* Re: [PATCH 04/35] blk-crypto: add a process bio callback
@ 2023-12-01 15:23 kernel test robot
2023-12-04 2:37 ` Liu, Yujie
0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2023-12-01 15:23 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence bisect report"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
In-Reply-To: <78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef@toxicpanda.com>
References: <78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef@toxicpanda.com>
TO: Josef Bacik <josef@toxicpanda.com>
TO: linux-btrfs@vger.kernel.org
TO: kernel-team@fb.com
TO: ebiggers@kernel.org
TO: linux-fscrypt@vger.kernel.org
TO: ngompa13@gmail.com
Hi Josef,
kernel test robot noticed the following build warnings:
[auto build test WARNING on kdave/for-next]
[cannot apply to axboe-block/for-next linus/master v6.7-rc3 next-20231201]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Josef-Bacik/fscrypt-rename-fscrypt_info-fscrypt_inode_info/20230927-020531
base: https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next
patch link: https://lore.kernel.org/r/78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef%40toxicpanda.com
patch subject: [PATCH 04/35] blk-crypto: add a process bio callback
:::::: branch date: 9 weeks ago
:::::: commit date: 9 weeks ago
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231201/202312012352.qjTdmkYN-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202312012352.qjTdmkYN-lkp@intel.com/
includecheck warnings: (new ones prefixed by >>)
>> include/linux/blk-crypto.h: linux/blk_types.h is included more than once.
vim +9 include/linux/blk-crypto.h
8
> 9 #include <linux/blk_types.h>
10
11 enum blk_crypto_mode_num {
12 BLK_ENCRYPTION_MODE_INVALID,
13 BLK_ENCRYPTION_MODE_AES_256_XTS,
14 BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
15 BLK_ENCRYPTION_MODE_ADIANTUM,
16 BLK_ENCRYPTION_MODE_SM4_XTS,
17 BLK_ENCRYPTION_MODE_MAX,
18 };
19
20 typedef blk_status_t (blk_crypto_process_bio_t)(struct bio *orig_bio,
21 struct bio *enc_bio);
22
23 #define BLK_CRYPTO_MAX_KEY_SIZE 64
24 /**
25 * struct blk_crypto_config - an inline encryption key's crypto configuration
26 * @crypto_mode: encryption algorithm this key is for
27 * @data_unit_size: the data unit size for all encryption/decryptions with this
28 * key. This is the size in bytes of each individual plaintext and
29 * ciphertext. This is always a power of 2. It might be e.g. the
30 * filesystem block size or the disk sector size.
31 * @dun_bytes: the maximum number of bytes of DUN used when using this key
32 */
33 struct blk_crypto_config {
34 enum blk_crypto_mode_num crypto_mode;
35 unsigned int data_unit_size;
36 unsigned int dun_bytes;
37 blk_crypto_process_bio_t *process_bio;
38 };
39
40 /**
41 * struct blk_crypto_key - an inline encryption key
42 * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this
43 * key
44 * @data_unit_size_bits: log2 of data_unit_size
45 * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode)
46 * @raw: the raw bytes of this key. Only the first @size bytes are used.
47 *
48 * A blk_crypto_key is immutable once created, and many bios can reference it at
49 * the same time. It must not be freed until all bios using it have completed
50 * and it has been evicted from all devices on which it may have been used.
51 */
52 struct blk_crypto_key {
53 struct blk_crypto_config crypto_cfg;
54 unsigned int data_unit_size_bits;
55 unsigned int size;
56 u8 raw[BLK_CRYPTO_MAX_KEY_SIZE];
57 };
58
59 #define BLK_CRYPTO_MAX_IV_SIZE 32
60 #define BLK_CRYPTO_DUN_ARRAY_SIZE (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64))
61
62 /**
63 * struct bio_crypt_ctx - an inline encryption context
64 * @bc_key: the key, algorithm, and data unit size to use
65 * @bc_dun: the data unit number (starting IV) to use
66 *
67 * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for
68 * write requests) or decrypted (for read requests) inline by the storage device
69 * or controller, or by the crypto API fallback.
70 */
71 struct bio_crypt_ctx {
72 const struct blk_crypto_key *bc_key;
73 u64 bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE];
74 };
75
> 76 #include <linux/blk_types.h>
77 #include <linux/blkdev.h>
78
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread* RE: [PATCH 04/35] blk-crypto: add a process bio callback 2023-12-01 15:23 [PATCH 04/35] blk-crypto: add a process bio callback kernel test robot @ 2023-12-04 2:37 ` Liu, Yujie 0 siblings, 0 replies; 3+ messages in thread From: Liu, Yujie @ 2023-12-04 2:37 UTC (permalink / raw) To: lkp, oe-kbuild@lists.linux.dev not_report 9 weeks ago patch. Date: Tue, 26 Sep 2023 14:01:30 -0400 -----Original Message----- From: lkp <lkp@intel.com> Sent: Friday, December 1, 2023 23:23 To: oe-kbuild@lists.linux.dev Cc: lkp <lkp@intel.com> Subject: Re: [PATCH 04/35] blk-crypto: add a process bio callback :::::: :::::: Manual check reason: "low confidence bisect report" :::::: BCC: lkp@intel.com CC: oe-kbuild-all@lists.linux.dev In-Reply-To: <78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef@toxicpanda.com> References: <78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef@toxicpanda.com> TO: Josef Bacik <josef@toxicpanda.com> TO: linux-btrfs@vger.kernel.org TO: kernel-team@fb.com TO: ebiggers@kernel.org TO: linux-fscrypt@vger.kernel.org TO: ngompa13@gmail.com Hi Josef, kernel test robot noticed the following build warnings: [auto build test WARNING on kdave/for-next] [cannot apply to axboe-block/for-next linus/master v6.7-rc3 next-20231201] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Josef-Bacik/fscrypt-rename-fscrypt_info-fscrypt_inode_info/20230927-020531 base: https://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git for-next patch link: https://lore.kernel.org/r/78be341377e7f0fb0ead3d5167be44ca0c87a944.1695750478.git.josef%40toxicpanda.com patch subject: [PATCH 04/35] blk-crypto: add a process bio callback :::::: branch date: 9 weeks ago :::::: commit date: 9 weeks ago compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce: (https://download.01.org/0day-ci/archive/20231201/202312012352.qjTdmkYN-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/r/202312012352.qjTdmkYN-lkp@intel.com/ includecheck warnings: (new ones prefixed by >>) >> include/linux/blk-crypto.h: linux/blk_types.h is included more than once. vim +9 include/linux/blk-crypto.h 8 > 9 #include <linux/blk_types.h> 10 11 enum blk_crypto_mode_num { 12 BLK_ENCRYPTION_MODE_INVALID, 13 BLK_ENCRYPTION_MODE_AES_256_XTS, 14 BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV, 15 BLK_ENCRYPTION_MODE_ADIANTUM, 16 BLK_ENCRYPTION_MODE_SM4_XTS, 17 BLK_ENCRYPTION_MODE_MAX, 18 }; 19 20 typedef blk_status_t (blk_crypto_process_bio_t)(struct bio *orig_bio, 21 struct bio *enc_bio); 22 23 #define BLK_CRYPTO_MAX_KEY_SIZE 64 24 /** 25 * struct blk_crypto_config - an inline encryption key's crypto configuration 26 * @crypto_mode: encryption algorithm this key is for 27 * @data_unit_size: the data unit size for all encryption/decryptions with this 28 * key. This is the size in bytes of each individual plaintext and 29 * ciphertext. This is always a power of 2. It might be e.g. the 30 * filesystem block size or the disk sector size. 31 * @dun_bytes: the maximum number of bytes of DUN used when using this key 32 */ 33 struct blk_crypto_config { 34 enum blk_crypto_mode_num crypto_mode; 35 unsigned int data_unit_size; 36 unsigned int dun_bytes; 37 blk_crypto_process_bio_t *process_bio; 38 }; 39 40 /** 41 * struct blk_crypto_key - an inline encryption key 42 * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this 43 * key 44 * @data_unit_size_bits: log2 of data_unit_size 45 * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode) 46 * @raw: the raw bytes of this key. Only the first @size bytes are used. 47 * 48 * A blk_crypto_key is immutable once created, and many bios can reference it at 49 * the same time. It must not be freed until all bios using it have completed 50 * and it has been evicted from all devices on which it may have been used. 51 */ 52 struct blk_crypto_key { 53 struct blk_crypto_config crypto_cfg; 54 unsigned int data_unit_size_bits; 55 unsigned int size; 56 u8 raw[BLK_CRYPTO_MAX_KEY_SIZE]; 57 }; 58 59 #define BLK_CRYPTO_MAX_IV_SIZE 32 60 #define BLK_CRYPTO_DUN_ARRAY_SIZE (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64)) 61 62 /** 63 * struct bio_crypt_ctx - an inline encryption context 64 * @bc_key: the key, algorithm, and data unit size to use 65 * @bc_dun: the data unit number (starting IV) to use 66 * 67 * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for 68 * write requests) or decrypted (for read requests) inline by the storage device 69 * or controller, or by the crypto API fallback. 70 */ 71 struct bio_crypt_ctx { 72 const struct blk_crypto_key *bc_key; 73 u64 bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]; 74 }; 75 > 76 #include <linux/blk_types.h> 77 #include <linux/blkdev.h> 78 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 00/35] btrfs: add fscrypt support @ 2023-09-26 18:01 Josef Bacik 2023-09-26 18:01 ` [PATCH 04/35] blk-crypto: add a process bio callback Josef Bacik 0 siblings, 1 reply; 3+ messages in thread From: Josef Bacik @ 2023-09-26 18:01 UTC (permalink / raw) To: linux-btrfs, kernel-team, ebiggers, linux-fscrypt, ngompa13 Hello, This is the newly reworked fscrypt support for btrfs. There have been a few things changed since Sweet Tea's last post[1], and my RFC[2]. The changes from Sweet Tea's patchset are mostly related to the fscrypt changes, but I'll detail them here - We have a fscrypt_extent_info struct that simply has the blk key in it and a nonce. - We have a stripped down on disk context that just has what we need for extents. At this time we only care about the nonce, everything else is supposed to match the owning inode. - I've disabled everything except bog standard v2 policies to limit the complexity. - Added the necessary hooks we needed for checksumming the encrypted bios. - Reworked the on-disk stuff to be better described and accessed through helpers. - Plumbed through the fscrypt_extent_info through everything to simplify the API calls we need from fscrypt. - Instead of handling async key free'ing in fscrypt, handle the case where we're freeing extent_maps under the lock in a safe way. This is cleaner than pushing this into fscrypt. - Fixed a few things that fsstress uncovered in testing. Changes to the fscrypt code since my RFC - Took Eric's advice and added the policy and key to the extent context, this way if we want to in the future we could handle key changing. - Added a helper to give us the fscrypt extent info context size. We need the size ahead of time to setup the item properly. - Fixed the blk crypto fallback not actually working with our process_bio callback. Added a policy flag to make sure the checks work properly. - Added some documentation. Things left to do - I still have to update fstests to deal with v2 only policies. I haven't touched fstests at all yet, I've merely done my own rough testing with fsstress. - Update the btrfs-progs patches. This needs to be done to get the fstests stuff to work as well. - fsverity still isn't encrypted. I'm going to hit that next, it should be straightforward enough. This is based on for-next from Dave's tree [3], but in case that moves between now and then you can see my current branch here [4]. Thanks, Josef [1] https://lore.kernel.org/linux-fscrypt/cover.1693630890.git.sweettea-kernel@dorminy.me/ [2] https://lore.kernel.org/linux-btrfs/cover.1694738282.git.josef@toxicpanda.com/ [3] https://github.com/kdave/btrfs-devel/tree/for-next [4] https://github.com/josefbacik/linux/tree/fscrypt Josef Bacik (20): fscrypt: rename fscrypt_info => fscrypt_inode_info fscrypt: add per-extent encryption support fscrypt: disable all but standard v2 policies for extent encryption blk-crypto: add a process bio callback fscrypt: add documentation about extent encryption btrfs: add infrastructure for safe em freeing btrfs: add fscrypt_info and encryption_type to ordered_extent btrfs: plumb through setting the fscrypt_info for ordered extents btrfs: populate the ordered_extent with the fscrypt context btrfs: keep track of fscrypt info and orig_start for dio reads btrfs: add an optional encryption context to the end of file extents btrfs: pass through fscrypt_extent_info to the file extent helpers btrfs: pass the fscrypt_info through the replace extent infrastructure btrfs: implement the fscrypt extent encryption hooks btrfs: setup fscrypt_extent_info for new extents btrfs: populate ordered_extent with the orig offset btrfs: set the bio fscrypt context when applicable btrfs: add a bio argument to btrfs_csum_one_bio btrfs: add orig_logical to btrfs_bio btrfs: implement process_bio cb for fscrypt Omar Sandoval (7): fscrypt: expose fscrypt_nokey_name btrfs: disable various operations on encrypted inodes btrfs: start using fscrypt hooks btrfs: add inode encryption contexts btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag btrfs: adapt readdir for encrypted and nokey names btrfs: implement fscrypt ioctls Sweet Tea Dorminy (8): btrfs: disable verity on encrypted inodes btrfs: handle nokey names. btrfs: add encryption to CONFIG_BTRFS_DEBUG btrfs: add get_devices hook for fscrypt btrfs: turn on inlinecrypt mount option for encrypt btrfs: set file extent encryption excplicitly btrfs: add fscrypt_info and encryption_type to extent_map btrfs: explicitly track file extent length for replace and drop Documentation/filesystems/fscrypt.rst | 36 ++ block/blk-crypto-fallback.c | 28 ++ block/blk-crypto-profile.c | 2 + block/blk-crypto.c | 6 +- fs/btrfs/Makefile | 1 + fs/btrfs/accessors.h | 50 +++ fs/btrfs/bio.c | 45 ++- fs/btrfs/bio.h | 6 + fs/btrfs/btrfs_inode.h | 3 +- fs/btrfs/compression.c | 6 + fs/btrfs/ctree.h | 4 + fs/btrfs/defrag.c | 10 +- fs/btrfs/delayed-inode.c | 29 +- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 108 +++++- fs/btrfs/dir-item.h | 11 +- fs/btrfs/extent_io.c | 81 ++++- fs/btrfs/extent_io.h | 3 + fs/btrfs/extent_map.c | 106 +++++- fs/btrfs/extent_map.h | 12 + fs/btrfs/file-item.c | 17 +- fs/btrfs/file-item.h | 7 +- fs/btrfs/file.c | 16 +- fs/btrfs/fs.h | 3 +- fs/btrfs/fscrypt.c | 326 ++++++++++++++++++ fs/btrfs/fscrypt.h | 95 +++++ fs/btrfs/inode.c | 476 ++++++++++++++++++++------ fs/btrfs/ioctl.c | 41 ++- fs/btrfs/ordered-data.c | 26 +- fs/btrfs/ordered-data.h | 21 +- fs/btrfs/reflink.c | 8 + fs/btrfs/root-tree.c | 8 +- fs/btrfs/root-tree.h | 2 +- fs/btrfs/super.c | 17 + fs/btrfs/sysfs.c | 6 + fs/btrfs/tree-checker.c | 66 +++- fs/btrfs/tree-log.c | 26 +- fs/btrfs/verity.c | 3 + fs/crypto/crypto.c | 23 +- fs/crypto/fname.c | 45 +-- fs/crypto/fscrypt_private.h | 87 ++++- fs/crypto/hooks.c | 2 +- fs/crypto/inline_crypt.c | 100 +++++- fs/crypto/keyring.c | 4 +- fs/crypto/keysetup.c | 190 +++++++++- fs/crypto/keysetup_v1.c | 14 +- fs/crypto/policy.c | 70 +++- include/linux/blk-crypto-profile.h | 7 + include/linux/blk-crypto.h | 9 +- include/linux/fs.h | 4 +- include/linux/fscrypt.h | 123 ++++++- include/uapi/linux/btrfs.h | 1 + include/uapi/linux/btrfs_tree.h | 35 +- 53 files changed, 2144 insertions(+), 287 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h -- 2.41.0 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 04/35] blk-crypto: add a process bio callback 2023-09-26 18:01 [PATCH 00/35] btrfs: add fscrypt support Josef Bacik @ 2023-09-26 18:01 ` Josef Bacik 0 siblings, 0 replies; 3+ messages in thread From: Josef Bacik @ 2023-09-26 18:01 UTC (permalink / raw) To: linux-btrfs, kernel-team, ebiggers, linux-fscrypt, ngompa13 Btrfs does checksumming, and the checksums need to match the bytes on disk. In order to facilitate this add a process bio callback for the blk-crypto layer. This allows the file system to specify a callback and then can process the encrypted bio as necessary. For btrfs, writes will have the checksums calculated and saved into our relevant data structures for storage once the write completes. For reads we will validate the checksums match what is on disk and error out if there is a mismatch. This is incompatible with native encryption obviously, so make sure we don't use native encryption if this callback is set. Signed-off-by: Josef Bacik <josef@toxicpanda.com> --- block/blk-crypto-fallback.c | 28 ++++++++++++++++++++++++++++ block/blk-crypto-profile.c | 2 ++ block/blk-crypto.c | 6 +++++- fs/crypto/inline_crypt.c | 3 ++- include/linux/blk-crypto-profile.h | 7 +++++++ include/linux/blk-crypto.h | 9 +++++++-- include/linux/fscrypt.h | 14 ++++++++++++++ 7 files changed, 65 insertions(+), 4 deletions(-) diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c index e6468eab2681..8b4a83534127 100644 --- a/block/blk-crypto-fallback.c +++ b/block/blk-crypto-fallback.c @@ -346,6 +346,15 @@ static bool blk_crypto_fallback_encrypt_bio(struct bio **bio_ptr) } } + /* Process the encrypted bio before we submit it. */ + if (bc->bc_key->crypto_cfg.process_bio) { + blk_st = bc->bc_key->crypto_cfg.process_bio(src_bio, enc_bio); + if (blk_st != BLK_STS_OK) { + src_bio->bi_status = blk_st; + goto out_free_bounce_pages; + } + } + enc_bio->bi_private = src_bio; enc_bio->bi_end_io = blk_crypto_fallback_encrypt_endio; *bio_ptr = enc_bio; @@ -391,6 +400,24 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work) unsigned int i; blk_status_t blk_st; + /* + * Process the bio first before trying to decrypt. + * + * NOTE: btrfs expects that this bio is the same that was submitted. If + * at any point this changes we will need to update process_bio to take + * f_ctx->crypt_iter in order to make sure we can iterate the pages for + * checksumming. We're currently saving this in our btrfs_bio, so this + * works, but if at any point in the future we start allocating a bounce + * bio or something we need to update this callback. + */ + if (bc->bc_key->crypto_cfg.process_bio) { + blk_st = bc->bc_key->crypto_cfg.process_bio(bio, bio); + if (blk_st != BLK_STS_OK) { + bio->bi_status = blk_st; + goto out_no_keyslot; + } + } + /* * Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for * this bio's algorithm and key. @@ -560,6 +587,7 @@ static int blk_crypto_fallback_init(void) blk_crypto_fallback_profile->ll_ops = blk_crypto_fallback_ll_ops; blk_crypto_fallback_profile->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE; + blk_crypto_fallback_profile->process_bio_supported = true; /* All blk-crypto modes have a crypto API fallback. */ for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++) diff --git a/block/blk-crypto-profile.c b/block/blk-crypto-profile.c index 7fabc883e39f..640cf2ea3fcc 100644 --- a/block/blk-crypto-profile.c +++ b/block/blk-crypto-profile.c @@ -352,6 +352,8 @@ bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile, return false; if (profile->max_dun_bytes_supported < cfg->dun_bytes) return false; + if (cfg->process_bio && !profile->process_bio_supported) + return false; return true; } diff --git a/block/blk-crypto.c b/block/blk-crypto.c index 4d760b092deb..50556952df19 100644 --- a/block/blk-crypto.c +++ b/block/blk-crypto.c @@ -321,6 +321,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio, * @dun_bytes: number of bytes that will be used to specify the DUN when this * key is used * @data_unit_size: the data unit size to use for en/decryption + * @process_bio: the call back if the upper layer needs to process the encrypted + * bio * * Return: 0 on success, -errno on failure. The caller is responsible for * zeroizing both blk_key and raw_key when done with them. @@ -328,7 +330,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio, int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, enum blk_crypto_mode_num crypto_mode, unsigned int dun_bytes, - unsigned int data_unit_size) + unsigned int data_unit_size, + blk_crypto_process_bio_t process_bio) { const struct blk_crypto_mode *mode; @@ -350,6 +353,7 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, blk_key->crypto_cfg.crypto_mode = crypto_mode; blk_key->crypto_cfg.dun_bytes = dun_bytes; blk_key->crypto_cfg.data_unit_size = data_unit_size; + blk_key->crypto_cfg.process_bio = process_bio; blk_key->data_unit_size_bits = ilog2(data_unit_size); blk_key->size = mode->keysize; memcpy(blk_key->raw, raw_key, mode->keysize); diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 21e1851d4ba7..a66a555d84ee 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -168,7 +168,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key, return -ENOMEM; err = blk_crypto_init_key(blk_key, raw_key, crypto_mode, - fscrypt_get_dun_bytes(ci), sb->s_blocksize); + fscrypt_get_dun_bytes(ci), sb->s_blocksize, + sb->s_cop->process_bio); if (err) { fscrypt_err(inode, "error %d initializing blk-crypto key", err); goto fail; diff --git a/include/linux/blk-crypto-profile.h b/include/linux/blk-crypto-profile.h index 90ab33cb5d0e..3c002e85631a 100644 --- a/include/linux/blk-crypto-profile.h +++ b/include/linux/blk-crypto-profile.h @@ -100,6 +100,13 @@ struct blk_crypto_profile { */ struct device *dev; + /** + * @process_bio_supported: Some things, like btrfs, require the + * encrypted data for checksumming. Drivers set this to true if they can + * handle the process_bio() callback. + */ + bool process_bio_supported; + /* private: The following fields shouldn't be accessed by drivers. */ /* Number of keyslots, or 0 if not applicable */ diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h index 5e5822c18ee4..194c1d727013 100644 --- a/include/linux/blk-crypto.h +++ b/include/linux/blk-crypto.h @@ -6,7 +6,7 @@ #ifndef __LINUX_BLK_CRYPTO_H #define __LINUX_BLK_CRYPTO_H -#include <linux/types.h> +#include <linux/blk_types.h> enum blk_crypto_mode_num { BLK_ENCRYPTION_MODE_INVALID, @@ -17,6 +17,9 @@ enum blk_crypto_mode_num { BLK_ENCRYPTION_MODE_MAX, }; +typedef blk_status_t (blk_crypto_process_bio_t)(struct bio *orig_bio, + struct bio *enc_bio); + #define BLK_CRYPTO_MAX_KEY_SIZE 64 /** * struct blk_crypto_config - an inline encryption key's crypto configuration @@ -31,6 +34,7 @@ struct blk_crypto_config { enum blk_crypto_mode_num crypto_mode; unsigned int data_unit_size; unsigned int dun_bytes; + blk_crypto_process_bio_t *process_bio; }; /** @@ -90,7 +94,8 @@ bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc, int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, enum blk_crypto_mode_num crypto_mode, unsigned int dun_bytes, - unsigned int data_unit_size); + unsigned int data_unit_size, + blk_crypto_process_bio_t process_bio); int blk_crypto_start_using_key(struct block_device *bdev, const struct blk_crypto_key *key); diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 266416742c72..07493ad2588b 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -16,6 +16,7 @@ #include <linux/fs.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/blk-crypto.h> #include <uapi/linux/fscrypt.h> /* @@ -180,6 +181,19 @@ struct fscrypt_operations { */ struct block_device **(*get_devices)(struct super_block *sb, unsigned int *num_devs); + + /* + * A callback if the file system requires the ability to process the + * encrypted bio. + * + * @orig_bio: the original bio submitted. + * @enc_bio: the encrypted bio. + * + * For writes the enc_bio will be different from the orig_bio, for reads + * they will be the same. For reads we get the bio before it is + * decrypted, for writes we get the bio before it is submitted. + */ + blk_crypto_process_bio_t *process_bio; }; static inline struct fscrypt_inode_info *fscrypt_get_info(const struct inode *inode) -- 2.41.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-12-04 2:37 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-12-01 15:23 [PATCH 04/35] blk-crypto: add a process bio callback kernel test robot 2023-12-04 2:37 ` Liu, Yujie -- strict thread matches above, loose matches on Subject: below -- 2023-09-26 18:01 [PATCH 00/35] btrfs: add fscrypt support Josef Bacik 2023-09-26 18:01 ` [PATCH 04/35] blk-crypto: add a process bio callback Josef Bacik
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.