From: Christoph Hellwig <hch@infradead.org>
To: Satya Tangirala <satyat@google.com>
Cc: linux-block@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Kim Boojin <boojin.kim@samsung.com>,
Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH v5 7/9] fscrypt: add inline encryption support
Date: Thu, 31 Oct 2019 11:32:17 -0700 [thread overview]
Message-ID: <20191031183217.GF23601@infradead.org> (raw)
In-Reply-To: <20191028072032.6911-8-satyat@google.com>
> diff --git a/fs/crypto/bio.c b/fs/crypto/bio.c
> index 1f4b8a277060..956798debf71 100644
> --- a/fs/crypto/bio.c
> +++ b/fs/crypto/bio.c
> @@ -46,26 +46,38 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
> {
> const unsigned int blockbits = inode->i_blkbits;
> const unsigned int blocksize = 1 << blockbits;
> + const bool inlinecrypt = fscrypt_inode_uses_inline_crypto(inode);
> struct page *ciphertext_page;
> struct bio *bio;
> int ret, err = 0;
>
> - ciphertext_page = fscrypt_alloc_bounce_page(GFP_NOWAIT);
> - if (!ciphertext_page)
> - return -ENOMEM;
> + if (inlinecrypt) {
> + ciphertext_page = ZERO_PAGE(0);
> + } else {
> + ciphertext_page = fscrypt_alloc_bounce_page(GFP_NOWAIT);
> + if (!ciphertext_page)
> + return -ENOMEM;
I think you just want to split this into two functions for the
inline crypto vs not cases.
> @@ -391,6 +450,16 @@ struct fscrypt_master_key {
> */
> struct crypto_skcipher *mk_iv_ino_lblk_64_tfms[__FSCRYPT_MODE_MAX + 1];
>
> +#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
> + /* Raw keys for IV_INO_LBLK_64 policies, allocated on-demand */
> + u8 *mk_iv_ino_lblk_64_raw_keys[__FSCRYPT_MODE_MAX + 1];
> +
> + /* The data unit size being used for inline encryption */
> + unsigned int mk_data_unit_size;
> +
> + /* The filesystem's block device */
> + struct block_device *mk_bdev;
File systems (including f2fs) can have multiple underlying block
devices.
> +{
> + const struct inode *inode = ci->ci_inode;
> + struct super_block *sb = inode->i_sb;
> +
> + /* The file must need contents encryption, not filenames encryption */
> + if (!S_ISREG(inode->i_mode))
> + return false;
But that isn't really what the check checks for..
> + /* The filesystem must be mounted with -o inlinecrypt */
> + if (!sb->s_cop->inline_crypt_enabled ||
> + !sb->s_cop->inline_crypt_enabled(sb))
> + return false;
So please add a SB_* flag for that option instead of the weird
indirection.
> +/**
> + * fscrypt_inode_uses_inline_crypto - test whether an inode uses inline encryption
This adds an overly long line. This happens many more times in the
patch.
Btw, I'm not happy about the 8-byte IV assumptions everywhere here.
That really should be a parameter, not hardcoded.
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@infradead.org>
To: Satya Tangirala <satyat@google.com>
Cc: linux-scsi@vger.kernel.org, Kim Boojin <boojin.kim@samsung.com>,
Kuohong Wang <kuohong.wang@mediatek.com>,
Eric Biggers <ebiggers@google.com>,
Barani Muthukumaran <bmuthuku@qti.qualcomm.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [f2fs-dev] [PATCH v5 7/9] fscrypt: add inline encryption support
Date: Thu, 31 Oct 2019 11:32:17 -0700 [thread overview]
Message-ID: <20191031183217.GF23601@infradead.org> (raw)
In-Reply-To: <20191028072032.6911-8-satyat@google.com>
> diff --git a/fs/crypto/bio.c b/fs/crypto/bio.c
> index 1f4b8a277060..956798debf71 100644
> --- a/fs/crypto/bio.c
> +++ b/fs/crypto/bio.c
> @@ -46,26 +46,38 @@ int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
> {
> const unsigned int blockbits = inode->i_blkbits;
> const unsigned int blocksize = 1 << blockbits;
> + const bool inlinecrypt = fscrypt_inode_uses_inline_crypto(inode);
> struct page *ciphertext_page;
> struct bio *bio;
> int ret, err = 0;
>
> - ciphertext_page = fscrypt_alloc_bounce_page(GFP_NOWAIT);
> - if (!ciphertext_page)
> - return -ENOMEM;
> + if (inlinecrypt) {
> + ciphertext_page = ZERO_PAGE(0);
> + } else {
> + ciphertext_page = fscrypt_alloc_bounce_page(GFP_NOWAIT);
> + if (!ciphertext_page)
> + return -ENOMEM;
I think you just want to split this into two functions for the
inline crypto vs not cases.
