fscrypt: add functions for direct I/O support
Encrypted files traditionally haven't supported DIO, due to the need to encrypt/decrypt the data. However, when the encryption is implemented using inline encryption (blk-crypto) instead of the traditional filesystem-layer encryption, it is straightforward to support DIO. In preparation for supporting this, add the following functions: - fscrypt_dio_supported() checks whether a DIO request is supported as far as encryption is concerned. Encrypted files will only support DIO when inline encryption is used and the I/O request is properly aligned; this function checks these preconditions. - fscrypt_limit_io_blocks() limits the length of a bio to avoid crossing a place in the file that a bio with an encryption context cannot cross due to a DUN discontiguity. This function is needed by filesystems that use the iomap DIO implementation (which operates directly on logical ranges, so it won't use fscrypt_mergeable_bio()) and that support FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32. Co-developed-by: Satya Tangirala <satyat@google.com> Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://lore.kernel.org/r/20220128233940.79464-2-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers
parent
dfd42facf1
commit
c6c89783eb
3 changed files with 119 additions and 0 deletions
|
|
@ -69,6 +69,14 @@ void fscrypt_free_bounce_page(struct page *bounce_page)
|
|||
}
|
||||
EXPORT_SYMBOL(fscrypt_free_bounce_page);
|
||||
|
||||
/*
|
||||
* Generate the IV for the given logical block number within the given file.
|
||||
* For filenames encryption, lblk_num == 0.
|
||||
*
|
||||
* Keep this in sync with fscrypt_limit_io_blocks(). fscrypt_limit_io_blocks()
|
||||
* needs to know about any IV generation methods where the low bits of IV don't
|
||||
* simply contain the lblk_num (e.g., IV_INO_LBLK_32).
|
||||
*/
|
||||
void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num,
|
||||
const struct fscrypt_info *ci)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
#include <linux/buffer_head.h>
|
||||
#include <linux/sched/mm.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/uio.h>
|
||||
|
||||
#include "fscrypt_private.h"
|
||||
|
||||
|
|
@ -315,6 +316,10 @@ EXPORT_SYMBOL_GPL(fscrypt_set_bio_crypt_ctx_bh);
|
|||
*
|
||||
* fscrypt_set_bio_crypt_ctx() must have already been called on the bio.
|
||||
*
|
||||
* This function isn't required in cases where crypto-mergeability is ensured in
|
||||
* another way, such as I/O targeting only a single file (and thus a single key)
|
||||
* combined with fscrypt_limit_io_blocks() to ensure DUN contiguity.
|
||||
*
|
||||
* Return: true iff the I/O is mergeable
|
||||
*/
|
||||
bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
|
||||
|
|
@ -363,3 +368,91 @@ bool fscrypt_mergeable_bio_bh(struct bio *bio,
|
|||
return fscrypt_mergeable_bio(bio, inode, next_lblk);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(fscrypt_mergeable_bio_bh);
|
||||
|
||||
/**
|
||||
* fscrypt_dio_supported() - check whether a DIO (direct I/O) request is
|
||||
* supported as far as encryption is concerned
|
||||
* @iocb: the file and position the I/O is targeting
|
||||
* @iter: the I/O data segment(s)
|
||||
*
|
||||
* Return: %true if there are no encryption constraints that prevent DIO from
|
||||
* being supported; %false if DIO is unsupported. (Note that in the
|
||||
* %true case, the filesystem might have other, non-encryption-related
|
||||
* constraints that prevent DIO from actually being supported.)
|
||||
*/
|
||||
bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter)
|
||||
{
|
||||
const struct inode *inode = file_inode(iocb->ki_filp);
|
||||
const unsigned int blocksize = i_blocksize(inode);
|
||||
|
||||
/* If the file is unencrypted, no veto from us. */
|
||||
if (!fscrypt_needs_contents_encryption(inode))
|
||||
return true;
|
||||
|
||||
/* We only support DIO with inline crypto, not fs-layer crypto. */
|
||||
if (!fscrypt_inode_uses_inline_crypto(inode))
|
||||
return false;
|
||||
|
||||
/*
|
||||
* Since the granularity of encryption is filesystem blocks, the file
|
||||
* position and total I/O length must be aligned to the filesystem block
|
||||
* size -- not just to the block device's logical block size as is
|
||||
* traditionally the case for DIO on many filesystems.
|
||||
*
|
||||
* We require that the user-provided memory buffers be filesystem block
|
||||
* aligned too. It is simpler to have a single alignment value required
|
||||
* for all properties of the I/O, as is normally the case for DIO.
|
||||
* Also, allowing less aligned buffers would imply that data units could
|
||||
* cross bvecs, which would greatly complicate the I/O stack, which
|
||||
* assumes that bios can be split at any bvec boundary.
|
||||
*/
|
||||
if (!IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), blocksize))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(fscrypt_dio_supported);
|
||||
|
||||
/**
|
||||
* fscrypt_limit_io_blocks() - limit I/O blocks to avoid discontiguous DUNs
|
||||
* @inode: the file on which I/O is being done
|
||||
* @lblk: the block at which the I/O is being started from
|
||||
* @nr_blocks: the number of blocks we want to submit starting at @lblk
|
||||
*
|
||||
* Determine the limit to the number of blocks that can be submitted in a bio
|
||||
* targeting @lblk without causing a data unit number (DUN) discontiguity.
|
||||
*
|
||||
* This is normally just @nr_blocks, as normally the DUNs just increment along
|
||||
* with the logical blocks. (Or the file is not encrypted.)
|
||||
*
|
||||
* In rare cases, fscrypt can be using an IV generation method that allows the
|
||||
* DUN to wrap around within logically contiguous blocks, and that wraparound
|
||||
* will occur. If this happens, a value less than @nr_blocks will be returned
|
||||
* so that the wraparound doesn't occur in the middle of a bio, which would
|
||||
* cause encryption/decryption to produce wrong results.
|
||||
*
|
||||
* Return: the actual number of blocks that can be submitted
|
||||
*/
|
||||
u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks)
|
||||
{
|
||||
const struct fscrypt_info *ci;
|
||||
u32 dun;
|
||||
|
||||
if (!fscrypt_inode_uses_inline_crypto(inode))
|
||||
return nr_blocks;
|
||||
|
||||
if (nr_blocks <= 1)
|
||||
return nr_blocks;
|
||||
|
||||
ci = inode->i_crypt_info;
|
||||
if (!(fscrypt_policy_flags(&ci->ci_policy) &
|
||||
FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32))
|
||||
return nr_blocks;
|
||||
|
||||
/* With IV_INO_LBLK_32, the DUN can wrap around from U32_MAX to 0. */
|
||||
|
||||
dun = ci->ci_hashed_ino + lblk;
|
||||
|
||||
return min_t(u64, nr_blocks, (u64)U32_MAX + 1 - dun);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(fscrypt_limit_io_blocks);
|
||||
|
|
|
|||
|
|
@ -714,6 +714,10 @@ bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
|
|||
bool fscrypt_mergeable_bio_bh(struct bio *bio,
|
||||
const struct buffer_head *next_bh);
|
||||
|
||||
bool fscrypt_dio_supported(struct kiocb *iocb, struct iov_iter *iter);
|
||||
|
||||
u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
|
||||
|
||||
#else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
|
||||
|
||||
static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
|
||||
|
|
@ -742,6 +746,20 @@ static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
|
|||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
static inline bool fscrypt_dio_supported(struct kiocb *iocb,
|
||||
struct iov_iter *iter)
|
||||
{
|
||||
const struct inode *inode = file_inode(iocb->ki_filp);
|
||||
|
||||
return !fscrypt_needs_contents_encryption(inode);
|
||||
}
|
||||
|
||||
static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
|
||||
u64 nr_blocks)
|
||||
{
|
||||
return nr_blocks;
|
||||
}
|
||||
#endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in a new issue