From: Richard Weinberger <richard@nod.at>
To: linux-mtd@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
dedekind1@gmail.com, adrian.hunter@intel.com, tytso@mit.edu,
jaegeuk@kernel.org, david@sigma-star.at, wd@denx.de,
sbabic@denx.de, dengler@linutronix.de, ebiggers@google.com,
mhalcrow@google.com, hch@infradead.org,
Richard Weinberger <richard@nod.at>
Subject: [PATCH 01/29] fscrypt: Add in-place encryption mode
Date: Sun, 13 Nov 2016 22:20:44 +0100 [thread overview]
Message-ID: <1479072072-6844-2-git-send-email-richard@nod.at> (raw)
In-Reply-To: <1479072072-6844-1-git-send-email-richard@nod.at>
From: David Gstir <david@sigma-star.at>
ext4 and f2fs require a bounce page when encrypting pages. However, not
all filesystems will need that (eg. UBIFS). This is handled via a
flag on fscrypt_operations where a fs implementation can select in-place
encryption over using a bounce page (which is the default).
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
---
fs/crypto/crypto.c | 25 +++++++++++++++----------
include/linux/fscrypto.h | 6 ++++++
2 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index 98f87fe8f186..f38dc8aac2fe 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -217,8 +217,9 @@ static struct page *alloc_bounce_page(struct fscrypt_ctx *ctx, gfp_t gfp_flags)
* @plaintext_page: The page to encrypt. Must be locked.
* @gfp_flags: The gfp flag for memory allocation
*
- * Allocates a ciphertext page and encrypts plaintext_page into it using the ctx
- * encryption context.
+ * Encrypts plaintext_page using the ctx encryption context. If
+ * the filesystem supports it, encryption is performed in-place, otherwise a
+ * new ciphertext_page is allocated and returned.
*
* Called on the page write path. The caller must call
* fscrypt_restore_control_page() on the returned ciphertext page to
@@ -231,7 +232,7 @@ struct page *fscrypt_encrypt_page(struct inode *inode,
struct page *plaintext_page, gfp_t gfp_flags)
{
struct fscrypt_ctx *ctx;
- struct page *ciphertext_page = NULL;
+ struct page *ciphertext_page = plaintext_page;
int err;
BUG_ON(!PageLocked(plaintext_page));
@@ -240,10 +241,12 @@ struct page *fscrypt_encrypt_page(struct inode *inode,
if (IS_ERR(ctx))
return (struct page *)ctx;
- /* The encryption operation will require a bounce page. */
- ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
- if (IS_ERR(ciphertext_page))
- goto errout;
+ if (!(inode->i_sb->s_cop->flags & FS_CFLG_INPLACE_ENCRYPTION)) {
+ /* The encryption operation will require a bounce page. */
+ ciphertext_page = alloc_bounce_page(ctx, gfp_flags);
+ if (IS_ERR(ciphertext_page))
+ goto errout;
+ }
ctx->w.control_page = plaintext_page;
err = do_page_crypto(inode, FS_ENCRYPT, plaintext_page->index,
@@ -253,9 +256,11 @@ struct page *fscrypt_encrypt_page(struct inode *inode,
ciphertext_page = ERR_PTR(err);
goto errout;
}
- SetPagePrivate(ciphertext_page);
- set_page_private(ciphertext_page, (unsigned long)ctx);
- lock_page(ciphertext_page);
+ if (!(inode->i_sb->s_cop->flags & FS_CFLG_INPLACE_ENCRYPTION)) {
+ SetPagePrivate(ciphertext_page);
+ set_page_private(ciphertext_page, (unsigned long)ctx);
+ lock_page(ciphertext_page);
+ }
return ciphertext_page;
errout:
diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h
index ff8b11b26f31..5a65b0e3773f 100644
--- a/include/linux/fscrypto.h
+++ b/include/linux/fscrypto.h
@@ -154,9 +154,15 @@ struct fscrypt_name {
#define fname_len(p) ((p)->disk_name.len)
/*
+ * fscrypt superblock flags
+ */
+#define FS_CFLG_INPLACE_ENCRYPTION (1U << 1)
+
+/*
* crypto opertions for filesystems
*/
struct fscrypt_operations {
+ unsigned int flags;
int (*get_context)(struct inode *, void *, size_t);
int (*key_prefix)(struct inode *, u8 **);
int (*prepare_context)(struct inode *);
--
2.7.3
next prev parent reply other threads:[~2016-11-13 21:21 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-13 21:20 [PATCH 00/29] UBIFS File Encryption v1 Richard Weinberger
2016-11-13 21:20 ` Richard Weinberger [this message]
2016-11-15 18:14 ` [PATCH 01/29] fscrypt: Add in-place encryption mode Eric Biggers
2016-11-25 12:09 ` David Gstir
2016-11-27 6:49 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 02/29] fscrypt: Allow fscrypt_decrypt_page() to function with non-writeback pages Richard Weinberger
2016-11-15 18:19 ` Eric Biggers
2016-11-24 17:43 ` David Gstir
2016-11-13 21:20 ` [PATCH 03/29] fscrypt: Enable partial page encryption Richard Weinberger
2016-11-15 18:31 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 04/29] fscrypt: Constify struct inode pointer Richard Weinberger
2016-11-13 21:20 ` [PATCH 05/29] fscrypt: Let fs select encryption index/tweak Richard Weinberger
2016-11-15 18:43 ` Eric Biggers
[not found] ` <98AAB80A-A0BE-4408-A514-DC3B8D19C5F7@sigma-star.at>
2016-11-27 7:00 ` Eric Biggers
2016-11-13 21:20 ` [PATCH 06/29] ubifs: Export ubifs_check_dir_empty() Richard Weinberger
2016-11-13 21:20 ` [PATCH 07/29] ubifs: Export xattr get and set functions Richard Weinberger
2016-11-13 21:20 ` [PATCH 08/29] ubifs: Define UBIFS crypto context xattr Richard Weinberger
2016-11-13 21:20 ` [PATCH 09/29] ubifs: Add skeleton for fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 10/29] ubifs: Massage ubifs_listxattr() for encryption context Richard Weinberger
2016-11-13 21:20 ` [PATCH 11/29] ubifs: Implement directory open operation Richard Weinberger
2016-11-13 21:20 ` [PATCH 12/29] ubifs: Implement file " Richard Weinberger
2016-11-13 21:20 ` [PATCH 13/29] ubifs: Enforce crypto policy in ->link and ->rename Richard Weinberger
2016-11-13 21:20 ` [PATCH 14/29] ubifs: Preload crypto context in ->lookup() Richard Weinberger
2016-11-13 21:20 ` [PATCH 15/29] ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto Richard Weinberger
2016-11-13 21:20 ` [PATCH 16/29] ubifs: Enforce crypto policy in mmap Richard Weinberger
2016-11-13 21:21 ` [PATCH 17/29] ubifs: Introduce new data node field, compr_size Richard Weinberger
2016-11-13 21:21 ` [PATCH 18/29] ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() Richard Weinberger
2016-11-13 21:21 ` [PATCH 19/29] ubifs: Implement encrypt/decrypt for all IO Richard Weinberger
2016-11-13 23:03 ` kbuild test robot
2016-11-13 21:21 ` [PATCH 20/29] ubifs: Relax checks in ubifs_validate_entry() Richard Weinberger
2016-11-13 21:21 ` [PATCH 21/29] ubifs: Make r5 hash binary string aware Richard Weinberger
2016-11-13 21:21 ` [PATCH 22/29] ubifs: Implement encrypted filenames Richard Weinberger
2016-11-13 21:21 ` [PATCH 23/29] ubifs: Add support for encrypted symlinks Richard Weinberger
2016-11-13 21:21 ` [PATCH 24/29] ubifs: Rename tnc_read_node_nm Richard Weinberger
2016-11-13 21:21 ` [PATCH 25/29] ubifs: Add full hash lookup support Richard Weinberger
2016-11-13 21:21 ` [PATCH 26/29] ubifs: Use a random number for cookies Richard Weinberger
2016-11-13 21:21 ` [PATCH 27/29] ubifs: Implement UBIFS_FLG_DOUBLE_HASH Richard Weinberger
2016-11-13 21:21 ` [PATCH 28/29] ubifs: Implement UBIFS_FLG_ENCRYPTION Richard Weinberger
2016-11-13 21:21 ` [PATCH 29/29] ubifs: Raise write version to 5 Richard Weinberger
2016-11-14 3:05 ` [PATCH 00/29] UBIFS File Encryption v1 Theodore Ts'o
2016-11-14 12:01 ` Richard Weinberger
2016-11-25 8:18 ` Richard Weinberger
2016-11-27 17:52 ` Theodore Ts'o
2016-11-27 22:21 ` Richard Weinberger
2016-11-28 0:43 ` Theodore Ts'o
2016-11-28 1:27 ` Eric Biggers
2016-11-29 2:27 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479072072-6844-2-git-send-email-richard@nod.at \
--to=richard@nod.at \
--cc=adrian.hunter@intel.com \
--cc=david@sigma-star.at \
--cc=dedekind1@gmail.com \
--cc=dengler@linutronix.de \
--cc=ebiggers@google.com \
--cc=hch@infradead.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=mhalcrow@google.com \
--cc=sbabic@denx.de \
--cc=tytso@mit.edu \
--cc=wd@denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).