From: Daniel Vacek <neelx@suse.com>
To: Chris Mason <clm@fb.com>, Josef Bacik <josef@toxicpanda.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>, Jens Axboe <axboe@kernel.dk>,
David Sterba <dsterba@suse.com>
Cc: linux-block@vger.kernel.org, Daniel Vacek <neelx@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v7 32/43] btrfs: implement process_bio cb for fscrypt
Date: Wed, 13 May 2026 10:53:06 +0200 [thread overview]
Message-ID: <20260513085340.3673127-33-neelx@suse.com> (raw)
In-Reply-To: <20260513085340.3673127-1-neelx@suse.com>
From: Josef Bacik <josef@toxicpanda.com>
We are going to be checksumming the encrypted data, so we have to
implement the ->process_bio fscrypt callback. This will provide us with
the original bio and the encrypted bio to do work on. For WRITE's this
will happen after the encrypted bio has been encrypted. For READ's this
will happen after the read has completed and before the decryption step
is done.
For write's this is straightforward, we can just pass in the encrypted
bio to btrfs_csum_one_bio and then the csums will be added to the bbio
as normal.
For read's this is relatively straightforward, but requires some care.
We assume (because that's how it works currently) that the encrypted bio
match the original bio, this is important because we save the iter of
the bio before we submit. If this changes in the future we'll need a
hook to give us the bi_iter of the decryption bio before it's submitted.
We check the csums before decryption. If it doesn't match we simply
error out and we let the normal path handle the repair work.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Daniel Vacek <neelx@suse.com>
---
v7 changes:
* Fixed array overflow stack corruption for bios > max blocksize (>64KiB)
as reported by Chris' AI review.
v6 changes:
* Adapt to btrfs_data_csum_ok() changes for bs > ps. Mostly follow
what was done in 052fd7a5cace ("btrfs: make read verification
handle bs > ps cases without large folios").
* Rename bbio::csum_done to csum_ok due to name collision.
With upstream, member name csum_done was used for async csums.
v5: https://lore.kernel.org/linux-btrfs/ca32684b01ff8c252be515509137e0a4a0e5db7a.1706116485.git.josef@toxicpanda.com/
---
fs/btrfs/bio.c | 44 +++++++++++++++++++++++++++++++++++++++++++-
fs/btrfs/bio.h | 3 +++
fs/btrfs/file-item.c | 14 ++++++++++++--
fs/btrfs/fscrypt.c | 29 +++++++++++++++++++++++++++++
4 files changed, 87 insertions(+), 3 deletions(-)
diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c
index 3e2ee19aab50..729c5aff5c3d 100644
--- a/fs/btrfs/bio.c
+++ b/fs/btrfs/bio.c
@@ -301,6 +301,40 @@ static struct btrfs_failed_bio *repair_one_sector(struct btrfs_bio *failed_bbio,
return fbio;
}
+blk_status_t btrfs_check_encrypted_read_bio(struct btrfs_bio *bbio, struct bio *enc_bio)
+{
+ struct btrfs_inode *inode = bbio->inode;
+ struct btrfs_fs_info *fs_info = inode->root->fs_info;
+ struct bvec_iter iter = bbio->saved_iter;
+ struct btrfs_device *dev = bbio->bio.bi_private;
+ const u32 blocksize = fs_info->sectorsize;
+ const u32 step = min(blocksize, PAGE_SIZE);
+ const u32 nr_steps = iter.bi_size / step;
+ phys_addr_t paddrs[BTRFS_MAX_BLOCKSIZE / PAGE_SIZE];
+ phys_addr_t paddr;
+ unsigned int slot = 0;
+ u32 offset = 0;
+
+ /*
+ * We have to use a copy of iter in case there's an error,
+ * btrfs_check_read_bio will handle submitting the repair bios.
+ */
+ btrfs_bio_for_each_block(paddr, enc_bio, &iter, step) {
+ ASSERT(slot < nr_steps);
+ paddrs[slot] = paddr;
+ slot++;
+ offset += step;
+ if (IS_ALIGNED(offset, blocksize)) {
+ if (!btrfs_data_csum_ok(bbio, dev, offset - blocksize, paddrs))
+ return BLK_STS_IOERR;
+ slot = 0;
+ }
+ }
+
+ bbio->csum_ok = true;
+ return BLK_STS_OK;
+}
+
static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *dev)
{
struct btrfs_inode *inode = bbio->inode;
@@ -330,6 +364,10 @@ static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *de
/* Clear the I/O error. A failed repair will reset it. */
bbio->bio.bi_status = BLK_STS_OK;
+ /* This was an encrypted bio and we've already done the csum check. */
+ if (status == BLK_STS_OK && bbio->csum_ok)
+ goto out;
+
btrfs_bio_for_each_block(paddr, &bbio->bio, iter, step) {
paddrs[(offset / step) % nr_steps] = paddr;
offset += step;
@@ -341,6 +379,7 @@ static void btrfs_check_read_bio(struct btrfs_bio *bbio, struct btrfs_device *de
paddrs, fbio);
}
}
+out:
if (bbio->csum != bbio->csum_inline)
kvfree(bbio->csum);
@@ -859,10 +898,13 @@ static bool btrfs_submit_chunk(struct btrfs_bio *bbio, int mirror_num)
/*
* Csum items for reloc roots have already been cloned at this
* point, so they are handled as part of the no-checksum case.
+ *
+ * Encrypted inodes are csum'ed via the ->process_bio callback.
*/
if (!(inode->flags & BTRFS_INODE_NODATASUM) &&
!test_bit(BTRFS_FS_STATE_NO_DATA_CSUMS, &fs_info->fs_state) &&
- !btrfs_is_data_reloc_root(inode->root) && !bbio->is_remap) {
+ !btrfs_is_data_reloc_root(inode->root) && !bbio->is_remap &&
+ !IS_ENCRYPTED(&inode->vfs_inode)) {
if (should_async_write(bbio) &&
btrfs_wq_submit_bio(bbio, bioc, &smap, mirror_num))
goto done;
diff --git a/fs/btrfs/bio.h b/fs/btrfs/bio.h
index 43f7544029ac..456d32db9e9e 100644
--- a/fs/btrfs/bio.h
+++ b/fs/btrfs/bio.h
@@ -43,6 +43,7 @@ struct btrfs_bio {
struct {
u8 *csum;
u8 csum_inline[BTRFS_BIO_INLINE_CSUM_SIZE];
+ bool csum_ok;
struct bvec_iter saved_iter;
};
@@ -130,5 +131,7 @@ void btrfs_submit_repair_write(struct btrfs_bio *bbio, int mirror_num, bool dev_
int btrfs_repair_io_failure(struct btrfs_fs_info *fs_info, u64 ino, u64 fileoff,
u32 length, u64 logical, const phys_addr_t paddrs[],
unsigned int step, int mirror_num);
+blk_status_t btrfs_check_encrypted_read_bio(struct btrfs_bio *bbio,
+ struct bio *enc_bio);
#endif
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index 986914078708..72d9d3243460 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -338,6 +338,14 @@ static int search_csum_tree(struct btrfs_fs_info *fs_info,
return ret;
}
+static inline bool inode_skip_csum(struct btrfs_inode *inode)
+{
+ struct btrfs_fs_info *fs_info = inode->root->fs_info;
+
+ return (inode->flags & BTRFS_INODE_NODATASUM) ||
+ test_bit(BTRFS_FS_STATE_NO_DATA_CSUMS, &fs_info->fs_state);
+}
+
/*
* Lookup the checksum for the read bio in csum tree.
*
@@ -357,8 +365,7 @@ int btrfs_lookup_bio_sums(struct btrfs_bio *bbio)
int ret = 0;
u32 bio_offset = 0;
- if ((inode->flags & BTRFS_INODE_NODATASUM) ||
- test_bit(BTRFS_FS_STATE_NO_DATA_CSUMS, &fs_info->fs_state))
+ if (inode_skip_csum(inode))
return 0;
/*
@@ -817,6 +824,9 @@ int btrfs_csum_one_bio(struct btrfs_bio *bbio, struct bio *bio, bool async)
struct btrfs_ordered_sum *sums;
unsigned nofs_flag;
+ if (inode_skip_csum(inode))
+ return 0;
+
nofs_flag = memalloc_nofs_save();
sums = kvzalloc(btrfs_ordered_sum_size(fs_info, bio->bi_iter.bi_size),
GFP_KERNEL);
diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c
index 5d34a8b94da5..924ee3df7f32 100644
--- a/fs/btrfs/fscrypt.c
+++ b/fs/btrfs/fscrypt.c
@@ -16,6 +16,7 @@
#include "transaction.h"
#include "volumes.h"
#include "xattr.h"
+#include "file-item.h"
/*
* From a given location in a leaf, read a name into a qstr (usually a
@@ -212,6 +213,33 @@ static struct block_device **btrfs_fscrypt_get_devices(struct super_block *sb,
return devs;
}
+static blk_status_t btrfs_process_encrypted_bio(struct bio *orig_bio,
+ struct bio *enc_bio)
+{
+ struct btrfs_bio *bbio;
+
+ /*
+ * If our bio is from the normal fs_bio_set then we know this is a
+ * mirror split and we can skip it, we'll get the real bio on the last
+ * mirror and we can process that one.
+ */
+ if (orig_bio->bi_pool == &fs_bio_set)
+ return BLK_STS_OK;
+
+ bbio = btrfs_bio(orig_bio);
+
+ if (bio_op(orig_bio) == REQ_OP_READ) {
+ /*
+ * We have ->saved_iter based on the orig_bio, so if the block
+ * layer changes we need to notice this asap so we can update
+ * our code to handle the new world order.
+ */
+ ASSERT(orig_bio == enc_bio);
+ return btrfs_check_encrypted_read_bio(bbio, enc_bio);
+ }
+ return btrfs_csum_one_bio(bbio, enc_bio, false);
+}
+
int btrfs_fscrypt_load_extent_info(struct btrfs_inode *inode,
struct btrfs_path *path,
struct btrfs_key *key,
@@ -327,4 +355,5 @@ const struct fscrypt_operations btrfs_fscrypt_ops = {
.set_context = btrfs_fscrypt_set_context,
.empty_dir = btrfs_fscrypt_empty_dir,
.get_devices = btrfs_fscrypt_get_devices,
+ .process_bio = btrfs_process_encrypted_bio,
};
--
2.53.0
next prev parent reply other threads:[~2026-05-13 8:56 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 8:52 [PATCH v7 00/43] btrfs: add fscrypt support Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 01/43] fscrypt: add per-extent encryption support Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 02/43] fscrypt: allow inline encryption for extent based encryption Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 03/43] fscrypt: add a __fscrypt_file_open helper Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 04/43] fscrypt: conditionally don't wipe mk secret until the last active user is done Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 05/43] blk-crypto: add a process bio callback Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 06/43] fscrypt: add a process_bio hook to fscrypt_operations Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 07/43] fscrypt: expose fscrypt_nokey_name Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 08/43] fscrypt: add documentation about extent encryption Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 09/43] btrfs: add infrastructure for safe em freeing Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 10/43] btrfs: start using fscrypt hooks Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 11/43] btrfs: add inode encryption contexts Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 12/43] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 13/43] btrfs: adapt readdir for encrypted and nokey names Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 14/43] btrfs: handle " Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 15/43] btrfs: implement fscrypt ioctls Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 16/43] btrfs: select encryption dependencies if FS_ENCRYPTION Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 17/43] btrfs: add get_devices hook for fscrypt Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 18/43] btrfs: set file extent encryption excplicitly Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 19/43] btrfs: add fscrypt_info and encryption_type to extent_map Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 20/43] btrfs: add fscrypt_info and encryption_type to ordered_extent Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 21/43] btrfs: plumb through setting the fscrypt_info for ordered extents Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 22/43] btrfs: populate the ordered_extent with the fscrypt context Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 23/43] btrfs: keep track of fscrypt info and orig_start for dio reads Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 24/43] btrfs: add extent encryption context tree item type Daniel Vacek
2026-05-13 8:52 ` [PATCH v7 25/43] btrfs: pass through fscrypt_extent_info to the file extent helpers Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 26/43] btrfs: implement the fscrypt extent encryption hooks Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 27/43] btrfs: setup fscrypt_extent_info for new extents Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 28/43] btrfs: populate ordered_extent with the orig offset Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 29/43] btrfs: set the bio fscrypt context when applicable Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 30/43] btrfs: add a bio argument to btrfs_csum_one_bio Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 31/43] btrfs: limit encrypted writes to 256 segments Daniel Vacek
2026-05-13 8:53 ` Daniel Vacek [this message]
2026-05-13 8:53 ` [PATCH v7 33/43] btrfs: implement read repair for encryption Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 34/43] btrfs: add test_dummy_encryption support Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 35/43] btrfs: make btrfs_ref_to_path handle encrypted filenames Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 36/43] btrfs: deal with encrypted symlinks in send Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 37/43] btrfs: decrypt file names for send Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 38/43] btrfs: load the inode context before sending writes Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 39/43] btrfs: set the appropriate free space settings in reconfigure Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 40/43] btrfs: support encryption with log replay Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 41/43] btrfs: disable auto defrag on encrypted files Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 42/43] btrfs: disable encryption on RAID5/6 Daniel Vacek
2026-05-13 8:53 ` [PATCH v7 43/43] btrfs: disable send if we have encryption enabled Daniel Vacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513085340.3673127-33-neelx@suse.com \
--to=neelx@suse.com \
--cc=axboe@kernel.dk \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox