* [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests
@ 2025-07-10 6:07 Eric Biggers
2025-07-10 6:07 ` [PATCH v2 1/6] fscrypt: Don't use asynchronous CryptoAPI algorithms Eric Biggers
` (5 more replies)
0 siblings, 6 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
Simplify the code and eliminate per-encryption-op dynamic memory
allocations by switching from crypto_skcipher to crypto_sync_skcipher,
and from dynamic request allocation to SYNC_SKCIPHER_REQUEST_ON_STACK.
Previously, this change would have made the x86 accelerated AES code no
longer be used, which would have been very bad. However, I fixed that
in 6.16. So we can make this simplification now.
This patchset applies to fscrypt/for-next. The base-commit (listed
below) can be found in next-20250708
Changed in v2:
- Added patches that remove the gfp_t argument from functions that no
longer need it.
- Eliminated the goto in derive_key_aes().
- Improved commit messages.
Eric Biggers (6):
fscrypt: Don't use asynchronous CryptoAPI algorithms
fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB
fscrypt: Switch to sync_skcipher and on-stack requests
fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit()
fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace()
ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*()
fs/ceph/crypto.c | 13 +++-----
fs/ceph/crypto.h | 10 +++---
fs/ceph/file.c | 3 +-
fs/ceph/inode.c | 3 +-
fs/crypto/bio.c | 3 +-
fs/crypto/crypto.c | 44 +++++++++-----------------
fs/crypto/fname.c | 63 +++++++++++++------------------------
fs/crypto/fscrypt_private.h | 10 +++---
fs/crypto/keysetup.c | 23 +++++++-------
fs/crypto/keysetup_v1.c | 56 ++++++++++++++-------------------
fs/ubifs/crypto.c | 2 +-
include/linux/fscrypt.h | 5 ++-
12 files changed, 91 insertions(+), 144 deletions(-)
base-commit: b41c1d8d07906786c60893980d52688f31d114a6
--
2.50.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2 1/6] fscrypt: Don't use asynchronous CryptoAPI algorithms
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 6:07 ` [PATCH v2 2/6] fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB Eric Biggers
` (4 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
Now that fscrypt's incomplete support for non-inline crypto engines has
been removed, and none of the CPU-based algorithms have the
CRYPTO_ALG_ASYNC flag set anymore, there is no need to accommodate
asynchronous algorithms. Therefore, explicitly allocate only
synchronous algorithms. Then, remove the code that handled waiting for
asynchronous en/decryption operations to complete.
This commit should *not* be backported to kernels that lack commit
0ba6ec5b2972 ("crypto: x86/aes - stop using the SIMD helper"), as then
it would disable the use of the optimized AES code on x86.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/crypto/crypto.c | 7 +++----
fs/crypto/fname.c | 18 ++++++++----------
fs/crypto/fscrypt_private.h | 5 +++--
fs/crypto/keysetup_v1.c | 9 ++++-----
4 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index ddf6991d46da2..43d1658e07cec 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -113,11 +113,10 @@ int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
unsigned int len, unsigned int offs,
gfp_t gfp_flags)
{
union fscrypt_iv iv;
struct skcipher_request *req = NULL;
- DECLARE_CRYPTO_WAIT(wait);
struct scatterlist dst, src;
struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
int res = 0;
if (WARN_ON_ONCE(len <= 0))
@@ -131,21 +130,21 @@ int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
if (!req)
return -ENOMEM;
skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
- crypto_req_done, &wait);
+ NULL, NULL);
sg_init_table(&dst, 1);
sg_set_page(&dst, dest_page, len, offs);
sg_init_table(&src, 1);
sg_set_page(&src, src_page, len, offs);
skcipher_request_set_crypt(req, &src, &dst, len, &iv);
if (rw == FS_DECRYPT)
- res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
+ res = crypto_skcipher_decrypt(req);
else
- res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+ res = crypto_skcipher_encrypt(req);
skcipher_request_free(req);
if (res) {
fscrypt_err(ci->ci_inode,
"%scryption failed for data unit %llu: %d",
(rw == FS_DECRYPT ? "De" : "En"), index, res);
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index fb01dde0f2e55..17edc24ccd42f 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -93,11 +93,10 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
*/
int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
u8 *out, unsigned int olen)
{
struct skcipher_request *req = NULL;
- DECLARE_CRYPTO_WAIT(wait);
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
union fscrypt_iv iv;
struct scatterlist sg;
int res;
@@ -116,18 +115,18 @@ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
/* Set up the encryption request */
req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req)
return -ENOMEM;
- skcipher_request_set_callback(req,
- CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
- crypto_req_done, &wait);
+ skcipher_request_set_callback(
+ req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
sg_init_one(&sg, out, olen);
skcipher_request_set_crypt(req, &sg, &sg, olen, &iv);
/* Do the encryption */
- res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+ res = crypto_skcipher_encrypt(req);
skcipher_request_free(req);
if (res < 0) {
fscrypt_err(inode, "Filename encryption failed: %d", res);
return res;
}
@@ -149,33 +148,32 @@ EXPORT_SYMBOL_GPL(fscrypt_fname_encrypt);
static int fname_decrypt(const struct inode *inode,
const struct fscrypt_str *iname,
struct fscrypt_str *oname)
{
struct skcipher_request *req = NULL;
- DECLARE_CRYPTO_WAIT(wait);
struct scatterlist src_sg, dst_sg;
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
union fscrypt_iv iv;
int res;
/* Allocate request */
req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req)
return -ENOMEM;
- skcipher_request_set_callback(req,
- CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
- crypto_req_done, &wait);
+ skcipher_request_set_callback(
+ req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
/* Initialize IV */
fscrypt_generate_iv(&iv, 0, ci);
/* Create decryption request */
sg_init_one(&src_sg, iname->name, iname->len);
sg_init_one(&dst_sg, oname->name, oname->len);
skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, &iv);
- res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
+ res = crypto_skcipher_decrypt(req);
skcipher_request_free(req);
if (res < 0) {
fscrypt_err(inode, "Filename decryption failed: %d", res);
return res;
}
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 6e7164530a1e2..06fa8f2b2d081 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -57,12 +57,13 @@
* Adiantum is faster still, and is the recommended option on such platforms...)
