From: Eric Biggers <ebiggers@kernel.org>
To: Dave Chinner <david@fromorbit.com>
Cc: Satya Tangirala <satyat@google.com>,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-ext4@vger.kernel.org, linux-xfs@vger.kernel.org
Subject: Re: [PATCH v4 3/7] iomap: support direct I/O with fscrypt using blk-crypto
Date: Thu, 23 Jul 2020 16:03:45 -0700 [thread overview]
Message-ID: <20200723230345.GB870@sol.localdomain> (raw)
In-Reply-To: <20200723220752.GF2005@dread.disaster.area>
Hi Dave,
On Fri, Jul 24, 2020 at 08:07:52AM +1000, Dave Chinner wrote:
> > > > @@ -183,11 +184,16 @@ static void
> > > > iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos,
> > > > unsigned len)
> > > > {
> > > > + struct inode *inode = file_inode(dio->iocb->ki_filp);
> > > > struct page *page = ZERO_PAGE(0);
> > > > int flags = REQ_SYNC | REQ_IDLE;
> > > > struct bio *bio;
> > > >
> > > > bio = bio_alloc(GFP_KERNEL, 1);
> > > > +
> > > > + /* encrypted direct I/O is guaranteed to be fs-block aligned */
> > > > + WARN_ON_ONCE(fscrypt_needs_contents_encryption(inode));
> > >
> > > Which means you are now placing a new constraint on this code in
> > > that we cannot ever, in future, zero entire blocks here.
> > >
> > > This code can issue arbitrary sized zeroing bios - multiple entire fs blocks
> > > blocks if necessary - so I think constraining it to only support
> > > partial block zeroing by adding a warning like this is no correct.
> >
> > In v3 and earlier this instead had the code to set an encryption context:
> >
> > fscrypt_set_bio_crypt_ctx(bio, inode, pos >> inode->i_blkbits,
> > GFP_KERNEL);
> >
> > Would you prefer that, even though the call to fscrypt_set_bio_crypt_ctx() would
>
> Actually, I have no idea what that function does. It's not in a
> 5.8-rc6 kernel, and it's not in this patchset....
The cover letter mentions that this patchset is based on fscrypt/master.
That is, "master" of https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git
fscrypt_set_bio_crypt_ctx() was introduced by
"fscrypt: add inline encryption support" on that branch.
>
> > always be a no-op currently (since for now, iomap_dio_zero() will never be
> > called with an encrypted file) and thus wouldn't be properly tested?
>
> Same can be said for this WARN_ON_ONCE() code :)
>
> But, in the interests of not leaving landmines, if a fscrypt context
> is needed to be attached to the bio for data IO in direct IO, it
> should be attached to all bios that are allocated in the dio path
> rather than leave a landmine for people in future to trip over.
My concern is that if we were to pass the wrong 'lblk' to
fscrypt_set_bio_crypt_ctx(), we wouldn't catch it because it's not tested.
Passing the wrong 'lblk' would cause the data to be encrypted/decrypted
incorrectly.
It's not a big deal though, as it's "obviously correct". So we can just go
with that if you prefer it.
>
> > BTW, iomap_dio_zero() is actually limited to one page, so it's not quite
> > "arbitrary sizes".
>
> Yup, but that's an implentation detail, not a design constraint.
> i.e. I typically review/talk about how stuff functions at a
> design/architecture level, not how it's been implemented in the
> code.
>
> e.g. block size > page size patches in progress make use of the
> "arbitrary length" capability of the design:
>
> https://lore.kernel.org/linux-xfs/20181107063127.3902-7-david@fromorbit.com/
>
> > iomap is used for other filesystem operations too, so we need to consider when
> > to actually do the limiting. I don't think we should break up the extents
> > returned FS_IOC_FIEMAP, for example. FIEMAP already has a defined behavior.
> > Also, it would be weird for the list of extents that FIEMAP returns to change
> > depending on whether the filesystem is mounted with '-o inlinecrypt' or not.
>
> We don't need to care about that in the iomap code. The caller
> controls the behaviour of the mapping callbacks themselves via
> the iomap_ops structure they pass into high level iomap functions.
Sure, I wasn't saying we need to. I was talking about what we need to do in
ext4.
>
> > That also avoids any confusion between pages and blocks, which is nice.
>
> FWIW, the latest version of the above patchset (which,
> co-incidentally, I was bring up to date yesterday) abstracts away
> page and block sizes. It introduces the concept of "chunk size"
> which is calculated from the combination of the current page's size
> and the current inode's block size.
>
> i.e. in the near future we are going to have both variable page
> sizes (on a per-page basis via Willy's current work) and per-inode
> blocks sizes smaller, the same and larger than the size of the
> current pager. Hence we need to get rid of any assumptions about
> page sizes and block sizes in the iomap code, not introduce new
> ones.
>
> Hence if there is any limitation of filesystem functionality based
> on block size vs page size, it is going to be up to the filesystem
> to detect and enforce those restrictions, not the iomap
> infrastructure.
Sure, again I was talking about what we'll be doing in ext4, since with the
proposed change, it will be ext4 that does fscrypt_limit_io_blocks(). The limit
is based on blocks, not pages, so "fscrypt_limit_io_pages()" was a bit weird.
Note that currently, I don't think iomap_dio_bio_actor() would handle an
encrypted file with blocksize > PAGE_SIZE correctly, as the I/O could be split
in the middle of a filesystem block (even after the filesystem ensures that
direct I/O on encrypted files is fully filesystem-block-aligned, which we do ---
see the rest of this patchset), which isn't allowed on encrypted files.
However we currently don't support blocksize > PAGE_SIZE in ext4, f2fs, or
fs/crypto/ at all, so I don't think we should add extra logic to fs/iomap/ to
try to handle that case for encrypted files when we'd have no way to test it.
- Eric
next prev parent reply other threads:[~2020-07-23 23:04 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 23:37 [PATCH v4 0/7] add support for direct I/O with fscrypt using blk-crypto Satya Tangirala
2020-07-20 23:37 ` [PATCH v4 1/7] fscrypt: Add functions for direct I/O support Satya Tangirala
2020-07-22 17:04 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 2/7] direct-io: add support for fscrypt using blk-crypto Satya Tangirala
2020-07-22 17:05 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 3/7] iomap: support direct I/O with " Satya Tangirala
2020-07-22 17:06 ` Jaegeuk Kim
2020-07-22 21:16 ` Dave Chinner
2020-07-22 22:34 ` Eric Biggers
2020-07-22 22:44 ` Matthew Wilcox
2020-07-22 23:12 ` Eric Biggers
2020-07-22 23:26 ` Eric Biggers
2020-07-22 23:32 ` Darrick J. Wong
2020-07-22 23:43 ` Eric Biggers
2020-07-23 22:07 ` Dave Chinner
2020-07-23 23:03 ` Eric Biggers [this message]
2020-07-24 1:39 ` Dave Chinner
2020-07-24 3:46 ` Eric Biggers
2020-07-24 5:31 ` Dave Chinner
2020-07-24 17:41 ` Eric Biggers
2020-07-25 23:47 ` Dave Chinner
2020-07-25 23:59 ` Dave Chinner
2020-07-26 2:42 ` Eric Biggers
2020-07-27 17:16 ` Eric Biggers
2020-07-20 23:37 ` [PATCH v4 4/7] ext4: " Satya Tangirala
2020-07-22 17:07 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 5/7] f2fs: " Satya Tangirala
2020-07-21 20:11 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 6/7] fscrypt: document inline encryption support Satya Tangirala
2020-07-22 17:01 ` Jaegeuk Kim
2020-07-20 23:37 ` [PATCH v4 7/7] fscrypt: update documentation for direct I/O support Satya Tangirala
2020-07-21 0:47 ` Eric Biggers
2020-07-22 16:57 ` Jaegeuk Kim
2020-07-21 0:56 ` [PATCH v4 0/7] add support for direct I/O with fscrypt using blk-crypto Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200723230345.GB870@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=david@fromorbit.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=satyat@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).