From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Jens Axboe <axboe@kernel.dk>,
David Sterba <dsterba@suse.com>
Cc: linux-block@vger.kernel.org, Daniel Vacek <neelx@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v6 05/43] blk-crypto: add a process_bio callback
Date: Fri, 6 Feb 2026 19:22:37 +0100 [thread overview]
Message-ID: <20260206182336.1397715-6-neelx@suse.com> (raw)
In-Reply-To: <20260206182336.1397715-1-neelx@suse.com>
From: Josef Bacik <josef@toxicpanda.com>
Btrfs does checksumming, and the checksums need to match the bytes on
disk. In order to facilitate this add a process bio callback for the
blk-crypto layer. This allows the file system to specify a callback and
then can process the encrypted bio as necessary.
For btrfs, writes will have the checksums calculated and saved into our
relevant data structures for storage once the write completes. For
reads we will validate the checksums match what is on disk and error out
if there is a mismatch.
This is incompatible with native encryption obviously, so make sure we
don't use native encryption if this callback is set.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Daniel Vacek <neelx@suse.com>
---
v5: https://lore.kernel.org/linux-btrfs/66c781f3b2afdf2c558efdf33a7bba8bcfe47ce7.1706116485.git.josef@toxicpanda.com/
* No changes since.
---
block/blk-crypto-fallback.c | 43 +++++++++++++++++++++++++++++++++++++
block/blk-crypto-internal.h | 8 +++++++
block/blk-crypto-profile.c | 2 ++
block/blk-crypto.c | 6 +++++-
fs/crypto/inline_crypt.c | 3 ++-
include/linux/blk-crypto.h | 15 +++++++++++--
6 files changed, 73 insertions(+), 4 deletions(-)
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index 86b27f96051a..7af6424a19ec 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -210,12 +210,15 @@ blk_crypto_fallback_alloc_cipher_req(struct blk_crypto_keyslot *slot,
static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr)
{
+ struct bio_crypt_ctx *bc;
struct bio *bio = *bio_ptr;
unsigned int i = 0;
unsigned int num_sectors = 0;
struct bio_vec bv;
struct bvec_iter iter;
+ bc = bio->bi_crypt_context;
+
bio_for_each_segment(bv, bio, iter) {
num_sectors += bv.bv_len >> SECTOR_SHIFT;
if (++i == BIO_MAX_VECS)
@@ -223,6 +226,16 @@ static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr)
}
if (num_sectors < bio_sectors(bio)) {
+ /*
+ * We cannot split bio's that have process_bio, as they require
+ * the original bio. The upper layer must make sure to limit
+ * the submitted bio's appropriately.
+ */
+ if (bc->bc_key->crypto_cfg.process_bio) {
+ bio->bi_status = BLK_STS_RESOURCE;
+ return false;
+ }
+
bio = bio_submit_split_bioset(bio, num_sectors,
&crypto_bio_split);
if (!bio)
@@ -343,6 +356,15 @@ static bool blk_crypto_fallback_encrypt_bio(struct bio **bio_ptr)
}
}
+ /* Process the encrypted bio before we submit it. */
+ if (bc->bc_key->crypto_cfg.process_bio) {
+ blk_st = bc->bc_key->crypto_cfg.process_bio(src_bio, enc_bio);
+ if (blk_st != BLK_STS_OK) {
+ src_bio->bi_status = blk_st;
+ goto out_free_bounce_pages;
+ }
+ }
+
enc_bio->bi_private = src_bio;
enc_bio->bi_end_io = blk_crypto_fallback_encrypt_endio;
*bio_ptr = enc_bio;
@@ -388,6 +410,15 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work)
unsigned int i;
blk_status_t blk_st;
+ /* Process the bio first before trying to decrypt. */
+ if (bc->bc_key->crypto_cfg.process_bio) {
+ blk_st = bc->bc_key->crypto_cfg.process_bio(bio, bio);
+ if (blk_st != BLK_STS_OK) {
+ bio->bi_status = blk_st;
+ goto out_no_keyslot;
+ }
+ }
+
/*
* Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for
* this bio's algorithm and key.
@@ -437,6 +468,18 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work)
bio_endio(bio);
}
+/**
+ * blk_crypto_profile_is_fallback - check if this profile is the fallback
+ * profile
+ * @profile: the profile we're checking
+ *
+ * This is just a quick check to make sure @profile is the fallback profile.
+ */
+bool blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile)
+{
+ return profile == blk_crypto_fallback_profile;
+}
+
/**
* blk_crypto_fallback_decrypt_endio - queue bio for fallback decryption
*
diff --git a/block/blk-crypto-internal.h b/block/blk-crypto-internal.h
index ccf6dff6ff6b..82b512ca35f0 100644
--- a/block/blk-crypto-internal.h
+++ b/block/blk-crypto-internal.h
@@ -223,6 +223,8 @@ bool blk_crypto_fallback_bio_prep(struct bio **bio_ptr);
int blk_crypto_fallback_evict_key(const struct blk_crypto_key *key);
+bool blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile);
+
#else /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */
static inline int
@@ -245,6 +247,12 @@ blk_crypto_fallback_evict_key(const struct blk_crypto_key *key)
return 0;
}
+static inline bool
+blk_crypto_profile_is_fallback(struct blk_crypto_profile *profile)
+{
+ return false;
+}
+
#endif /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */
#endif /* __LINUX_BLK_CRYPTO_INTERNAL_H */
diff --git a/block/blk-crypto-profile.c b/block/blk-crypto-profile.c
index 81918f6e0cae..e57af3bb17dc 100644
--- a/block/blk-crypto-profile.c
+++ b/block/blk-crypto-profile.c
@@ -354,6 +354,8 @@ bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile,
return false;
if (!(profile->key_types_supported & cfg->key_type))
return false;
+ if (cfg->process_bio && !blk_crypto_profile_is_fallback(profile))
+ return false;
return true;
}
diff --git a/block/blk-crypto.c b/block/blk-crypto.c
index 3e7bf1974cbd..b0576e502d4d 100644
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -332,6 +332,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio,
* @dun_bytes: number of bytes that will be used to specify the DUN when this
* key is used
* @data_unit_size: the data unit size to use for en/decryption
+ * @process_bio: the call back if the upper layer needs to process the encrypted
+ * bio
*
* Return: 0 on success, -errno on failure. The caller is responsible for
* zeroizing both blk_key and key_bytes when done with them.
@@ -341,7 +343,8 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key,
enum blk_crypto_key_type key_type,
enum blk_crypto_mode_num crypto_mode,
unsigned int dun_bytes,
- unsigned int data_unit_size)
+ unsigned int data_unit_size,
+ blk_crypto_process_bio_t process_bio)
{
const struct blk_crypto_mode *mode;
@@ -375,6 +378,7 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key,
blk_key->crypto_cfg.dun_bytes = dun_bytes;
blk_key->crypto_cfg.data_unit_size = data_unit_size;
blk_key->crypto_cfg.key_type = key_type;
+ blk_key->crypto_cfg.process_bio = process_bio;
blk_key->data_unit_size_bits = ilog2(data_unit_size);
blk_key->size = key_size;
memcpy(blk_key->bytes, key_bytes, key_size);
diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c
index 38a729700552..d737fb6ff011 100644
--- a/fs/crypto/inline_crypt.c
+++ b/fs/crypto/inline_crypt.c
@@ -178,7 +178,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
err = blk_crypto_init_key(blk_key, key_bytes, key_size, key_type,
crypto_mode, fscrypt_get_dun_bytes(ci),
- 1U << ci->ci_data_unit_bits);
+ 1U << ci->ci_data_unit_bits,
+ NULL);
if (err) {
fscrypt_err(inode, "error %d initializing blk-crypto key", err);
goto fail;
diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h
index 58b0c5254a67..022b00004517 100644
--- a/include/linux/blk-crypto.h
+++ b/include/linux/blk-crypto.h
@@ -7,7 +7,7 @@
#define __LINUX_BLK_CRYPTO_H
#include <linux/minmax.h>
-#include <linux/types.h>
+#include <linux/blk_types.h>
#include <uapi/linux/blk-crypto.h>
enum blk_crypto_mode_num {
@@ -19,6 +19,14 @@ enum blk_crypto_mode_num {
BLK_ENCRYPTION_MODE_MAX,
};
+/*
+ * orig_bio must be the bio that was submitted from the upper layer as the upper
+ * layer could have used a specific bioset and expect the orig_bio to be from
+ * its bioset.
+ */
+typedef blk_status_t (*blk_crypto_process_bio_t)(struct bio *orig_bio,
+ struct bio *enc_bio);
+
/*
* Supported types of keys. Must be bitflags due to their use in
* blk_crypto_profile::key_types_supported.
@@ -77,12 +85,14 @@ enum blk_crypto_key_type {
* filesystem block size or the disk sector size.
* @dun_bytes: the maximum number of bytes of DUN used when using this key
* @key_type: the type of this key -- either raw or hardware-wrapped
+ * @proces_bio: optional callback to process encrypted bios.
*/
struct blk_crypto_config {
enum blk_crypto_mode_num crypto_mode;
unsigned int data_unit_size;
unsigned int dun_bytes;
enum blk_crypto_key_type key_type;
+ blk_crypto_process_bio_t process_bio;
};
/**
@@ -145,7 +155,8 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key,
enum blk_crypto_key_type key_type,
enum blk_crypto_mode_num crypto_mode,
unsigned int dun_bytes,
- unsigned int data_unit_size);
+ unsigned int data_unit_size,
+ blk_crypto_process_bio_t process_bio);
int blk_crypto_start_using_key(struct block_device *bdev,
const struct blk_crypto_key *key);
--
2.51.0
next prev parent reply other threads:[~2026-02-06 18:24 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 18:22 [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 01/43] fscrypt: add per-extent encryption support Daniel Vacek
2026-02-21 22:11 ` Eric Biggers
2026-02-06 18:22 ` [PATCH v6 02/43] fscrypt: allow inline encryption for extent based encryption Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 03/43] fscrypt: add a __fscrypt_file_open helper Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 04/43] fscrypt: conditionally don't wipe mk secret until the last active user is done Daniel Vacek
2026-02-06 18:22 ` Daniel Vacek [this message]
2026-02-06 18:22 ` [PATCH v6 06/43] fscrypt: add a process_bio hook to fscrypt_operations Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 07/43] fscrypt: expose fscrypt_nokey_name Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 08/43] fscrypt: add documentation about extent encryption Daniel Vacek
2026-02-06 18:43 ` Randy Dunlap
2026-02-17 14:48 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 09/43] btrfs: add infrastructure for safe em freeing Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 10/43] btrfs: start using fscrypt hooks Daniel Vacek
2026-02-08 15:44 ` Chris Mason
2026-02-17 15:26 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 11/43] btrfs: add inode encryption contexts Daniel Vacek
2026-02-08 15:36 ` Chris Mason
2026-02-18 13:18 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 12/43] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 13/43] btrfs: adapt readdir for encrypted and nokey names Daniel Vacek
2026-02-08 15:35 ` Chris Mason
2026-02-18 14:05 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 14/43] btrfs: handle " Daniel Vacek
2026-02-08 15:28 ` Chris Mason
2026-02-18 14:50 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 15/43] btrfs: implement fscrypt ioctls Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 16/43] btrfs: select encryption dependencies if FS_ENCRYPTION Daniel Vacek
2026-02-08 15:22 ` Chris Mason
2026-02-18 15:02 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 17/43] btrfs: add get_devices hook for fscrypt Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 18/43] btrfs: set file extent encryption excplicitly Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 19/43] btrfs: add fscrypt_info and encryption_type to extent_map Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 20/43] btrfs: add fscrypt_info and encryption_type to ordered_extent Daniel Vacek
2026-02-08 15:18 ` Chris Mason
2026-02-18 15:29 ` Daniel Vacek
2026-02-18 15:50 ` Chris Mason
2026-02-18 16:11 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 21/43] btrfs: plumb through setting the fscrypt_info for ordered extents Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 22/43] btrfs: populate the ordered_extent with the fscrypt context Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 23/43] btrfs: keep track of fscrypt info and orig_start for dio reads Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 24/43] btrfs: add extent encryption context tree item type Daniel Vacek
2026-02-08 15:16 ` Chris Mason
2026-02-18 17:25 ` Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 25/43] btrfs: pass through fscrypt_extent_info to the file extent helpers Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 26/43] btrfs: implement the fscrypt extent encryption hooks Daniel Vacek
2026-02-06 18:22 ` [PATCH v6 27/43] btrfs: setup fscrypt_extent_info for new extents Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 28/43] btrfs: populate ordered_extent with the orig offset Daniel Vacek
2026-02-08 15:12 ` Chris Mason
2026-03-03 13:42 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 29/43] btrfs: set the bio fscrypt context when applicable Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 30/43] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 31/43] btrfs: limit encrypted writes to 256 segments Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 32/43] btrfs: implement process_bio cb for fscrypt Daniel Vacek
2026-02-08 15:10 ` Chris Mason
2026-03-24 9:36 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 33/43] btrfs: implement read repair for encryption Daniel Vacek
2026-02-08 15:08 ` Chris Mason
2026-03-25 14:17 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 34/43] btrfs: add test_dummy_encryption support Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 35/43] btrfs: make btrfs_ref_to_path handle encrypted filenames Daniel Vacek
2026-02-08 15:02 ` Chris Mason
2026-03-25 15:27 ` Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 36/43] btrfs: deal with encrypted symlinks in send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 37/43] btrfs: decrypt file names for send Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 38/43] btrfs: load the inode context before sending writes Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 39/43] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 40/43] btrfs: support encryption with log replay Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 41/43] btrfs: disable auto defrag on encrypted files Daniel Vacek
2026-02-06 18:23 ` [PATCH v6 42/43] btrfs: disable encryption on RAID5/6 Daniel Vacek
2026-02-08 13:14 ` Chris Mason
2026-02-06 18:23 ` [PATCH v6 43/43] btrfs: disable send if we have encryption enabled Daniel Vacek
2026-02-06 18:42 ` [PATCH v6 00/43] btrfs: add fscrypt support Daniel Vacek
2026-02-21 20:56 ` Eric Biggers
2026-02-27 15:50 ` Daniel Vacek
2026-02-27 22:26 ` Neal Gompa
2026-02-28 7:57 ` Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260206182336.1397715-6-neelx@suse.com \
--to=neelx@suse.com \
--cc=axboe@kernel.dk \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox