From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-block@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
Theodore Ts'o <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Baokun Li <libaokun@linux.alibaba.com>, Jan Kara <jack@suse.cz>,
Ojaswin Mujoo <ojaswin@linux.ibm.com>,
Ritesh Harjani <ritesh.list@gmail.com>,
Zhang Yi <yi.zhang@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>,
Chao Yu <chao@kernel.org>, Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 00/16] fscrypt: Standardize on blk-crypto
Date: Tue, 23 Jun 2026 22:03:18 -0700 [thread overview]
Message-ID: <20260624050334.124606-1-ebiggers@kernel.org> (raw)
This series can also be retrieved from:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/ fscrypt-blk-crypto-v1
Currently, ext4 and f2fs (i.e., the block-based filesystems with fscrypt
support) have two file contents encryption implementations:
- Filesystem-layer, where code in fs/crypto/ directly invokes
crypto_skcipher to en/decrypt data using the CPU. This
implementation requires the management of bounce pages at the
filesystem level. It doesn't support direct I/O or large folios.
- blk-crypto (also known as inline encryption), where the filesystem
assigns bio_crypt_ctxs to bios, which are then processed either by
the CPU using blk-crypto-fallback.c or by inline encryption hardware.
This supports direct I/O and is compatible with large folios.
Currently, the latter implementation is enabled only when the
"inlinecrypt" mount option is given.
The persistence of the fs-layer implementation is mainly for historical
reasons, as it came first. It's becoming increasingly hard to maintain,
especially as the filesystems get refactored to use iomap, large folios,
etc. It's time to remove it and just rely on the similar code in
blk-crypto-fallback. This series does that.
Some fs-layer encryption support remains in fs/crypto/ for non-block
based filesystems (UBIFS and CephFS), as well as directories and
symlinks. So it's not entirely gone, but it's reduced.
To be clear, this just changes an internal implementation detail. ext4
and f2fs continue to fully support encryption (fscrypt), regardless of
the presence of inline encryption hardware on the system.
Eric Biggers (16):
blk-crypto: Simplify check for fallback support
blk-crypto: Fold __blk_crypto_cfg_supported() into its caller
blk-crypto: Allow control over whether hardware is used
fscrypt: Fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE
fscrypt: Always use blk-crypto for contents on block-based filesystems
ext4: Remove fs-layer file contents en/decryption code
ext4: Make ext4_bio_write_folio() return void
ext4: Further de-generalize the bio postprocessing code
f2fs: Remove fs-layer file contents en/decryption code
fs/buffer: Remove fs-layer decryption code
fscrypt: Replace calls to fscrypt_inode_uses_inline_crypto()
fscrypt: Remove fscrypt_dio_supported()
fscrypt: Remove fs-layer zeroout code
fscrypt: Remove unused functions and workqueue
fscrypt: Merge bio.c and inline_crypt.c into block.c
fscrypt: Add safety checks to non-block-based en/decryption
Documentation/filesystems/fscrypt.rst | 39 ++-
arch/loongarch/configs/loongson32_defconfig | 1 -
arch/loongarch/configs/loongson64_defconfig | 1 -
block/blk-crypto-fallback.c | 3 +-
block/blk-crypto-profile.c | 22 --
block/blk-crypto.c | 31 ++-
drivers/md/dm-inlinecrypt.c | 2 +-
fs/buffer.c | 45 +---
fs/crypto/Kconfig | 8 +-