*
* Note that fscrypt also supports inline crypto engines. Those don't use the
* Crypto API and work much better than the old-style (non-inline) engines.
*/
-#define FSCRYPT_CRYPTOAPI_MASK \
- (CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY)
+#define FSCRYPT_CRYPTOAPI_MASK \
+ (CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | \
+ CRYPTO_ALG_KERN_DRIVER_ONLY)
#define FSCRYPT_CONTEXT_V1 1
#define FSCRYPT_CONTEXT_V2 2
/* Keep this in sync with include/uapi/linux/fscrypt.h */
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 158ceae8a5bce..3fdf174384f3d 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -48,11 +48,10 @@ static int derive_key_aes(const u8 *master_key,
const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],
u8 *derived_key, unsigned int derived_keysize)
{
int res = 0;
struct skcipher_request *req = NULL;
- DECLARE_CRYPTO_WAIT(wait);
struct scatterlist src_sg, dst_sg;
struct crypto_skcipher *tfm =
crypto_alloc_skcipher("ecb(aes)", 0, FSCRYPT_CRYPTOAPI_MASK);
if (IS_ERR(tfm)) {
@@ -64,22 +63,22 @@ static int derive_key_aes(const u8 *master_key,
req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
res = -ENOMEM;
goto out;
}
- skcipher_request_set_callback(req,
- CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
- crypto_req_done, &wait);
+ skcipher_request_set_callback(
+ req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
res = crypto_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);
if (res < 0)
goto out;
sg_init_one(&src_sg, master_key, derived_keysize);
sg_init_one(&dst_sg, derived_key, derived_keysize);
skcipher_request_set_crypt(req, &src_sg, &dst_sg, derived_keysize,
NULL);
- res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+ res = crypto_skcipher_encrypt(req);
out:
skcipher_request_free(req);
crypto_free_skcipher(tfm);
return res;
}
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 2/6] fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
2025-07-10 6:07 ` [PATCH v2 1/6] fscrypt: Don't use asynchronous CryptoAPI algorithms Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 6:07 ` [PATCH v2 3/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
This flag only has an effect for DES, 3DES, and XTS mode. It does
nothing for AES-ECB, as there is no concept of weak keys for AES.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/crypto/keysetup_v1.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 3fdf174384f3d..75b0f1211a1e6 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -57,11 +57,10 @@ static int derive_key_aes(const u8 *master_key,
if (IS_ERR(tfm)) {
res = PTR_ERR(tfm);
tfm = NULL;
goto out;
}
- crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
req = skcipher_request_alloc(tfm, GFP_KERNEL);
if (!req) {
res = -ENOMEM;
goto out;
}
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 3/6] fscrypt: Switch to sync_skcipher and on-stack requests
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
2025-07-10 6:07 ` [PATCH v2 1/6] fscrypt: Don't use asynchronous CryptoAPI algorithms Eric Biggers
2025-07-10 6:07 ` [PATCH v2 2/6] fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 6:07 ` [PATCH v2 4/6] fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit() Eric Biggers
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
Now that fscrypt uses only synchronous skciphers, switch to the actual
sync_skcipher API and the corresponding on-stack requests. This
eliminates a heap allocation per en/decryption operation.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/crypto/crypto.c | 24 ++++++-----------
fs/crypto/fname.c | 53 ++++++++++++------------------------
fs/crypto/fscrypt_private.h | 2 +-
fs/crypto/keysetup.c | 23 ++++++++--------
fs/crypto/keysetup_v1.c | 54 ++++++++++++++++---------------------
5 files changed, 61 insertions(+), 95 deletions(-)
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index 43d1658e07cec..646b1831e6831 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -111,48 +111,40 @@ int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
fscrypt_direction_t rw, u64 index,
struct page *src_page, struct page *dest_page,
unsigned int len, unsigned int offs,
gfp_t gfp_flags)
{
+ struct crypto_sync_skcipher *tfm = ci->ci_enc_key.tfm;
+ SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
union fscrypt_iv iv;
- struct skcipher_request *req = NULL;
struct scatterlist dst, src;
- struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
- int res = 0;
+ int err;
if (WARN_ON_ONCE(len <= 0))
return -EINVAL;
if (WARN_ON_ONCE(len % FSCRYPT_CONTENTS_ALIGNMENT != 0))
return -EINVAL;
fscrypt_generate_iv(&iv, index, ci);
- req = skcipher_request_alloc(tfm, gfp_flags);
- if (!req)
- return -ENOMEM;
-
skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
-
sg_init_table(&dst, 1);
sg_set_page(&dst, dest_page, len, offs);
sg_init_table(&src, 1);
sg_set_page(&src, src_page, len, offs);
skcipher_request_set_crypt(req, &src, &dst, len, &iv);
if (rw == FS_DECRYPT)
- res = crypto_skcipher_decrypt(req);
+ err = crypto_skcipher_decrypt(req);
else
- res = crypto_skcipher_encrypt(req);
- skcipher_request_free(req);
- if (res) {
+ err = crypto_skcipher_encrypt(req);
+ if (err)
fscrypt_err(ci->ci_inode,
"%scryption failed for data unit %llu: %d",
- (rw == FS_DECRYPT ? "De" : "En"), index, res);
- return res;
- }
- return 0;
+ (rw == FS_DECRYPT ? "De" : "En"), index, err);
+ return err;
}
/**
* fscrypt_encrypt_pagecache_blocks() - Encrypt data from a pagecache folio
* @folio: the locked pagecache folio containing the data to encrypt
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 17edc24ccd42f..f9f6713e144f7 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -92,48 +92,37 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
* Return: 0 on success, -errno on failure
*/
int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
u8 *out, unsigned int olen)
{
- struct skcipher_request *req = NULL;
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
- struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
+ struct crypto_sync_skcipher *tfm = ci->ci_enc_key.tfm;
+ SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
union fscrypt_iv iv;
struct scatterlist sg;
- int res;
+ int err;
/*
* Copy the filename to the output buffer for encrypting in-place and
* pad it with the needed number of NUL bytes.
