZRYw8PPxI4FfD6jPL8WSoLUTjvdGOP9xY0Aku5dTZFWpKe7i8yORMdv6HFeY92nwUPW99/h+xNBFktSXyHmcMPNVzjmKcCuMrhkY19fkdSFOzZQAF9X1Bi9zfMIHh+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=ITYjqn5H; arc=none smtp.client-ip=209.85.128.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="ITYjqn5H" Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-60036bfdbfeso24004697b3.3 for ; Wed, 24 Jan 2024 09:20:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116807; x=1706721607; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+Z/7Zf2IcaABhDb97kzy5ILjv4RdFqj8Flmg1tg10jg=; b=ITYjqn5Hs3XIjqC0Spinmmuen7Z0YPA+UNPI3n3dB63IlXpWpFMe5Q6N7xpRoIwHYG 55y5Y/Fg685b+sH5kuF8WxeiJyG5CkOhMtird0xDPXmUDByCfdVckx6X/1Q/nCML+sSr FpFgBzm//LTXETuwIMso7belBK2gSJ0bh23GP7LEgZDByeEEEU1uvHsrj3gMWnWushoy JhquLVaAybVm0LJjUmrv2YYuWlJ8phm7C39ZbBPSDUcExIntBsN2kIzySyErpfZH46D9 8yAFp+wIACqZcLGDdYONXGiEcV97KgqKkSIFvDBkjfM0hV6jA3uarE3CKDUsQYs6xIhF ezuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116807; x=1706721607; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+Z/7Zf2IcaABhDb97kzy5ILjv4RdFqj8Flmg1tg10jg=; b=g/ezJFJfoYMDFOqoX21VB9kma+yl1e6CNFnyzp6cHU8cvW6sW4QjyVywI3xtNWq9Gi +HBI1ajeg0ftdSjfeIogNrP9O2mcc5N2RGtrch/IUSPRTCbvKzxG/KwHgMgN0XgxVZvR viGjEoUtvl77hxnuGBsQ9qpv7RWsv4cUqqmseVoVHtGyHDWOhCELJBOS7CKIv/I7bdwg zGJmvPAaeLH2uQTkL1MyNCTMYJP0hnLHOoUYXjeQ6CLqu+zd/GzXDnbHD+GVpZYsdG+x U71GLDdx1aPRgzKd28/qu/Qi8tJbYGNxkOcsbpJUiB88T6E0ZB5M5z+X+WCvkNtAjNNf 6TPA== X-Gm-Message-State: AOJu0YwsHTMTfKxfjWDOAds1hGkmTWtuKeXRPzXB6l2oG3zlAOfpC4ct fIHVgjM1ReMT7Z/TniRyKQAvjzUvWanj9ubK2JhbJrOyp0hrVUTmcVWC5x4TiBEm6MriQeT7FmI e X-Google-Smtp-Source: AGHT+IGDKuLNKmL6oQGAAFpJH2gkFDfQPHGzcNvDdTWKiSZX5/hBjzY0G5PDGiIQbJsZmlm8G2DQDw== X-Received: by 2002:a81:4e05:0:b0:5ff:8117:4e7e with SMTP id c5-20020a814e05000000b005ff81174e7emr1152145ywb.70.1706116807669; Wed, 24 Jan 2024 09:20:07 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id s10-20020a81770a000000b005ff93c11cf5sm60774ywc.100.2024.01.24.09.20.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:07 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 47/52] btrfs: load the inode context before sending writes Date: Wed, 24 Jan 2024 12:19:09 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For send we will read the pages and copy them into our buffer. Use the fscrypt_inode_open helper to make sure the key is loaded properly before trying to read from the inode so the contents are properly decrypted. Signed-off-by: Josef Bacik --- fs/btrfs/send.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index f4680f72e148..d26ca7b64087 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -5392,6 +5392,38 @@ static int put_file_data(struct send_ctx *sctx, u64 offset, u32 len) return ret; } +static int load_fscrypt_context(struct send_ctx *sctx) +{ + struct btrfs_root *root = sctx->send_root; + struct name_cache_entry *nce; + struct inode *dir; + int ret; + + if (!btrfs_fs_incompat(root->fs_info, ENCRYPT)) + return 0; + + /* + * If we're encrypted we need to load the parent inode in order to make + * sure the encryption context is loaded. We have to do this even if + * we're not encrypted, as we need to make sure that we don't violate + * the rule about encrypted children with non-encrypted parents, which + * is enforced by __fscrypt_file_open. + */ + nce = name_cache_search(sctx, sctx->cur_ino, sctx->cur_inode_gen); + if (!nce) { + ASSERT(nce); + return -EINVAL; + } + + dir = btrfs_iget(root->fs_info->sb, nce->parent_ino, root); + if (IS_ERR(dir)) + return PTR_ERR(dir); + + ret = __fscrypt_file_open(dir, sctx->cur_inode); + iput(dir); + return ret; +} + /* * Read some bytes from the current inode/file and send a write command to * user space. @@ -5415,7 +5447,9 @@ static int send_write(struct send_ctx *sctx, u64 offset, u32 len) ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p); if (ret < 0) goto out; - + ret = load_fscrypt_context(sctx); + if (ret < 0) + goto out; TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p); TLV_PUT_U64(sctx, BTRFS_SEND_A_FILE_OFFSET, offset); ret = put_file_data(sctx, offset, len); From patchwork Wed Jan 24 17:19:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529495 Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 79653129A86 for ; Wed, 24 Jan 2024 17:20:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116811; cv=none; b=SqkuRlWruPoFFEQkAdWYzOampBEMv4dJhnIQCYDRRGHXradhJjUsgnSk8CGaEz2MMtC+uyXUdnTdnz5L34RLys9/CC+aTxHjcMQRFdJOFfRiOp97621Kf+kkVa21g3phlebnRJyKc8zXLtTSftzFoJQX8wEf7rxtwrz3wjf/HDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116811; c=relaxed/simple; bh=WXuAmQhaMi56eBTouz0y363VQBw96z8iVCRjuSGhPF8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Dx0lZBAfEN6RHvwX3uF576z/6d37ABYsRzDYfJRYT+RU5MFX9ejdQF+Hb4HNRTqEpc661XDEahRZMoAl5qZMsQWkV92RvNFEuXkbmQbZIk3TvWHItK81RzqSlgnF+5BhmrkgzY78MavLDG5vmunjNs4Z7zYocY2qPgMrIR6q/9M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=JOpRqqSR; arc=none smtp.client-ip=209.85.219.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="JOpRqqSR" Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-dc22597dbfeso6093211276.3 for ; Wed, 24 Jan 2024 09:20:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116809; x=1706721609; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=E+/TAgHG9naW19s9kVzbjZ2d2N6UEzYNeBVJBGHfbGY=; b=JOpRqqSRLa7dC22QXqdAnWqDRwhXvN2zsVf8JF5y0fibe/37W6i+Ll8SCiXLEXUZhr O35dY+ZxWbSx/WyDe+UoCO+aN1fKP2nQMfnt2IIgC4DzRIcLhwPa9sMiC/2+7ITmS+gv ysr7KZaVLXfiZgySubcVknLuQFhfa5XXjObzR2mtwFsYcJVYW0XnFF/A7nd2aev1Zn5j w9SEBtj6mUJVU8RIoSLJIbl/Bjq4XMwtOH2FktV0VsmPpP0KvrAP1WNOBb4GZQVRXZ7i 0fmA738jV1KI6zg+CenyuB7eKnFMh/wqkHEGEp5Jl6m9KR9xG420+mxZ09+TtDztkpUN FzZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116809; x=1706721609; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E+/TAgHG9naW19s9kVzbjZ2d2N6UEzYNeBVJBGHfbGY=; b=rFw+BpZacfIMS0xvc+ubWQR4bFwk1YRV4YMsQ5dqxeSmpVUm1+/YbS0zdEvLEcBJdN WjiqJ0BtzeiBbs0U8CLrD8Z/lzGMe+PHKc5yIOt7WK3oeG1JtUqBbNq0F6e52Kf2X7BY h4W9yg4PMxAXH+8o5PDzqXT0E0HMr9vSUqDxDGDsv7Q30BFpIFOIAwUtybojmAix4rDw yGbQqwqS9WEJjJhnxPeDtJRBB1nH203/9okWwarwpWZuOpyiQ/GLTUcfC2Ev651vBEvm bQPJ+oLNTxK1zv9hggYl912PFBfh0zUWoVuTc4po6ErYjd36eQF2Bf5HznNorc56Lugq 8vEQ== X-Gm-Message-State: AOJu0Yw3WuuIwxjNAx8eCkABugoLkjpx3I1LhKnqkm+91p6rayBbLW0y xn4OLuQLYlsSm9+SNAUb9QbyW9aOQz1HnS5ql7mXNWHP7x1l6X9e19pTFTKrLuZvP2OnGCyAqha z X-Google-Smtp-Source: AGHT+IGjfqxo5m294lLlj00WzARgqh27zpNqDAvAIllMTGs5TWgsKE/r6HpyQZqHqrC9UeaTX/JPfg== X-Received: by 2002:a25:640f:0:b0:dbe:ac3a:9d07 with SMTP id y15-20020a25640f000000b00dbeac3a9d07mr986207ybb.1.1706116808563; Wed, 24 Jan 2024 09:20:08 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id 63-20020a251342000000b00dc608353fb3sm532252ybt.39.2024.01.24.09.20.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:08 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 48/52] btrfs: set the appropriate free space settings in reconfigure Date: Wed, 24 Jan 2024 12:19:10 -0500 Message-ID: <325598eeb1d23f9ae04f675b4ee218f7e98e3ff0.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 btrfs/330 uncovered a problem where we were accidentally turning off the free space tree when we do the transition from ro->rw. This happens because we don't update Signed-off-by: Josef Bacik --- fs/btrfs/disk-io.c | 2 +- fs/btrfs/super.c | 29 ++++++++++++++++------------- fs/btrfs/super.h | 3 ++- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 70e33df8f975..c9c61ffc78ee 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -3311,7 +3311,7 @@ int __cold open_ctree(struct super_block *sb, struct btrfs_fs_devices *fs_device * Handle the space caching options appropriately now that we have the * super block loaded and validated. */ - btrfs_set_free_space_cache_settings(fs_info); + btrfs_set_free_space_cache_settings(fs_info, &fs_info->mount_opt); if (!btrfs_check_options(fs_info, &fs_info->mount_opt, sb->s_flags)) { ret = -EINVAL; diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 861fbf48456a..f5bbaa70b09c 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -696,10 +696,11 @@ bool btrfs_check_options(struct btrfs_fs_info *info, unsigned long *mount_opt, } /* - * This is subtle, we only call this during open_ctree(). We need to pre-load - * the mount options with the on-disk settings. Before the new mount API took - * effect we would do this on mount and remount. With the new mount API we'll - * only do this on the initial mount. + * Because we have an odd set of behavior with turning on and off the space + * cache and free space tree we have to call this before we start the mount + * operation after we load the super, or before we start remount. This is to + * make sure we have the proper free space settings in place if the user didn't + * specify any. * * This isn't a change in behavior, because we're using the current state of the * file system to set the current mount options. If you mounted with special @@ -707,15 +708,16 @@ bool btrfs_check_options(struct btrfs_fs_info *info, unsigned long *mount_opt, * settings, because mounting without these features cleared the on-disk * settings, so this being called on re-mount is not needed. */ -void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info) +void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info, + unsigned long *mount_opt) { if (fs_info->sectorsize < PAGE_SIZE) { - btrfs_clear_opt(fs_info->mount_opt, SPACE_CACHE); - if (!btrfs_test_opt(fs_info, FREE_SPACE_TREE)) { + btrfs_clear_opt(*mount_opt, SPACE_CACHE); + if (!btrfs_raw_test_opt(*mount_opt, FREE_SPACE_TREE)) { btrfs_info(fs_info, "forcing free space tree for sector size %u with page size %lu", fs_info->sectorsize, PAGE_SIZE); - btrfs_set_opt(fs_info->mount_opt, FREE_SPACE_TREE); + btrfs_set_opt(*mount_opt, FREE_SPACE_TREE); } } @@ -723,7 +725,7 @@ void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info) * At this point our mount options are populated, so we only mess with * these settings if we don't have any settings already. */ - if (btrfs_test_opt(fs_info, FREE_SPACE_TREE)) + if (btrfs_raw_test_opt(*mount_opt, FREE_SPACE_TREE)) return; if (btrfs_is_zoned(fs_info) && @@ -733,10 +735,10 @@ void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info) return; } - if (btrfs_test_opt(fs_info, SPACE_CACHE)) + if (btrfs_raw_test_opt(*mount_opt, SPACE_CACHE)) return; - if (btrfs_test_opt(fs_info, NOSPACECACHE)) + if (btrfs_raw_test_opt(*mount_opt, NOSPACECACHE)) return; /* @@ -744,9 +746,9 @@ void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info) * them ourselves based on the state of the file system. */ if (btrfs_fs_compat_ro(fs_info, FREE_SPACE_TREE)) - btrfs_set_opt(fs_info->mount_opt, FREE_SPACE_TREE); + btrfs_set_opt(*mount_opt, FREE_SPACE_TREE); else if (btrfs_free_space_cache_v1_active(fs_info)) - btrfs_set_opt(fs_info->mount_opt, SPACE_CACHE); + btrfs_set_opt(*mount_opt, SPACE_CACHE); } static void set_device_specific_options(struct btrfs_fs_info *fs_info) @@ -1528,6 +1530,7 @@ static int btrfs_reconfigure(struct fs_context *fc) sync_filesystem(sb); set_bit(BTRFS_FS_STATE_REMOUNTING, &fs_info->fs_state); + btrfs_set_free_space_cache_settings(fs_info, &ctx->mount_opt); if (!mount_reconfigure && !btrfs_check_options(fs_info, &ctx->mount_opt, fc->sb_flags)) diff --git a/fs/btrfs/super.h b/fs/btrfs/super.h index f18253ca280d..8c823f3b904e 100644 --- a/fs/btrfs/super.h +++ b/fs/btrfs/super.h @@ -8,7 +8,8 @@ bool btrfs_check_options(struct btrfs_fs_info *info, unsigned long *mount_opt, int btrfs_sync_fs(struct super_block *sb, int wait); char *btrfs_get_subvol_name_from_objectid(struct btrfs_fs_info *fs_info, u64 subvol_objectid); -void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info); +void btrfs_set_free_space_cache_settings(struct btrfs_fs_info *fs_info, + unsigned long *mount_opt); static inline struct btrfs_fs_info *btrfs_sb(struct super_block *sb) { From patchwork Wed Jan 24 17:19:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529496 Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA92B7F7CD for ; Wed, 24 Jan 2024 17:20:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116812; cv=none; b=gjovaolYTNKbyIxowK2pJeT+3yMaXjv9FbsFe3LWgkxYb9U8yu+8VGtLDqljXsW3aYWhBIs4hk+2TjoLIjn+k91RP+1x005e1M/Z+MyO40px/wODmXyGF1jaS+bQ4viQ94S5etzvV9gKDqdWB9xQBxz3lInPgT/TXHudC1/yU20= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116812; c=relaxed/simple; bh=WbTRB9lE7epD1hoYbMG+ZF3S4ix/GhaIB0ommCRuatc=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gIb8l8VVRZZWyy4tlHc1SsYpYDiDwHgz+FqmsJqAi5MclDQQH0lqNPrvq8cH4J2ISBi7H7tGXS2KSmJH0dj0AbNL/stGRAbLUFndKSerlViYmIwVgPDgK1o7zrLPg9HtHDoMB2oug+b2S1v783VkvEBfznUMlwHDM5FGQVH0Ih4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=UwLZXEdj; arc=none smtp.client-ip=209.85.219.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="UwLZXEdj" Received: by mail-yb1-f175.google.com with SMTP id 3f1490d57ef6-dc25099b084so3796836276.0 for ; Wed, 24 Jan 2024 09:20:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116809; x=1706721609; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8lKOYzvD3OCjcsdzO+Q4jt7UVBXuG0LvsP4wyIM2rZ0=; b=UwLZXEdj556MLA2EV+CnOTNwT/tp6eMQ4Wxv4yNv4KAc08llUpXTVnzyT8lmnL0BFp 2v7usSte8RS/IN7oVq5DRuqAo1QBW2o0c4vlxf5mbCXBC6/0xR/ohfHCClnMtipYQ3ox DT6xulzQ15QBqOX06ewi4q7L/1lMygb+5U86ygtgkxa1w48Ob7UOhryAY4HtOK68qn14 xaDfiqTTYw3K15/G5uqpnHi6+2ocke2GuT86zNhigp/mmJ16W+SYs7EnNqcCfoK+pD9Y wIt3dsFggAmPn9CVhIpPe7wYVOBzmYBsjCBODaa895UZt5O2rG4glUq6Oa9jr4/DtT/J I1NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116809; x=1706721609; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8lKOYzvD3OCjcsdzO+Q4jt7UVBXuG0LvsP4wyIM2rZ0=; b=h90jTcXlhVCMdv1FlyApbBcI19GC0zk9++dA+dnX5WzxYTo42jyOWW8YjdE5Yt17uU 7ndEnR0NSjRH9IjG2XiEa5WSGxdNCygPm8/vujg865+uokVddpXRPQ6djlRQz1BSTXAx A38A4zFDdcVG0cj/qR+UH5lAyZyWIDX9ZUuSbLyjFJwoGbCJNcXSOyZuS9T0ItkVugwE cukxjZdFAH/HybkJOsAWlW2RZ1pDU2xnlYZ3fc5QG6ms/xRnXFx4qh6Lz8FxpS+o0Mqf HqcIPYeJfRUGVaGi5EF2FphCiXnkX/L/ntOoUXfvivtj3YlbteVhV87bXUhuNydMX1Dx Y1tQ== X-Gm-Message-State: AOJu0YzArLoxXp99g3+j9QXMa0NSxPMLPhW+o6pLPQYk0oJgsrVWHz+B zHc0+0yI+dd6BwVohIwZMbGe/9xSGRU+nSKTZkd6+L0rojLT/wGcPBwJ5xamnIOCBEpGsjCndBU C X-Google-Smtp-Source: AGHT+IEK8MX9vvHJelwQ58erY6WdUgz1jusq/7aPm4l0ou90SJ9NcRF0+CqO1nklSAgLh0znDAVgxA== X-Received: by 2002:a25:c245:0:b0:dc2:3289:5b5d with SMTP id s66-20020a25c245000000b00dc232895b5dmr963919ybf.57.1706116809605; Wed, 24 Jan 2024 09:20:09 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id y17-20020a056902053100b00dc2217892a4sm2848565ybs.56.2024.01.24.09.20.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:09 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 49/52] btrfs: support encryption with log replay Date: Wed, 24 Jan 2024 12:19:11 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Log replay needs a few tweaks in order to make sure everything works with encryption. 1. Use the size of the item itself, not the size of the item object when we're replaying an extent. 2. Copy in the fscrypt context if we find one in the log. 3. Set NEEDS_FULL_SYNC when we update the inode context so all of the items are copied into the log at fsync time. This makes replay of encrypted files work properly. Signed-off-by: Josef Bacik --- fs/btrfs/fscrypt.c | 1 + fs/btrfs/tree-log.c | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c index 83fa99a5be6e..b24591af3410 100644 --- a/fs/btrfs/fscrypt.c +++ b/fs/btrfs/fscrypt.c @@ -147,6 +147,7 @@ static int btrfs_fscrypt_set_context(struct inode *inode, const void *ctx, goto out_err; } + set_bit(BTRFS_INODE_NEEDS_FULL_SYNC, &BTRFS_I(inode)->runtime_flags); leaf = path->nodes[0]; ptr = btrfs_item_ptr_offset(leaf, path->slots[0]); diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 6fc16612b9b8..42c2b90515be 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -715,6 +715,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, if (found_type == BTRFS_FILE_EXTENT_REG || found_type == BTRFS_FILE_EXTENT_PREALLOC) { u64 offset; + u32 item_size; unsigned long dest_offset; struct btrfs_key ins; @@ -722,14 +723,16 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, btrfs_fs_incompat(fs_info, NO_HOLES)) goto update_inode; + item_size = btrfs_item_size(eb, slot); + ret = btrfs_insert_empty_item(trans, root, path, key, - sizeof(*item)); + item_size); if (ret) goto out; dest_offset = btrfs_item_ptr_offset(path->nodes[0], path->slots[0]); copy_extent_buffer(path->nodes[0], eb, dest_offset, - (unsigned long)item, sizeof(*item)); + (unsigned long)item, item_size); ins.objectid = btrfs_file_extent_disk_bytenr(eb, item); ins.offset = btrfs_file_extent_disk_num_bytes(eb, item); @@ -2511,7 +2514,8 @@ static int replay_one_buffer(struct btrfs_root *log, struct extent_buffer *eb, continue; /* these keys are simply copied */ - if (key.type == BTRFS_XATTR_ITEM_KEY) { + if (key.type == BTRFS_XATTR_ITEM_KEY || + key.type == BTRFS_FSCRYPT_INODE_CTX_ITEM_KEY) { ret = overwrite_item(wc->trans, root, path, eb, i, &key); if (ret) From patchwork Wed Jan 24 17:19:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529497 Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B7E4129A94 for ; Wed, 24 Jan 2024 17:20:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116813; cv=none; b=fAx3XxRFugSXSnirG+Xn+X7sBYatzKI034K23cUp22/MTpDWTn91yaHfzsfwPeOjHMKZh5zPTm6DS9fg13162uvh6tUIEUFa1SUddFmvAJW8aySDWh85sTu6SQKYoJvsRNTVzDXjJ7q6IoX7mzktLt85T1KeODIkI2h2MS2VDmM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116813; c=relaxed/simple; bh=Mdbz6fI6yt4KcZYHMZ3rowlJCvbLWQd/dfWff2jEnEo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TbUuSJM1/sTTRvrHzw/EN/uv62xrHsDMK6oLp/mEpHclTzlSdMrbNKseVXm7ssyl8fkh59WUNMDfnRjvxpOs11BN/Z5R5Ltojn8uXHYuvQfgoMEWd2yzNnQRhGdiiqFVkGvZdiRElyI2mOXy9tK6FUOFZFAZyYMSJJViPM3WVr0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=PNKvmHqg; arc=none smtp.client-ip=209.85.219.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="PNKvmHqg" Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-dc372245aefso2029915276.2 for ; Wed, 24 Jan 2024 09:20:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116811; x=1706721611; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g6KwyOzIoCI6QL+6zOEq6JXNT1wkBSzB1pOwGOeLqao=; b=PNKvmHqgypA6cotD1ftoeh6FrTx0mGfz9vS03RESjIlI9/4bkgpxWOIxfGWZgJYh2J w4m3iuDQ0dlg/kpmfo8ZEZG6yAbt25ncy0Twnh5kJsqQavDog9uwSD+Vdnp6Ma3IYKqE EtFnMftos3UJPpheTs0f6tDx+Fljw/xz7nGvAVtcWhO1wHRlT4ftRFlZBinlcG1wiA8D 6DbjfIyYCy2Wj6tWt0eaQSg65vGdy1LbTSG8ZIHijgj0K8HOyMLFtIpGPyiBuqs57us9 LX3IluDuk+ZnPgLAecaBylS/oUYTAY3hmNVTU2YhsevB5zwHbQtUUK5STAE0rF0CxxOd k9lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116811; x=1706721611; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g6KwyOzIoCI6QL+6zOEq6JXNT1wkBSzB1pOwGOeLqao=; b=xBy5uD6t5KlmzX0pHq1ML0TaHNEq0gM2dyldrseErTDQ6bn9gyIxyWWlm+LnEaSfF1 N2vXytSlPx4qSKuTWeJUMjnU56wrTFOSpYPPfy1IXLiKXvEHMybdUidGr1jcFuHS4xZi kFyN7z+xiULLj5AI9cZFEz4hwMDhpqHxfWGqyfR/cfYVVVAiE3GUEW4WGDx2Ys/0kOY9 5y4Y+2ieeSUwY6VUlORZdsQ1D3tZCpb0ARNfPuIAuZyoUf/xLJ6SwLEHfGgy09N9klac NDaTvaFmm2q/BmSwHrgonfCZI0NmafLrWeHrSicVUJFx/LekAj46nn7Lbxzh9XiVSeyr PB2A== X-Gm-Message-State: AOJu0Yyjy0NFaXpc1i39dMyx7MCghtO+hXEt5gVpQl1KdXFq+h7anma+ Nvn8hWt7jB1Vgdwk/sCPzb81BgHGdr7d8hYx/gzk7UHeskDZQyVw0OGb+qofpk/wD8zIhqFJkg2 a X-Google-Smtp-Source: AGHT+IHECwav8YbGSMzTwfGEyo1U21jET+ZBmwgEDh9OkVF5Stw7fF0ES3JN9mZxmcYTwZ/kmfESww== X-Received: by 2002:a81:a191:0:b0:602:a760:8142 with SMTP id y139-20020a81a191000000b00602a7608142mr594963ywg.12.1706116810871; Wed, 24 Jan 2024 09:20:10 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id fu7-20020a05690c368700b00602a88f43cbsm65856ywb.7.2024.01.24.09.20.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:10 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 50/52] btrfs: disable auto defrag on encrypted files Date: Wed, 24 Jan 2024 12:19:12 -0500 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We will drop the inode and re-look it up to do defrag with auto defrag, which means we could lose the encryption policy. Auto defrag needs to be reworked to just hold onto the inode for scheduling later so we don't lose the context. For now just disable it if the file is encrypted. Signed-off-by: Josef Bacik --- fs/btrfs/defrag.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/btrfs/defrag.c b/fs/btrfs/defrag.c index c3be0d1203ba..1f538fb192d0 100644 --- a/fs/btrfs/defrag.c +++ b/fs/btrfs/defrag.c @@ -135,6 +135,14 @@ int btrfs_add_inode_defrag(struct btrfs_trans_handle *trans, if (!__need_auto_defrag(fs_info)) return 0; + /* + * Since we have to read the inode at defrag time disable auto defrag + * for encrypted inodes until we have code to read the parent and load + * the encryption context. + */ + if (IS_ENCRYPTED(&inode->vfs_inode)) + return 0; + if (test_bit(BTRFS_INODE_IN_DEFRAG, &inode->runtime_flags)) return 0; From patchwork Wed Jan 24 17:19:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529498 Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0522312A14C for ; Wed, 24 Jan 2024 17:20:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116815; cv=none; b=dAArgtNporLMiNaQefBN/8948P5TrSLx8LLLyo9m/TnQDw7YkcVpad5whRFCSl0CB3n6UoAwfwJxjtSv1/hOgH+ndtxTGdYquLe7TV+HfzW8Wmoltl7ky7H/vxZTzxeQd7r8pMwJis846RuloFESi+l+fOgDytL/VF1rtcqkgNs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116815; c=relaxed/simple; bh=G6HqizdyUFtdztKuZdgiAJJGKCELla28zGvdOuxl/LU=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AJiynFeFA9DIRwUSwZUFiEcRYrgGcy6YPNx9zSZ0dSUNDz9raf041M4wcH8Jm4p3L+X+AsZQHcISacrCE4LKeIhBa8IHJozlvg/s6YT4ZryQrXpe62U6713TwZulH2N3tfj2jzg+6qdro4UZUa3Pz+360n5r7pID2RdYjl07w/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=iwetN/Lo; arc=none smtp.client-ip=209.85.128.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="iwetN/Lo" Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-600094c5703so31884847b3.3 for ; Wed, 24 Jan 2024 09:20:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116812; x=1706721612; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LOZlgEC0fwmuy2NiOA6q5Nmuq+nL3flKAnL+lP01634=; b=iwetN/Lo4jCJ0dPinNC8wANPvsaQ/bCTCs7qI2pBV7rmcbiDudyFQ1PsuzWcDVBaYz vzeWNHLg+dEHxQzE9WboYUZmuKsgUULWdUtIJH3vH82bDH42WQ89+I2Mba4eq0UzAq4N mzcLIdqtmo0PyZm/i4o0zUBCYTXr2V54ryiy1ssZHGejPZnB6ssL4/+AoXD4aiK94c0g B8msz+Ojwicrr5MsQoG6X00wcMriiCH9TivypFaNRLYJlT8IB0d6spFdUSL8Lm/EiMS3 6GY098gah9RuCOfEzxQGhyZmnoc99glAiklvn0BYHUYYa/IGC9VSJnSs7DR87zZPh9u0 xCJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116812; x=1706721612; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LOZlgEC0fwmuy2NiOA6q5Nmuq+nL3flKAnL+lP01634=; b=noNjJMnkiZ3wSyMNV4e9dU7Ah/lK/+uICn19NHUs7KkHaPpGtUSVyaa/myEL0XMIDg vZPh9a7PBLMMGnBHEONzsCLgsK0p3MpfFX0JHtu8dI+t/tfgG0GqhVmG83I/4sp9j/lm wNVt2XgUO27z+MlWAHWJIdOp0k7m4KctrXMshMm6O3PTrMYH0hIuHuWhc+Sjdjf7EmrN /TtXxP/BvJ84BlNAHbKuFUUdeX6gAISgg7tdPNRgS/3V52FDzOm1GpIrwXvxpcNk/bXq 4dPhTzlnuSUZqSrKZtqRoVkQkJwRkFYEGeGD6VAwzDzLolR7uSZqX1kqBx+j5yhuM6Zw whdQ== X-Gm-Message-State: AOJu0YxNWlSDJCvULMIC5Gf9AZ2luNYpxa2bysuShFNFvvWkBXo9n/eN ZtK9d42BAfK6rI+FevBXJQO1bqSPSZ3+Hd0fD1e2jEmZjALAi46HRSAHNEyk+4LFxSYNADxl8sR m X-Google-Smtp-Source: AGHT+IHTCF/vepetqM3ga/XOrgYFiV17acShiT+2XRgDJR9YgPhFcub00hdusCoSdM0nZhKcrfmi6Q== X-Received: by 2002:a0d:e80f:0:b0:5ff:9810:e8d5 with SMTP id r15-20020a0de80f000000b005ff9810e8d5mr1066121ywe.87.1706116812509; Wed, 24 Jan 2024 09:20:12 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id bh13-20020a05690c038d00b005ff864709aesm64567ywb.42.2024.01.24.09.20.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:11 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 51/52] btrfs: disable encryption on RAID5/6 Date: Wed, 24 Jan 2024 12:19:13 -0500 Message-ID: <941f02bb923edadae1aea4ae3e5aa6ba05d1215a.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The RAID5/6 code will re-arrange bios and submit them through a different mechanism. This is problematic with inline encryption as we have to get the bio and csum it after it's been encrypted, and the radi5/6 bio's don't have the btrfs_bio embedded, so we have no way to get the csums put on disk. This isn't an unsolvable problem, but would require a bit of reworking. Since we discourage users from using this code currently simply don't allow encryption on RAID5/6 setups. If there's sufficient demand in the future we can add the support for this. Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 4 ++++ fs/btrfs/super.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index f5dc281121d2..4723b41d4fb9 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -4582,6 +4582,10 @@ long btrfs_ioctl(struct file *file, unsigned int return -EOPNOTSUPP; if (sb_rdonly(fs_info->sb)) return -EROFS; + if (btrfs_fs_incompat(fs_info, RAID56)) { + btrfs_warn(fs_info, "can't enable encryption with RAID5/6"); + return -EINVAL; + } /* * If we crash before we commit, nothing encrypted could have * been written so it doesn't matter whether the encrypted diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index f5bbaa70b09c..080ab285f628 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -685,6 +685,12 @@ bool btrfs_check_options(struct btrfs_fs_info *info, unsigned long *mount_opt, if (btrfs_check_mountopts_zoned(info, mount_opt)) ret = false; + if (btrfs_fs_incompat(info, RAID56) && + btrfs_raw_test_opt(*mount_opt, TEST_DUMMY_ENCRYPTION)) { + btrfs_err(info, "cannot use test_dummy_encryption with RAID5/6"); + ret = false; + } + if (!test_bit(BTRFS_FS_STATE_REMOUNTING, &info->fs_state)) { if (btrfs_raw_test_opt(*mount_opt, SPACE_CACHE)) btrfs_info(info, "disk space caching is enabled"); From patchwork Wed Jan 24 17:19:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josef Bacik X-Patchwork-Id: 13529499 Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95FFD12A154 for ; Wed, 24 Jan 2024 17:20:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116815; cv=none; b=py7LEcjsv4+pthBuvI2pNWnocvgHXacu70jvJEyQQ/+YrThUExgQGD+r3Dm1auSBCdWDb0x/kqissyGca5K6txRCB8g+QqXRDgFTxTlHskZyOTn9i5rz772F6hUhLcyJ2jaRncn8Ux+QD4M6DbMbHQg5dskutqKxjPkl/ln55Gg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706116815; c=relaxed/simple; bh=Nrb9xo2/gpWMxEaOcp87QSnTKOHJ5xz49hdfHTZqtvo=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kXPuA/IjE56VI9oirlT0MwassY1yXXvjhAEeDo7VurAo7GQAKXhq3sG9cQyH9qAtInWAEj4uOW5ymtuumw1VU+c2MDaqMurCyNRTm7v1n+8ff+sQN3PLsWpX4LaRmUDxQn2mI1lJ4TbdHmUXO06nIHVf9IPrrEwyUSjiziGbSrQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com; spf=none smtp.mailfrom=toxicpanda.com; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b=oyQB3EE3; arc=none smtp.client-ip=209.85.128.