| From: |
| Josef Bacik <josef-AT-toxicpanda.com> |
| To: |
| linux-btrfs-AT-vger.kernel.org, kernel-team-AT-fb.com |
| Subject: |
| [PATCH v5 00/52] btrfs: add fscrypt support |
| Date: |
| Wed, 24 Jan 2024 12:18:22 -0500 |
| Message-ID: |
| <cover.1706116485.git.josef@toxicpanda.com> |
| Archive-link: |
| Article |
Hello,
This is based on
https://github.com/btrfs/linux.git for-next
which has the recent pull from the fscrypt tree.
I've reworked a lot of this to incorporate Eric's suggestions. There are a few
more patches because of bugs I've found in testing, and I've disabled a few
features, namely RAID5/6 and send, as they will require more work to support
with encryption and that can be done after the core work is merged.
Thanks,
Josef
v4->v5:
- Addressed all the comments from Eric and then reworked the rest of the code to
handle the various changes.
- Fixed read repair.
- Fixed log replay.
- Disabled send for encrypted file systems.
- Disabled turning on encryption on RAID5/6 file systems.
v3->v4:
- Added support for '-o test_dummy_encryption' at Eric's suggestion, this
uncovered a load of issues.
- Preliminary work to support decrypting names for our various name resolution
ioctls. I didn't get everything but I got the ones we depend on in fstests.
- Preliminary work for send of an encrypted directory with the key loaded.
There's probably still bugs in here, but it doesn't crash anymore.
- Fixed how we limit the bio size to work with direct and buffered io.
- Fixed using the wrong fscrypt extent context for writes into prealloc extents.
Josef Bacik (38):
fscrypt: add per-extent encryption support
fscrypt: allow inline encryption for extent based encryption
fscrypt: add a fscrypt_inode_open helper
fscrypt: conditionally don't wipe mk secret until the last active user
is done
blk-crypto: add a process bio callback
fscrypt: add a process_bio hook to fscrypt_operations
fscrypt: add documentation about extent encryption
btrfs: add infrastructure for safe em freeing
btrfs: select encryption dependencies if FS_ENCRYPTION
btrfs: add fscrypt_info and encryption_type to ordered_extent
btrfs: plumb through setting the fscrypt_info for ordered extents
btrfs: plumb the fscrypt extent context through create_io_em
btrfs: populate the ordered_extent with the fscrypt context
btrfs: keep track of fscrypt info and orig_start for dio reads
btrfs: add an optional encryption context to the end of file extents
btrfs: pass through fscrypt_extent_info to the file extent helpers
btrfs: implement the fscrypt extent encryption hooks
btrfs: setup fscrypt_extent_info for new extents
btrfs: populate ordered_extent with the orig offset
btrfs: set the bio fscrypt context when applicable
btrfs: add a bio argument to btrfs_csum_one_bio
btrfs: add orig_logical to btrfs_bio
btrfs: limit encrypted writes to 256 segments
btrfs: implement process_bio cb for fscrypt
btrfs: implement read repair for encryption
btrfs: add test_dummy_encryption support
btrfs: don't rewrite ret from inode_permission
btrfs: move inode_to_path higher in backref.c
btrfs: make btrfs_ref_to_path handle encrypted filenames
btrfs: don't search back for dir inode item in INO_LOOKUP_USER
btrfs: deal with encrypted symlinks in send
btrfs: decrypt file names for send
btrfs: load the inode context before sending writes
btrfs: set the appropriate free space settings in reconfigure
btrfs: support encryption with log replay
btrfs: disable auto defrag on encrypted files
btrfs: disable encryption on RAID5/6
btrfs: disable send if we have encryption enabled
Omar Sandoval (7):
fscrypt: expose fscrypt_nokey_name
btrfs: disable various operations on encrypted inodes
btrfs: start using fscrypt hooks
btrfs: add inode encryption contexts
btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag
btrfs: adapt readdir for encrypted and nokey names
btrfs: implement fscrypt ioctls
Sweet Tea Dorminy (7):
btrfs: disable verity on encrypted inodes
btrfs: handle nokey names.
btrfs: gate encryption behind BTRFS_DEBUG
btrfs: add get_devices hook for fscrypt
btrfs: set file extent encryption excplicitly
btrfs: add fscrypt_info and encryption_type to extent_map
btrfs: explicitly track file extent length for replace and drop
Documentation/filesystems/fscrypt.rst | 41 ++
block/blk-crypto-fallback.c | 43 +++
block/blk-crypto-internal.h | 8 +
block/blk-crypto-profile.c | 2 +
block/blk-crypto.c | 6 +-
fs/btrfs/Kconfig | 3 +
fs/btrfs/Makefile | 1 +
fs/btrfs/accessors.h | 50 +++
fs/btrfs/backref.c | 114 ++++--
fs/btrfs/bio.c | 163 +++++++-
fs/btrfs/bio.h | 16 +-
fs/btrfs/btrfs_inode.h | 3 +-
fs/btrfs/compression.c | 9 +
fs/btrfs/ctree.h | 5 +
fs/btrfs/defrag.c | 18 +-
fs/btrfs/delayed-inode.c | 29 +-
fs/btrfs/delayed-inode.h | 6 +-
fs/btrfs/dir-item.c | 108 +++++-
fs/btrfs/dir-item.h | 11 +-
fs/btrfs/disk-io.c | 3 +-
fs/btrfs/extent_io.c | 120 +++++-
fs/btrfs/extent_io.h | 3 +
fs/btrfs/extent_map.c | 104 ++++-
fs/btrfs/extent_map.h | 26 ++
fs/btrfs/file-item.c | 33 +-
fs/btrfs/file-item.h | 7 +-
fs/btrfs/file.c | 12 +-
fs/btrfs/fs.h | 6 +-
fs/btrfs/fscrypt.c | 423 ++++++++++++++++++++
fs/btrfs/fscrypt.h | 116 ++++++
fs/btrfs/inode.c | 529 ++++++++++++++++++++------
fs/btrfs/ioctl.c | 69 ++--
fs/btrfs/ordered-data.c | 36 +-
fs/btrfs/ordered-data.h | 21 +-
fs/btrfs/reflink.c | 8 +
fs/btrfs/root-tree.c | 8 +-
fs/btrfs/root-tree.h | 2 +-
fs/btrfs/send.c | 140 ++++++-
fs/btrfs/super.c | 106 +++++-
fs/btrfs/super.h | 3 +-
fs/btrfs/sysfs.c | 6 +
fs/btrfs/tree-checker.c | 66 +++-
fs/btrfs/tree-log.c | 37 +-
fs/btrfs/verity.c | 3 +
fs/crypto/crypto.c | 10 +-
fs/crypto/fname.c | 36 --
fs/crypto/fscrypt_private.h | 42 ++
fs/crypto/hooks.c | 46 ++-
fs/crypto/inline_crypt.c | 84 +++-
fs/crypto/keyring.c | 18 +-
fs/crypto/keysetup.c | 166 ++++++++
fs/crypto/policy.c | 47 +++
include/linux/blk-crypto.h | 15 +-
include/linux/fscrypt.h | 125 ++++++
include/uapi/linux/btrfs.h | 1 +
include/uapi/linux/btrfs_tree.h | 35 +-
56 files changed, 2798 insertions(+), 350 deletions(-)
create mode 100644 fs/btrfs/fscrypt.c
create mode 100644 fs/btrfs/fscrypt.h
--
2.43.0
