From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D7593815D1; Wed, 24 Jun 2026 05:06:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782277562; cv=none; b=uaTQd+uImz5zSiMdBklY7SKFzyGKirKJ3Q5pCUu1ftrk//XzGP9oxkzFyltJoa7auZpGLW1YT2C3mDcPXS5yKq7MWRnqbEiUf0qhc9KNHysLirqqThajFBmNlrHlCEN1kOfEeS8QF2wKMCInGK8SRFnQyIhncVlxEMISwHiniII= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782277562; c=relaxed/simple; bh=dq0BmZxoH3aAGmxOmJvE3Cbjed7VxmAJmzpgdIvqX6I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KfaIJUGmoGzURvZI9jL7VtNHiwYssIQ87tRqqh4w/xoAzcgmkp2K1XHJoK/raWEai3516w+vpTJb2AbX22MPVH0k7YFlCMMVc8uns+o6EXpmcSUbgZIVtkGO+es2tn8yqk5dt7c/jCEdILf0hamrBKzSvfygNo1ISL1as6lvnXQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=evGwe6TF; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="evGwe6TF" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 887611F00A3A; Wed, 24 Jun 2026 05:06:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782277561; bh=Cwl6hQgfKO6Csoe5um0D99OROoj10S3TCZbNn7JJ3zg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=evGwe6TFWqGqJ03mmURc8BrgUZCcZ2HiV0K6oXCkjXKjbpr+wjv2IkFUGvQmPNUkO c0v6eKn/6jG6vyWqws+wbPGexJOn8zH5Rcd3o92rqSbJm+pDEPm6XLXfM7bO0QJFOZ UMM9TtxbHQ7pX/Z8JpajFHFe76VAa3l+t/l/Q6tkZ426iCJEq45DJrWt8mgoP1VxET o2ofo1wNdjbFOs0j6/iSfM6UYvzkik1Gq7YaJ29QWl6h7EcoWq9wncmJGhb8IUPNoB EsOEA6ELb6WhIYOq0EHkPiZTvqnOaIFYqU2RvaqCcJU06rYHYKf10fO4nSBH5Sc4ue 7VBQ65fjJiP7Q== From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-block@vger.kernel.org, Christoph Hellwig , Theodore Ts'o , Andreas Dilger , Baokun Li , Jan Kara , Ojaswin Mujoo , Ritesh Harjani , Zhang Yi , Jaegeuk Kim , Chao Yu , Eric Biggers Subject: [PATCH 04/16] fscrypt: Fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE Date: Tue, 23 Jun 2026 22:03:22 -0700 Message-ID: <20260624050334.124606-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260624050334.124606-1-ebiggers@kernel.org> References: <20260624050334.124606-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE works only with the fs-layer implementation of file contents encryption, not blk-crypto. This is a problem for standardizing on blk-crypto. Fortunately, no one should be using this combination anyway. It doesn't make sense because the entire point of IV_INO_LBLK_32 is to support inline encryption hardware that is limited to 32-bit DUNs. Thus, fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE. Signed-off-by: Eric Biggers --- Documentation/filesystems/fscrypt.rst | 3 +++ fs/crypto/inline_crypt.c | 13 ------------- fs/crypto/policy.c | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index c0dd35f1af12..92b8f311e211 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -334,10 +334,13 @@ This format is optimized for use with inline encryption hardware compliant with the eMMC v5.2 standard, which supports only 32 IV bits per I/O request and may have only a small number of keyslots. This format results in some level of IV reuse, so it should only be used when necessary due to hardware limitations. +IV_INO_LBLK_32 is supported only when the filesystem block size is +equal to the page size. + Key identifiers --------------- For master keys used for v2 encryption policies, a unique 16-byte "key identifier" is also derived using the KDF. This value is stored in diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 0d4c0dd04d20..4f045ad1dca8 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -110,23 +110,10 @@ int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci, /* The filesystem must be mounted with -o inlinecrypt */ if (!