From patchwork Fri Jul 17 01:45:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668703 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 27B981392 for ; Fri, 17 Jul 2020 01:45:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 064882070E for ; Fri, 17 Jul 2020 01:45:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="NgLVdFfz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726401AbgGQBpr (ORCPT ); Thu, 16 Jul 2020 21:45:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726525AbgGQBpq (ORCPT ); Thu, 16 Jul 2020 21:45:46 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6C53C08C5DB for ; Thu, 16 Jul 2020 18:45:45 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id m7so6826976pgv.12 for ; Thu, 16 Jul 2020 18:45:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=B0x0K0LAx9+Y7Q8FXBFUwx+eU4+ad8NV7ubLsxeFaf4=; b=NgLVdFfzPI8rniPtNm8DqUu4McExuVBrHsycos4sDr8HsIC6inA/SB0isGbUmdBmO7 G/OrVuLZvnL13Tu1mu21s4F7Ileup0x4d6uYiJ/kRc/SQmxDVcl9ygK9eVQ7wsjmIqNo eElNu+LzNt9T9mDuksME3/2KwYx+iFpkfHnqd+pwMaw4jxdcWmmUK78AYXj+/Kf9MXkh 86ClwUljjM8zN95NX5YUb5jda8EvPewsTfVBDH6wUOZej4e/FczD89ejdlyqv5g+4dbU 6Cz7coqFDmzebNg2T0T8MZ6p/kLm5A96Fi28C012iOqXi7l4A7sD3rqk2EZ5Xxa58Gh/ WOWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=B0x0K0LAx9+Y7Q8FXBFUwx+eU4+ad8NV7ubLsxeFaf4=; b=JfYZ8E7nrjelQEPhopX2aH4xuAZ13ENJnsbCf/mBMGcj6rKSpo1XcRsPGmfsf92xvq QdwF5x3e6VgIJY17p05YHpzyBxFuYe9XnuRsAQFb1R04Wp3LZ9kZo1Swhe6GYcdGYIB9 Vu0Zokq3LQdUV5e6sB/JOCQQmncGKchpG3KK6k1FCQai+hhqc6KlvWxsTWluWnmRp48b TH7/M+chZ/jdFbeKzPeVOfFAetZhKOvgqU1gUkIU5F5J9OXc4IePJCa241OixBWOfH3J CzOlSxmRAQv8JKBTCLqMle1K5kPmQFqvopuaqF3tw7hdrzvW2GF2KD81fJvmL/Wlpf9P C5ZA== X-Gm-Message-State: AOAM533RMNWUFEmvJccc3WUG7hOlloLM1XjivuCCD40sQ78NIfhMCpmK XslJxGssmAqw6klpPGZZL1CwjyFNClaqPAhipnSgfdyCCt2tY2U7rIyAsg9hgYzYMg93KukMmQx fO/yODxakrO5qiieqibgnp7DR4tpUVlJb4omI/zmeUAmiyRleOiGX/DxUaEEQMwK6SkziT9Q= X-Google-Smtp-Source: ABdhPJx6iODqkhaKqJfQZ6FjelMNp9N/V3wUMH1/G/neMrWU0AXc+o65/W6IN7lPQnmGBJARaC+27IB1sHQ= X-Received: by 2002:a17:90a:cc03:: with SMTP id b3mr6955247pju.80.1594950345389; Thu, 16 Jul 2020 18:45:45 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:34 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-2-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 1/7] fscrypt: Add functions for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Introduce fscrypt_dio_supported() to check whether a direct I/O request is unsupported due to encryption constraints, and fscrypt_limit_io_pages() to check how many pages may be added to a bio being prepared for direct I/O. The IV_INO_LBLK_32 fscrypt policy introduced the possibility that DUNs in logically continuous file blocks might wrap from 0xffffffff to 0. Since this was particularly difficult to handle when block_size != PAGE_SIZE, fscrypt only supports blk-crypto en/decryption with the IV_INO_LBLK_32 policy when block_size == PAGE_SIZE, and ensures that the DUN never wraps around within any submitted bio. fscrypt_limit_io_pages() can be used to determine the number of logically contiguous blocks/pages that may be added to the bio without causing the DUN to wrap around within the bio. This is an alternative to calling fscrypt_mergeable_bio() on each page in a range of logically contiguous pages. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/crypto/crypto.c | 8 ++++ fs/crypto/inline_crypt.c | 80 ++++++++++++++++++++++++++++++++++++++++ include/linux/fscrypt.h | 19 ++++++++++ 3 files changed, 107 insertions(+) diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c index a52cf32733ab..fb34364360b3 100644 --- a/fs/crypto/crypto.c +++ b/fs/crypto/crypto.c @@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page) } EXPORT_SYMBOL(fscrypt_free_bounce_page); +/* + * Generate the IV for the given logical block number within the given file. + * For filenames encryption, lblk_num == 0. + * + * Keep this in sync with fscrypt_limit_io_pages(). fscrypt_limit_io_pages() + * needs to know about any IV generation methods where the low bits of IV don't + * simply contain the lblk_num (e.g., IV_INO_LBLK_32). + */ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, const struct fscrypt_info *ci) { diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index d7aecadf33c1..f5af6a63e04c 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fscrypt_private.h" @@ -362,3 +363,82 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio, return fscrypt_mergeable_bio(bio, inode, next_lblk); } EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh); + +/** + * fscrypt_dio_supported() - check whether a direct I/O request is unsupported + * due to encryption constraints + * @iocb: the file and position the I/O is targeting + * @iter: the I/O data segment(s) + * + * Return: true if direct I/O is supported + */ +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + const unsigned int blocksize = i_blocksize(inode); + + /* If the file is unencrypted, no veto from us. */ + if (!fscrypt_needs_contents_encryption(inode)) + return true; + + /* We only support direct I/O with inline crypto, not fs-layer crypto */ + if (!fscrypt_inode_uses_inline_crypto(inode)) + return false; + + /* + * Since the granularity of encryption is filesystem blocks, the I/O + * must be block aligned -- not just disk sector aligned. + */ + if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize)) + return false; + + return true; +} +EXPORT_SYMBOL_GPL(fscrypt_dio_supported); + +/** + * fscrypt_limit_io_pages() - limit I/O pages to avoid discontiguous DUNs + * @inode: the file on which I/O is being done + * @pos: the file position (in bytes) at which the I/O is being done + * @nr_pages: the number of pages we want to submit starting at @pos + * + * Determine the limit to the number of pages that can be submitted in the bio + * targeting @pos without causing a data unit number (DUN) discontinuity. + * + * For IV generation methods that can't cause DUN wraparounds + * within logically continuous data blocks, the maximum number of pages is + * simply @nr_pages. For those IV generation methods that *might* cause DUN + * wraparounds, the returned number of pages is the largest possible number of + * pages (less than @nr_pages) that can be added to the bio without causing a + * DUN wraparound within the bio. + * + * Return: the actual number of pages that can be submitted + */ +int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, int nr_pages) +{ + const struct fscrypt_info *ci = inode->i_crypt_info; + u32 dun; + + if (!fscrypt_inode_uses_inline_crypto(inode)) + return nr_pages; + + if (nr_pages <= 1) + return nr_pages; + + if (!(fscrypt_policy_flags(&ci->ci_policy) & + FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) + return nr_pages; + + /* + * fscrypt_select_encryption_impl() ensures that block_size == PAGE_SIZE + * when using FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32. + */ + if (WARN_ON_ONCE(i_blocksize(inode) != PAGE_SIZE)) + return 1; + + /* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */ + + dun = ci->ci_hashed_ino + (pos >> inode->i_blkbits); + + return min_t(u64, nr_pages, (u64)U32_MAX + 1 - dun); +} diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index bb257411365f..c205c214b35e 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -559,6 +559,11 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, bool fscrypt_mergeable_bio_bh(struct bio *bio, const struct buffer_head *next_bh); +bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter); + +int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, + int nr_pages); + #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) @@ -587,6 +592,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, { return true; } + +static inline bool fscrypt_dio_supported(struct kiocb *iocb, + struct iov_iter *iter) +{ + const struct inode *inode = file_inode(iocb->ki_filp); + + return !fscrypt_needs_contents_encryption(inode); +} + +static inline int fscrypt_limit_io_pages(const struct inode *inode, loff_t pos, + int nr_pages) +{ + return nr_pages; +} #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ /** From patchwork Fri Jul 17 01:45:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668719 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 61651161F for ; Fri, 17 Jul 2020 01:45:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 49A6620838 for ; Fri, 17 Jul 2020 01:45:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="p36HscUc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726803AbgGQBpx (ORCPT ); Thu, 16 Jul 2020 21:45:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726593AbgGQBps (ORCPT ); Thu, 16 Jul 2020 21:45:48 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A669C08C5DB for ; Thu, 16 Jul 2020 18:45:48 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id m81so9523385ybf.6 for ; Thu, 16 Jul 2020 18:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=zp9IyNE/WOqMjmmUo5OQb7An9Jck4EABFW2ZtXIp0J8=; b=p36HscUchAg0CPB1IVlLAHSXs2vt/CAtvnGZGYh+pgGb8ff5pnVy92OpuvFkRtll4M SI5aSrhV3PxrLbwz17jamuLN6negVlYOyUO0lVR594tXatTmLzOco1s3uJGTt9G0c02T oGCMZyhVeE5Rx/Y4UrAqp28VHMbYuQav1xwBQCWuZUTwsEly/5H7VsNZS6EQ79Dy4jsm ylGUbOu6BuqAvds98BLPpY+r2Ujizq6ziG99s99QZJPq2K6KpQk33kIgRGXyAgj8CE8A e/8DA/xD/kOPAsUIfxdTPXOBYEdxznO4bFVFYb8uJoYP8nKKJ9E5RyrGSz68UIXgrnZx mu5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=zp9IyNE/WOqMjmmUo5OQb7An9Jck4EABFW2ZtXIp0J8=; b=rGAm9Zc2JddSn7c5J2be2NDxdEIYnt1Q3swrhLk3DOJoNWQxHcD4XCHCnq7P6bSoW6 qYXNFH8OgxASv+hnMGke7bJrn/tqcHcvMjlCDVxPBg9V1gI9T9HESUji14G4gxpuWHHA L2PPwlTgB7Ip+dwb52hZLPISc+ciMKdoiGAtIN5xkMYBiNrTsHZ6NifhN84CQALUONjx JlXYVYro2ovPCoRWQxP13L9h8Lcg5J7TIsOm3mX4ibkbsFkQLN6cq0+34MY+QB120e7M 8zn++B7eJL3ZZQYrwjOCi25+0C87ZvcbfW6DtBN/cWzcKzoERK9jsIS8dcNUq+5Qk1Iv vuuQ== X-Gm-Message-State: AOAM530jgaTdIqkWVxyD7CKIRiqbtMlDBawVDlEWWrZvFSL8wtaBAth7 u+webJn3+b5VmTD1zIdS6CO+Lo7S1f36/9M2n5fsWHf2Fi6HycB76ukAsPAWSAf0pY9xV3wv0g/ MT0nmMqmj82wdmLnS2psRVWoHGPgcWT5Jg7B8vOpD1ElBypIMn79E7aZhEtXz26QpV5TonvI= X-Google-Smtp-Source: ABdhPJzr5GCoe/5L+0bMuPjqymASle/2ldfXTMtsEz86fUAPPo0bs236xCphulrBw+iau6eQYoDrV+vdm10= X-Received: by 2002:a25:4c81:: with SMTP id z123mr10656827yba.309.1594950347400; Thu, 16 Jul 2020 18:45:47 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:35 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-3-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 2/7] direct-io: add support for fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Set bio crypt contexts on bios by calling into fscrypt when required, and explicitly check for DUN continuity when adding pages to the bio. (While DUN continuity is usually implied by logical block contiguity, this is not the case when using certain fscrypt IV generation methods like IV_INO_LBLK_32). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/direct-io.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index 6d5370eac2a8..f27f7e3780ee 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -411,6 +412,7 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, sector_t first_sector, int nr_vecs) { struct bio *bio; + struct inode *inode = dio->inode; /* * bio_alloc() is guaranteed to return a bio when allowed to sleep and @@ -418,6 +420,9 @@ dio_bio_alloc(struct dio *dio, struct dio_submit *sdio, */ bio = bio_alloc(GFP_KERNEL, nr_vecs); + fscrypt_set_bio_crypt_ctx(bio, inode, + sdio->cur_page_fs_offset >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, bdev); bio->bi_iter.bi_sector = first_sector; bio_set_op_attrs(bio, dio->op, dio->op_flags); @@ -782,9 +787,17 @@ static inline int dio_send_cur_page(struct dio *dio, struct dio_submit *sdio, * current logical offset in the file does not equal what would * be the next logical offset in the bio, submit the bio we * have. + * + * When fscrypt inline encryption is used, data unit number + * (DUN) contiguity is also required. Normally that's implied + * by logical contiguity. However, certain IV generation + * methods (e.g. IV_INO_LBLK_32) don't guarantee it. So, we + * must explicitly check fscrypt_mergeable_bio() too. */ if (sdio->final_block_in_bio != sdio->cur_page_block || - cur_offset != bio_next_offset) + cur_offset != bio_next_offset || + !fscrypt_mergeable_bio(sdio->bio, dio->inode, + cur_offset >> dio->inode->i_blkbits)) dio_bio_submit(dio, sdio); } From patchwork Fri Jul 17 01:45:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668721 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4E6936C1 for ; Fri, 17 Jul 2020 01:45:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 351792070E for ; Fri, 17 Jul 2020 01:45:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Y8lKGfOD" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726563AbgGQBpy (ORCPT ); Thu, 16 Jul 2020 21:45:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726335AbgGQBpu (ORCPT ); Thu, 16 Jul 2020 21:45:50 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10149C08C5DB for ; Thu, 16 Jul 2020 18:45:50 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id a6so6580832pjd.4 for ; Thu, 16 Jul 2020 18:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=+UBFxrt4pNJbQqfKhET/4plBmEv6gpLPjB+6J7RRg5k=; b=Y8lKGfODiCH69PDF5B/+rpXL+KjApYk7Uwv8d7TW4/tBPWIRzzbi8MlNs0lgzM9hUA 24xdsrYMFvCtK6M14TEO9ufqFEUZyUmF7u7s96e3sOwuy+UVYB4S0yx9V5+9sE0TTsfd IXR2ZuOpdoWZucP+43oYiGInuo7RTGa+WTm/s+hBcRwZPq2VuKi9yodj0lcEAJSkK53a y4B5qKPAJ49xq+wQw24RR55Hm1r3sJ9RTK87APxuU44mtsvQueWlGAjMWZ86HA7WsxXz 9LxhsNeXas/TjWNR3OA8HzqsqV1njMtHL+i9+Gthr7VQw8et6WosGrnGcz509ucqbACW wnHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=+UBFxrt4pNJbQqfKhET/4plBmEv6gpLPjB+6J7RRg5k=; b=TOmTSvqV0cY1EMQ4ot/h4OvdS6vzXeDlWNA9VS8A9jS7GAN2nmcOBT0WQRDvJLZNFB Unf6/aaOOGW7yb6hqA4PMnlsFybBotTY7bUu9xIMdhLFwQDlgRAB5W6gV8xYg//fZiMB GLD/hDDxfshA6jGwfcJ98JRNDY/elRfGelZxpbDmRU3vJNQYuvMGoMWXkLRSsfGs7wbf mW1+nD9csCtgjgos8V1zQfKWwDnwa4i7EOkJZCKEEFlkCA32H2cReJVo+ZsGLtvsuOS7 b5rw14kYbvCr+Ln64xX9kMbZzCbDJrr0LVyzFhNZRAl5//Rzxz2O2qEWfK5h0CIDmsLB CGGQ== X-Gm-Message-State: AOAM533kqz0wXxqGyemHAHhSJyeun47YmnucrS5jijYp0dCX7JP7OqBx +KY4RAN3aSCO/fZRrbVPOoFmMSy0U9vyXYlGOMWMSaiHycwG7FFsGPKTS+IRe/IgkdUxaGKACrJ mgEczbjUy0V0VojIbkAwAZe06iQy1SCCBwcbmqgHV0F0ypnXDljIvJh+cjrDCRQyGcVeyGhE= X-Google-Smtp-Source: ABdhPJy344HqXVu0ud6H52mg8U/EcQXRq9AwgZAuxUTo1u0ex5Qpvg/3IucFIPXhG+x/kepE10JdnQtEHu8= X-Received: by 2002:a17:90b:4c12:: with SMTP id na18mr2174906pjb.0.1594950349133; Thu, 16 Jul 2020 18:45:49 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:36 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-4-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 3/7] iomap: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up iomap direct I/O with the fscrypt additions for direct I/O, and set bio crypt contexts on bios when appropriate. Make iomap_dio_bio_actor() call fscrypt_limit_io_pages() to ensure that DUNs remain contiguous within a bio, since it works directly with logical ranges and can't call fscrypt_mergeable_bio() on each page. Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/iomap/direct-io.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index ec7b78e6feca..4507dc16dbe5 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -183,11 +184,14 @@ static void iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos, unsigned len) { + struct inode *inode = file_inode(dio->iocb->ki_filp); struct page *page = ZERO_PAGE(0); int flags = REQ_SYNC | REQ_IDLE; struct bio *bio; bio = bio_alloc(GFP_KERNEL, 1); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_private = dio; @@ -253,6 +257,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, ret = nr_pages; goto out; } + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages); if (need_zeroout) { /* zero out from the start of the block to the write offset */ @@ -270,6 +275,8 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, } bio = bio_alloc(GFP_KERNEL, nr_pages); + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits, + GFP_KERNEL); bio_set_dev(bio, iomap->bdev); bio->bi_iter.bi_sector = iomap_sector(iomap, pos); bio->bi_write_hint = dio->iocb->ki_hint; @@ -307,6 +314,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length, copied += n; nr_pages = iov_iter_npages(dio->submit.iter, BIO_MAX_PAGES); + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages); iomap_dio_submit_bio(dio, iomap, bio, pos); pos += n; } while (nr_pages); From patchwork Fri Jul 17 01:45:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668727 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EECF56C1 for ; Fri, 17 Jul 2020 01:45:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D5E182070E for ; Fri, 17 Jul 2020 01:45:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rXOnRzGG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726715AbgGQBp5 (ORCPT ); Thu, 16 Jul 2020 21:45:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726673AbgGQBpv (ORCPT ); Thu, 16 Jul 2020 21:45:51 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6B5CC08C5DC for ; Thu, 16 Jul 2020 18:45:51 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id x1so9519076ybg.8 for ; Thu, 16 Jul 2020 18:45:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=E/vVSGidxRNqfgFvT7W0V9puYBqKI9SZ+5JR8j0m+58=; b=rXOnRzGGSVHFJDvjXi4FvAGiqdTyNugg4+H0mP1UFF0jhZqf9ep56wXd9XJvPMyF9T xoS911Id97Dol9EvPK1vd9h8gYYCgaetjB+K7vw/2qAXsNebgviKIpgSa8h1ymO/I+8I YIvRJ/hkbtBJWlgnuyDv5HV2cXOcz+N4IrAcNQRZxLAp4EnHNbfG5YnAhJhBgTy+Pigv 4dn1Nyu0E43LGnaBzxcuj3jII3vy8x6cX2YbN3ZtFyf4Ma6kXhDkX1GxK6J3lUHQ4QI1 hToBCY+cUvVQkmT2ab6aVu8YcYHCBu/i3YrB2ksRrALG3q7k+9hHw+zgqJFmE7H4rTqX 0wTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=E/vVSGidxRNqfgFvT7W0V9puYBqKI9SZ+5JR8j0m+58=; b=LqbAHVJyuxJpRRWC+I/CmVX+qDE0hc0+N0Nzk4kCe7veJHOgf6AVmfoW0nWMmqcsPC XswcMmqwvzSXEGbM4PJCy4EU9fuXgxaZ1lPDBQCduvpsDCtmhCwzRHoWKrulbI9hbeFE pSM3AA/FmCXG5o2V6Av2PZCjwhM83g5o87JWzhVoFg4tfsZZIm/vHwsDDqDq33G5cdCT Oim5O2wF0UJSpfsliUyFvg9uvjeKL82QG77aeGG4WbxH4Mhe8Z57Y91IPVtzd7u/lxLv B2lf8dvJcnYWOmTAQg4hFxihDfjrPs+UuJfyWYJyjeKYzL3Pfqro2q9rUtkbz+jwNP5k PNLA== X-Gm-Message-State: AOAM533+U/y33Aw2NCVvkw3sWDHeuTrZm4ORQF4S56o4vm3JfB16+hJ2 4UWkRnLo7cHPtWYI6mjh2oTYQdILYAaolr8iQI1vTDzGQ+h54pUnjRnJgda7h8VdgJi5sYb6Kjg YFp1OGYpyGXRdeve5hlprwKc/8AD0zOssbFi+3fLWrqKXIcfSzPVQDIKeKWu7c5vx3Cdd0nk= X-Google-Smtp-Source: ABdhPJz7acZLc4vxa6IsZoed6dq0Yjbsxw2KarLtYNUW50n+ZIWBzgAyIfxQtErgMIINdMcscSoivVp9TXA= X-Received: by 2002:a25:7d41:: with SMTP id y62mr10756670ybc.95.1594950350852; Thu, 16 Jul 2020 18:45:50 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:37 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-5-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 4/7] ext4: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up ext4 with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/ext4/file.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 2a01e31a032c..d534f72675d9 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -36,9 +36,11 @@ #include "acl.h" #include "truncate.h" -static bool ext4_dio_supported(struct inode *inode) +static bool ext4_dio_supported(struct kiocb *iocb, struct iov_iter *iter) { - if (IS_ENABLED(CONFIG_FS_ENCRYPTION) && IS_ENCRYPTED(inode)) + struct inode *inode = file_inode(iocb->ki_filp); + + if (!fscrypt_dio_supported(iocb, iter)) return false; if (fsverity_active(inode)) return false; @@ -61,7 +63,7 @@ static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to) inode_lock_shared(inode); } - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, to)) { inode_unlock_shared(inode); /* * Fallback to buffered I/O if the operation being performed on @@ -490,7 +492,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from) } /* Fallback to buffered I/O if the inode does not support direct I/O. */ - if (!ext4_dio_supported(inode)) { + if (!ext4_dio_supported(iocb, from)) { if (ilock_shared) inode_unlock_shared(inode); else From patchwork Fri Jul 17 01:45:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668743 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 44B531392 for ; Fri, 17 Jul 2020 01:46:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2B30820838 for ; Fri, 17 Jul 2020 01:46:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ng8R1/65" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726593AbgGQBqC (ORCPT ); Thu, 16 Jul 2020 21:46:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726794AbgGQBpx (ORCPT ); Thu, 16 Jul 2020 21:45:53 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B276C08C5E0 for ; Thu, 16 Jul 2020 18:45:53 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id v15so6868415pgi.3 for ; Thu, 16 Jul 2020 18:45:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ORAQciKgJGVxLPMl88O8FRaS7Y2vfgBBYDIN8L834Cw=; b=ng8R1/65DV2iU+IQ306zEBb/0gZuzKY2wd9E8N5W+UqslArMsttZ5glLKrikl28eKb mHq69ANYkDbSrWX4gfqMUWI2ZBqFfFly0rtpiO9z2tckqlbPuAu+WgKmohY8YtajbC7y TAkC3td2D69tT+i8RxwKdpD86ImI888MHpVaS3zpZqe2TBh09T3GOUsEhGrYpq7qszO9 0eL1IJrZbZyK33JvINmsQYzOQns4GWk/EypSIDCE0Bw5rjnxJookR+K0w4fiVIfjkP4l 48dzxFnzHST1VX+U4ko1hntKzQ14Ezmb2zBJCYDs2eKpTWvdT0fsRQhtyl4OAmHbNGpd 7XZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ORAQciKgJGVxLPMl88O8FRaS7Y2vfgBBYDIN8L834Cw=; b=dFZiKt+ESLb6Spbls3RimgX0KMuNjbLn/loVvqu24MMsjKRT3Zo3c0p+qyZEAwYa/x qFR3gzjsA6NRog2FdEKBin8Yvwm8Pz7AgEe1auZ5KZz9oUcjcN6/BeE+GTJj0g5OxnIQ 6fVeyxPaerPeCUbC34VFg7Srngr4NZduJ4qHIDSRLFHbIVEKCnP4RcV8/dVDpup6xO4e 4aEJYlfuuU7rGgmv4HflJvUQFIute9xlvtvXc6DjXxJDSZLDSH0Tsyh3mRsz/n3ld+j1 P0PNxvj3mQ+FO1wIJDxev44uoDGFff4JNYjtxApnIKrMJM5NcHUwCqcrC6WWrvtTLlI5 efJQ== X-Gm-Message-State: AOAM531MG+YsnE/pjQ6AJYebAtrWSiI7/V21hcbPP2EnNtVfq0dLA3LE CJIVN9cqEMxSdaIK0zJo/9zFKfsZWHJYsuxmUUFsX0FnIULaBNk5UwI1omyFfFBuMbpLU0nGK2O gkZoXiyIIlFhwPbYjyW61WkN+3YKpc/Lye+C0hO/y3rmDHZGXI6N6ae04ut4Y7GvNpkziG8U= X-Google-Smtp-Source: ABdhPJypMvXx5XgQi+oxPJJGIhfKX32tGeIjNcFpR4zHf1BJbMQwMi373dkhjOi4KnE/mp1ikT0bXUTweTE= X-Received: by 2002:a17:90a:2b8f:: with SMTP id u15mr7349194pjd.98.1594950352671; Thu, 16 Jul 2020 18:45:52 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:38 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-6-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 5/7] f2fs: support direct I/O with fscrypt using blk-crypto From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Eric Biggers , Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org From: Eric Biggers Wire up f2fs with fscrypt direct I/O support. direct I/O with fscrypt is only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must have been enabled, the 'inlinecrypt' mount option must have been specified, and either hardware inline encryption support must be present or CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further, direct I/O on encrypted files is only supported when I/O is aligned to the filesystem block size (which is *not* necessarily the same as the block device's block size). Signed-off-by: Eric Biggers Co-developed-by: Satya Tangirala Signed-off-by: Satya Tangirala --- fs/f2fs/f2fs.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index b35a50f4953c..978130b5a195 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4082,7 +4082,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int rw = iov_iter_rw(iter); - if (f2fs_post_read_required(inode)) + if (!fscrypt_dio_supported(iocb, iter)) + return true; + if (fsverity_active(inode)) + return true; + if (f2fs_compressed_file(inode)) return true; if (f2fs_is_multi_device(sbi)) return true; From patchwork Fri Jul 17 01:45:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668731 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EBC86161F for ; Fri, 17 Jul 2020 01:45:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CFA1021702 for ; Fri, 17 Jul 2020 01:45:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IuienX4m" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726673AbgGQBp7 (ORCPT ); Thu, 16 Jul 2020 21:45:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726784AbgGQBp4 (ORCPT ); Thu, 16 Jul 2020 21:45:56 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 306E9C08C5E3 for ; Thu, 16 Jul 2020 18:45:55 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id x1so9519191ybg.8 for ; Thu, 16 Jul 2020 18:45:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=M2BARCIgcttWxNELPw4zNOFpxD9+a8coXLhy2/p7EJA=; b=IuienX4mga40GmSRRKzTF+joRBlWaewlilX9kK4DbxKVxKtc0HgNzNmwzCZ1zOSkZS /sl4RwiktZzyDIGk22y0rBU4/6to0p2Mb+0sHuOgVc59Of+mmEYUSL/X8GIx7S9N2g7k AAsNYq+yOp1P9y/M3dpmzdp+iTmYeg60KNpHeU9Q4DinrRedG6NGSsYmC3G3+ZszcxWF iiLyYi1e8fZMhBIQmpfrA1eMen9sCtNU9W9nDP6q6QwGvJa13W8tY3dxZyWvEvjE0cyb 7vhn6iWIVWyfKhLFtLO/KNWOxq8m9tNiM/Xk00LgFuq+iUFipff48yn3YZCVEhX9KuBH cXvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=M2BARCIgcttWxNELPw4zNOFpxD9+a8coXLhy2/p7EJA=; b=rGfUFNpX7rh5jgzjACfmiVaWY61CfieOAAVNNKn3OzE889QfyjpfBD7fh3u3BwYZX9 uPqBTcVPc322gRhk/MGKgoAemf7dddJLfdPMw+2CZXaF5aLN3KxINXzS4cK6Pz4IQTyX 1c7gW7SoBF4IX4SmtPAHqUA3QnpTNlwAK/rb+34ZFtxUzYyoK5C83uQmqf7Kh2C05G1p 88oFbJEJreSr11kuP7dOS8uZiiYoRj6cUTbpn8JONtaRhBZ6qeSyyCw0gf+ecnZRzNWi OBucbmJXgqwVxzhmwMlMdopSQNFieMbmRSgrT+awhAAhLqb6mhwsuCsmrLRvSFCWzxey SZSQ== X-Gm-Message-State: AOAM533kPn09CYzyhiri3pglxoiQAgsBzb4VbCW2+qyNC+Uq/nze1fMt ENUTpdHMGX0s2oh8PXEh2SjrmfGhLaRxDdDs5ugxzwtaNKmtlxxD6xpeIFuD7eQwW/0ASGTDbvs v2e+H58C8oQtDuVH/StCv2mnv59SdBKtEGeMzdzai1XwL6rwNg+gNl5sBwt6ABJSg/R3CnNg= X-Google-Smtp-Source: ABdhPJxSclWXD3pWyzJ/EO11UCYSucRKXFbMR9YelueZjjlG1f9W2/r7ez0qwF6s0pIusA0evwMmb2iIxEk= X-Received: by 2002:a25:3789:: with SMTP id e131mr10722971yba.417.1594950354393; Thu, 16 Jul 2020 18:45:54 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:39 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-7-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 6/7] fscrypt: document inline encryption support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update the fscrypt documentation file for inline encryption support. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers --- Documentation/filesystems/fscrypt.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f5d8b0303ddf..f3d87a1a0a7f 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1204,6 +1204,18 @@ buffer. Some filesystems, such as UBIFS, already use temporary buffers regardless of encryption. Other filesystems, such as ext4 and F2FS, have to allocate bounce pages specially for encryption. +Fscrypt is also able to use inline encryption hardware instead of the +kernel crypto API for en/decryption of file contents. When possible, and +if directed to do so (by specifying the 'inlinecrypt' mount option for +an ext4/F2FS filesystem), it adds encryption contexts to bios and +uses blk-crypto to perform the en/decryption instead of making use +of the above read/write path changes. Of course, even if directed to make +use of inline encryption, fscrypt will only be able to do so if either +hardware inline encryption support is available for the selected encryption +algorithm or CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK is selected. If neither +is the case, fscrypt will fall back to using the above mentioned read/write +path changes for en/decryption. + Filename hashing and encoding ----------------------------- @@ -1250,7 +1262,9 @@ Tests To test fscrypt, use xfstests, which is Linux's de facto standard filesystem test suite. First, run all the tests in the "encrypt" -group on the relevant filesystem(s). For example, to test ext4 and +group on the relevant filesystem(s). One can also run the tests +with the 'inlinecrypt' mount option to test the implementation for +inline encryption support. For example, to test ext4 and f2fs encryption using `kvm-xfstests `_:: From patchwork Fri Jul 17 01:45:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11668735 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9BD36161F for ; Fri, 17 Jul 2020 01:46:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 806B02070E for ; Fri, 17 Jul 2020 01:46:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tEG1tbY0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726335AbgGQBp7 (ORCPT ); Thu, 16 Jul 2020 21:45:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39474 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726710AbgGQBp5 (ORCPT ); Thu, 16 Jul 2020 21:45:57 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1059C08C5DC for ; Thu, 16 Jul 2020 18:45:56 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id e127so6849420pgc.2 for ; Thu, 16 Jul 2020 18:45:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=zr1haxdG39xCeCSCxAtAF/uCJ0PriAfrFWPYdcjKJpg=; b=tEG1tbY0GS7WlBxSa3Kxt1rFESwI3ui5yUD/cLDZhMOcAswtEsR2gA7+HRG/RM3fom kKXQfxEkJ03SNR1VcwABHdAvnSgZUNipTuaqbleOSRI3ly6YGNWQXT0md6xvoxRmgISr aj1KioZwAFAZKz6AW2HjIi/fOOThLnth025dI4US/K0SzJSIhF6AN4lrRl8BpYvkr1Lb lQR2IJ1LUZ1nzraC9ZyIdcxHojIZhPSRzBFpK0Xtgwy/5Wvxiufo3xtWfUGQ9f6mDhqc Jy0npXSloiyPA693awr5gTPYLK5o6O/NYyKBiDV9yOX2QtiUCYUlxyhVr0ZzfowLwJVK ez1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=zr1haxdG39xCeCSCxAtAF/uCJ0PriAfrFWPYdcjKJpg=; b=hMfMDXfpzIzDvhJQEWf1OwaXzWZLGwLn7Hq2qXxn5dK3kkjTTdQ2GdXWeWFMR4wQoR qj+VUndP3EWn09y6CfeZfDb6h3Ba+ZYJ+Xp5f1zdPPK9PLP5ExDqVKqGeMBOuGDxKqH7 ly4bpvTqQ8SZh0FItaO5xqYndpAew5C3j5Uuy5QUkDPxMHQ0DM52ea+SKDFJlz1q6f0h Ti+bAPCbPJOO7QHKQ/Z9S9lzz0PABQtvkk2QmY9l3oU2nIQjIHaiaYq32DWju5xZCCwZ 3M2ZjbxHuJ7IulqIp/nEWMG527NklSqSbe6VxarpzEEfM2Y3sFMCcoJrzGl94QgCJNtd eYTA== X-Gm-Message-State: AOAM531icZJtm0LnUgV0bbcI4GCvtBrslRPXErAApRLv8qD0Y/TdUTxj H4GBqGFFPjgB9pIvT5/Rn0M+k4KJT27wHsaEYzgA4s1rK/pq8bSXCY3cXOPyy4BdrK1ukO/PJ9N 0/vb9ZMEGVcxI5rDH8UGm9XRjaJvguh7S6kz4rcc0XZ//NasKCJDOEQaD/vCD9ArOsL4YVq0= X-Google-Smtp-Source: ABdhPJxOhOzjo61R2qPX4OdqO+HjLZ7jHTuuKQDlVMjuRGuop7Hl6oLUSvAWIvqqI67Mktlky6ueFrap26Y= X-Received: by 2002:a17:90b:283:: with SMTP id az3mr7615052pjb.38.1594950356419; Thu, 16 Jul 2020 18:45:56 -0700 (PDT) Date: Fri, 17 Jul 2020 01:45:40 +0000 In-Reply-To: <20200717014540.71515-1-satyat@google.com> Message-Id: <20200717014540.71515-8-satyat@google.com> Mime-Version: 1.0 References: <20200717014540.71515-1-satyat@google.com> X-Mailer: git-send-email 2.28.0.rc0.105.gf9edc3c819-goog Subject: [PATCH v3 7/7] fscrypt: update documentation for direct I/O support From: Satya Tangirala To: linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org Cc: linux-xfs@vger.kernel.org, Satya Tangirala Sender: linux-fscrypt-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org Update fscrypt documentation to reflect the addition of direct I/O support and document the necessary conditions for direct I/O on encrypted files. Signed-off-by: Satya Tangirala --- Documentation/filesystems/fscrypt.rst | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index f3d87a1a0a7f..95c76a5f0567 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -1049,8 +1049,10 @@ astute users may notice some differences in behavior: may be used to overwrite the source files but isn't guaranteed to be effective on all filesystems and storage devices. -- Direct I/O is not supported on encrypted files. Attempts to use - direct I/O on such files will fall back to buffered I/O. +- Direct I/O is supported on encrypted files only under some circumstances + (see `Direct I/O support`_ for details). When these circumstances are not + met, attempts to use direct I/O on such files will fall back to buffered + I/O. - The fallocate operations FALLOC_FL_COLLAPSE_RANGE and FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will @@ -1257,6 +1259,20 @@ without the key is subject to change in the future. It is only meant as a way to temporarily present valid filenames so that commands like ``rm -r`` work as expected on encrypted directories. +Direct I/O support +------------------ + +Direct I/O on encrypted files is supported through blk-crypto. In +particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION +enabled, the filesystem must have had the 'inlinecrypt' mount option +specified, and either hardware inline encryption must be present, or +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further, +any I/O must be aligned to the filesystem block size (*not* necessarily +the same as the block device's block size) - in particular, any userspace +buffer into which data is read/written from must also be aligned to the +filesystem block size. If any of these conditions isn't met, attempts to do +direct I/O on an encrypted file will fall back to buffered I/O. + Tests =====