*/
if (WARN_ON_ONCE(olen < iname->len))
return -ENOBUFS;
memcpy(out, iname->name, iname->len);
memset(out + iname->len, 0, olen - iname->len);
- /* Initialize the IV */
fscrypt_generate_iv(&iv, 0, ci);
- /* Set up the encryption request */
- req = skcipher_request_alloc(tfm, GFP_NOFS);
- if (!req)
- return -ENOMEM;
skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
sg_init_one(&sg, out, olen);
skcipher_request_set_crypt(req, &sg, &sg, olen, &iv);
-
- /* Do the encryption */
- res = crypto_skcipher_encrypt(req);
- skcipher_request_free(req);
- if (res < 0) {
- fscrypt_err(inode, "Filename encryption failed: %d", res);
- return res;
- }
-
- return 0;
+ err = crypto_skcipher_encrypt(req);
+ if (err)
+ fscrypt_err(inode, "Filename encryption failed: %d", err);
+ return err;
}
EXPORT_SYMBOL_GPL(fscrypt_fname_encrypt);
/**
* fname_decrypt() - decrypt a filename
@@ -147,37 +136,29 @@ EXPORT_SYMBOL_GPL(fscrypt_fname_encrypt);
*/
static int fname_decrypt(const struct inode *inode,
const struct fscrypt_str *iname,
struct fscrypt_str *oname)
{
- struct skcipher_request *req = NULL;
- struct scatterlist src_sg, dst_sg;
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
- struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
+ struct crypto_sync_skcipher *tfm = ci->ci_enc_key.tfm;
+ SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
union fscrypt_iv iv;
- int res;
+ struct scatterlist src_sg, dst_sg;
+ int err;
+
+ fscrypt_generate_iv(&iv, 0, ci);
- /* Allocate request */
- req = skcipher_request_alloc(tfm, GFP_NOFS);
- if (!req)
- return -ENOMEM;
skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
-
- /* Initialize IV */
- fscrypt_generate_iv(&iv, 0, ci);
-
- /* Create decryption request */
sg_init_one(&src_sg, iname->name, iname->len);
sg_init_one(&dst_sg, oname->name, oname->len);
skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, &iv);
- res = crypto_skcipher_decrypt(req);
- skcipher_request_free(req);
- if (res < 0) {
- fscrypt_err(inode, "Filename decryption failed: %d", res);
- return res;
+ err = crypto_skcipher_decrypt(req);
+ if (err) {
+ fscrypt_err(inode, "Filename decryption failed: %d", err);
+ return err;
}
oname->len = strnlen(oname->name, iname->len);
return 0;
}
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 06fa8f2b2d081..bffeb14501fd0 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -237,11 +237,11 @@ struct fscrypt_symlink_data {
* @blk_key: key for blk-crypto
*
* Normally only one of the fields will be non-NULL.
*/
struct fscrypt_prepared_key {
- struct crypto_skcipher *tfm;
+ struct crypto_sync_skcipher *tfm;
#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
struct blk_crypto_key *blk_key;
#endif
};
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index 74d4a2e1ad23a..4f3b9ecbfe4e6 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -95,19 +95,19 @@ select_encryption_mode(const union fscrypt_policy *policy,
inode->i_ino, (inode->i_mode & S_IFMT));
return ERR_PTR(-EINVAL);
}
/* Create a symmetric cipher object for the given encryption mode and key */
-static struct crypto_skcipher *
+static struct crypto_sync_skcipher *
fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
const struct inode *inode)
{
- struct crypto_skcipher *tfm;
+ struct crypto_sync_skcipher *tfm;
int err;
- tfm = crypto_alloc_skcipher(mode->cipher_str, 0,
- FSCRYPT_CRYPTOAPI_MASK);
+ tfm = crypto_alloc_sync_skcipher(mode->cipher_str, 0,
+ FSCRYPT_CRYPTOAPI_MASK);
if (IS_ERR(tfm)) {
if (PTR_ERR(tfm) == -ENOENT) {
fscrypt_warn(inode,
"Missing crypto API support for %s (API name: \"%s\")",
mode->friendly_name, mode->cipher_str);
@@ -123,25 +123,26 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
* crypto algorithm implementation is used. Help people debug
* performance problems by logging the ->cra_driver_name the
* first time a mode is used.
*/
pr_info("fscrypt: %s using implementation \"%s\"\n",
- mode->friendly_name, crypto_skcipher_driver_name(tfm));
+ mode->friendly_name,
+ crypto_skcipher_driver_name(&tfm->base));
}
- if (WARN_ON_ONCE(crypto_skcipher_ivsize(tfm) != mode->ivsize)) {
+ if (WARN_ON_ONCE(crypto_sync_skcipher_ivsize(tfm) != mode->ivsize)) {
err = -EINVAL;
goto err_free_tfm;
}
- crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
- err = crypto_skcipher_setkey(tfm, raw_key, mode->keysize);
+ crypto_sync_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
+ err = crypto_sync_skcipher_setkey(tfm, raw_key, mode->keysize);
if (err)
goto err_free_tfm;
return tfm;
err_free_tfm:
- crypto_free_skcipher(tfm);
+ crypto_free_sync_skcipher(tfm);
return ERR_PTR(err);
}
/*
* Prepare the crypto transform object or blk-crypto key in @prep_key, given the
@@ -150,11 +151,11 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key,
* and IV generation method (@ci->ci_policy.flags).
*/
int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
const u8 *raw_key, const struct fscrypt_inode_info *ci)
{
- struct crypto_skcipher *tfm;
+ struct crypto_sync_skcipher *tfm;
if (fscrypt_using_inline_encryption(ci))
return fscrypt_prepare_inline_crypt_key(prep_key, raw_key,
ci->ci_mode->keysize,
false, ci);
@@ -174,11 +175,11 @@ int fscrypt_prepare_key(struct fscrypt_prepared_key *prep_key,
/* Destroy a crypto transform object and/or blk-crypto key. */
void fscrypt_destroy_prepared_key(struct super_block *sb,
struct fscrypt_prepared_key *prep_key)
{
- crypto_free_skcipher(prep_key->tfm);
+ crypto_free_sync_skcipher(prep_key->tfm);
fscrypt_destroy_inline_crypt_key(sb, prep_key);
memzero_explicit(prep_key, sizeof(*prep_key));
}
/* Given a per-file encryption key, set up the file's crypto transform object */
diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c
index 75b0f1211a1e6..c4d05168522b0 100644
--- a/fs/crypto/keysetup_v1.c
+++ b/fs/crypto/keysetup_v1.c
@@ -46,42 +46,34 @@ static DEFINE_SPINLOCK(fscrypt_direct_keys_lock);
*/
static int derive_key_aes(const u8 *master_key,
const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],
u8 *derived_key, unsigned int derived_keysize)
{
- int res = 0;
- struct skcipher_request *req = NULL;
- struct scatterlist src_sg, dst_sg;
- struct crypto_skcipher *tfm =
- crypto_alloc_skcipher("ecb(aes)", 0, FSCRYPT_CRYPTOAPI_MASK);
-
- if (IS_ERR(tfm)) {
- res = PTR_ERR(tfm);
- tfm = NULL;
- goto out;
- }
- req = skcipher_request_alloc(tfm, GFP_KERNEL);
- if (!req) {
- res = -ENOMEM;
- goto out;
- }
- skcipher_request_set_callback(
- req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
- NULL, NULL);
- res = crypto_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);
- if (res < 0)
- goto out;
+ struct crypto_sync_skcipher *tfm;
+ int err;
- sg_init_one(&src_sg, master_key, derived_keysize);
- sg_init_one(&dst_sg, derived_key, derived_keysize);
- skcipher_request_set_crypt(req, &src_sg, &dst_sg, derived_keysize,
- NULL);
- res = crypto_skcipher_encrypt(req);
-out:
- skcipher_request_free(req);
- crypto_free_skcipher(tfm);
- return res;
+ tfm = crypto_alloc_sync_skcipher("ecb(aes)", 0, FSCRYPT_CRYPTOAPI_MASK);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ err = crypto_sync_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);
+ if (err == 0) {
+ SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
+ struct scatterlist src_sg, dst_sg;
+
+ skcipher_request_set_callback(req,
+ CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
+ sg_init_one(&src_sg, master_key, derived_keysize);
+ sg_init_one(&dst_sg, derived_key, derived_keysize);
+ skcipher_request_set_crypt(req, &src_sg, &dst_sg,
+ derived_keysize, NULL);
+ err = crypto_skcipher_encrypt(req);
+ }
+ crypto_free_sync_skcipher(tfm);
+ return err;
}
/*
* Search the current task's subscribed keyrings for a "logon" key with
* description prefix:descriptor, and if found acquire a read lock on it and
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 4/6] fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit()
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
` (2 preceding siblings ...)
2025-07-10 6:07 ` [PATCH v2 3/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 6:07 ` [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() Eric Biggers
2025-07-10 6:07 ` [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*() Eric Biggers
5 siblings, 0 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
This argument is no longer used, so remove it.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/crypto/bio.c | 3 +--
fs/crypto/crypto.c | 14 +++++---------
fs/crypto/fscrypt_private.h | 3 +--
3 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/fs/crypto/bio.c b/fs/crypto/bio.c
index 13ad2dd771b64..486fcb2ecf13e 100644
--- a/fs/crypto/bio.c
+++ b/fs/crypto/bio.c
@@ -165,12 +165,11 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
i = 0;
offset = 0;
do {
err = fscrypt_crypt_data_unit(ci, FS_ENCRYPT, du_index,
ZERO_PAGE(0), pages[i],
- du_size, offset,
- GFP_NOFS);
+ du_size, offset);
if (err)
goto out;
du_index++;
sector += 1U << (du_bits - SECTOR_SHIFT);
du_remaining--;
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index 646b1831e6831..bab0aacd4da36 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -108,12 +108,11 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 index,
/* Encrypt or decrypt a single "data unit" of file contents. */
int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
fscrypt_direction_t rw, u64 index,
struct page *src_page, struct page *dest_page,
- unsigned int len, unsigned int offs,
- gfp_t gfp_flags)
+ unsigned int len, unsigned int offs)
{
struct crypto_sync_skcipher *tfm = ci->ci_enc_key.tfm;
SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
union fscrypt_iv iv;
struct scatterlist dst, src;
@@ -195,11 +194,11 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
return ERR_PTR(-ENOMEM);
for (i = offs; i < offs + len; i += du_size, index++) {
err = fscrypt_crypt_data_unit(ci, FS_ENCRYPT, index,
&folio->page, ciphertext_page,
- du_size, i, gfp_flags);
+ du_size, i);
if (err) {
fscrypt_free_bounce_page(ciphertext_page);
return ERR_PTR(err);
}
}
@@ -233,12 +232,11 @@ int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
u64 lblk_num, gfp_t gfp_flags)
{
if (WARN_ON_ONCE(inode->i_sb->s_cop->supports_subblock_data_units))
return -EOPNOTSUPP;
return fscrypt_crypt_data_unit(inode->i_crypt_info, FS_ENCRYPT,
- lblk_num, page, page, len, offs,
- gfp_flags);
+ lblk_num, page, page, len, offs);
}
EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
/**
* fscrypt_decrypt_pagecache_blocks() - Decrypt data from a pagecache folio
@@ -274,12 +272,11 @@ int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
for (i = offs; i < offs + len; i += du_size, index++) {
struct page *page = folio_page(folio, i >> PAGE_SHIFT);
err = fscrypt_crypt_data_unit(ci, FS_DECRYPT, index, page,
- page, du_size, i & ~PAGE_MASK,
- GFP_NOFS);
+ page, du_size, i & ~PAGE_MASK);
if (err)
return err;
}
return 0;
}
@@ -308,12 +305,11 @@ int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
u64 lblk_num)
{
if (WARN_ON_ONCE(inode->i_sb->s_cop->supports_subblock_data_units))
return -EOPNOTSUPP;
return fscrypt_crypt_data_unit(inode->i_crypt_info, FS_DECRYPT,
- lblk_num, page, page, len, offs,
- GFP_NOFS);
+ lblk_num, page, page, len, offs);
}
EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
/**
* fscrypt_initialize() - allocate major buffers for fs encryption.
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index bffeb14501fd0..d8b485b9881c5 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -335,12 +335,11 @@ typedef enum {
extern struct kmem_cache *fscrypt_inode_info_cachep;
int fscrypt_initialize(struct super_block *sb);
int fscrypt_crypt_data_unit(const struct fscrypt_inode_info *ci,
fscrypt_direction_t rw, u64 index,
struct page *src_page, struct page *dest_page,
- unsigned int len, unsigned int offs,
- gfp_t gfp_flags);
+ unsigned int len, unsigned int offs);
struct page *fscrypt_alloc_bounce_page(gfp_t gfp_flags);
void __printf(3, 4) __cold
fscrypt_msg(const struct inode *inode, const char *level, const char *fmt, ...);
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace()
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
` (3 preceding siblings ...)
2025-07-10 6:07 ` [PATCH v2 4/6] fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit() Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 11:08 ` Alex Markuze
2025-07-10 6:07 ` [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*() Eric Biggers
5 siblings, 1 reply; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
This argument is no longer used, so remove it.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/ceph/crypto.c | 3 +--
fs/crypto/crypto.c | 3 +--
fs/ubifs/crypto.c | 2 +-
include/linux/fscrypt.h | 5 ++---
4 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
index 3b3c4d8d401ec..6d04d528ed038 100644
--- a/fs/ceph/crypto.c
+++ b/fs/ceph/crypto.c
@@ -521,12 +521,11 @@ int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
{
struct ceph_client *cl = ceph_inode_to_client(inode);
doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
ceph_vinop(inode), len, offs, lblk_num);
- return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num,
- gfp_flags);
+ return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num);
}
/**
* ceph_fscrypt_decrypt_pages - decrypt an array of pages
* @inode: pointer to inode associated with these pages
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index bab0aacd4da36..b6ccab524fdef 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -215,11 +215,10 @@ EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
* @len: Size of block to encrypt. This must be a multiple of
* FSCRYPT_CONTENTS_ALIGNMENT.
* @offs: Byte offset within @page at which the block to encrypt begins
* @lblk_num: Filesystem logical block number of the block, i.e. the 0-based
* number of the block within the file
- * @gfp_flags: Memory allocation flags
*
* Encrypt a possibly-compressed filesystem block that is located in an
* arbitrary page, not necessarily in the original pagecache page. The @inode
* and @lblk_num must be specified, as they can't be determined from @page.
*
@@ -227,11 +226,11 @@ EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
*
* Return: 0 on success; -errno on failure
*/
int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
unsigned int len, unsigned int offs,
- u64 lblk_num, gfp_t gfp_flags)
+ u64 lblk_num)
{
if (WARN_ON_ONCE(inode->i_sb->s_cop->supports_subblock_data_units))
return -EOPNOTSUPP;
return fscrypt_crypt_data_unit(inode->i_crypt_info, FS_ENCRYPT,
lblk_num, page, page, len, offs);
diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c
index 921f9033d0d2d..fb5ac358077b1 100644
--- a/fs/ubifs/crypto.c
+++ b/fs/ubifs/crypto.c
@@ -49,11 +49,11 @@ int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn,
/* pad to full block cipher length */
if (pad_len != in_len)
memset(p + in_len, 0, pad_len - in_len);
err = fscrypt_encrypt_block_inplace(inode, virt_to_page(p), pad_len,
- offset_in_page(p), block, GFP_NOFS);
+ offset_in_page(p), block);
if (err) {
ubifs_err(c, "fscrypt_encrypt_block_inplace() failed: %d", err);
return err;
}
*out_len = pad_len;
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index 56fad33043d53..8d0e3ad89b940 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -312,11 +312,11 @@ void fscrypt_enqueue_decrypt_work(struct work_struct *);
struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
size_t len, size_t offs, gfp_t gfp_flags);
int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
unsigned int len, unsigned int offs,
- u64 lblk_num, gfp_t gfp_flags);
+ u64 lblk_num);
int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
size_t offs);
int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
unsigned int len, unsigned int offs,
@@ -485,12 +485,11 @@ static inline struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
}
static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
struct page *page,
unsigned int len,
- unsigned int offs, u64 lblk_num,
- gfp_t gfp_flags)
+ unsigned int offs, u64 lblk_num)
{
return -EOPNOTSUPP;
}
static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*()
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
` (4 preceding siblings ...)
