From: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
To: linux-fscrypt@vger.kernel.org, ebiggers@kernel.org,
paulcrowley@google.com, linux-btrfs@vger.kernel.org,
kernel-team@meta.com
Cc: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Subject: [RFC PATCH 05/17] fscrypt: use parent dir's info for extent-based encryption.
Date: Sun, 1 Jan 2023 00:06:09 -0500 [thread overview]
Message-ID: <d145985930958d2c15955438af7468276547d2d3.1672547582.git.sweettea-kernel@dorminy.me> (raw)
In-Reply-To: <cover.1672547582.git.sweettea-kernel@dorminy.me>
For regular files in filesystems using extent-based encryption, the
corresponding inode does
not need a fscrypt_info structure of its own as for inode-based fscrypt, as they will not be
encrypting anything using it. Any new extents written to the inode will
use a per-extent info structure derived from the inode's parent
directory's info structure. However, it is convenient to cache that
parent directory's info structure in the inode; it makes it easy to
check whether the parents' info exists, so that we don't have to get and
put a reference to the parent inode every time we want to get the inode
info. So do that.
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
---
fs/crypto/fscrypt_private.h | 18 ++++++++++++++++++
fs/crypto/keysetup.c | 27 ++++++++++++++++++++++++++-
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h
index 2df28c6fe558..e4c9c483114f 100644
--- a/fs/crypto/fscrypt_private.h
+++ b/fs/crypto/fscrypt_private.h
@@ -262,6 +262,24 @@ typedef enum {
FS_ENCRYPT,
} fscrypt_direction_t;
+/**
+ * fscrypt_uses_extent_encryption() -- whether an inode uses per-extent
+ * encryption
+ *
+ * @param inode the inode in question
+ *
+ * Return: true if the inode uses per-extent encryption infos, false otherwise
+ */
+static inline bool fscrypt_uses_extent_encryption(const struct inode *inode)
+{
+ // Non-regular files don't have extents
+ if (!S_ISREG(inode->i_mode))
+ return false;
+
+ // No filesystem currently uses per-extent infos
+ return false;
+}
+
/**
* fscrypt_get_inode_info() - get the fscrypt_info for a particular inode
*
diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c
index 4d7ff8244c55..52244e0dd1e4 100644
--- a/fs/crypto/keysetup.c
+++ b/fs/crypto/keysetup.c
@@ -622,6 +622,22 @@ int fscrypt_get_encryption_info(struct inode *inode, bool allow_unsupported)
if (fscrypt_has_encryption_key(inode))
return 0;
+ if (fscrypt_uses_extent_encryption(inode)) {
+ struct dentry *dentry = d_find_any_alias(inode);
+ struct dentry *parent_dentry = dget_parent(dentry);
+ struct inode *dir = parent_dentry->d_inode;
+ struct fscrypt_info *dir_info = fscrypt_get_inode_info(dir);
+ struct fscrypt_master_key *mk = NULL;
+
+ if (dir_info)
+ mk = dir_info->ci_master_key;
+
+ fscrypt_set_inode_info(inode, dir_info, mk);
+ dput(parent_dentry);
+ dput(dentry);
+ return 0;
+ }
+
res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
if (res < 0) {
if (res == -ERANGE && allow_unsupported)
@@ -704,6 +720,14 @@ int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
*encrypt_ret = true;
+ if (fscrypt_uses_extent_encryption(inode)) {
+ struct fscrypt_info *dir_info = fscrypt_get_inode_info(dir);
+
+ fscrypt_set_inode_info(inode, dir_info,
+ dir_info->ci_master_key);
+ return 0;
+ }
+
get_random_bytes(nonce, FSCRYPT_FILE_NONCE_SIZE);
return fscrypt_setup_encryption_info(inode, policy, nonce,
IS_CASEFOLDED(dir) &&
@@ -720,7 +744,8 @@ EXPORT_SYMBOL_GPL(fscrypt_prepare_new_inode);
*/
void fscrypt_put_encryption_info(struct inode *inode)
{
- put_crypt_info(fscrypt_get_inode_info(inode));
+ if (!fscrypt_uses_extent_encryption(inode))
+ put_crypt_info(fscrypt_get_inode_info(inode));
fscrypt_set_inode_info(inode, NULL, NULL);
}
EXPORT_SYMBOL(fscrypt_put_encryption_info);
--
2.38.1
next prev parent reply other threads:[~2023-01-01 5:13 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-01 5:06 [RFC PATCH 00/17] fscrypt: add per-extent encryption keys Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 01/17] fscrypt: factor accessing inode->i_crypt_info Sweet Tea Dorminy
2023-01-02 21:00 ` Eric Biggers
2023-01-01 5:06 ` [RFC PATCH 02/17] fscrypt: separate getting info for a specific block Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 03/17] fscrypt: adjust effective lblks based on extents Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 04/17] fscrypt: factor out fscrypt_set_inode_info() Sweet Tea Dorminy
2023-01-01 6:03 ` kernel test robot
2023-01-01 6:13 ` kernel test robot
2023-01-01 5:06 ` Sweet Tea Dorminy [this message]
2023-01-01 5:06 ` [RFC PATCH 06/17] fscrypt: add a super_block pointer to fscrypt_info Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 07/17] fscrypt: update comments about inodes to include extents Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 08/17] fscrypt: rename mk->mk_decrypted_inodes* Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 09/17] fscrypt: make fscrypt_setup_encryption_info generic for extents Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 10/17] fscrypt: let fscrypt_infos be owned by an extent Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 11/17] fscrypt: update all the *per_file_* function names Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 12/17] fscrypt: notify per-extent infos if master key vanishes Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 13/17] fscrypt: use an optional ino equivalent for per-extent infos Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 14/17] fscrypt: add creation/usage/freeing of " Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 15/17] fscrypt: allow load/save of extent contexts Sweet Tea Dorminy
2023-01-01 6:33 ` kernel test robot
2023-01-02 21:47 ` Eric Biggers
2023-01-02 22:31 ` Sweet Tea Dorminy
2023-01-02 22:51 ` Eric Biggers
2023-01-03 0:33 ` Sweet Tea Dorminy
2023-01-03 0:47 ` Eric Biggers
2023-01-03 1:23 ` Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 16/17] fscrypt: disable inline encryption for extent-based encryption Sweet Tea Dorminy
2023-01-01 5:06 ` [RFC PATCH 17/17] fscrypt: update documentation to mention per-extent keys Sweet Tea Dorminy
2023-02-22 11:52 ` [RFC PATCH 00/17] fscrypt: add per-extent encryption keys Neal Gompa
2023-02-22 14:13 ` Sweet Tea Dorminy
2023-02-22 20:53 ` Eric Biggers
2023-01-03 14:38 [RFC PATCH 04/17] fscrypt: factor out fscrypt_set_inode_info() kernel test robot
2023-01-04 8:37 ` Dan Carpenter
2023-01-03 15:28 [RFC PATCH 14/17] fscrypt: add creation/usage/freeing of per-extent infos kernel test robot
2023-01-04 8:41 ` Dan Carpenter
2023-01-03 16:19 [RFC PATCH 15/17] fscrypt: allow load/save of extent contexts kernel test robot
2023-01-04 8:42 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d145985930958d2c15955438af7468276547d2d3.1672547582.git.sweettea-kernel@dorminy.me \
--to=sweettea-kernel@dorminy.me \
--cc=ebiggers@kernel.org \
--cc=kernel-team@meta.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=paulcrowley@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.