[lustre-devel] [PATCH] fscrypt: allow alternative bounce buffers
Sebastien Buisson
sbuisson at ddn.com
Fri Apr 29 07:57:30 PDT 2022
Hmm, sorry, looking into this further, the patch is missing a 'static inline’ definition for llcrypt_encrypt_page and llcrypt_decrypt_page in fscrypt.h for the case where:
#else /* !CONFIG_FS_ENCRYPTION */
They just need to return -EOPNOTSUPP.
> Le 29 avr. 2022 à 16:44, Sebastien Buisson via lustre-devel <lustre-devel at lists.lustre.org> a écrit :
>
> This looks good to me, thanks James.
> I have updated Lustre patch https://review.whamcloud.com/47149 to integrate this change.
>
>> Le 28 avr. 2022 à 19:23, James Simmons <jsimmons at infradead.org> a écrit :
>>
>> Currently fscrypt offers two options. One option is to use the
>> internal bounce buffer allocated or perform inline encrpytion.
>> Add the option to use an external bounce buffer. This change can
>> be used useful for example for a network file systems which can
>> pass in a page from the page cache and place the encrypted data
>> into a page for a network packet to be sent. Another potential
>> use is the use of GPU pages with RDMA being the final destination
>> for the encrypted data.
>>
>> Signed-off-By: James Simmons <jsimmons at infradead.org>
>> ---
>> fs/crypto/crypto.c | 34 +++++++++++++++++++---------------
>> include/linux/fscrypt.h | 34 ++++++++++++++++++++++++++++------
>> 2 files changed, 47 insertions(+), 21 deletions(-)
>>
>> diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
>> index e78be66..f241c69 100644
>> --- a/fs/crypto/crypto.c
>> +++ b/fs/crypto/crypto.c
>> @@ -210,9 +210,10 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> EXPORT_SYMBOL(fscrypt_encrypt_pagecache_blocks);
>>
>> /**
>> - * fscrypt_encrypt_block_inplace() - Encrypt a filesystem block in-place
>> + * fscrypt_encrypt_page() - Cache an encrypt filesystem block in a page
>> * @inode: The inode to which this block belongs
>> - * @page: The page containing the block to encrypt
>> + * @src: The page containing the block to encrypt
>> + * @dst: The page which will contain the encrypted data
>> * @len: Size of block to encrypt. This must be a multiple of
>> * FSCRYPT_CONTENTS_ALIGNMENT.
>> * @offs: Byte offset within @page at which the block to encrypt begins
>> @@ -223,17 +224,18 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> * Encrypt a possibly-compressed filesystem block that is located in an
>> * arbitrary page, not necessarily in the original pagecache page. The @inode
>> * and @lblk_num must be specified, as they can't be determined from @page.
>> + * The decrypted data will be stored in @dst.
>> *
>> * Return: 0 on success; -errno on failure
>> */
>> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
>> - unsigned int len, unsigned int offs,
>> - u64 lblk_num, gfp_t gfp_flags)
>> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
>> + struct page *dst, unsigned int len, unsigned int offs,
>> + u64 lblk_num, gfp_t gfp_flags)
>> {
>> - return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, page, page,
>> + return fscrypt_crypt_block(inode, FS_ENCRYPT, lblk_num, src, dst,
>> len, offs, gfp_flags);
>> }
>> -EXPORT_SYMBOL(fscrypt_encrypt_block_inplace);
>> +EXPORT_SYMBOL(fscrypt_encrypt_page);
>>
>> /**
>> * fscrypt_decrypt_pagecache_blocks() - Decrypt filesystem blocks in a
>> @@ -280,9 +282,10 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> EXPORT_SYMBOL(fscrypt_decrypt_pagecache_blocks);
>>
>> /**
>> - * fscrypt_decrypt_block_inplace() - Decrypt a filesystem block in-place
>> + * fscrypt_decrypt_page() - Cache a decrypt a filesystem block in a page
>> * @inode: The inode to which this block belongs
>> - * @page: The page containing the block to decrypt
>> + * @src: The page containing the block to decrypt
>> + * @dst: The page which will contain the plain data
>> * @len: Size of block to decrypt. This must be a multiple of
>> * FSCRYPT_CONTENTS_ALIGNMENT.
>> * @offs: Byte offset within @page at which the block to decrypt begins
>> @@ -292,17 +295,18 @@ int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> * Decrypt a possibly-compressed filesystem block that is located in an
>> * arbitrary page, not necessarily in the original pagecache page. The @inode
>> * and @lblk_num must be specified, as they can't be determined from @page.
>> + * The encrypted data will be stored in @dst.
>> *
>> * Return: 0 on success; -errno on failure
>> */
>> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
>> - unsigned int len, unsigned int offs,
>> - u64 lblk_num)
>> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
>> + struct page *dst, unsigned int len, unsigned int offs,
>> + u64 lblk_num, gfp_t gfp_flags)
>> {
>> - return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, page, page,
>> - len, offs, GFP_NOFS);
>> + return fscrypt_crypt_block(inode, FS_DECRYPT, lblk_num, src, dst,
>> + len, offs, gfp_flags);
>> }
>> -EXPORT_SYMBOL(fscrypt_decrypt_block_inplace);
>> +EXPORT_SYMBOL(fscrypt_decrypt_page);
>>
>> /**
>> * fscrypt_initialize() - allocate major buffers for fs encryption.
>> diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
>> index efc7f96..c2b67d1 100644
>> --- a/include/linux/fscrypt.h
>> +++ b/include/linux/fscrypt.h
>> @@ -255,15 +255,37 @@ struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
>> unsigned int len,
>> unsigned int offs,
>> gfp_t gfp_flags);
>> -int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
>> - unsigned int len, unsigned int offs,
>> - u64 lblk_num, gfp_t gfp_flags);
>> +int fscrypt_encrypt_page(const struct inode *inode, struct page *src,
>> + struct page *dst, unsigned int len,
>> + unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
>> +
>> +static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
>> + struct page *page,
>> + unsigned int len,
>> + unsigned int offs,
>> + u64 lblk_num,
>> + gfp_t gfp_flags)
>> +{
>> + return fscrypt_encrypt_page(inode, page, page, len, offs, lblk_num,
>> + gfp_flags);
>> +}
>>
>> int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
>> unsigned int offs);
>> -int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
>> - unsigned int len, unsigned int offs,
>> - u64 lblk_num);
>> +
>> +int fscrypt_decrypt_page(const struct inode *inode, struct page *src,
>> + struct page *dst, unsigned int len,
>> + unsigned int offs, u64 lblk_num, gfp_t gfp_flags);
>> +
>> +static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
>> + struct page *page,
>> + unsigned int len,
>> + unsigned int offs,
>> + u64 lblk_num)
>> +{
>> + return fscrypt_decrypt_page(inode, page, page, len, offs, lblk_num,
>> + GFP_NOFS);
>> +}
>>
>> static inline bool fscrypt_is_bounce_page(struct page *page)
>> {
>> --
>> 1.8.3.1
>>
>
> _______________________________________________
> lustre-devel mailing list
> lustre-devel at lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
More information about the lustre-devel
mailing list