(sb->s_flags & SB_INLINECRYPT)) return 0; - /* - * When a page contains multiple logically contiguous filesystem blocks, - * some filesystem code only calls fscrypt_mergeable_bio() for the first - * block in the page. This is fine for most of fscrypt's IV generation - * strategies, where contiguous blocks imply contiguous IVs. But it - * doesn't work with IV_INO_LBLK_32. For now, simply exclude - * IV_INO_LBLK_32 with blocksize != PAGE_SIZE from inline encryption. - */ - if ((fscrypt_policy_flags(&ci->ci_policy) & - FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && - sb->s_blocksize != PAGE_SIZE) - return 0; - /* * On all the filesystem's block devices, blk-crypto must support the * crypto configuration that the file would use. */ crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode; diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index f40fb5924e75..a7322dba7557 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -175,10 +175,27 @@ static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy, fscrypt_warn(inode, "Can't use %s policy on filesystem '%s' because its maximum file size is too large", type, sb->s_id); return false; } + + /* + * IV_INO_LBLK_32 isn't compatible with inline encryption when + * s_blocksize != PAGE_SIZE. In that case the DUN can wrap around in + * the middle of a page, but sometimes fscrypt_mergeable_bio() is called + * only for the first block per page. Since IV_INO_LBLK_32 exists only + * to support inline encryption hardware that is limited to 32-bit DUNs, + * just disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE entirely. + */ + if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && + sb->s_blocksize != PAGE_SIZE) { + fscrypt_warn(inode, + "Can't use %s policy on filesystem '%s' with block size != PAGE_SIZE", + type, sb->s_id); + return false; + } + return true; } static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, const struct inode *inode) -- 2.54.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 16A9ECDE005 for ; Wed, 24 Jun 2026 05:06:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: Reply-To:From:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Subject:MIME-Version:References:In-Reply-To: Message-ID:Date:To:Sender:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=YM6ub1nqj6W/jybkjTno+bOeJmEMz+irirZxJYtNhW8=; b=MF/2g22Vz2HpK/x4E84b/L0Fq0 a51qR1qPqX/TV/ry9uds3DRzBixsA9vgm6Ty42PciuxdcUCeMNVVAuJaIvpfG+YDSHaSrZjzXEkDI TQS27BhO/Gc+GZarAEtJlbLddcEkXkKlaHL9kRaS5DODGTaa9un4nKvcP0CSnO3bOiGw=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wcFoW-0000vW-0L; Wed, 24 Jun 2026 05:06:16 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wcFoT-0000vE-41 for linux-f2fs-devel@lists.sourceforge.net; Wed, 24 Jun 2026 05:06:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Cwl6hQgfKO6Csoe5um0D99OROoj10S3TCZbNn7JJ3zg=; b=B6yAGDt73Y3CpPNXstqSlNscBb MGjm3Lbuy8hYI4dy+lRm9DSSsLrohDRkHpoRLcYCADJhKeGu744EZp7iFjB0t94N6UhSjzvA8aoQo CGjMW4uAGooonem6v+eZhQnQh7doceCogJrABmA6t3QR6yG3BvUcitvV0atbwFvoRWNw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Cwl6hQgfKO6Csoe5um0D99OROoj10S3TCZbNn7JJ3zg=; b=Q9gqsV/XamPJXprY/9/SvfNvlV Bsalqpt8WYErODbT4s9pCzFhOFSqjIBFXsxEfGrqs+w2UCsLleJSyaaYTw1At4E1SQOl3d4cZ9SSY V/cL/1BGnN3GqxWRZu8c3ddS0YBO3Jb6kv1+d7GM8Cf4TeACVyfWepV+YWioQXKQnNGg=; Received: from tor.source.kernel.org ([172.105.4.254]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wcFoR-0004mY-PX for linux-f2fs-devel@lists.sourceforge.net; Wed, 24 Jun 2026 05:06:13 +0000 Received: from smtp.kernel.org (quasi.space.kernel.org [100.103.45.18]) by tor.source.kernel.org (Postfix) with ESMTP id 4D31A601D6; Wed, 24 Jun 2026 05:06:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 887611F00A3A; Wed, 24 Jun 2026 05:06:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782277561; bh=Cwl6hQgfKO6Csoe5um0D99OROoj10S3TCZbNn7JJ3zg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=evGwe6TFWqGqJ03mmURc8BrgUZCcZ2HiV0K6oXCkjXKjbpr+wjv2IkFUGvQmPNUkO c0v6eKn/6jG6vyWqws+wbPGexJOn8zH5Rcd3o92rqSbJm+pDEPm6XLXfM7bO0QJFOZ UMM9TtxbHQ7pX/Z8JpajFHFe76VAa3l+t/l/Q6tkZ426iCJEq45DJrWt8mgoP1VxET o2ofo1wNdjbFOs0j6/iSfM6UYvzkik1Gq7YaJ29QWl6h7EcoWq9wncmJGhb8IUPNoB EsOEA6ELb6WhIYOq0EHkPiZTvqnOaIFYqU2RvaqCcJU06rYHYKf10fO4nSBH5Sc4ue 7VBQ65fjJiP7Q== To: linux-fscrypt@vger.kernel.org Date: Tue, 23 Jun 2026 22:03:22 -0700 Message-ID: <20260624050334.124606-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260624050334.124606-1-ebiggers@kernel.org> References: <20260624050334.124606-1-ebiggers@kernel.org> MIME-Version: 1.0 X-Headers-End: 1wcFoR-0004mY-PX Subject: [f2fs-dev] [PATCH 04/16] fscrypt: Fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Eric Biggers via Linux-f2fs-devel Reply-To: Eric Biggers Cc: Ritesh Harjani , Theodore Ts'o , Zhang Yi , linux-f2fs-devel@lists.sourceforge.net, linux-block@vger.kernel.org, Andreas Dilger , Ojaswin Mujoo , Baokun Li , Jaegeuk Kim , linux-fsdevel@vger.kernel.org, Jan Kara , linux-ext4@vger.kernel.org, Christoph Hellwig , Eric Biggers Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE works only with the fs-layer implementation of file contents encryption, not blk-crypto. This is a problem for standardizing on blk-crypto. Fortunately, no one should be using this combination anyway. It doesn't make sense because the entire point of IV_INO_LBLK_32 is to support inline encryption hardware that is limited to 32-bit DUNs. Thus, fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE. Signed-off-by: Eric Biggers --- Documentation/filesystems/fscrypt.rst | 3 +++ fs/crypto/inline_crypt.c | 13 ------------- fs/crypto/policy.c | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index c0dd35f1af12..92b8f311e211 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -334,10 +334,13 @@ This format is optimized for use with inline encryption hardware compliant with the eMMC v5.2 standard, which supports only 32 IV bits per I/O request and may have only a small number of keyslots. This format results in some level of IV reuse, so it should only be used when necessary due to hardware limitations. +IV_INO_LBLK_32 is supported only when the filesystem block size is +equal to the page size. + Key identifiers --------------- For master keys used for v2 encryption policies, a unique 16-byte "key identifier" is also derived using the KDF. This value is stored in diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index 0d4c0dd04d20..4f045ad1dca8 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -110,23 +110,10 @@ int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci, /* The filesystem must be mounted with -o inlinecrypt */ if (!(sb->s_flags & SB_INLINECRYPT)) return 0; - /* - * When a page contains multiple logically contiguous filesystem blocks, - * some filesystem code only calls fscrypt_mergeable_bio() for the first - * block in the page. This is fine for most of fscrypt's IV generation - * strategies, where contiguous blocks imply contiguous IVs. But it - * doesn't work with IV_INO_LBLK_32. For now, simply exclude - * IV_INO_LBLK_32 with blocksize != PAGE_SIZE from inline encryption. - */ - if ((fscrypt_policy_flags(&ci->ci_policy) & - FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && - sb->s_blocksize != PAGE_SIZE) - return 0; - /* * On all the filesystem's block devices, blk-crypto must support the * crypto configuration that the file would use. */ crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode; diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index f40fb5924e75..a7322dba7557 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -175,10 +175,27 @@ static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy, fscrypt_warn(inode, "Can't use %s policy on filesystem '%s' because its maximum file size is too large", type, sb->s_id); return false; } + + /* + * IV_INO_LBLK_32 isn't compatible with inline encryption when + * s_blocksize != PAGE_SIZE. In that case the DUN can wrap around in + * the middle of a page, but sometimes fscrypt_mergeable_bio() is called + * only for the first block per page. Since IV_INO_LBLK_32 exists only + * to support inline encryption hardware that is limited to 32-bit DUNs, + * just disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE entirely. + */ + if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && + sb->s_blocksize != PAGE_SIZE) { + fscrypt_warn(inode, + "Can't use %s policy on filesystem '%s' with block size != PAGE_SIZE", + type, sb->s_id); + return false; + } + return true; } static bool fscrypt_supported_v1_policy(const struct fscrypt_policy_v1 *policy, const struct inode *inode) -- 2.54.0 _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel