From: Yuwen Chen <ywen.chen@foxmail.com>
To: ebiggers@kernel.org, tytso@mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, jaegeuk@kernel.org
Cc: linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, Yuwen Chen <ywen.chen@foxmail.com>
Subject: [PATCH] fscrypt: improve filename encryption and decryption performance
Date: Thu, 3 Jul 2025 14:19:01 +0800 [thread overview]
Message-ID: <tencent_D06DEE8D71295798F385BCC52FACAE96A207@qq.com> (raw)
With the CONFIG_UNICODE configuration enabled, the fname_decrypt
and fscrypt_fname_encrypt functions may be called very frequently.
Since filenames are generally short, the frequent invocation of
memory allocation and release operations by these two functions
will lead to very poor performance.
Signed-off-by: Yuwen Chen <ywen.chen@foxmail.com>
---
fs/crypto/fname.c | 11 +++--------
include/crypto/skcipher.h | 9 +++++++++
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index 010f9c0a4c2f1..a3cc30ff3586b 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -77,6 +77,7 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
return is_dot_dotdot(str->name, str->len);
}
+#define MAX_SKCIPHER_REQSIZE (384)
/**
* fscrypt_fname_encrypt() - encrypt a filename
* @inode: inode of the parent directory (for regular filenames)
@@ -92,10 +93,10 @@ static inline bool fscrypt_is_dot_dotdot(const struct qstr *str)
int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
u8 *out, unsigned int olen)
{
- struct skcipher_request *req = NULL;
DECLARE_CRYPTO_WAIT(wait);
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
+ SKCIPHER_REQUEST_ON_STACK(req, tfm, MAX_SKCIPHER_REQSIZE);
union fscrypt_iv iv;
struct scatterlist sg;
int res;
@@ -124,7 +125,6 @@ int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
/* Do the encryption */
res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
- skcipher_request_free(req);
if (res < 0) {
fscrypt_err(inode, "Filename encryption failed: %d", res);
return res;
@@ -148,18 +148,14 @@ static int fname_decrypt(const struct inode *inode,
const struct fscrypt_str *iname,
struct fscrypt_str *oname)
{
- struct skcipher_request *req = NULL;
DECLARE_CRYPTO_WAIT(wait);
struct scatterlist src_sg, dst_sg;
const struct fscrypt_inode_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_enc_key.tfm;
+ SKCIPHER_REQUEST_ON_STACK(req, tfm, MAX_SKCIPHER_REQSIZE);
union fscrypt_iv iv;
int res;
- /* Allocate request */
- req = skcipher_request_alloc(tfm, GFP_NOFS);
- if (!req)
- return -ENOMEM;
skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
crypto_req_done, &wait);
@@ -172,7 +168,6 @@ static int fname_decrypt(const struct inode *inode,
sg_init_one(&dst_sg, oname->name, oname->len);
skcipher_request_set_crypt(req, &src_sg, &dst_sg, iname->len, &iv);
res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
- skcipher_request_free(req);
if (res < 0) {
fscrypt_err(inode, "Filename decryption failed: %d", res);
return res;
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
index 9e5853464345b..ff2c5ac9252ff 100644
--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
@@ -226,6 +226,15 @@ struct lskcipher_alg {
crypto_sync_skcipher_tfm((_tfm)), \
(void *)__##name##_desc)
+
+#define SKCIPHER_REQUEST_ON_STACK(name, _tfm, reqsize) \
+ char __##name##_desc[sizeof(struct skcipher_request) + reqsize \
+ ] CRYPTO_MINALIGN_ATTR; \
+ struct skcipher_request *name = \
+ (((struct skcipher_request *)__##name##_desc)->base.tfm = \
+ crypto_skcipher_tfm((_tfm)), \
+ (void *)__##name##_desc)
+
/**
* DOC: Symmetric Key Cipher API
*
--
2.34.1
next reply other threads:[~2025-07-03 6:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-03 6:19 Yuwen Chen [this message]
2025-07-04 4:13 ` [PATCH v2] fscrypt: improve filename encryption and decryption performance Yuwen Chen
2025-07-04 5:14 ` Eric Biggers
2025-07-08 7:33 ` Yuwen Chen
2025-07-08 18:20 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_D06DEE8D71295798F385BCC52FACAE96A207@qq.com \
--to=ywen.chen@foxmail.com \
--cc=davem@davemloft.net \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jaegeuk@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).