This patch series adds support for direct I/O with fscrypt using
blk-crypto. It has been rebased on fscrypt/master (i.e. the "master"
branch of the fscrypt tree at
https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git)
Patch 1 adds two functions to fscrypt that need to be called to determine
if direct I/O is supported for a request.
Patches 2 and 3 modify direct-io and iomap respectively to set bio crypt
contexts on bios when appropriate by calling into fscrypt.
Patches 4 and 5 allow ext4 and f2fs direct I/O to support fscrypt without
falling back to buffered I/O.
Patches 6 and 7 update the fscrypt documentation for inline encryption
support and direct I/O. The documentation now notes the required conditions
for inline encryption and direct I/O on encrypted files.
This patch series was tested by running xfstests with test_dummy_encryption
with and without the 'inlinecrypt' mount option, and there were no
meaningful regressions. One regression was for generic/587 on ext4,
but that test isn't compatible with test_dummy_encryption in the first
place, and the test "incorrectly" passes without the 'inlinecrypt' mount
option - a patch will be sent out to exclude that test when
test_dummy_encryption is turned on with ext4 (like the other quota related
tests that use user visible quota files). The other regression was for
generic/252 on ext4, which does direct I/O with a buffer aligned to the
block device's blocksize, but not necessarily aligned to the filesystem's
block size, which direct I/O with fscrypt requires.
Changes v4 => v5:
- replace fscrypt_limit_io_pages() with fscrypt_limit_io_block(), which
is now called by individual filesystems (currently only ext4) instead
of the iomap code. This new function serves the same end purpose as
the one it replaces (ensuring that DUNs within a bio are contiguous)
but operates purely with blocks instead of with pages.
- make iomap_dio_zero() set bio_crypt_ctx's again, instead of just a
WARN_ON() since some folks prefer that instead.
- add Reviewed-by's
Changes v3 => v4:
- Fix bug in iomap_dio_bio_actor() where fscrypt_limit_io_pages() was
being called too early (thanks Eric!)
- Improve comments and fix formatting in documentation
- iomap_dio_zero() is only called to zero out partial blocks, but
direct I/O is only supported on encrypted files when I/O is
blocksize aligned, so it doesn't need to set encryption contexts on
bios. Replace setting the encryption context with a WARN_ON(). (Eric)
Changes v2 => v3:
- add changelog to coverletter
Changes v1 => v2:
- Fix bug in f2fs caused by replacing f2fs_post_read_required() with
!fscrypt_dio_supported() since the latter doesn't check for
compressed inodes unlike the former.
- Add patches 6 and 7 for fscrypt documentation
- cleanups and comments
Eric Biggers (5):
fscrypt: Add functions for direct I/O support
direct-io: add support for fscrypt using blk-crypto
iomap: support direct I/O with fscrypt using blk-crypto
ext4: support direct I/O with fscrypt using blk-crypto
f2fs: support direct I/O with fscrypt using blk-crypto
Satya Tangirala (2):
fscrypt: document inline encryption support
fscrypt: update documentation for direct I/O support
Documentation/filesystems/fscrypt.rst | 36 +++++++++++--
fs/crypto/crypto.c | 8 +++
fs/crypto/inline_crypt.c | 75 +++++++++++++++++++++++++++
fs/direct-io.c | 15 +++++-
fs/ext4/file.c | 10 ++--
fs/ext4/inode.c | 7 +++
fs/f2fs/f2fs.h | 6 ++-
fs/iomap/direct-io.c | 6 +++
include/linux/fscrypt.h | 19 +++++++
9 files changed, 173 insertions(+), 9 deletions(-)
--
2.28.0.rc0.142.g3c755180ce-goog
From: Eric Biggers <[email protected]>
Wire up f2fs with fscrypt direct I/O support. direct I/O with fscrypt is
only supported through blk-crypto (i.e. CONFIG_BLK_INLINE_ENCRYPTION must
have been enabled, the 'inlinecrypt' mount option must have been specified,
and either hardware inline encryption support must be present or
CONFIG_BLK_INLINE_ENCYRPTION_FALLBACK must have been enabled). Further,
direct I/O on encrypted files is only supported when I/O is aligned
to the filesystem block size (which is *not* necessarily the same as the
block device's block size).
Signed-off-by: Eric Biggers <[email protected]>
Co-developed-by: Satya Tangirala <[email protected]>
Signed-off-by: Satya Tangirala <[email protected]>
Acked-by: Jaegeuk Kim <[email protected]>
---
fs/f2fs/f2fs.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index b35a50f4953c..978130b5a195 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -4082,7 +4082,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode,
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
int rw = iov_iter_rw(iter);
- if (f2fs_post_read_required(inode))
+ if (!fscrypt_dio_supported(iocb, iter))
+ return true;
+ if (fsverity_active(inode))
+ return true;
+ if (f2fs_compressed_file(inode))
return true;
if (f2fs_is_multi_device(sbi))
return true;
--
2.28.0.rc0.142.g3c755180ce-goog