fs/crypto/Makefile | 3 +-
fs/crypto/bio.c | 216 ---------------
fs/crypto/{inline_crypt.c => block.c} | 283 +++++++++-----------
fs/crypto/crypto.c | 140 ++++------
fs/crypto/fscrypt_private.h | 28 +-
fs/crypto/keysetup.c | 31 +--
fs/crypto/policy.c | 17 ++
fs/ext4/crypto.c | 2 +-
fs/ext4/ext4.h | 6 +-
fs/ext4/inode.c | 64 +----
fs/ext4/page-io.c | 74 +----
fs/ext4/readpage.c | 140 +++-------
fs/ext4/super.c | 6 +-
fs/f2fs/compress.c | 28 +-
fs/f2fs/data.c | 93 +------
fs/f2fs/f2fs.h | 2 -
fs/f2fs/file.c | 2 -
fs/f2fs/segment.c | 2 -
fs/f2fs/super.c | 2 +-
include/linux/blk-crypto.h | 6 +-
include/linux/fscrypt.h | 96 ++-----
30 files changed, 357 insertions(+), 1036 deletions(-)
delete mode 100644 fs/crypto/bio.c
rename fs/crypto/{inline_crypt.c => block.c} (61%)
base-commit: 1dc18801be29bc54709aa355b8acd80e183b03cd
prerequisite-patch-id: 319d2891e88c7df1ebb5ebf434d18b68f770399f
prerequisite-patch-id: f6157c86deab0ff5ec953ae3ed6b0e84f37741bf
prerequisite-patch-id: 5330c9e4b65644baae81bd177a46be6223d2b494
prerequisite-patch-id: 073cb85332cc58e4b5066bf8f7ac948c0d9a2bac
prerequisite-patch-id: 4b1b7521df7ce7157156dbbc373c699060b21e3f
prerequisite-patch-id: edfd2a34a97697517828f233e478e5b7f8cf85c2
--
2.54.0
next reply other threads:[~2026-06-24 5:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-24 5:03 Eric Biggers [this message]
2026-06-24 5:03 ` [PATCH 01/16] blk-crypto: Simplify check for fallback support Eric Biggers
2026-06-24 5:03 ` [PATCH 02/16] blk-crypto: Fold __blk_crypto_cfg_supported() into its caller Eric Biggers
2026-06-24 5:03 ` [PATCH 03/16] blk-crypto: Allow control over whether hardware is used Eric Biggers
2026-06-24 5:03 ` [PATCH 04/16] fscrypt: Fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE Eric Biggers
2026-06-24 5:03 ` [PATCH 05/16] fscrypt: Always use blk-crypto for contents on block-based filesystems Eric Biggers
2026-06-24 5:03 ` [PATCH 06/16] ext4: Remove fs-layer file contents en/decryption code Eric Biggers
2026-06-24 5:03 ` [PATCH 07/16] ext4: Make ext4_bio_write_folio() return void Eric Biggers
2026-06-24 5:03 ` [PATCH 08/16] ext4: Further de-generalize the bio postprocessing code Eric Biggers
2026-06-24 5:03 ` [PATCH 09/16] f2fs: Remove fs-layer file contents en/decryption code Eric Biggers
2026-06-24 5:03 ` [PATCH 10/16] fs/buffer: Remove fs-layer decryption code Eric Biggers
2026-06-24 11:40 ` Jan Kara
2026-06-24 5:03 ` [PATCH 11/16] fscrypt: Replace calls to fscrypt_inode_uses_inline_crypto() Eric Biggers
2026-06-24 5:03 ` [PATCH 12/16] fscrypt: Remove fscrypt_dio_supported() Eric Biggers
2026-06-24 5:03 ` [PATCH 13/16] fscrypt: Remove fs-layer zeroout code Eric Biggers
2026-06-24 5:03 ` [PATCH 14/16] fscrypt: Remove unused functions and workqueue Eric Biggers
2026-06-24 5:03 ` [PATCH 15/16] fscrypt: Merge bio.c and inline_crypt.c into block.c Eric Biggers
2026-06-24 5:03 ` [PATCH 16/16] fscrypt: Add safety checks to non-block-based en/decryption Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260624050334.124606-1-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=adilger.kernel@dilger.ca \
--cc=chao@kernel.org \
--cc=hch@lst.de \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=libaokun@linux.alibaba.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=ojaswin@linux.ibm.com \
--cc=ritesh.list@gmail.com \
--cc=tytso@mit.edu \
--cc=yi.zhang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox