From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Jens Axboe <axboe@kernel.dk>,
David Sterba <dsterba@suse.com>
Cc: linux-block@vger.kernel.org, Daniel Vacek <neelx@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v6 24/43] btrfs: add extent encryption context tree item type
Date: Fri, 6 Feb 2026 19:22:56 +0100 [thread overview]
Message-ID: <20260206182336.1397715-25-neelx@suse.com> (raw)
In-Reply-To: <20260206182336.1397715-1-neelx@suse.com>
From: Josef Bacik <josef@toxicpanda.com>
The fscrypt encryption context will be stored as a new tree item type.
This gives us flexibility to include different things in the future.
Also update the tree-checker to validate the new item type.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Daniel Vacek <neelx@suse.com>
---
v5: https://lore.kernel.org/linux-btrfs/7ee9171262857336011bf0e121846617c5181fa4.1706116485.git.josef@toxicpanda.com/
("btrfs: add an optional encryption context to the end of file extents")
* Not much left from the original commit.
- This was reworked so that the encryption context is now a separate
tree item with it's unique key.
- It is tightly related to the file extent item but still optional and
only used for encrypted extents.
- The content (and hence the size as well) comes from the fscrrypt
subsystem and it is not touched by btrfs at all.
- It's handled as a raw binary data (u8 *).
- This patch makes sure it is correctly removed when the related extent
is dropped.
* As a result, the following patch https://lore.kernel.org/linux-btrfs/f0d9b2d3a40b7a963a977d3dfb62793ff7b065d1.1706116485.git.josef@toxicpanda.com/
("btrfs: explicitly track file extent length for replace and drop")
was dropped as not applicable. There's no need to track the size
anymore as it just matches the size of the stored item.
[RFC]: Should I have kept the structure with __u8 type? Like:
| struct btrfs_encryption_info {
| __u8 context[0];
| };
I did remove it as it was only used to extend the file extent item
structure and hence no longer needed.
---
fs/btrfs/file.c | 61 +++++++++++++++++++++++++++++++++
fs/btrfs/tree-checker.c | 59 ++++++++++++++++++++++++++++---
include/uapi/linux/btrfs_tree.h | 8 +++++
3 files changed, 124 insertions(+), 4 deletions(-)
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 3c0db279f592..639462164d08 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -150,6 +150,7 @@ int btrfs_drop_extents(struct btrfs_trans_handle *trans,
u64 extent_offset = 0;
u64 extent_end = 0;
u64 last_end = args->start;
+ u64 first_ctx = 1, last_ctx = 0;
int del_nr = 0;
int del_slot = 0;
int extent_type;
@@ -407,6 +408,12 @@ int btrfs_drop_extents(struct btrfs_trans_handle *trans,
del_nr++;
}
+ if (btrfs_file_extent_encryption(leaf, fi) == BTRFS_ENCRYPTION_FSCRYPT) {
+ if (first_ctx > last_ctx)
+ first_ctx = key.offset;
+ last_ctx = key.offset;
+ }
+
if (update_refs &&
extent_type == BTRFS_FILE_EXTENT_INLINE) {
args->bytes_found += extent_end - key.offset;
@@ -496,6 +503,60 @@ int btrfs_drop_extents(struct btrfs_trans_handle *trans,
args->extent_inserted = true;
}
+ if (first_ctx <= last_ctx) {
+ int slot, nritems;
+
+ btrfs_release_path(path);
+
+ key.objectid = ino;
+ key.type = BTRFS_FSCRYPT_CTX_KEY;
+ key.offset = first_ctx;
+
+ ret = btrfs_search_slot(trans, root, &key, path, modify_tree, !!modify_tree);
+ if (ret < 0)
+ goto out_ctx;
+next_leaf:
+ leaf = path->nodes[0];
+ slot = path->slots[0];
+
+ del_slot = slot;
+ del_nr = 0;
