From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55E783A1E67; Sun, 5 Jul 2026 19:47:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783280864; cv=none; b=lrcPgbmcdT+X5+46PfaW3mpPHA5bxQzOrZWfP2Ja3zJdJQmnawh9J+kSKOwhez0ripje8TAlgTYjtXnYc9UU24SV4EKMg5JFWPLjGK7cjcOdQRya2g8S6M3dq6+vEX8aP0NYKVuzrMBrKTbmCKIWznSi0B/Kw8lRuDr7rJV4/4A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783280864; c=relaxed/simple; bh=P5GMzOHJDDWmVeKXEaQCUlgkWe1RuXYujVlKi93mNjk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TwHL3Po1FdKTja4WnZCmESt+FYoVyJ8a/bwu9JzRVF0l7AjDsiUxrNN5NEtR2TeQ5FTcCPQvxr0nF0wYk/gT0K2ff0yAYeINa1vTZMDv0iPrAPNmDeBIJcR5xuhg8I+hxDBShP4pI6k0z1LtJ7p+g6ZeZW5HOhpNCe08zwFKvW4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=P0OsLQrb; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="P0OsLQrb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B9DBC1F00A3D; Sun, 5 Jul 2026 19:47:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1783280863; bh=gfpz689V4pGfz5uZs3AyGXvqPghKUAJ1Vdt7trKNrUY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=P0OsLQrbKtGJbOjVdbuc6CA9XXOCTVbHVydNKM0DKH9f/LFbP/+VpH6I1ORHGvRqB rfYalun3Yy6GEPe5Hs+eUmiqkJ6V/Kd5YEErN6EtnBB4rMU784hkT3yw0KyXhSdcv0 mAUuiJFK+L93CMT7AXzG6PITXfdpBTT20C0LN+AfvcG/PFP8pTmbCEWhnvD/xJaC31 7Do5PYFE8KJaNgM2J8axm/OZ+6JPlWa8hkwRyAOvzCz5QydanVQsgqaLLRisgOSimq BWEQumtKNeqtyGhvu1j9kXWPWHiyVi2K8ba0/WhD5QXUBHqID/2LdjudLs5K4rxsaQ dBAm3ldcD71wQ== From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-block@vger.kernel.org, Christoph Hellwig , Theodore Ts'o , Andreas Dilger , Baokun Li , Jan Kara , Ojaswin Mujoo , Ritesh Harjani , Zhang Yi , Jaegeuk Kim , Chao Yu , Eric Biggers Subject: [PATCH v2 04/17] fscrypt: Fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE Date: Sun, 5 Jul 2026 12:45:41 -0700 Message-ID: <20260705194555.75030-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260705194555.75030-1-ebiggers@kernel.org> References: <20260705194555.75030-1-ebiggers@kernel.org> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE works only with the fs-layer implementation of file contents encryption, not blk-crypto. This is a problem for standardizing on blk-crypto. Fortunately, no one should be using this combination anyway. It doesn't make sense because the entire point of IV_INO_LBLK_32 is to support inline encryption hardware that is limited to 32-bit DUNs. Thus, fully disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE. Reviewed-by: Christoph Hellwig Signed-off-by: Eric Biggers --- Documentation/filesystems/fscrypt.rst | 3 +++ fs/crypto/inline_crypt.c | 13 ------------- fs/crypto/policy.c | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index c0dd35f1af12..92b8f311e211 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -336,6 +336,9 @@ per I/O request and may have only a small number of keyslots. This format results in some level of IV reuse, so it should only be used when necessary due to hardware limitations. +IV_INO_LBLK_32 is supported only when the filesystem block size is +equal to the page size. + Key identifiers --------------- diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c index aaf71f6068b0..83dea8bc2c8c 100644 --- a/fs/crypto/inline_crypt.c +++ b/fs/crypto/inline_crypt.c @@ -112,19 +112,6 @@ int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci, if (!(sb->s_flags & SB_INLINECRYPT)) return 0; - /* - * When a page contains multiple logically contiguous filesystem blocks, - * some filesystem code only calls fscrypt_mergeable_bio() for the first - * block in the page. This is fine for most of fscrypt's IV generation - * strategies, where contiguous blocks imply contiguous IVs. But it - * doesn't work with IV_INO_LBLK_32. For now, simply exclude - * IV_INO_LBLK_32 with blocksize != PAGE_SIZE from inline encryption. - */ - if ((fscrypt_policy_flags(&ci->ci_policy) & - FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && - sb->s_blocksize != PAGE_SIZE) - return 0; - /* * On all the filesystem's block devices, blk-crypto must support the * crypto configuration that the file would use. diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c index f40fb5924e75..a7322dba7557 100644 --- a/fs/crypto/policy.c +++ b/fs/crypto/policy.c @@ -177,6 +177,23 @@ static bool supported_iv_ino_lblk_policy(const struct fscrypt_policy_v2 *policy, type, sb->s_id); return false; } + + /* + * IV_INO_LBLK_32 isn't compatible with inline encryption when + * s_blocksize != PAGE_SIZE. In that case the DUN can wrap around in + * the middle of a page, but sometimes fscrypt_mergeable_bio() is called + * only for the first block per page. Since IV_INO_LBLK_32 exists only + * to support inline encryption hardware that is limited to 32-bit DUNs, + * just disallow IV_INO_LBLK_32 with s_blocksize != PAGE_SIZE entirely. + */ + if ((policy->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && + sb->s_blocksize != PAGE_SIZE) { + fscrypt_warn(inode, + "Can't use %s policy on filesystem '%s' with block size != PAGE_SIZE", + type, sb->s_id); + return false; + } + return true; } -- 2.54.0