> @@ -391,6 +450,16 @@ struct fscrypt_master_key {
> */
> struct crypto_skcipher *mk_iv_ino_lblk_64_tfms[__FSCRYPT_MODE_MAX + 1];
>
> +#ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
> + /* Raw keys for IV_INO_LBLK_64 policies, allocated on-demand */
> + u8 *mk_iv_ino_lblk_64_raw_keys[__FSCRYPT_MODE_MAX + 1];
> +
> + /* The data unit size being used for inline encryption */
> + unsigned int mk_data_unit_size;
> +
> + /* The filesystem's block device */
> + struct block_device *mk_bdev;
File systems (including f2fs) can have multiple underlying block
devices.
> +{
> + const struct inode *inode = ci->ci_inode;
> + struct super_block *sb = inode->i_sb;
> +
> + /* The file must need contents encryption, not filenames encryption */
> + if (!S_ISREG(inode->i_mode))
> + return false;
But that isn't really what the check checks for..
> + /* The filesystem must be mounted with -o inlinecrypt */
> + if (!sb->s_cop->inline_crypt_enabled ||
> + !sb->s_cop->inline_crypt_enabled(sb))
> + return false;
So please add a SB_* flag for that option instead of the weird
indirection.
> +/**
> + * fscrypt_inode_uses_inline_crypto - test whether an inode uses inline encryption
This adds an overly long line. This happens many more times in the
patch.
Btw, I'm not happy about the 8-byte IV assumptions everywhere here.
That really should be a parameter, not hardcoded.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2019-10-31 18:32 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 7:20 [PATCH v5 0/9] Inline Encryption Support Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-28 7:20 ` [PATCH v5 1/9] block: Keyslot Manager for Inline Encryption Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:04 ` Christoph Hellwig
2019-10-31 18:04 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 2/9] block: Add encryption context to struct bio Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:16 ` Christoph Hellwig
2019-10-31 18:16 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 3/9] block: blk-crypto for Inline Encryption Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 17:57 ` Christoph Hellwig
2019-10-31 17:57 ` [f2fs-dev] " Christoph Hellwig
2019-10-31 20:50 ` Theodore Y. Ts'o
2019-10-31 20:50 ` [f2fs-dev] " Theodore Y. Ts'o
2019-10-31 21:22 ` Christoph Hellwig
2019-10-31 21:22 ` [f2fs-dev] " Christoph Hellwig
2019-11-05 2:01 ` Eric Biggers
2019-11-05 2:01 ` [f2fs-dev] " Eric Biggers
2019-11-05 15:39 ` Christoph Hellwig
2019-11-05 15:39 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 4/9] scsi: ufs: UFS driver v2.1 spec crypto additions Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-28 7:20 ` [PATCH v5 5/9] scsi: ufs: UFS crypto API Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:23 ` Christoph Hellwig
2019-10-31 18:23 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 6/9] scsi: ufs: Add inline encryption support to UFS Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:26 ` Christoph Hellwig
2019-10-31 18:26 ` [f2fs-dev] " Christoph Hellwig
2019-10-28 7:20 ` [PATCH v5 7/9] fscrypt: add inline encryption support Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 18:32 ` Christoph Hellwig [this message]
2019-10-31 18:32 ` Christoph Hellwig
2019-10-31 20:21 ` Eric Biggers
2019-10-31 20:21 ` [f2fs-dev] " Eric Biggers
2019-10-31 21:21 ` Christoph Hellwig
2019-10-31 21:21 ` [f2fs-dev] " Christoph Hellwig
2019-10-31 22:25 ` Eric Biggers
2019-10-31 22:25 ` [f2fs-dev] " Eric Biggers
2019-11-05 0:15 ` Christoph Hellwig
2019-11-05 0:15 ` [f2fs-dev] " Christoph Hellwig
2019-11-05 1:03 ` Eric Biggers
2019-11-05 1:03 ` [f2fs-dev] " Eric Biggers
2019-11-05 3:12 ` Eric Biggers
2019-11-05 3:12 ` [f2fs-dev] " Eric Biggers
2019-10-28 7:20 ` [PATCH v5 8/9] f2fs: " Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
2019-10-31 17:14 ` Jaegeuk Kim
2019-10-31 17:14 ` [f2fs-dev] " Jaegeuk Kim
2019-10-28 7:20 ` [PATCH v5 9/9] ext4: " Satya Tangirala
2019-10-28 7:20 ` [f2fs-dev] " Satya Tangirala via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191031183217.GF23601@infradead.org \
--to=hch@infradead.org \
--cc=bmuthuku@qti.qualcomm.com \
--cc=boojin.kim@samsung.com \
--cc=ebiggers@google.com \
--cc=kuohong.wang@mediatek.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.