+ nritems = btrfs_header_nritems(leaf);
+ while (slot < nritems) {
+ btrfs_item_key_to_cpu(leaf, &key, slot);
+ if (key.objectid > ino ||
+ key.type > BTRFS_FSCRYPT_CTX_KEY ||
+ key.offset > last_ctx)
+ break;
+ del_nr++;
+ slot++;
+ }
+ if (del_nr) {
+ ret = btrfs_del_items(trans, root, path, del_slot, del_nr);
+ if (unlikely(ret)) {
+ btrfs_abort_transaction(trans, ret);
+ goto out_ctx;
+ }
+
+ if (slot == nritems) {
+ ret = btrfs_next_leaf(root, path);
+ if (!ret)
+ goto next_leaf;
+ if (ret > 0)
+ ret = 0;
+ }
+ }
+out_ctx:
+ if (args->path && args->extent_inserted) {
+ btrfs_release_path(path);
+
+ key.objectid = ino;
+ key.type = BTRFS_EXTENT_DATA_KEY;
+ key.offset = args->start;
+ ret = btrfs_search_slot(trans, root, &key, path, 0, 0);
+ }
+ }
+
if (!args->path)
btrfs_free_path(path);
else if (!args->extent_inserted)
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index 9675dbcd78a3..776901f297fe 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -186,6 +186,7 @@ static bool check_prev_ino(struct extent_buffer *leaf,
key->type == BTRFS_INODE_EXTREF_KEY ||
key->type == BTRFS_DIR_INDEX_KEY ||
key->type == BTRFS_DIR_ITEM_KEY ||
+ key->type == BTRFS_FSCRYPT_CTX_KEY ||
key->type == BTRFS_EXTENT_DATA_KEY, "key->type=%u", key->type);
/*
@@ -204,6 +205,39 @@ static bool check_prev_ino(struct extent_buffer *leaf,
prev_key->objectid, key->objectid);
return false;
}
+static int check_fscrypt_context(struct extent_buffer *leaf,
+ struct btrfs_key *key, int slot,
+ struct btrfs_key *prev_key)
+{
+ u32 sectorsize = leaf->fs_info->sectorsize;
+ u32 item_size = btrfs_item_size(leaf, slot);
+
+ if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) {
+ file_extent_err(leaf, slot,
+"unaligned file_offset for encryption context, have %llu should be aligned to %u",
+ key->offset, sectorsize);
+ return -EUCLEAN;
+ }
+
+ /*
+ * Previous key must have the same key->objectid (ino).
+ * It can be XATTR_ITEM, INODE_ITEM or just another EXTENT_DATA.
+ * But if objectids mismatch, it means we have a missing
+ * INODE_ITEM.
+ */
+ if (unlikely(!check_prev_ino(leaf, key, slot, prev_key)))
+ return -EUCLEAN;
+
+ if (unlikely(item_size > BTRFS_MAX_EXTENT_CTX_SIZE)) {
+ file_extent_err(leaf, slot,
+ "invalid encryption context size, have %u expect a maximum of %u",
+ item_size, BTRFS_MAX_EXTENT_CTX_SIZE);
+ return -EUCLEAN;
+ }
+
+ return 0;
+}
+
static int check_extent_data_item(struct extent_buffer *leaf,
struct btrfs_key *key, int slot,
struct btrfs_key *prev_key)
@@ -214,6 +248,7 @@ static int check_extent_data_item(struct extent_buffer *leaf,
u32 item_size = btrfs_item_size(leaf, slot);
u64 extent_end;
u8 policy;
+ u8 fe_type;
if (unlikely(!IS_ALIGNED(key->offset, sectorsize))) {
file_extent_err(leaf, slot,
@@ -244,12 +279,12 @@ static int check_extent_data_item(struct extent_buffer *leaf,
SZ_4K);
return -EUCLEAN;
}
- if (unlikely(btrfs_file_extent_type(leaf, fi) >=
- BTRFS_NR_FILE_EXTENT_TYPES)) {
+
+ fe_type = btrfs_file_extent_type(leaf, fi);
+ if (unlikely(fe_type >= BTRFS_NR_FILE_EXTENT_TYPES)) {
file_extent_err(leaf, slot,
"invalid type for file extent, have %u expect range [0, %u]",
- btrfs_file_extent_type(leaf, fi),
- BTRFS_NR_FILE_EXTENT_TYPES - 1);
+ fe_type, BTRFS_NR_FILE_EXTENT_TYPES - 1);
return -EUCLEAN;
}
@@ -298,6 +333,19 @@ static int check_extent_data_item(struct extent_buffer *leaf,
return 0;
}
+ if (policy == BTRFS_ENCRYPTION_FSCRYPT) {
+ /*
+ * Only regular and prealloc extents should have an encryption
+ * context.
+ */
+ if (unlikely(fe_type != BTRFS_FILE_EXTENT_REG &&
+ fe_type != BTRFS_FILE_EXTENT_PREALLOC)) {
+ file_extent_err(leaf, slot,
+ "invalid type for encrypted file extent, have %u", fe_type);
+ return -EUCLEAN;
+ }
+ }
+
/* Regular or preallocated extent has fixed item size */
if (unlikely(item_size != sizeof(*fi))) {
file_extent_err(leaf, slot,
@@ -1948,6 +1996,9 @@ static enum btrfs_tree_block_status check_leaf_item(struct extent_buffer *leaf,
case BTRFS_EXTENT_CSUM_KEY:
ret = check_csum_item(leaf, key, slot, prev_key);
break;
+ case BTRFS_FSCRYPT_CTX_KEY:
+ ret = check_fscrypt_context(leaf, key, slot, prev_key);
+ break;
case BTRFS_DIR_ITEM_KEY:
case BTRFS_DIR_INDEX_KEY:
case BTRFS_XATTR_ITEM_KEY:
diff --git a/include/uapi/linux/btrfs_tree.h b/include/uapi/linux/btrfs_tree.h
index cb8dbcc612e9..76937d66b5dd 100644
--- a/include/uapi/linux/btrfs_tree.h
+++ b/include/uapi/linux/btrfs_tree.h
@@ -168,6 +168,7 @@
#define BTRFS_VERITY_MERKLE_ITEM_KEY 37
#define BTRFS_FSCRYPT_INODE_CTX_KEY 41
+#define BTRFS_FSCRYPT_CTX_KEY 42
#define BTRFS_ORPHAN_ITEM_KEY 48
/* reserve 2-15 close to the inode for later flexibility */
@@ -1079,6 +1080,13 @@ enum {
BTRFS_NR_FILE_EXTENT_TYPES = 3,
};
+/*
+ * Currently just the FSCRYPT_SET_CONTEXT_MAX_SIZE, which is larger than the
+ * current extent context size from fscrypt, so this should give us plenty of
+ * breathing room for expansion later.
