| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200720192945.GG1292162@gmail.com>
Date: Mon, 20 Jul 2020 12:29:45 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Satya Tangirala <satyat@...gle.com>
Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-f2fs-devel@...ts.sourceforge.net, linux-ext4@...r.kernel.org,
linux-xfs@...r.kernel.org
Subject: Re: [PATCH v3 3/7] iomap: support direct I/O with fscrypt using
blk-crypto
On Fri, Jul 17, 2020 at 01:45:36AM +0000, Satya Tangirala wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> Wire up iomap direct I/O with the fscrypt additions for direct I/O,
> and set bio crypt contexts on bios when appropriate.
>
> Make iomap_dio_bio_actor() call fscrypt_limit_io_pages() to ensure that
> DUNs remain contiguous within a bio, since it works directly with logical
> ranges and can't call fscrypt_mergeable_bio() on each page.
This commit message is still confusing.
How about the following:
"Wire up iomap direct I/O with the fscrypt additions for direct I/O.
This allows ext4 to support direct I/O on encrypted files when inline
encryption is enabled.
This change consists of two parts:
- Set a bio_crypt_ctx on bios for encrypted files, so that the file
contents get encrypted (or decrypted).
- Ensure that encryption data unit numbers (DUNs) are contiguous within
each bio. Use the new function fscrypt_limit_io_pages() for this,
since the iomap code works directly with logical ranges and thus
doesn't have a chance to call fscrypt_mergeable_bio() on each page.
Note that fscrypt_limit_io_pages() is normally a no-op, as normally the
DUNs simply increment along with the logical blocks. But it's needed to
handle an edge case in one of the fscrypt IV generation methods."
> @@ -183,11 +184,14 @@ static void
> iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos,
> unsigned len)
> {
> + struct inode *inode = file_inode(dio->iocb->ki_filp);
> struct page *page = ZERO_PAGE(0);
> int flags = REQ_SYNC | REQ_IDLE;
> struct bio *bio;
>
> bio = bio_alloc(GFP_KERNEL, 1);
> + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits,
> + GFP_KERNEL);
> bio_set_dev(bio, iomap->bdev);
> bio->bi_iter.bi_sector = iomap_sector(iomap, pos);
> bio->bi_private = dio;
iomap_dio_zero() is only used on partial filesystem blocks. But, we
only allow direct I/O on encrypted files when the I/O is
filesystem-block-aligned.
So this part appears to be unnecessary.
How about replacing it with:
/* encrypted direct I/O is guaranteed to be fs-block aligned */
WARN_ON_ONCE(fscrypt_needs_contents_encryption(inode));
> @@ -253,6 +257,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length,
> ret = nr_pages;
> goto out;
> }
> + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages);
>
> if (need_zeroout) {
> /* zero out from the start of the block to the write offset */
> @@ -270,6 +275,8 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length,
> }
>
> bio = bio_alloc(GFP_KERNEL, nr_pages);
> + fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits,
> + GFP_KERNEL);
> bio_set_dev(bio, iomap->bdev);
> bio->bi_iter.bi_sector = iomap_sector(iomap, pos);
> bio->bi_write_hint = dio->iocb->ki_hint;
> @@ -307,6 +314,7 @@ iomap_dio_bio_actor(struct inode *inode, loff_t pos, loff_t length,
> copied += n;
>
> nr_pages = iov_iter_npages(dio->submit.iter, BIO_MAX_PAGES);
> + nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages);
> iomap_dio_submit_bio(dio, iomap, bio, pos);
> pos += n;
> } while (nr_pages);
I think the part at the end is wrong.
We want to limit the *next* bio, not the current one.
So 'pos' needs to be updated first.
I think it should be:
iomap_dio_submit_bio(dio, iomap, bio, pos);
pos += n;
nr_pages = iov_iter_npages(dio->submit.iter, BIO_MAX_PAGES);
nr_pages = fscrypt_limit_io_pages(inode, pos, nr_pages);
Powered by blists - more mailing lists