diff mbox series

fscrypt: allow alternative bounce buffers

Message ID 1651166600-21269-1-git-send-email-jsimmons@infradead.org (mailing list archive)
State New, archived
Headers show
Series fscrypt: allow alternative bounce buffers | expand

Commit Message

James Simmons April 28, 2022, 5:23 p.m. UTC
Currently fscrypt offers two options. One option is to use the
internal bounce buffer allocated or perform inline encrpytion.
Add the option to use an external bounce buffer. This change can
be used useful for example for a network file systems which can
pass in a page from the page cache and place the encrypted data
into a page for a network packet to be sent. Another potential
use is the use of GPU pages with RDMA being the final destination
for the encrypted data.

Signed-off-By: James Simmons <jsimmons@infradead.org>
---
 fs/crypto/crypto.c      | 34 +++++++++++++++++++---------------
 include/linux/fscrypt.h | 34 ++++++++++++++++++++++++++++------
 2 files changed, 47 insertions(+), 21 deletions(-)

Comments

Sebastien Buisson April 29, 2022, 2:44 p.m. UTC | #1
This looks good to me, thanks James.
I have updated Lustre patch https://review.whamcloud.com/47149 to integrate this change.

> Le 28 avr. 2022 à 19:23, James Simmons <jsimmons@infradead.org> a écrit :
> 
> Currently fscrypt offers two options. One option is to use the
> internal bounce buffer allocated or perform inline encrpytion.
> Add the option to use an external bounce buffer. This change can
> be used useful for example for a network file systems which can
> pass in a page from the page cache and place the encrypted data
> into a page for a network packet to be sent. Another potential
> use is the use of GPU pages with RDMA being the final destination
> for the encrypted data.
> 
> Signed-off-By: James Simmons <jsimmons@infradead.org>
> ---
> fs/crypto/crypto.c      | 34 +++++++++++++++++++---------------
> include/linux/fscrypt.h | 34 ++++++++++++++++++++++++++++------
> 2 files changed, 47 insertions(+), 21 deletions(-)
> 
> diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
> index e78be66..f241c69 100644
> --- a/fs/crypto/crypto.c
> +++ b/fs/crypto/crypto.c
> @@ -210,9 +210,10 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
> EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
> 
> /**
> - * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place
> + * fscrypt_encrypt_page() - Cache an encrypt filesystem block in a page
>  * @inode:     The inode to which this block belongs
> - * @page:      The page containing the block to encrypt
> + * @src:       The page containing the block to encrypt
> + * @dst:       The page which will contain the encrypted data
>  * @len:       Size of block to encrypt.  This must be a multiple of
>  *		FSCRYPT_CONTENTS_ALIGNMENT.
>  * @offs:      Byte offset within @page at which the block to encrypt begins
> @@ -223,17 +224,18 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>  * Encrypt a possibly-compressed filesystem block that is located in an
>  * arbitrary page, not necessarily in the original pagecache page.  The @inode
>  * and @lblk_num must be specified, as they can't be determined from @page.
> + * The decrypted data will be stored in @dst.
>  *
>  * Return: 0 on success; -errno on failure
>  */
> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
> -				  unsigned int len, unsigned int offs,
> -				  u64 lblk_num, gfp_t gfp_flags)
> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
> +			 struct page *dst, unsigned int len, unsigned int offs,
> +			 u64 lblk_num, gfp_t gfp_flags)
> {
> -	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, page, page,
> +	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, src, dst,
> 				   len, offs, gfp_flags);
> }
> -EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
> +EXPORT_SYMBOL(fscrypt_encrypt_page);
> 
> /**
>  * fscrypt_decrypt_pagecache_blocks() - Decrypt filesystem blocks in a
> @@ -280,9 +282,10 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
> EXPORT_SYMBOL(fscrypt_decrypt_pagecache_blocks);
> 
> /**
> - * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place
> + * fscrypt_decrypt_page() - Cache a decrypt a filesystem block in a page
>  * @inode:     The inode to which this block belongs
> - * @page:      The page containing the block to decrypt
> + * @src:       The page containing the block to decrypt
> + * @dst:       The page which will contain the plain data
>  * @len:       Size of block to decrypt.  This must be a multiple of
>  *		FSCRYPT_CONTENTS_ALIGNMENT.
>  * @offs:      Byte offset within @page at which the block to decrypt begins
> @@ -292,17 +295,18 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>  * Decrypt a possibly-compressed filesystem block that is located in an
>  * arbitrary page, not necessarily in the original pagecache page.  The @inode
>  * and @lblk_num must be specified, as they can't be determined from @page.
> + * The encrypted data will be stored in @dst.
>  *
>  * Return: 0 on success; -errno on failure
>  */
> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
> -				  unsigned int len, unsigned int offs,
> -				  u64 lblk_num)
> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
> +			 struct page *dst, unsigned int len, unsigned int offs,
> +			 u64 lblk_num, gfp_t gfp_flags)
> {
> -	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page, page,
> -				   len, offs, GFP_NOFS);
> +	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, src, dst,
> +				   len, offs, gfp_flags);
> }
> -EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
> +EXPORT_SYMBOL(fscrypt_decrypt_page);
> 
> /**
>  * fscrypt_initialize() - allocate major buffers for fs encryption.
> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
> index efc7f96..c2b67d1 100644
> --- a/include/linux/fscrypt.h
> +++ b/include/linux/fscrypt.h
> @@ -255,15 +255,37 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
> 					      unsigned int len,
> 					      unsigned int offs,
> 					      gfp_t gfp_flags);
> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
> -				  unsigned int len, unsigned int offs,
> -				  u64 lblk_num, gfp_t gfp_flags);
> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
> +			 struct page *dst, unsigned int len,
> +			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
> +
> +static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
> +						struct page *page,
> +						unsigned int len,
> +						unsigned int offs,
> +						u64 lblk_num,
> +						gfp_t gfp_flags)
> +{
> +	return fscrypt_encrypt_page(inode, page, page, len, offs, lblk_num,
> +				    gfp_flags);
> +}
> 
> int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
> 				     unsigned int offs);
> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
> -				  unsigned int len, unsigned int offs,
> -				  u64 lblk_num);
> +
> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
> +			 struct page *dst, unsigned int len,
> +			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
> +
> +static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
> +						struct page *page,
> +						unsigned int len,
> +						unsigned int offs,
> +						u64 lblk_num)
> +{
> +	return fscrypt_decrypt_page(inode, page, page, len, offs, lblk_num,
> +				    GFP_NOFS);
> +}
> 
> static inline bool fscrypt_is_bounce_page(struct page *page)
> {
> -- 
> 1.8.3.1
>
Sebastien Buisson April 29, 2022, 2:57 p.m. UTC | #2
Hmm, sorry, looking into this further, the patch is missing a 'static inline’ definition for llcrypt_encrypt_page and llcrypt_decrypt_page in fscrypt.h for the case where:

#else  /* !CONFIG_FS_ENCRYPTION */

They just need to return -EOPNOTSUPP.

> Le 29 avr. 2022 à 16:44, Sebastien Buisson via lustre-devel <lustre-devel@lists.lustre.org> a écrit :
> 
> This looks good to me, thanks James.
> I have updated Lustre patch https://review.whamcloud.com/47149 to integrate this change.
> 
>> Le 28 avr. 2022 à 19:23, James Simmons <jsimmons@infradead.org> a écrit :
>> 
>> Currently fscrypt offers two options. One option is to use the
>> internal bounce buffer allocated or perform inline encrpytion.
>> Add the option to use an external bounce buffer. This change can
>> be used useful for example for a network file systems which can
>> pass in a page from the page cache and place the encrypted data
>> into a page for a network packet to be sent. Another potential
>> use is the use of GPU pages with RDMA being the final destination
>> for the encrypted data.
>> 
>> Signed-off-By: James Simmons <jsimmons@infradead.org>
>> ---
>> fs/crypto/crypto.c      | 34 +++++++++++++++++++---------------
>> include/linux/fscrypt.h | 34 ++++++++++++++++++++++++++++------
>> 2 files changed, 47 insertions(+), 21 deletions(-)
>> 
>> diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
>> index e78be66..f241c69 100644
>> --- a/fs/crypto/crypto.c
>> +++ b/fs/crypto/crypto.c
>> @@ -210,9 +210,10 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
>> 
>> /**
>> - * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place
>> + * fscrypt_encrypt_page() - Cache an encrypt filesystem block in a page
>> * @inode:     The inode to which this block belongs
>> - * @page:      The page containing the block to encrypt
>> + * @src:       The page containing the block to encrypt
>> + * @dst:       The page which will contain the encrypted data
>> * @len:       Size of block to encrypt.  This must be a multiple of
>> *		FSCRYPT_CONTENTS_ALIGNMENT.
>> * @offs:      Byte offset within @page at which the block to encrypt begins
>> @@ -223,17 +224,18 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> * Encrypt a possibly-compressed filesystem block that is located in an
>> * arbitrary page, not necessarily in the original pagecache page.  The @inode
>> * and @lblk_num must be specified, as they can't be determined from @page.
>> + * The decrypted data will be stored in @dst.
>> *
>> * Return: 0 on success; -errno on failure
>> */
>> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
>> -				  unsigned int len, unsigned int offs,
>> -				  u64 lblk_num, gfp_t gfp_flags)
>> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
>> +			 struct page *dst, unsigned int len, unsigned int offs,
>> +			 u64 lblk_num, gfp_t gfp_flags)
>> {
>> -	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, page, page,
>> +	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, src, dst,
>> 				   len, offs, gfp_flags);
>> }
>> -EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
>> +EXPORT_SYMBOL(fscrypt_encrypt_page);
>> 
>> /**
>> * fscrypt_decrypt_pagecache_blocks() - Decrypt filesystem blocks in a
>> @@ -280,9 +282,10 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> EXPORT_SYMBOL(fscrypt_decrypt_pagecache_blocks);
>> 
>> /**
>> - * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place
>> + * fscrypt_decrypt_page() - Cache a decrypt a filesystem block in a page
>> * @inode:     The inode to which this block belongs
>> - * @page:      The page containing the block to decrypt
>> + * @src:       The page containing the block to decrypt
>> + * @dst:       The page which will contain the plain data
>> * @len:       Size of block to decrypt.  This must be a multiple of
>> *		FSCRYPT_CONTENTS_ALIGNMENT.
>> * @offs:      Byte offset within @page at which the block to decrypt begins
>> @@ -292,17 +295,18 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> * Decrypt a possibly-compressed filesystem block that is located in an
>> * arbitrary page, not necessarily in the original pagecache page.  The @inode
>> * and @lblk_num must be specified, as they can't be determined from @page.
>> + * The encrypted data will be stored in @dst.
>> *
>> * Return: 0 on success; -errno on failure
>> */
>> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
>> -				  unsigned int len, unsigned int offs,
>> -				  u64 lblk_num)
>> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
>> +			 struct page *dst, unsigned int len, unsigned int offs,
>> +			 u64 lblk_num, gfp_t gfp_flags)
>> {
>> -	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page, page,
>> -				   len, offs, GFP_NOFS);
>> +	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, src, dst,
>> +				   len, offs, gfp_flags);
>> }
>> -EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
>> +EXPORT_SYMBOL(fscrypt_decrypt_page);
>> 
>> /**
>> * fscrypt_initialize() - allocate major buffers for fs encryption.
>> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
>> index efc7f96..c2b67d1 100644
>> --- a/include/linux/fscrypt.h
>> +++ b/include/linux/fscrypt.h
>> @@ -255,15 +255,37 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> 					      unsigned int len,
>> 					      unsigned int offs,
>> 					      gfp_t gfp_flags);
>> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
>> -				  unsigned int len, unsigned int offs,
>> -				  u64 lblk_num, gfp_t gfp_flags);
>> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
>> +			 struct page *dst, unsigned int len,
>> +			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
>> +
>> +static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
>> +						struct page *page,
>> +						unsigned int len,
>> +						unsigned int offs,
>> +						u64 lblk_num,
>> +						gfp_t gfp_flags)
>> +{
>> +	return fscrypt_encrypt_page(inode, page, page, len, offs, lblk_num,
>> +				    gfp_flags);
>> +}
>> 
>> int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> 				     unsigned int offs);
>> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
>> -				  unsigned int len, unsigned int offs,
>> -				  u64 lblk_num);
>> +
>> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
>> +			 struct page *dst, unsigned int len,
>> +			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
>> +
>> +static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
>> +						struct page *page,
>> +						unsigned int len,
>> +						unsigned int offs,
>> +						u64 lblk_num)
>> +{
>> +	return fscrypt_decrypt_page(inode, page, page, len, offs, lblk_num,
>> +				    GFP_NOFS);
>> +}
>> 
>> static inline bool fscrypt_is_bounce_page(struct page *page)
>> {
>> -- 
>> 1.8.3.1
>> 
> 
> _______________________________________________
> lustre-devel mailing list
> lustre-devel@lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
diff mbox series

Patch

diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index e78be66..f241c69 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -210,9 +210,10 @@  struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
 EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
 
 /**
- * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place
+ * fscrypt_encrypt_page() - Cache an encrypt filesystem block in a page
  * @inode:     The inode to which this block belongs
- * @page:      The page containing the block to encrypt
+ * @src:       The page containing the block to encrypt
+ * @dst:       The page which will contain the encrypted data
  * @len:       Size of block to encrypt.  This must be a multiple of
  *		FSCRYPT_CONTENTS_ALIGNMENT.
  * @offs:      Byte offset within @page at which the block to encrypt begins
@@ -223,17 +224,18 @@  struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
  * Encrypt a possibly-compressed filesystem block that is located in an
  * arbitrary page, not necessarily in the original pagecache page.  The @inode
  * and @lblk_num must be specified, as they can't be determined from @page.
+ * The decrypted data will be stored in @dst.
  *
  * Return: 0 on success; -errno on failure
  */
-int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
-				  unsigned int len, unsigned int offs,
-				  u64 lblk_num, gfp_t gfp_flags)
+int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
+			 struct page *dst, unsigned int len, unsigned int offs,
+			 u64 lblk_num, gfp_t gfp_flags)
 {
-	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, page, page,
+	return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, src, dst,
 				   len, offs, gfp_flags);
 }
-EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
+EXPORT_SYMBOL(fscrypt_encrypt_page);
 
 /**
  * fscrypt_decrypt_pagecache_blocks() - Decrypt filesystem blocks in a
@@ -280,9 +282,10 @@  int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
 EXPORT_SYMBOL(fscrypt_decrypt_pagecache_blocks);
 
 /**
- * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place
+ * fscrypt_decrypt_page() - Cache a decrypt a filesystem block in a page
  * @inode:     The inode to which this block belongs
- * @page:      The page containing the block to decrypt
+ * @src:       The page containing the block to decrypt
+ * @dst:       The page which will contain the plain data
  * @len:       Size of block to decrypt.  This must be a multiple of
  *		FSCRYPT_CONTENTS_ALIGNMENT.
  * @offs:      Byte offset within @page at which the block to decrypt begins
@@ -292,17 +295,18 @@  int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
  * Decrypt a possibly-compressed filesystem block that is located in an
  * arbitrary page, not necessarily in the original pagecache page.  The @inode
  * and @lblk_num must be specified, as they can't be determined from @page.
+ * The encrypted data will be stored in @dst.
  *
  * Return: 0 on success; -errno on failure
  */
-int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
-				  unsigned int len, unsigned int offs,
-				  u64 lblk_num)
+int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
+			 struct page *dst, unsigned int len, unsigned int offs,
+			 u64 lblk_num, gfp_t gfp_flags)
 {
-	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page, page,
-				   len, offs, GFP_NOFS);
+	return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, src, dst,
+				   len, offs, gfp_flags);
 }
-EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
+EXPORT_SYMBOL(fscrypt_decrypt_page);
 
 /**
  * fscrypt_initialize() - allocate major buffers for fs encryption.
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index efc7f96..c2b67d1 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -255,15 +255,37 @@  struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
 					      unsigned int len,
 					      unsigned int offs,
 					      gfp_t gfp_flags);
-int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
-				  unsigned int len, unsigned int offs,
-				  u64 lblk_num, gfp_t gfp_flags);
+int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
+			 struct page *dst, unsigned int len,
+			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
+
+static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
+						struct page *page,
+						unsigned int len,
+						unsigned int offs,
+						u64 lblk_num,
+						gfp_t gfp_flags)
+{
+	return fscrypt_encrypt_page(inode, page, page, len, offs, lblk_num,
+				    gfp_flags);
+}
 
 int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
 				     unsigned int offs);
-int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
-				  unsigned int len, unsigned int offs,
-				  u64 lblk_num);
+
+int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
+			 struct page *dst, unsigned int len,
+			 unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
+
+static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
+						struct page *page,
+						unsigned int len,
+						unsigned int offs,
+						u64 lblk_num)
+{
+	return fscrypt_decrypt_page(inode, page, page, len, offs, lblk_num,
+				    GFP_NOFS);
+}
 
 static inline bool fscrypt_is_bounce_page(struct page *page)
 {