+ */
+#define BTRFS_MAX_EXTENT_CTX_SIZE 40
+
enum btrfs_encryption_type {
BTRFS_ENCRYPTION_NONE,
BTRFS_ENCRYPTION_FSCRYPT,
--
2.51.0
next prev parent reply other threads:[~2026-02-06 18:24 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 18:22 [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 01/43] fscrypt: add per-extent encryption support Daniel Vacek
2026-02-21 22:11 ` Eric Biggers
2026-02-06 18:22 ` [PATCH v6 02/43] fscrypt: allow inline encryption for extent based encryption Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 03/43] fscrypt: add a __fscrypt_file_open helper Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 04/43] fscrypt: conditionally don't wipe mk secret until the last active user is done Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 05/43] blk-crypto: add a process_bio callback Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 06/43] fscrypt: add a process_bio hook to fscrypt_operations Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 07/43] fscrypt: expose fscrypt_nokey_name Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 08/43] fscrypt: add documentation about extent encryption Daniel Vacek
2026-02-06 18:43 ` Randy Dunlap
2026-02-17 14:48 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 09/43] btrfs: add infrastructure for safe em freeing Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 10/43] btrfs: start using fscrypt hooks Daniel Vacek
2026-02-08 15:44 ` Chris Mason
2026-02-17 15:26 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 11/43] btrfs: add inode encryption contexts Daniel Vacek
2026-02-08 15:36 ` Chris Mason
2026-02-18 13:18 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 12/43] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 13/43] btrfs: adapt readdir for encrypted and nokey names Daniel Vacek
2026-02-08 15:35 ` Chris Mason
2026-02-18 14:05 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 14/43] btrfs: handle " Daniel Vacek
2026-02-08 15:28 ` Chris Mason
2026-02-18 14:50 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 15/43] btrfs: implement fscrypt ioctls Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 16/43] btrfs: select encryption dependencies if FS_ENCRYPTION Daniel Vacek
2026-02-08 15:22 ` Chris Mason
2026-02-18 15:02 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 17/43] btrfs: add get_devices hook for fscrypt Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 18/43] btrfs: set file extent encryption excplicitly Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 19/43] btrfs: add fscrypt_info and encryption_type to extent_map Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 20/43] btrfs: add fscrypt_info and encryption_type to ordered_extent Daniel Vacek
2026-02-08 15:18 ` Chris Mason
2026-02-18 15:29 ` Daniel Vacek
2026-02-18 15:50 ` Chris Mason
2026-02-18 16:11 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 21/43] btrfs: plumb through setting the fscrypt_info for ordered extents Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 22/43] btrfs: populate the ordered_extent with the fscrypt context Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 23/43] btrfs: keep track of fscrypt info and orig_start for dio reads Daniel Vacek
2026-02-06 18:22 ` Daniel Vacek [this message]
2026-02-08 15:16 ` [PATCH v6 24/43] btrfs: add extent encryption context tree item type Chris Mason
2026-02-18 17:25 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 25/43] btrfs: pass through fscrypt_extent_info to the file extent helpers Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 26/43] btrfs: implement the fscrypt extent encryption hooks Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 27/43] btrfs: setup fscrypt_extent_info for new extents Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 28/43] btrfs: populate ordered_extent with the orig offset Daniel Vacek
2026-02-08 15:12 ` Chris Mason
2026-03-03 13:42 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 29/43] btrfs: set the bio fscrypt context when applicable Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 30/43] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 31/43] btrfs: limit encrypted writes to 256 segments Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 32/43] btrfs: implement process_bio cb for fscrypt Daniel Vacek
2026-02-08 15:10 ` Chris Mason
2026-03-24 9:36 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 33/43] btrfs: implement read repair for encryption Daniel Vacek
2026-02-08 15:08 ` Chris Mason
2026-03-25 14:17 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 34/43] btrfs: add test_dummy_encryption support Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 35/43] btrfs: make btrfs_ref_to_path handle encrypted filenames Daniel Vacek
2026-02-08 15:02 ` Chris Mason
2026-03-25 15:27 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 36/43] btrfs: deal with encrypted symlinks in send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 37/43] btrfs: decrypt file names for send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 38/43] btrfs: load the inode context before sending writes Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 39/43] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 40/43] btrfs: support encryption with log replay Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 41/43] btrfs: disable auto defrag on encrypted files Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 42/43] btrfs: disable encryption on RAID5/6 Daniel Vacek
2026-02-08 13:14 ` Chris Mason
2026-02-06 18:23 ` [PATCH v6 43/43] btrfs: disable send if we have encryption enabled Daniel Vacek
2026-02-06 18:42 ` [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-21 20:56 ` Eric Biggers
2026-02-27 15:50 ` Daniel Vacek
2026-02-27 22:26 ` Neal Gompa
2026-02-28 7:57 ` Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260206182336.1397715-25-neelx@suse.com \
--to=neelx@suse.com \
--cc=axboe@kernel.dk \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox