From: Christian Brauner <brauner@kernel.org>
To: Jeff Layton <jlayton@kernel.org>, Jan Kara <jack@suse.com>,
Christoph Hellwig <hch@lst.de>, Jens Axboe <axboe@kernel.dk>,
Josef Bacik <josef@toxicpanda.com>
Cc: Christian Brauner <brauner@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org,
fsverity@lists.linux.dev
Subject: [PATCH RFC DRAFT v2 00/13] Move fscrypt and fsverity out of struct inode
Date: Tue, 22 Jul 2025 14:57:06 +0200 [thread overview]
Message-ID: <20250722-work-inode-fscrypt-v2-0-782f1fdeaeba@kernel.org> (raw)
In-Reply-To: <fhppu2rnsykr5obrib3btw7wemislq36wufnbl67salvoguaof@kkxaosrv3oho>
Hey,
This is a POC. We're still discussing alternatives and I want to provide
some useful data on what I learned about using offsets to drop fscrypt
and fsverity from struct inode.
As discussed, this moves the fscrypt and fsverity pointers out of struct
inode shrinking it by 16 bytes. The pointers move into the individual
filesystems that actually do make use of them.
In order to find the fscrypt and fsverity data pointers offsets from the
embedded struct inode in the filesystem's private inode data are
stored in struct inode_operations. This means we get fast access to the
data pointers without having to rely on indirect calls.
Bugs & Issues
=============
* For fscrypt specifically the biggest issue is
fscrypt_prepare_new_inode() is called in filesystem's inode allocation
functions before inode->i_op is set. That means the offset isn't
available at the time when we would need it. To fix this we can set
dummy encrypted inode operations for the respective filesystem with an
initialized offset.
* For both fscrypt & fsverity the biggest issue is that every codepath
that currently calls make_bad_inode() after having initialized fscrypt
or fsverity data will override inode->i_op with bad_inode_ops. At
which point we're back to the previous problem: The offset isn't
available anymore. So when inode->i_sb->s_op->evict_inode() is called
fscrypt_put_encryption_info() doesn't have the offset available
anymore and would corrupt the hell out of everything and also leak
memory.
Obviously we could use a flag to detect a bad inodes instead of i_op
and let the filesystem assign it's own bad inode operations including
the correct offset. Is it worth it?
The other way I see we can fix this if we require fixed offsets in the
filesystems inode so fscrypt and fsverity always now what offset to
calculate. We could use two consecutive pointers at the beginning of
the filesystem's inode. Does that always work and is it worth it?
Thanks!
Christian
Test results:
+ sudo ./check -g encrypt,verity
FSTYP -- ext4
PLATFORM -- Linux/x86_64 localhost 6.16.0-rc1-g15c8eb9cdbd3 #267 SMP PREEMPT_DYNAMIC Fri Jun 5 15:58:00 CEST 2015
MKFS_OPTIONS -- -F /dev/nvme3n1p6
MOUNT_OPTIONS -- -o acl,user_xattr /dev/nvme3n1p6 /mnt/scratch
ext4/024 3s ... 3s
generic/395 4s ... 4s
generic/396 3s ... 3s
generic/397 4s ... 3s
generic/398 4s ... 4s
generic/399 39s ... 35s
generic/419 3s ... 4s
generic/421 4s ... 4s
generic/429 14s ... 14s
generic/435 23s ... 22s
generic/440 3s ... 4s
generic/548 10s ... 9s
generic/549 9s ... 9s
generic/550 [not run] encryption policy '-c 9 -n 9 -f 0' is unusable; probably missing kernel crypto API support
generic/572 6s
generic/573 4s
generic/574 28s
generic/575 9s
generic/576 5s ... 4s
generic/577 4s
generic/579 24s
generic/580 4s ... 4s
generic/581 10s ... 11s
generic/582 10s ... 9s
generic/583 9s ... 9s
generic/584 [not run] encryption policy '-c 9 -n 9 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/592 10s ... 10s
generic/593 4s ... 4s
generic/595 7s ... 7s
generic/602 9s ... 10s
generic/613 20s ... 20s
generic/621 9s ... 9s
generic/624 3s
generic/625 3s
generic/692 5s
generic/693 [not run] encryption policy '-c 1 -n 10 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/739 17s ... 18s
Ran: ext4/024 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: generic/550 generic/584 generic/693
Passed all 37 tests
---
Changes in v2:
- First full implementation.
- Link to v1: https://lore.kernel.org/20250715-work-inode-fscrypt-v1-1-aa3ef6f44b6b@kernel.org
---
Christian Brauner (13):
fs: add fscrypt offset
fs/crypto: use accessors
ext4: move fscrypt to filesystem inode
ubifs: move fscrypt to filesystem inode
f2fs: move fscrypt to filesystem inode
ceph: move fscrypt to filesystem inode
fs: drop i_crypt_info from struct inode
fs: add fsverity offset
fs/verity: use accessors
btrfs: move fsverity to filesystem inode
ext4: move fsverity to filesystem inode
f2fs: move fsverity to filesystem inode
fs: drop i_verity_info from struct inode
fs/btrfs/btrfs_inode.h | 3 +++
fs/btrfs/inode.c | 20 ++++++++++++++++-
fs/ceph/dir.c | 8 +++++++
fs/ceph/inode.c | 21 ++++++++++++++++++
fs/crypto/bio.c | 2 +-
fs/crypto/crypto.c | 8 +++----
fs/crypto/fname.c | 8 +++----
fs/crypto/fscrypt_private.h | 2 +-
fs/crypto/hooks.c | 2 +-
fs/crypto/inline_crypt.c | 10 ++++-----
fs/crypto/keysetup.c | 27 +++++++++++++----------
fs/crypto/policy.c | 6 ++---
fs/ext4/ext4.h | 9 ++++++++
fs/ext4/file.c | 8 +++++++
fs/ext4/ialloc.c | 2 ++
fs/ext4/inode.c | 1 +
fs/ext4/mballoc.c | 3 +++
fs/ext4/namei.c | 23 ++++++++++++++++++++
fs/ext4/super.c | 6 +++++
fs/ext4/symlink.c | 24 ++++++++++++++++++++
fs/f2fs/f2fs.h | 7 ++++++
fs/f2fs/file.c | 8 +++++++
fs/f2fs/inode.c | 1 +
fs/f2fs/namei.c | 41 ++++++++++++++++++++++++++++++++++
fs/f2fs/super.c | 6 +++++
fs/ubifs/dir.c | 52 ++++++++++++++++++++++++--------------------
fs/ubifs/file.c | 8 +++++++
fs/ubifs/super.c | 8 +++++++
fs/ubifs/ubifs.h | 3 +++
fs/verity/enable.c | 2 +-
fs/verity/fsverity_private.h | 2 +-
fs/verity/open.c | 18 +++++++++------
fs/verity/verify.c | 2 +-
include/linux/fs.h | 10 ++-------
include/linux/fscrypt.h | 31 ++++++++++++++++++++++++--
include/linux/fsverity.h | 21 ++++++++++++------
include/linux/netfs.h | 6 +++++
37 files changed, 337 insertions(+), 82 deletions(-)
---
base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494
change-id: 20250715-work-inode-fscrypt-2b63b276e793
next prev parent reply other threads:[~2025-07-22 12:57 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 14:35 [PATCH RFC DRAFT DOESNOTBUILD] inode: free up more space Christian Brauner
2025-07-15 14:52 ` Jeff Layton
2025-07-15 16:09 ` Matthew Wilcox
2025-07-16 12:53 ` Christian Brauner
2025-07-16 13:02 ` Christoph Hellwig
2025-07-17 7:48 ` Christian Brauner
2025-07-17 7:51 ` Christoph Hellwig
2025-07-17 15:55 ` Darrick J. Wong
2025-07-16 9:15 ` Jan Kara
2025-07-16 9:50 ` Christian Brauner
2025-07-16 11:21 ` Christoph Hellwig
2025-07-16 12:19 ` Christian Brauner
2025-07-16 12:38 ` Jeff Layton
2025-07-16 14:08 ` Matthew Wilcox
2025-07-16 14:10 ` Christoph Hellwig
2025-07-17 8:32 ` Christian Brauner
2025-07-17 10:54 ` Jan Kara
2025-07-17 11:40 ` Christian Brauner
2025-07-17 11:43 ` Christoph Hellwig
2025-07-17 12:57 ` Jan Kara
2025-07-18 8:24 ` Christian Brauner
2025-07-18 8:32 ` Christoph Hellwig
2025-07-18 8:58 ` Christian Brauner
2025-07-18 16:04 ` Eric Biggers
2025-07-18 17:11 ` Eric Biggers
2025-07-21 6:14 ` Christoph Hellwig
2025-07-21 23:55 ` Eric Biggers
2025-07-22 5:49 ` Christoph Hellwig
2025-07-22 7:52 ` Jan Kara
2025-07-22 12:57 ` Christian Brauner [this message]
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 01/13] fs: add fscrypt offset Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 02/13] fs/crypto: use accessors Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 03/13] ext4: move fscrypt to filesystem inode Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 04/13] ubifs: " Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 05/13] f2fs: " Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 06/13] ceph: " Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 07/13] fs: drop i_crypt_info from struct inode Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 08/13] fs: add fsverity offset Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 09/13] fs/verity: use accessors Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 10/13] btrfs: move fsverity to filesystem inode Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 11/13] ext4: " Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 12/13] f2fs: " Christian Brauner