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=toxicpanda.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=toxicpanda-com.20230601.gappssmtp.com header.i=@toxicpanda-com.20230601.gappssmtp.com header.b="oyQB3EE3" Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-5ff88cbbcceso49120357b3.2 for ; Wed, 24 Jan 2024 09:20:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toxicpanda-com.20230601.gappssmtp.com; s=20230601; t=1706116813; x=1706721613; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6KtRgI2gN3jgTS1ZjmRKWWEBm9g1qkqNOsjV2pyGmtQ=; b=oyQB3EE3+L1QNCJ9qIJiJ2lzulRM/enkJrCsEiuGzYORoBKQABR1AuPQMrWrx/3L6E /FvKuugAqQkD/M15OWOpEj+9biY/YA59Pe77QhBQyiBJWM+385F65zT5fPvvYA7rllHj LVi5wNZ6HynbsRMx2mzWIHFmLU/R3lkN+w+w1Y6nUrcauoPjG5ymtjYont29zK66km1D aAl0kQ033ueXokA3Y1ROAColEKruT1Oi0jj9+V8JdlyFQiWdlC2OpaPncIvrakJ30l4z nlL1/S5abIvE3HAQh+LMmkmh3KbhBPmYc9D6hw4Ml3w6AtVLNHXnyIrTt97fd/GNPzWD qP9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116813; x=1706721613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6KtRgI2gN3jgTS1ZjmRKWWEBm9g1qkqNOsjV2pyGmtQ=; b=gSWYOefTy26MW9oqFprRPf+cSBCbukyERj7ZjCcESQq46gHtnVfiWOfvRRX0QL7uth yVVcf4bYMxzUwDLv2/F1z/HtExBLcTTijvYKP/GjfKYAei28cojeQjfpTPKHmaTBzfNX Cd9dHz05u0eSIIlUCaBlH21uEHWNW72toQMJFppBdVl1jdLwsbE7foErh23YBkCXH0ok sjeZTJ4dPDJFiCPllF616Vjf8u0JQ4J/oM1ok87tHfW112jCSyh3/ENzbgWffq4qGu7N Idd9uQnuRtPmur49JnPw4wDluDT1NsVYJF5GpO7yqRxypq4xs5whIyj1ET/a/aq8gBnf v18Q== X-Gm-Message-State: AOJu0YyL7Ybv8nVVPhpMo5M/FhS6wyKs6TsOXTkH47PwmfhXp5uozLgE rx5tknY+XoseXCrpHcAxof7EzmdDFKDRyDx5H3NoOd4MrIvvTtnWUajjlEsdZg8B/wKl+L3arKb H X-Google-Smtp-Source: AGHT+IEUyt0GSuNb+Fy14IsnnBiIWH/n/pFpxx+ysKSUIfdMQFWp8ILgrYYtOtjWyaIX/EuBJ5m5oQ== X-Received: by 2002:a81:4a07:0:b0:5ff:4895:8c0b with SMTP id x7-20020a814a07000000b005ff48958c0bmr1244570ywa.40.1706116813371; Wed, 24 Jan 2024 09:20:13 -0800 (PST) Received: from localhost (076-182-020-124.res.spectrum.com. [76.182.20.124]) by smtp.gmail.com with ESMTPSA id bh13-20020a05690c038d00b005ff864709aesm64580ywb.42.2024.01.24.09.20.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:20:13 -0800 (PST) From: Josef Bacik To: linux-btrfs@vger.kernel.org, kernel-team@fb.com Subject: [PATCH v5 52/52] btrfs: disable send if we have encryption enabled Date: Wed, 24 Jan 2024 12:19:14 -0500 Message-ID: <62ce86b38e2575c542eed7fbe8d986e68496b1d7.1706116485.git.josef@toxicpanda.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-btrfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 send needs to track the dir item values to see if files were renamed when doing an incremental send. There is code to decrypt the names, but this breaks the code that checks to see if something was overwritten. Until this gap is closed we need to disable send on encrypted file systems. Fixing this is straightforward, but a medium sized project. Signed-off-by: Josef Bacik Reviewed-by: Boris Burkov --- fs/btrfs/send.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index d26ca7b64087..eba45477b10a 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -8183,6 +8183,12 @@ long btrfs_ioctl_send(struct inode *inode, struct btrfs_ioctl_send_args *arg) if (!capable(CAP_SYS_ADMIN)) return -EPERM; + if (btrfs_fs_incompat(fs_info, ENCRYPT)) { + btrfs_err(fs_info, + "send with encryption enabled isn't currently suported"); + return -EINVAL; + } + /* * The subvolume must remain read-only during send, protect against * making it RW. This also protects against deletion.