This patch series adds support for direct I/O with fscrypt using
blk-crypto. Note that this patch relies on another patchset
("ensure bios aren't split in middle of crypto data unit" found at
https://lore.kernel.org/linux-block/[email protected]/
)
Till now, the blk-crypto-fallback expected the offset and length of each
bvec in a bio to be aligned to the crypto data unit size. This in turn
would mean that any user buffer used to read/write encrypted data using the
blk-crypto framework would need to be aligned to the crypto data unit size.
Patch 1 enables blk-crypto-fallback to work without this requirement. It
also relaxes the alignment requirement that blk-crypto checks for - now,
blk-crypto only requires that the length of the I/O is aligned to the
crypto data unit size. This allows direct I/O support introduced in the
later patches in this series to require extra alignment restrictions on
user buffers.
Patch 2 relaxes the alignment check that blk-crypto performs on bios.
blk-crypto would check that the offset and length of each bvec in a bio is
aligned to the data unit size, since the blk-crypto-fallback required it.
As this is no longer the case, blk-crypto now only checks that the total
length of the bio is data unit size aligned.
Patch 3 adds two functions to fscrypt that need to be called to determine
if direct I/O is supported for a request.
Patches 4 and 6 modify direct-io and iomap respectively to set bio crypt
contexts on bios when appropriate by calling into fscrypt.
Patch 5 makes bio_iov_iter_get_pages() respect
bio_required_sector_alignment() which is now necessary since Patch 6 makes
it possible for iomap (which uses bio_iov_iter_get_pages()) construct bios
that have crypt contexts.
Patches 7 and 8 allow ext4 and f2fs direct I/O to support fscrypt without
falling back to buffered I/O.
Patch 9 updates the fscrypt documentation for direct I/O support.
The documentation now notes the required conditions for inline encryption
and direct I/O on encrypted files.
This patch series was tested by running xfstests with test_dummy_encryption
with and without the 'inlinecrypt' mount option, and there were no
meaningful regressions. Without any modification, xfstests skip any
direct I/O test when using ext4/encrypt and f2fs/encrypt, so I modified
xfstests not to skip those tests.
Among those tests, generic/465 fails with ext4/encrypt because a bio ends
up being split in the middle of a crypto data unit. Patch 1 from v7 (which
has been sent out as a separate patch series) fixes this.
Note that the blk-crypto-fallback changes (Patch 1 in v8 in this series)
were also tested through xfstests by using this series along with the patch
series that ensures bios aren't split in the middle of a data unit (Patch 1
from v7) - Some tests (such as generic/465 again) result in bvecs that
don't contain a complete data unit (so a data unit is split across multiple
bvecs), and only pass with this patch.
Changes v8 => v9:
- Introduce patch 5 to fix bug with iomap_dio_bio_actor() which
constructed bios that had incomplete crypto data units (fixes xfstests
generic/465 with ext4)
Changes v7 => v8:
- Patch 1 from v7 (which ensured that bios aren't split in the middle of
a data unit) has been sent out in a separate patch series, as it's
required even without this patch series. That patch series can now
be found at
https://lore.kernel.org/linux-block/[email protected]/
- Patch 2 from v7 has been split into 2 patches (Patch 1 and 2 in v8).
- Update docs
Changes v6 => v7:
- add patches 1 and 2 to allow blk-crypto to work with user buffers not
aligned to crypto data unit size, so that direct I/O doesn't require
that alignment either.
- some cleanups
Changes v5 => v6:
- fix bug with fscrypt_limit_io_blocks() and make it ready for 64 bit
block numbers.
- remove Reviewed-by for Patch 1 due to significant changes from when
the Reviewed-by was given.
Changes v4 => v5:
- replace fscrypt_limit_io_pages() with fscrypt_limit_io_block(), which
is now called by individual filesystems (currently only ext4) instead
of the iomap code. This new function serves the same end purpose as
the one it replaces (ensuring that DUNs within a bio are contiguous)
but operates purely with blocks instead of with pages.
- make iomap_dio_zero() set bio_crypt_ctx's again, instead of just a
WARN_ON() since some folks prefer that instead.
- add Reviewed-by's
Changes v3 => v4:
- Fix bug in iomap_dio_bio_actor() where fscrypt_limit_io_pages() was
being called too early (thanks Eric!)
- Improve comments and fix formatting in documentation
- iomap_dio_zero() is only called to zero out partial blocks, but
direct I/O is only supported on encrypted files when I/O is
blocksize aligned, so it doesn't need to set encryption contexts on
bios. Replace setting the encryption context with a WARN_ON(). (Eric)
Changes v2 => v3:
- add changelog to coverletter
Changes v1 => v2:
- Fix bug in f2fs caused by replacing f2fs_post_read_required() with
!fscrypt_dio_supported() since the latter doesn't check for
compressed inodes unlike the former.
- Add patches 6 and 7 for fscrypt documentation
- cleanups and comments
Eric Biggers (5):
fscrypt: add functions for direct I/O support
direct-io: add support for fscrypt using blk-crypto
iomap: support direct I/O with fscrypt using blk-crypto
ext4: support direct I/O with fscrypt using blk-crypto
f2fs: support direct I/O with fscrypt using blk-crypto
Satya Tangirala (4):
block: blk-crypto-fallback: handle data unit split across multiple
bvecs
block: blk-crypto: relax alignment requirements for bvecs in bios
block: Make bio_iov_iter_get_pages() respect
bio_required_sector_alignment()
fscrypt: update documentation for direct I/O support
Documentation/filesystems/fscrypt.rst | 21 ++-
block/bio.c | 13 +-
block/blk-crypto-fallback.c | 203 ++++++++++++++++++++------
block/blk-crypto.c | 19 +--
fs/crypto/crypto.c | 8 +
fs/crypto/inline_crypt.c | 75 ++++++++++
fs/direct-io.c | 15 +-
fs/ext4/file.c | 10 +-
fs/ext4/inode.c | 7 +
fs/f2fs/f2fs.h | 6 +-
fs/iomap/direct-io.c | 6 +
include/linux/fscrypt.h | 18 +++
12 files changed, 328 insertions(+), 73 deletions(-)
--
2.32.0.rc1.229.g3e70b5a671-goog
Update fscrypt documentation to reflect the addition of direct I/O support
and document the necessary conditions for direct I/O on encrypted files.
Signed-off-by: Satya Tangirala <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Reviewed-by: Jaegeuk Kim <[email protected]>
---
Documentation/filesystems/fscrypt.rst | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 44b67ebd6e40..c0c1747fa2fb 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -1047,8 +1047,10 @@ astute users may notice some differences in behavior:
may be used to overwrite the source files but isn't guaranteed to be
effective on all filesystems and storage devices.
-- Direct I/O is not supported on encrypted files. Attempts to use
- direct I/O on such files will fall back to buffered I/O.
+- Direct I/O is supported on encrypted files only under some
+ circumstances (see `Direct I/O support`_ for details). When these
+ circumstances are not met, attempts to use direct I/O on encrypted
+ files will fall back to buffered I/O.
- The fallocate operations FALLOC_FL_COLLAPSE_RANGE and
FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will
@@ -1121,6 +1123,21 @@ It is not currently possible to backup and restore encrypted files
without the encryption key. This would require special APIs which
have not yet been implemented.
+Direct I/O support
+==================
+
+Direct I/O on encrypted files is supported through blk-crypto. In
+particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION
+enabled, the filesystem must have had the 'inlinecrypt' mount option
+specified, and either hardware inline encryption must be present, or
+CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further,
+the starting position in the file and the length of any I/O must be aligned
+to the filesystem block size (*not* necessarily the same as the block
+device's block size). If any of these conditions isn't met, attempts to do
+direct I/O on an encrypted file will fall back to buffered I/O. However,
+there aren't any additional requirements on user buffer alignment (apart
+from those already present when using direct I/O on unencrypted files).
+
Encryption policy enforcement
=============================
--
2.32.0.rc1.229.g3e70b5a671-goog