2025-07-22 12:57 ` [PATCH RFC DRAFT v2 13/13] fs: drop i_verity_info from struct inode Christian Brauner
2025-07-22 13:09 ` [PATCH RFC DRAFT v2 00/13] Move fscrypt and fsverity out of " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 01/13] fs: add fscrypt offset Christian Brauner
2025-07-22 20:02 ` Eric Biggers
2025-07-23 7:48 ` Christian Brauner
2025-07-23 3:49 ` Al Viro
2025-07-22 19:27 ` [PATCH v3 02/13] fs/crypto: use accessors Christian Brauner
2025-07-22 19:27 ` [PATCH v3 03/13] ext4: move fscrypt to filesystem inode Christian Brauner
2025-07-22 20:07 ` Eric Biggers
2025-07-23 8:59 ` Christian Brauner
2025-07-22 19:27 ` [PATCH v3 04/13] ubifs: " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 05/13] f2fs: " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 06/13] ceph: " Christian Brauner
2025-07-22 20:14 ` Eric Biggers
2025-07-23 8:58 ` Christian Brauner
2025-07-22 19:27 ` [PATCH v3 07/13] fs: drop i_crypt_info from struct inode Christian Brauner
2025-07-22 20:19 ` Eric Biggers
2025-07-23 8:52 ` Christian Brauner
2025-07-22 19:27 ` [PATCH v3 08/13] fs: add fsverity offset Christian Brauner
2025-07-23 3:53 ` Al Viro
2025-07-22 19:27 ` [PATCH v3 09/13] fs/verity: use accessors Christian Brauner
2025-07-22 20:25 ` Eric Biggers
2025-07-23 8:55 ` Christian Brauner
2025-07-22 19:27 ` [PATCH v3 10/13] btrfs: move fsverity to filesystem inode Christian Brauner
2025-07-22 19:27 ` [PATCH v3 11/13] ext4: " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 12/13] f2fs: " Christian Brauner
2025-07-22 19:27 ` [PATCH v3 13/13] fs: drop i_verity_info from struct inode Christian Brauner
2025-07-23 10:57 ` [PATCH v4 00/15] Move fscrypt and fsverity out of " Christian Brauner
2025-07-23 10:57 ` [PATCH v4 01/15] fs: add fscrypt offset Christian Brauner
2025-07-23 10:57 ` [PATCH v4 02/15] fs/crypto: use accessors Christian Brauner
2025-07-25 0:29 ` Eric Biggers
2025-07-25 4:01 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 03/15] ext4: move fscrypt to filesystem inode Christian Brauner
2025-07-25 0:32 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 04/15] ubifs: " Christian Brauner
2025-07-23 10:57 ` [PATCH v4 05/15] f2fs: " Christian Brauner
2025-07-23 10:57 ` [PATCH v4 06/15] ceph: " Christian Brauner
2025-07-25 0:34 ` Eric Biggers
2025-07-25 8:15 ` Christian Brauner
2025-07-23 10:57 ` [PATCH v4 07/15] fs: drop i_crypt_info from struct inode Christian Brauner
2025-07-25 0:38 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 08/15] fscrypt: rephrase documentation and comments Christian Brauner
2025-07-25 0:35 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 09/15] fs: add fsverity offset Christian Brauner
2025-07-25 0:45 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 10/15] fs/verity: use accessors Christian Brauner
2025-07-23 10:57 ` [PATCH v4 11/15] btrfs: move fsverity to filesystem inode Christian Brauner
2025-07-23 10:57 ` [PATCH v4 12/15] ext4: " Christian Brauner
2025-07-23 10:57 ` [PATCH v4 13/15] f2fs: " Christian Brauner
2025-07-23 10:57 ` [PATCH v4 14/15] fs: drop i_verity_info from struct inode Christian Brauner
2025-07-25 0:43 ` Eric Biggers
2025-07-23 10:57 ` [PATCH v4 15/15] fsverity: rephrase documentation and comments Christian Brauner
2025-07-22 13:50 ` [PATCH RFC DRAFT v2 00/13] Move fscrypt and fsverity out of struct inode Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250722-work-inode-fscrypt-v2-0-782f1fdeaeba@kernel.org \
--to=brauner@kernel.org \
--cc=axboe@kernel.dk \
--cc=ebiggers@kernel.org \
--cc=fsverity@lists.linux.dev \
--cc=hch@lst.de \
--cc=jack@suse.com \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).