From: Jan Kara <jack@suse.cz>
To: Eric Biggers <ebiggers3@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-ext4@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
linux-fscrypt@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH] ext4: remove redundant check for encrypted file on dio write path
Date: Wed, 24 May 2017 10:10:41 +0200 [thread overview]
Message-ID: <20170524081041.GB10604@quack2.suse.cz> (raw)
In-Reply-To: <20170523161354.GB106748@gmail.com>
On Tue 23-05-17 09:13:54, Eric Biggers wrote:
> Hi Jan,
>
> On Tue, May 23, 2017 at 10:24:10AM +0200, Jan Kara wrote:
> > On Mon 22-05-17 17:53:16, Eric Biggers wrote:
> > > From: Eric Biggers <ebiggers@google.com>
> > >
> > > Currently we don't allow direct I/O on encrypted regular files, so in
> > > such cases we return 0 early in ext4_direct_IO(). There was also an
> > > additional BUG_ON() check in ext4_direct_IO_write(), but it can never
> > > be hit because of the earlier check for the exact same condition in
> > > ext4_direct_IO(). There was also no matching check on the read path,
> > > which made the write path specific check seem very ad-hoc.
> > >
> > > Just remove the unnecessary BUG_ON().
> > >
> > > Signed-off-by: Eric Biggers <ebiggers@google.com>
> >
> > Yeah, the check is rather before the BUG_ON so I guess that there's no
> > big point in the BUG_ON. When looking at this code I have one question
> > though:
> >
> > So when you mount the filesystem with 'dioread_nolock', do overwriting
> > direct write to the file, and just after we do inode_unlock() in
> > ext4_direct_IO_write() someone calls EXT4_IOC_SET_ENCRYPTION_POLICY
> > ioctl on the file, the BUG_ON could actually trigger. So I think you
> > need to wait for outstanding direct IO for the file when setting
> > encryption policy. Likely in ext4_set_context() or maybe in the generic
> > fscrypt code (you need to wait after acquiring inode_lock), I'm not
> > sure how other filesystems using fscrypt handle this and whether it
> > would make more sense in the generic code or in ext4 specific one.
> >
>
> That's not possible because the ioctl can only set an encryption policy
> on a directory, and specifically an empty one. Other files can only
> acquire an encryption policy through inheritance. There have been
> thoughts about implementing "in-place" encryption but it's not something
> we currently support.
Ah, good. Thanks for explanation. Then you can add:
Reviewed-by: Jan Kara <jack@suse.cz>
to your patch.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2017-05-24 8:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 0:53 [PATCH] ext4: remove redundant check for encrypted file on dio write path Eric Biggers
2017-05-23 6:03 ` David Gstir
2017-05-23 8:24 ` Jan Kara
2017-05-23 16:13 ` Eric Biggers
2017-05-24 8:10 ` Jan Kara [this message]
2017-05-24 22:21 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170524081041.GB10604@quack2.suse.cz \
--to=jack@suse.cz \
--cc=ebiggers3@gmail.com \
--cc=ebiggers@google.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox