| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Jan 2022 16:27:43 -0800
From: Jaegeuk Kim <jaegeuk@...nel.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-xfs@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
Christoph Hellwig <hch@....de>,
"Darrick J . Wong" <djwong@...nel.org>,
Dave Chinner <david@...morbit.com>,
Satya Tangirala <satyat@...gle.com>
Subject: Re: [PATCH v11 4/5] f2fs: support direct I/O with fscrypt using
blk-crypto
On 01/28, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> Encrypted files traditionally haven't supported DIO, due to the need to
> encrypt/decrypt the data. However, when the encryption is implemented
> using inline encryption (blk-crypto) instead of the traditional
> filesystem-layer encryption, it is straightforward to support DIO.
>
> Therefore, make f2fs support DIO on files that are using inline
> encryption. Since f2fs uses iomap for DIO, and fscrypt support was
> already added to iomap DIO, this just requires two small changes:
>
> - Let DIO proceed when supported, by checking fscrypt_dio_supported()
> instead of assuming that encrypted files never support DIO.
>
> - In f2fs_iomap_begin(), use fscrypt_limit_io_blocks() to limit the
> length of the mapping in the rare case where a DUN discontiguity
> occurs in the middle of an extent. The iomap DIO implementation
> requires this, since it assumes that it can submit a bio covering (up
> to) the whole mapping, without checking fscrypt constraints itself.
>
> Co-developed-by: Satya Tangirala <satyat@...gle.com>
> Signed-off-by: Satya Tangirala <satyat@...gle.com>
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Acked-by: Jaegeuk Kim <jaegeuk@...nel.org>
> ---
> fs/f2fs/data.c | 7 +++++++
> fs/f2fs/f2fs.h | 6 +++++-
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 8c417864c66ae..020d47f97969c 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -4044,6 +4044,13 @@ static int f2fs_iomap_begin(struct inode *inode, loff_t offset, loff_t length,
>
> iomap->offset = blks_to_bytes(inode, map.m_lblk);
>
> + /*
> + * When inline encryption is enabled, sometimes I/O to an encrypted file
> + * has to be broken up to guarantee DUN contiguity. Handle this by
> + * limiting the length of the mapping returned.
> + */
> + map.m_len = fscrypt_limit_io_blocks(inode, map.m_lblk, map.m_len);
> +
> if (map.m_flags & (F2FS_MAP_MAPPED | F2FS_MAP_UNWRITTEN)) {
> iomap->length = blks_to_bytes(inode, map.m_len);
> if (map.m_flags & F2FS_MAP_MAPPED) {
> diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
> index eb22fa91c2b26..db46f3cf0885d 100644
> --- a/fs/f2fs/f2fs.h
> +++ b/fs/f2fs/f2fs.h
> @@ -4371,7 +4371,11 @@ static inline bool f2fs_force_buffered_io(struct inode *inode,
> struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
> int rw = iov_iter_rw(iter);
>
> - if (f2fs_post_read_required(inode))
> + if (!fscrypt_dio_supported(iocb, iter))
> + return true;
> + if (fsverity_active(inode))
> + return true;
> + if (f2fs_compressed_file(inode))
> return true;
>
> /* disallow direct IO if any of devices has unaligned blksize */
> --
> 2.35.0
Powered by blists - more mailing lists