2025-07-10 6:07 ` [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() Eric Biggers
@ 2025-07-10 6:07 ` Eric Biggers
2025-07-10 11:07 ` Alex Markuze
5 siblings, 1 reply; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 6:07 UTC (permalink / raw)
To: linux-fscrypt
Cc: linux-crypto, Yuwen Chen, linux-mtd, ceph-devel, linux-kernel,
Eric Biggers
This argument is no longer used, so remove it.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
fs/ceph/crypto.c | 10 ++++------
fs/ceph/crypto.h | 10 ++++------
fs/ceph/file.c | 3 +--
fs/ceph/inode.c | 3 +--
4 files changed, 10 insertions(+), 16 deletions(-)
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
index 6d04d528ed038..91e62db0c2050 100644
--- a/fs/ceph/crypto.c
+++ b/fs/ceph/crypto.c
@@ -514,12 +514,11 @@ int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
return fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num);
}
int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
struct page *page, unsigned int len,
- unsigned int offs, u64 lblk_num,
- gfp_t gfp_flags)
+ unsigned int offs, u64 lblk_num)
{
struct ceph_client *cl = ceph_inode_to_client(inode);
doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
ceph_vinop(inode), len, offs, lblk_num);
@@ -639,21 +638,20 @@ int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
* ceph_fscrypt_encrypt_pages - encrypt an array of pages
* @inode: pointer to inode associated with these pages
* @page: pointer to page array
* @off: offset into the file that the data starts
* @len: max length to encrypt
- * @gfp: gfp flags to use for allocation
*
- * Decrypt an array of cleartext pages and return the amount of
+ * Encrypt an array of cleartext pages and return the amount of
* data encrypted. Any data in the page prior to the start of the
* first complete block in the read is ignored. Any incomplete
* crypto blocks at the end of the array are ignored.
*
* Returns the length of the encrypted data or a negative errno.
*/
int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
- int len, gfp_t gfp)
+ int len)
{
int i, num_blocks;
u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT;
int ret = 0;
@@ -670,11 +668,11 @@ int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
unsigned int pgoffs = offset_in_page(blkoff);
int fret;
fret = ceph_fscrypt_encrypt_block_inplace(inode, page[pgidx],
CEPH_FSCRYPT_BLOCK_SIZE, pgoffs,
- baseblk + i, gfp);
+ baseblk + i);
if (fret < 0) {
if (ret == 0)
ret = fret;
break;
}
diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
index d0768239a1c9c..6db28464ff803 100644
--- a/fs/ceph/crypto.h
+++ b/fs/ceph/crypto.h
@@ -153,19 +153,18 @@ static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
struct page *page, unsigned int len,
unsigned int offs, u64 lblk_num);
int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
struct page *page, unsigned int len,
- unsigned int offs, u64 lblk_num,
- gfp_t gfp_flags);
+ unsigned int offs, u64 lblk_num);
int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page,
u64 off, int len);
int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
u64 off, struct ceph_sparse_extent *map,
u32 ext_cnt);
int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
- int len, gfp_t gfp);
+ int len);
static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
{
return fscrypt_is_bounce_page(page) ? fscrypt_pagecache_page(page) : page;
}
@@ -244,12 +243,11 @@ static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
return 0;
}
static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
struct page *page, unsigned int len,
- unsigned int offs, u64 lblk_num,
- gfp_t gfp_flags)
+ unsigned int offs, u64 lblk_num)
{
return 0;
}
static inline int ceph_fscrypt_decrypt_pages(struct inode *inode,
@@ -267,11 +265,11 @@ static inline int ceph_fscrypt_decrypt_extents(struct inode *inode,
return 0;
}
static inline int ceph_fscrypt_encrypt_pages(struct inode *inode,
struct page **page, u64 off,
- int len, gfp_t gfp)
+ int len)
{
return 0;
}
static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index a7254cab44cc2..9b79da6d1aee7 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1990,12 +1990,11 @@ ceph_sync_write(struct kiocb *iocb, struct iov_iter *from, loff_t pos,
break;
}
if (IS_ENCRYPTED(inode)) {
ret = ceph_fscrypt_encrypt_pages(inode, pages,
- write_pos, write_len,
- GFP_KERNEL);
+ write_pos, write_len);
if (ret < 0) {
doutc(cl, "encryption failed with %d\n", ret);
ceph_release_page_vector(pages, num_pages);
break;
}
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index 06cd2963e41ee..fc543075b827a 100644
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -2434,12 +2434,11 @@ static int fill_fscrypt_truncate(struct inode *inode,
memset(iov.iov_base + boff, 0, PAGE_SIZE - boff);
/* encrypt the last block */
ret = ceph_fscrypt_encrypt_block_inplace(inode, page,
CEPH_FSCRYPT_BLOCK_SIZE,
- 0, block,
- GFP_KERNEL);
+ 0, block);
if (ret)
goto out;
}
/* Insert the header */
--
2.50.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*()
2025-07-10 6:07 ` [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*() Eric Biggers
@ 2025-07-10 11:07 ` Alex Markuze
2025-07-10 19:32 ` Eric Biggers
0 siblings, 1 reply; 10+ messages in thread
From: Alex Markuze @ 2025-07-10 11:07 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, linux-crypto, Yuwen Chen, linux-mtd, ceph-devel,
linux-kernel
Reviewed-by: Alex Markuze amarkuze@redhat.com
On Thu, Jul 10, 2025 at 9:15 AM Eric Biggers <ebiggers@kernel.org> wrote:
>
> This argument is no longer used, so remove it.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
> fs/ceph/crypto.c | 10 ++++------
> fs/ceph/crypto.h | 10 ++++------
> fs/ceph/file.c | 3 +--
> fs/ceph/inode.c | 3 +--
> 4 files changed, 10 insertions(+), 16 deletions(-)
>
> diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
> index 6d04d528ed038..91e62db0c2050 100644
> --- a/fs/ceph/crypto.c
> +++ b/fs/ceph/crypto.c
> @@ -514,12 +514,11 @@ int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
> return fscrypt_decrypt_block_inplace(inode, page, len, offs, lblk_num);
> }
>
> int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
> struct page *page, unsigned int len,
> - unsigned int offs, u64 lblk_num,
> - gfp_t gfp_flags)
> + unsigned int offs, u64 lblk_num)
> {
> struct ceph_client *cl = ceph_inode_to_client(inode);
>
> doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
> ceph_vinop(inode), len, offs, lblk_num);
> @@ -639,21 +638,20 @@ int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
> * ceph_fscrypt_encrypt_pages - encrypt an array of pages
> * @inode: pointer to inode associated with these pages
> * @page: pointer to page array
> * @off: offset into the file that the data starts
> * @len: max length to encrypt
> - * @gfp: gfp flags to use for allocation
> *
> - * Decrypt an array of cleartext pages and return the amount of
> + * Encrypt an array of cleartext pages and return the amount of
> * data encrypted. Any data in the page prior to the start of the
> * first complete block in the read is ignored. Any incomplete
> * crypto blocks at the end of the array are ignored.
> *
> * Returns the length of the encrypted data or a negative errno.
> */
> int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
> - int len, gfp_t gfp)
> + int len)
> {
> int i, num_blocks;
> u64 baseblk = off >> CEPH_FSCRYPT_BLOCK_SHIFT;
> int ret = 0;
>
> @@ -670,11 +668,11 @@ int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
> unsigned int pgoffs = offset_in_page(blkoff);
> int fret;
>
> fret = ceph_fscrypt_encrypt_block_inplace(inode, page[pgidx],
> CEPH_FSCRYPT_BLOCK_SIZE, pgoffs,
> - baseblk + i, gfp);
> + baseblk + i);
> if (fret < 0) {
> if (ret == 0)
> ret = fret;
> break;
> }
> diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
> index d0768239a1c9c..6db28464ff803 100644
> --- a/fs/ceph/crypto.h
> +++ b/fs/ceph/crypto.h
> @@ -153,19 +153,18 @@ static inline void ceph_fscrypt_adjust_off_and_len(struct inode *inode,
> int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
> struct page *page, unsigned int len,
> unsigned int offs, u64 lblk_num);
> int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
> struct page *page, unsigned int len,
> - unsigned int offs, u64 lblk_num,
> - gfp_t gfp_flags);
> + unsigned int offs, u64 lblk_num);
> int ceph_fscrypt_decrypt_pages(struct inode *inode, struct page **page,
> u64 off, int len);
> int ceph_fscrypt_decrypt_extents(struct inode *inode, struct page **page,
> u64 off, struct ceph_sparse_extent *map,
> u32 ext_cnt);
> int ceph_fscrypt_encrypt_pages(struct inode *inode, struct page **page, u64 off,
> - int len, gfp_t gfp);
> + int len);
>
> static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
> {
> return fscrypt_is_bounce_page(page) ? fscrypt_pagecache_page(page) : page;
> }
> @@ -244,12 +243,11 @@ static inline int ceph_fscrypt_decrypt_block_inplace(const struct inode *inode,
> return 0;
> }
>
> static inline int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
> struct page *page, unsigned int len,
> - unsigned int offs, u64 lblk_num,
> - gfp_t gfp_flags)
> + unsigned int offs, u64 lblk_num)
> {
> return 0;
> }
>
> static inline int ceph_fscrypt_decrypt_pages(struct inode *inode,
> @@ -267,11 +265,11 @@ static inline int ceph_fscrypt_decrypt_extents(struct inode *inode,
> return 0;
> }
>
> static inline int ceph_fscrypt_encrypt_pages(struct inode *inode,
> struct page **page, u64 off,
> - int len, gfp_t gfp)
> + int len)
> {
> return 0;
> }
>
> static inline struct page *ceph_fscrypt_pagecache_page(struct page *page)
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index a7254cab44cc2..9b79da6d1aee7 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -1990,12 +1990,11 @@ ceph_sync_write(struct kiocb *iocb, struct iov_iter *from, loff_t pos,
> break;
> }
>
> if (IS_ENCRYPTED(inode)) {
> ret = ceph_fscrypt_encrypt_pages(inode, pages,
> - write_pos, write_len,
> - GFP_KERNEL);
> + write_pos, write_len);
> if (ret < 0) {
> doutc(cl, "encryption failed with %d\n", ret);
> ceph_release_page_vector(pages, num_pages);
> break;
> }
> diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
> index 06cd2963e41ee..fc543075b827a 100644
> --- a/fs/ceph/inode.c
> +++ b/fs/ceph/inode.c
> @@ -2434,12 +2434,11 @@ static int fill_fscrypt_truncate(struct inode *inode,
> memset(iov.iov_base + boff, 0, PAGE_SIZE - boff);
>
> /* encrypt the last block */
> ret = ceph_fscrypt_encrypt_block_inplace(inode, page,
> CEPH_FSCRYPT_BLOCK_SIZE,
> - 0, block,
> - GFP_KERNEL);
> + 0, block);
> if (ret)
> goto out;
> }
>
> /* Insert the header */
> --
> 2.50.1
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace()
2025-07-10 6:07 ` [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() Eric Biggers
@ 2025-07-10 11:08 ` Alex Markuze
0 siblings, 0 replies; 10+ messages in thread
From: Alex Markuze @ 2025-07-10 11:08 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, linux-crypto, Yuwen Chen, linux-mtd, ceph-devel,
linux-kernel
Reviewed-by: Alex Markuze amarkuze@redhat.com
On Thu, Jul 10, 2025 at 9:14 AM Eric Biggers <ebiggers@kernel.org> wrote:
>
> This argument is no longer used, so remove it.
>
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
> fs/ceph/crypto.c | 3 +--
> fs/crypto/crypto.c | 3 +--
> fs/ubifs/crypto.c | 2 +-
> include/linux/fscrypt.h | 5 ++---
> 4 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
> index 3b3c4d8d401ec..6d04d528ed038 100644
> --- a/fs/ceph/crypto.c
> +++ b/fs/ceph/crypto.c
> @@ -521,12 +521,11 @@ int ceph_fscrypt_encrypt_block_inplace(const struct inode *inode,
> {
> struct ceph_client *cl = ceph_inode_to_client(inode);
>
> doutc(cl, "%p %llx.%llx len %u offs %u blk %llu\n", inode,
> ceph_vinop(inode), len, offs, lblk_num);
> - return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num,
> - gfp_flags);
> + return fscrypt_encrypt_block_inplace(inode, page, len, offs, lblk_num);
> }
>
> /**
> * ceph_fscrypt_decrypt_pages - decrypt an array of pages
> * @inode: pointer to inode associated with these pages
> diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
> index bab0aacd4da36..b6ccab524fdef 100644
> --- a/fs/crypto/crypto.c
> +++ b/fs/crypto/crypto.c
> @@ -215,11 +215,10 @@ EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
> * @len: Size of block to encrypt. This must be a multiple of
> * FSCRYPT_CONTENTS_ALIGNMENT.
> * @offs: Byte offset within @page at which the block to encrypt begins
> * @lblk_num: Filesystem logical block number of the block, i.e. the 0-based
> * number of the block within the file
> - * @gfp_flags: Memory allocation flags
> *
> * Encrypt a possibly-compressed filesystem block that is located in an
> * arbitrary page, not necessarily in the original pagecache page. The @inode
> * and @lblk_num must be specified, as they can't be determined from @page.
> *
> @@ -227,11 +226,11 @@ EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
> *
> * Return: 0 on success; -errno on failure
> */
> int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
> unsigned int len, unsigned int offs,
> - u64 lblk_num, gfp_t gfp_flags)
> + u64 lblk_num)
> {
> if (WARN_ON_ONCE(inode->i_sb->s_cop->supports_subblock_data_units))
> return -EOPNOTSUPP;
> return fscrypt_crypt_data_unit(inode->i_crypt_info, FS_ENCRYPT,
> lblk_num, page, page, len, offs);
> diff --git a/fs/ubifs/crypto.c b/fs/ubifs/crypto.c
> index 921f9033d0d2d..fb5ac358077b1 100644
> --- a/fs/ubifs/crypto.c
> +++ b/fs/ubifs/crypto.c
> @@ -49,11 +49,11 @@ int ubifs_encrypt(const struct inode *inode, struct ubifs_data_node *dn,
> /* pad to full block cipher length */
> if (pad_len != in_len)
> memset(p + in_len, 0, pad_len - in_len);
>
> err = fscrypt_encrypt_block_inplace(inode, virt_to_page(p), pad_len,
> - offset_in_page(p), block, GFP_NOFS);
> + offset_in_page(p), block);
> if (err) {
> ubifs_err(c, "fscrypt_encrypt_block_inplace() failed: %d", err);
> return err;
> }
> *out_len = pad_len;
> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
> index 56fad33043d53..8d0e3ad89b940 100644
> --- a/include/linux/fscrypt.h
> +++ b/include/linux/fscrypt.h
> @@ -312,11 +312,11 @@ void fscrypt_enqueue_decrypt_work(struct work_struct *);
>
> struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
> size_t len, size_t offs, gfp_t gfp_flags);
> int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
> unsigned int len, unsigned int offs,
> - u64 lblk_num, gfp_t gfp_flags);
> + u64 lblk_num);
>
> int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
> size_t offs);
> int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
> unsigned int len, unsigned int offs,
> @@ -485,12 +485,11 @@ static inline struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
> }
>
> static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
> struct page *page,
> unsigned int len,
> - unsigned int offs, u64 lblk_num,
> - gfp_t gfp_flags)
> + unsigned int offs, u64 lblk_num)
> {
> return -EOPNOTSUPP;
> }
>
> static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
> --
> 2.50.1
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*()
2025-07-10 11:07 ` Alex Markuze
@ 2025-07-10 19:32 ` Eric Biggers
0 siblings, 0 replies; 10+ messages in thread
From: Eric Biggers @ 2025-07-10 19:32 UTC (permalink / raw)
To: Alex Markuze
Cc: linux-fscrypt, linux-crypto, Yuwen Chen, linux-mtd, ceph-devel,
linux-kernel
On Thu, Jul 10, 2025 at 02:07:47PM +0300, Alex Markuze wrote:
> Reviewed-by: Alex Markuze amarkuze@redhat.com
Thanks! In the future, when sending a tag, please include brackets around your
email address, like Reviewed-by: Alex Markuze <amarkuze@redhat.com>. Otherwise,
when applying the patch, b4 skips the tag:
NOTE: some trailers ignored due to from/email mismatches:
! Trailer: Reviewed-by: Alex Markuze amarkuze@redhat.com
Msg From: Alex Markuze <amarkuze@redhat.com>
NOTE: Rerun with -S to apply them anyway
I'll add the brackets, so no need to resend anything. But other maintainers
could miss this, which would result in your review tags not being applied.
- Eric
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-07-10 19:32 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-10 6:07 [PATCH v2 0/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
2025-07-10 6:07 ` [PATCH v2 1/6] fscrypt: Don't use asynchronous CryptoAPI algorithms Eric Biggers
2025-07-10 6:07 ` [PATCH v2 2/6] fscrypt: Drop FORBID_WEAK_KEYS flag for AES-ECB Eric Biggers
2025-07-10 6:07 ` [PATCH v2 3/6] fscrypt: Switch to sync_skcipher and on-stack requests Eric Biggers
2025-07-10 6:07 ` [PATCH v2 4/6] fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit() Eric Biggers
2025-07-10 6:07 ` [PATCH v2 5/6] fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace() Eric Biggers
2025-07-10 11:08 ` Alex Markuze
2025-07-10 6:07 ` [PATCH v2 6/6] ceph: Remove gfp_t argument from ceph_fscrypt_encrypt_*() Eric Biggers
2025-07-10 11:07 ` Alex Markuze
2025-07-10 19:32 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).