[PATCH] bcachefs: Remove bch2_enable_encryption() and bch2_disable

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] bcachefs: Remove bch2_enable_encryption() and bch2_disable_encryption()
@ 2025-03-16  3:01 Eric Biggers
  2025-03-16 17:40 ` Kent Overstreet
  0 siblings, 1 reply; 2+ messages in thread
From: Eric Biggers @ 2025-03-16  3:01 UTC (permalink / raw)
  To: linux-bcachefs

From: Eric Biggers <ebiggers@google.com>

These functions are never called, so remove them.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/bcachefs/checksum.c | 90 ------------------------------------------
 fs/bcachefs/checksum.h |  3 --
 2 files changed, 93 deletions(-)

diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
index 23a383577d4c7..3b6de913f45b9 100644
--- a/fs/bcachefs/checksum.c
+++ b/fs/bcachefs/checksum.c
@@ -8,11 +8,10 @@
 
 #include <linux/crc32c.h>
 #include <linux/crypto.h>
 #include <linux/xxhash.h>
 #include <linux/key.h>
-#include <linux/random.h>
 #include <linux/ratelimit.h>
 #include <linux/scatterlist.h>
 #include <crypto/algapi.h>
 #include <crypto/chacha.h>
 #include <crypto/hash.h>
@@ -691,99 +690,10 @@ static int bch2_alloc_ciphers(struct bch_fs *c)
 	c->chacha20	= chacha20;
 	c->poly1305	= poly1305;
 	return 0;
 }
 
-int bch2_disable_encryption(struct bch_fs *c)
-{
-	struct bch_sb_field_crypt *crypt;
-	struct bch_key key;
-	int ret = -EINVAL;
-
-	mutex_lock(&c->sb_lock);
-
-	crypt = bch2_sb_field_get(c->disk_sb.sb, crypt);
-	if (!crypt)
-		goto out;
-
-	/* is key encrypted? */
-	ret = 0;
-	if (bch2_key_is_encrypted(&crypt->key))
-		goto out;
-
-	ret = bch2_decrypt_sb_key(c, crypt, &key);
-	if (ret)
-		goto out;
-
-	crypt->key.magic	= cpu_to_le64(BCH_KEY_MAGIC);
-	crypt->key.key		= key;
-
-	SET_BCH_SB_ENCRYPTION_TYPE(c->disk_sb.sb, 0);
-	bch2_write_super(c);
-out:
-	mutex_unlock(&c->sb_lock);
-
-	return ret;
-}
-
-int bch2_enable_encryption(struct bch_fs *c, bool keyed)
-{
-	struct bch_encrypted_key key;
-	struct bch_key user_key;
-	struct bch_sb_field_crypt *crypt;
-	int ret = -EINVAL;
-
-	mutex_lock(&c->sb_lock);
-
-	/* Do we already have an encryption key? */
-	if (bch2_sb_field_get(c->disk_sb.sb, crypt))
-		goto err;
-
-	ret = bch2_alloc_ciphers(c);
-	if (ret)
-		goto err;
-
-	key.magic = cpu_to_le64(BCH_KEY_MAGIC);
-	get_random_bytes(&key.key, sizeof(key.key));
-
-	if (keyed) {
-		ret = bch2_request_key(c->disk_sb.sb, &user_key);
-		if (ret) {
-			bch_err(c, "error requesting encryption key: %s", bch2_err_str(ret));
-			goto err;
-		}
-
-		ret = bch2_chacha_encrypt_key(&user_key, bch2_sb_key_nonce(c),
-					      &key, sizeof(key));
-		if (ret)
-			goto err;
-	}
-
-	ret = crypto_skcipher_setkey(&c->chacha20->base,
-			(void *) &key.key, sizeof(key.key));
-	if (ret)
-		goto err;
-
-	crypt = bch2_sb_field_resize(&c->disk_sb, crypt,
-				     sizeof(*crypt) / sizeof(u64));
-	if (!crypt) {
-		ret = -BCH_ERR_ENOSPC_sb_crypt;
-		goto err;
-	}
-
-	crypt->key = key;
-
-	/* write superblock */
-	SET_BCH_SB_ENCRYPTION_TYPE(c->disk_sb.sb, 1);
-	bch2_write_super(c);
-err:
-	mutex_unlock(&c->sb_lock);
-	memzero_explicit(&user_key, sizeof(user_key));
-	memzero_explicit(&key, sizeof(key));
-	return ret;
-}
-
 void bch2_fs_encryption_exit(struct bch_fs *c)
 {
 	if (c->poly1305)
 		crypto_free_shash(c->poly1305);
 	if (c->chacha20)
diff --git a/fs/bcachefs/checksum.h b/fs/bcachefs/checksum.h
index 43b9d71f2f2b4..5137bbfa0e352 100644
--- a/fs/bcachefs/checksum.h
+++ b/fs/bcachefs/checksum.h
@@ -101,13 +101,10 @@ static inline int bch2_encrypt_bio(struct bch_fs *c, unsigned type,
 extern const struct bch_sb_field_ops bch_sb_field_ops_crypt;
 
 int bch2_decrypt_sb_key(struct bch_fs *, struct bch_sb_field_crypt *,
 			struct bch_key *);
 
-int bch2_disable_encryption(struct bch_fs *);
-int bch2_enable_encryption(struct bch_fs *, bool);
-
 void bch2_fs_encryption_exit(struct bch_fs *);
 int bch2_fs_encryption_init(struct bch_fs *);
 
 static inline enum bch_csum_type bch2_csum_opt_to_type(enum bch_csum_opt type,
 						       bool data)

base-commit: da920b7df701770e006928053672147075587fb2
-- 
2.49.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] bcachefs: Remove bch2_enable_encryption() and bch2_disable_encryption()
  2025-03-16  3:01 [PATCH] bcachefs: Remove bch2_enable_encryption() and bch2_disable_encryption() Eric Biggers
@ 2025-03-16 17:40 ` Kent Overstreet
  0 siblings, 0 replies; 2+ messages in thread
From: Kent Overstreet @ 2025-03-16 17:40 UTC (permalink / raw)
  To: Eric Biggers; +Cc: linux-bcachefs

On Sat, Mar 15, 2025 at 08:01:37PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> These functions are never called, so remove them.

I've had requests for enabling encryption on an existing filesystem, and
I think that is something we should allow - I wrote the code and didn't
hook it up at the time because I wanted to think about safety issues
more.

So I'd rather just #if 0 it out, if the issue was that it was going to
need to be updated for your other cleanups.

bch2_disable_encryption seems to be duplicating code that also exists in
userspace, I don't see any reason for the userspace version to exist,
this one looks cleaner, so let's also not delete that.

I'm applying this instead:

From a5331b44ab612f1609ee980389a8ea677e194d46 Mon Sep 17 00:00:00 2001
From: Kent Overstreet <kent.overstreet@linux.dev>
Date: Sun, 16 Mar 2025 13:39:14 -0400
Subject: [PATCH] bcachefs: #if 0 out (enable|disable)_encryption()

These weren't hooked up, but they probably should be - add some comments
for context.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
index 23a383577d4c..15de9d794337 100644
--- a/fs/bcachefs/checksum.c
+++ b/fs/bcachefs/checksum.c
@@ -693,6 +693,14 @@ static int bch2_alloc_ciphers(struct bch_fs *c)
 	return 0;
 }
 
+#if 0
+
+/*
+ * This seems to be duplicating code in cmd_remove_passphrase() in
+ * bcachefs-tools, but we might want to switch userspace to use this - and
+ * perhaps add an ioctl for calling this at runtime, so we can take the
+ * passphrase off of a mounted filesystem (which has come up).
+ */
 int bch2_disable_encryption(struct bch_fs *c)
 {
 	struct bch_sb_field_crypt *crypt;
@@ -725,6 +733,10 @@ int bch2_disable_encryption(struct bch_fs *c)
 	return ret;
 }
 
+/*
+ * For enabling encryption on an existing filesystem: not hooked up yet, but it
+ * should be
+ */
 int bch2_enable_encryption(struct bch_fs *c, bool keyed)
 {
 	struct bch_encrypted_key key;
@@ -781,6 +793,7 @@ int bch2_enable_encryption(struct bch_fs *c, bool keyed)
 	memzero_explicit(&key, sizeof(key));
 	return ret;
 }
+#endif
 
 void bch2_fs_encryption_exit(struct bch_fs *c)
 {
diff --git a/fs/bcachefs/checksum.h b/fs/bcachefs/checksum.h
index 43b9d71f2f2b..4ac251c8fcd8 100644
--- a/fs/bcachefs/checksum.h
+++ b/fs/bcachefs/checksum.h
@@ -103,8 +103,10 @@ extern const struct bch_sb_field_ops bch_sb_field_ops_crypt;
 int bch2_decrypt_sb_key(struct bch_fs *, struct bch_sb_field_crypt *,
 			struct bch_key *);
 
+#if 0
 int bch2_disable_encryption(struct bch_fs *);
 int bch2_enable_encryption(struct bch_fs *, bool);
+#endif
 
 void bch2_fs_encryption_exit(struct bch_fs *);
 int bch2_fs_encryption_init(struct bch_fs *);

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-03-16 17:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-16  3:01 [PATCH] bcachefs: Remove bch2_enable_encryption() and bch2_disable_encryption() Eric Biggers
2025-03-16 17:40 ` Kent Overstreet

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.