From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Eric Biggers <ebiggers@kernel.org>, Chris Mason <clm@fb.com>,
Josef Bacik <josef@toxicpanda.com>,
David Sterba <dsterba@suse.com>,
linux-fscrypt@vger.kernel.org, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Cc: Omar Sandoval <osandov@osandov.com>,
Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [PATCH v5 12/18] btrfs: encrypt normal file extent data if appropriate
Date: Wed, 2 Nov 2022 07:53:01 -0400 [thread overview]
Message-ID: <9e6e11154b096255ad1541192ddb18610991bb28.1667389115.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1667389115.git.sweettea-kernel@dorminy.me>
From: Omar Sandoval <osandov@osandov.com>
Add in the necessary calls to encrypt and decrypt data to achieve
encryption of normal data.
Since these are all page cache pages being encrypted, we can't encrypt
them in place and must encrypt/decrypt into a new page. fscrypt provides a pool
of pages for this purpose, which it calls bounce pages. For IO of
encrypted data, we use a bounce page for the actual IO, and
encrypt/decrypt from/to the actual page cache page on either side of the
IO.
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
fs/btrfs/extent_io.c | 56 ++++++++++++++++++++++++++++++++++++-----
fs/btrfs/file-item.c | 9 +++++--
fs/btrfs/fscrypt.c | 33 +++++++++++++++++++++++-
fs/btrfs/tree-checker.c | 11 +++++---
4 files changed, 97 insertions(+), 12 deletions(-)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 2ec989b83f54..97aaa74c4822 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -117,6 +117,7 @@ static void submit_one_bio(struct btrfs_bio_ctrl *bio_ctrl)
{
struct bio *bio;
struct bio_vec *bv;
+ struct page *first_page;
struct inode *inode;
int mirror_num;
@@ -125,13 +126,17 @@ static void submit_one_bio(struct btrfs_bio_ctrl *bio_ctrl)
bio = bio_ctrl->bio;
bv = bio_first_bvec_all(bio);
- inode = bv->bv_page->mapping->host;
+ first_page = bio_first_page_all(bio);
+ if (fscrypt_is_bounce_page(first_page))
+ inode = fscrypt_pagecache_page(first_page)->mapping->host;
+ else
+ inode = first_page->mapping->host;
mirror_num = bio_ctrl->mirror_num;
/* Caller should ensure the bio has at least some range added */
ASSERT(bio->bi_iter.bi_size);
- btrfs_bio(bio)->file_offset = page_offset(bv->bv_page) + bv->bv_offset;
+ btrfs_bio(bio)->file_offset = page_offset(first_page) + bv->bv_offset;
if (!is_data_inode(inode))
btrfs_submit_metadata_bio(inode, bio, mirror_num);
@@ -1018,9 +1023,19 @@ static void end_bio_extent_writepage(struct btrfs_bio *bbio)
ASSERT(!bio_flagged(bio, BIO_CLONED));
bio_for_each_segment_all(bvec, bio, iter_all) {
struct page *page = bvec->bv_page;
- struct inode *inode = page->mapping->host;
- struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
- const u32 sectorsize = fs_info->sectorsize;
+ struct inode *inode;
+ struct btrfs_fs_info *fs_info;
+ u32 sectorsize;
+ struct page *bounce_page = NULL;
+
+ if (fscrypt_is_bounce_page(page)) {
+ bounce_page = page;
+ page = fscrypt_pagecache_page(bounce_page);
+ }
+
+ inode = page->mapping->host;
+ fs_info = btrfs_sb(inode->i_sb);
+ sectorsize = fs_info->sectorsize;
/* Our read/write should always be sector aligned. */
if (!IS_ALIGNED(bvec->bv_offset, sectorsize))
@@ -1041,7 +1056,7 @@ static void end_bio_extent_writepage(struct btrfs_bio *bbio)
}
end_extent_writepage(page, error, start, end);
-
+ fscrypt_free_bounce_page(bounce_page);
btrfs_page_clear_writeback(fs_info, page, start, bvec->bv_len);
}
@@ -1233,6 +1248,17 @@ static void end_bio_extent_readpage(struct btrfs_bio *bbio)
}
}
+ if (likely(uptodate)) {
+ if (fscrypt_inode_uses_fs_layer_crypto(inode)) {
+ int ret = fscrypt_decrypt_pagecache_blocks(page,
+ bvec->bv_len,
+ bvec->bv_offset);
+ if (ret) {
+ error_bitmap = (unsigned int) -1;
+ uptodate = false;
+ }
+ }
+ }
if (likely(uptodate)) {
loff_t i_size = i_size_read(inode);
pgoff_t end_index = i_size >> PAGE_SHIFT;
@@ -1567,11 +1593,29 @@ static int submit_extent_page(blk_opf_t opf,
bool force_bio_submit)
{
int ret = 0;
+ struct page *bounce_page = NULL;
struct btrfs_inode *inode = BTRFS_I(page->mapping->host);
unsigned int cur = pg_offset;
ASSERT(bio_ctrl);
+ if ((opf & REQ_OP_MASK) == REQ_OP_WRITE &&
+ fscrypt_inode_uses_fs_layer_crypto(&inode->vfs_inode)) {
+ gfp_t gfp_flags = GFP_NOFS;
+
+ if (bio_ctrl->bio)
+ gfp_flags = GFP_NOWAIT | __GFP_NOWARN;
+ else
+ gfp_flags = GFP_NOFS;
+ bounce_page = fscrypt_encrypt_pagecache_blocks(page, size,
+ pg_offset,
+ gfp_flags);
+ if (IS_ERR(bounce_page))
+ return PTR_ERR(bounce_page);
+ page = bounce_page;
+ pg_offset = 0;
+ }
+
ASSERT(pg_offset < PAGE_SIZE && size <= PAGE_SIZE &&
pg_offset + size <= PAGE_SIZE);
diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index 36b7e2a8d698..2faac05ce137 100644
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -681,8 +681,13 @@ blk_status_t btrfs_csum_one_bio(struct btrfs_inode *inode, struct bio *bio,
shash->tfm = fs_info->csum_shash;
bio_for_each_segment(bvec, bio, iter) {
- if (use_page_offsets)
- offset = page_offset(bvec.bv_page) + bvec.bv_offset;
+ if (use_page_offsets) {
+ struct page *page = bvec.bv_page;
+
+ if (fscrypt_is_bounce_page(page))
+ page = fscrypt_pagecache_page(page);
+ offset = page_offset(page) + bvec.bv_offset;
+ }
if (!ordered) {
ordered = btrfs_lookup_ordered_extent(inode, offset);
diff --git a/fs/btrfs/fscrypt.c b/fs/btrfs/fscrypt.c
index 2c9f2d84b539..661fe7cc119c 100644
--- a/fs/btrfs/fscrypt.c
+++ b/fs/btrfs/fscrypt.c
@@ -190,7 +190,38 @@ static int btrfs_fscrypt_get_extent_context(const struct inode *inode,
size_t *extent_offset,
size_t *extent_length)
{
- return len;
+ u64 offset = lblk_num << inode->i_blkbits;
+ struct extent_map *em;
+ int ret;
+
+ /* Since IO must be in progress on this extent, this must succeed */
+ em = btrfs_get_extent(BTRFS_I(inode), NULL, 0, offset, PAGE_SIZE);
+ if (!em)
+ return -EINVAL;
+
+ if (em->block_start == EXTENT_MAP_HOLE) {
+ btrfs_info(BTRFS_I(inode)->root->fs_info,
+ "extent context requested for block %llu of inode %lu without an extent",
+ lblk_num, inode->i_ino);
+ free_extent_map(em);
+ return -ENOENT;
+ }
+
+ ret = ctx ? em->fscrypt_context.len : 0;
+
+ if (ctx)
+ memcpy(ctx, em->fscrypt_context.buffer,
+ em->fscrypt_context.len);
+
+ if (extent_offset)
+ *extent_offset
+ = (offset - em->start) >> inode->i_blkbits;
+
+ if (extent_length)
+ *extent_length = em->len >> inode->i_blkbits;
+
+ free_extent_map(em);
+ return ret;
}
static int btrfs_fscrypt_set_extent_context(void *extent, void *ctx,
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c
index e72c8176f7bc..84bdd6ca3d2b 100644
--- a/fs/btrfs/tree-checker.c
+++ b/fs/btrfs/tree-checker.c
@@ -276,9 +276,14 @@ static int check_extent_data_item(struct extent_buffer *leaf,
return -EUCLEAN;
}
- /* Compressed inline extent has no on-disk size, skip it */
- if (btrfs_file_extent_compression(leaf, fi) !=
- BTRFS_COMPRESS_NONE)
+ /*
+ * Compressed inline extent has no on-disk size; encrypted has
+ * variable size; skip them
+ */
+ if ((btrfs_file_extent_compression(leaf, fi) !=
+ BTRFS_COMPRESS_NONE) ||
+ (btrfs_file_extent_encryption(leaf, fi) !=
+ BTRFS_ENCRYPTION_NONE))
return 0;
/* Uncompressed inline extent size must match item size */
--
2.37.3
next prev parent reply other threads:[~2022-11-02 11:54 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 11:52 [PATCH v5 00/18] btrfs: add fscrypt integration Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 01/18] fscrypt: expose fscrypt_nokey_name Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 02/18] fscrypt: add fscrypt_have_same_policy() to check inode compatibility Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 03/18] fscrypt: allow fscrypt_generate_iv() to distinguish filenames Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 04/18] fscrypt: add extent-based encryption Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 05/18] fscrypt: extent direct key policies for " Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 06/18] fscrypt: document btrfs' fscrypt quirks Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 07/18] btrfs: disable various operations on encrypted inodes Sweet Tea Dorminy
2022-11-02 16:54 ` kernel test robot
2022-11-06 12:54 ` kernel test robot
2022-11-02 11:52 ` [PATCH v5 08/18] btrfs: start using fscrypt hooks Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 09/18] btrfs: add fscrypt_context items Sweet Tea Dorminy
2022-11-02 11:52 ` [PATCH v5 10/18] btrfs: translate btrfs encryption flags and encrypted inode flag Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 11/18] btrfs: store a fscrypt extent context per normal file extent Sweet Tea Dorminy
2022-11-02 15:03 ` kernel test robot
2022-11-02 11:53 ` Sweet Tea Dorminy [this message]
2022-11-02 11:53 ` [PATCH v5 13/18] btrfs: Add new FEATURE_INCOMPAT_ENCRYPT feature flag Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 14/18] btrfs: implement fscrypt ioctls Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 15/18] btrfs: permit searching for nokey names for removal Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 16/18] btrfs: use correct name hash for nokey names Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 17/18] btrfs: encrypt verity items Sweet Tea Dorminy
2022-11-02 11:53 ` [PATCH v5 18/18] btrfs: allow encrypting compressed extents Sweet Tea Dorminy
2022-11-03 19:22 ` [PATCH v5 00/18] btrfs: add fscrypt integration Paul Crowley
2022-11-16 20:08 ` Neal Gompa
2022-11-16 20:35 ` Eric Biggers
2022-11-16 20:19 ` Sweet Tea Dorminy
2022-11-21 17:26 ` Sweet Tea Dorminy
2022-11-24 1:22 ` Sweet Tea Dorminy
2022-11-28 7:59 ` Christoph Hellwig
2022-11-28 18:44 ` Eric Biggers
2022-11-28 20:34 ` Paul Crowley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e6e11154b096255ad1541192ddb18610991bb28.1667389115.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=osandov@osandov.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.