From: David Howells <dhowells@redhat.com>
To: Jeff Layton <jlayton@kernel.org>, Steve French <smfrench@gmail.com>
Cc: David Howells <dhowells@redhat.com>,
Matthew Wilcox <willy@infradead.org>,
Marc Dionne <marc.dionne@auristor.com>,
Paulo Alcantara <pc@manguebit.com>,
Shyam Prasad N <sprasad@microsoft.com>,
Tom Talpey <tom@talpey.com>,
Dominique Martinet <asmadeus@codewreck.org>,
Eric Van Hensbergen <ericvh@kernel.org>,
Ilya Dryomov <idryomov@gmail.com>,
Christian Brauner <christian@brauner.io>,
linux-cachefs@redhat.com, linux-afs@lists.infradead.org,
linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org,
ceph-devel@vger.kernel.org, v9fs@lists.linux.dev,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3 38/59] netfs: Decrypt encrypted content
Date: Thu, 7 Dec 2023 21:21:45 +0000 [thread overview]
Message-ID: <20231207212206.1379128-39-dhowells@redhat.com> (raw)
In-Reply-To: <20231207212206.1379128-1-dhowells@redhat.com>
Implement a facility to provide decryption for encrypted content to a whole
read-request in one go (which might have been stitched together from
disparate sources with divisions that don't match page boundaries).
Note that this doesn't necessarily gain the best throughput if the crypto
block size is equal to or less than the size of a page (in which case we
might be better doing it as pages become read), but it will handle crypto
blocks larger than the size of a page.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
cc: linux-fsdevel@vger.kernel.org
cc: linux-mm@kvack.org
---
fs/netfs/crypto.c | 59 ++++++++++++++++++++++++++++++++++++
fs/netfs/internal.h | 1 +
fs/netfs/io.c | 6 +++-
include/linux/netfs.h | 3 ++
include/trace/events/netfs.h | 2 ++
5 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/fs/netfs/crypto.c b/fs/netfs/crypto.c
index 943d01f430e2..6729bcda4f47 100644
--- a/fs/netfs/crypto.c
+++ b/fs/netfs/crypto.c
@@ -87,3 +87,62 @@ bool netfs_encrypt(struct netfs_io_request *wreq)
wreq->error = ret;
return false;
}
+
+/*
+ * Decrypt the result of a read request.
+ */
+void netfs_decrypt(struct netfs_io_request *rreq)
+{
+ struct netfs_inode *ctx = netfs_inode(rreq->inode);
+ struct scatterlist source_sg[16], dest_sg[16];
+ unsigned int n_source;
+ size_t n, chunk, bsize = 1UL << ctx->crypto_bshift;
+ loff_t pos;
+ int ret;
+
+ trace_netfs_rreq(rreq, netfs_rreq_trace_decrypt);
+ if (rreq->start >= rreq->i_size)
+ return;
+
+ n = min_t(unsigned long long, rreq->len, rreq->i_size - rreq->start);
+
+ _debug("DECRYPT %llx-%llx f=%lx",
+ rreq->start, rreq->start + n, rreq->flags);
+
+ pos = rreq->start;
+ for (; n > 0; n -= chunk, pos += chunk) {
+ chunk = min(n, bsize);
+
+ ret = netfs_iter_to_sglist(&rreq->io_iter, chunk,
+ source_sg, ARRAY_SIZE(source_sg));
+ if (ret < 0)
+ goto error;
+ n_source = ret;
+
+ if (test_bit(NETFS_RREQ_CRYPT_IN_PLACE, &rreq->flags)) {
+ ret = ctx->ops->decrypt_block(rreq, pos, chunk,
+ source_sg, n_source,
+ source_sg, n_source);
+ } else {
+ ret = netfs_iter_to_sglist(&rreq->iter, chunk,
+ dest_sg, ARRAY_SIZE(dest_sg));
+ if (ret < 0)
+ goto error;
+ ret = ctx->ops->decrypt_block(rreq, pos, chunk,
+ source_sg, n_source,
+ dest_sg, ret);
+ }
+
+ if (ret < 0)
+ goto error_failed;
+ }
+
+ return;
+
+error_failed:
+ trace_netfs_failure(rreq, NULL, ret, netfs_fail_decryption);
+error:
+ rreq->error = ret;
+ set_bit(NETFS_RREQ_FAILED, &rreq->flags);
+ return;
+}
diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h
index 9412ec886df1..b6c142ef996a 100644
--- a/fs/netfs/internal.h
+++ b/fs/netfs/internal.h
@@ -30,6 +30,7 @@ int netfs_prefetch_for_write(struct file *file, struct folio *folio,
* crypto.c
*/
bool netfs_encrypt(struct netfs_io_request *wreq);
+void netfs_decrypt(struct netfs_io_request *rreq);
/*
* direct_write.c
diff --git a/fs/netfs/io.c b/fs/netfs/io.c
index 5d9098db815a..e4633ebc269f 100644
--- a/fs/netfs/io.c
+++ b/fs/netfs/io.c
@@ -400,6 +400,9 @@ static void netfs_rreq_assess(struct netfs_io_request *rreq, bool was_async)
return;
}
+ if (!test_bit(NETFS_RREQ_FAILED, &rreq->flags) &&
+ test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags))
+ netfs_decrypt(rreq);
if (rreq->origin != NETFS_DIO_READ)
netfs_rreq_unlock_folios(rreq);
else
@@ -429,7 +432,8 @@ static void netfs_rreq_work(struct work_struct *work)
static void netfs_rreq_terminated(struct netfs_io_request *rreq,
bool was_async)
{
- if (test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) &&
+ if ((test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) ||
+ test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) &&
was_async) {
if (!queue_work(system_unbound_wq, &rreq->work))
BUG();
diff --git a/include/linux/netfs.h b/include/linux/netfs.h
index c2985f73d870..50adcf6942b8 100644
--- a/include/linux/netfs.h
+++ b/include/linux/netfs.h
@@ -325,6 +325,9 @@ struct netfs_request_ops {
int (*encrypt_block)(struct netfs_io_request *wreq, loff_t pos, size_t len,
struct scatterlist *source_sg, unsigned int n_source,
struct scatterlist *dest_sg, unsigned int n_dest);
+ int (*decrypt_block)(struct netfs_io_request *rreq, loff_t pos, size_t len,
+ struct scatterlist *source_sg, unsigned int n_source,
+ struct scatterlist *dest_sg, unsigned int n_dest);
};
/*
diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h
index 3f50819613e2..6394fdf7a9cd 100644
--- a/include/trace/events/netfs.h
+++ b/include/trace/events/netfs.h
@@ -40,6 +40,7 @@
#define netfs_rreq_traces \
EM(netfs_rreq_trace_assess, "ASSESS ") \
EM(netfs_rreq_trace_copy, "COPY ") \
+ EM(netfs_rreq_trace_decrypt, "DECRYPT") \
EM(netfs_rreq_trace_done, "DONE ") \
EM(netfs_rreq_trace_encrypt, "ENCRYPT") \
EM(netfs_rreq_trace_free, "FREE ") \
@@ -75,6 +76,7 @@
#define netfs_failures \
EM(netfs_fail_check_write_begin, "check-write-begin") \
EM(netfs_fail_copy_to_cache, "copy-to-cache") \
+ EM(netfs_fail_decryption, "decryption") \
EM(netfs_fail_dio_read_short, "dio-read-short") \
EM(netfs_fail_dio_read_zero, "dio-read-zero") \
EM(netfs_fail_encryption, "encryption") \
next prev parent reply other threads:[~2023-12-07 21:24 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 21:21 [PATCH v3 00/59] netfs, afs, 9p, cifs: Delegate high-level I/O to netfslib David Howells
2023-12-07 21:21 ` [PATCH v3 01/59] netfs, fscache: Move fs/fscache/* into fs/netfs/ David Howells
2023-12-07 21:21 ` [PATCH v3 02/59] netfs, fscache: Combine fscache with netfs David Howells
2023-12-07 21:21 ` [PATCH v3 03/59] netfs, fscache: Remove ->begin_cache_operation David Howells
2023-12-07 21:21 ` [PATCH v3 04/59] netfs, fscache: Move /proc/fs/fscache to /proc/fs/netfs and put in a symlink David Howells
2023-12-13 15:19 ` Jeff Layton
2023-12-13 15:32 ` David Howells
2023-12-07 21:21 ` [PATCH v3 05/59] netfs: Move pinning-for-writeback from fscache to netfs David Howells
2023-12-07 21:21 ` [PATCH v3 06/59] netfs: Add a procfile to list in-progress requests David Howells
2023-12-07 21:21 ` [PATCH v3 07/59] netfs: Allow the netfs to make the io (sub)request alloc larger David Howells
2023-12-07 21:21 ` [PATCH v3 08/59] netfs: Add a ->free_subrequest() op David Howells
2023-12-07 21:21 ` [PATCH v3 09/59] afs: Don't use folio->private to record partial modification David Howells
2023-12-07 21:21 ` [PATCH v3 10/59] netfs: Provide invalidate_folio and release_folio calls David Howells
2023-12-07 21:21 ` [PATCH v3 11/59] netfs: Implement unbuffered/DIO vs buffered I/O locking David Howells
2023-12-07 21:21 ` [PATCH v3 12/59] netfs: Add iov_iters to (sub)requests to describe various buffers David Howells
2023-12-07 21:21 ` [PATCH v3 13/59] netfs: Add support for DIO buffering David Howells
2023-12-07 21:21 ` [PATCH v3 14/59] netfs: Provide tools to create a buffer in an xarray David Howells
2023-12-07 21:21 ` [PATCH v3 15/59] netfs: Add bounce buffering support David Howells
2023-12-07 21:21 ` [PATCH v3 16/59] netfs: Add func to calculate pagecount/size-limited span of an iterator David Howells
2023-12-07 21:21 ` [PATCH v3 17/59] netfs: Limit subrequest by size or number of segments David Howells
2023-12-07 21:21 ` [PATCH v3 18/59] netfs: Export netfs_put_subrequest() and some tracepoints David Howells
2023-12-07 21:21 ` [PATCH v3 19/59] netfs: Extend the netfs_io_*request structs to handle writes David Howells
2023-12-07 21:21 ` [PATCH v3 20/59] netfs: Add a hook to allow tell the netfs to update its i_size David Howells
2023-12-07 21:21 ` [PATCH v3 21/59] netfs: Make netfs_put_request() handle a NULL pointer David Howells
2023-12-07 21:21 ` [PATCH v3 22/59] netfs: Make the refcounting of netfs_begin_read() easier to use David Howells
2023-12-07 21:21 ` [PATCH v3 23/59] netfs: Prep to use folio->private for write grouping and streaming write David Howells
2023-12-07 21:34 ` Matthew Wilcox
2023-12-07 21:21 ` [PATCH v3 24/59] netfs: Dispatch write requests to process a writeback slice David Howells
2023-12-07 21:21 ` [PATCH v3 25/59] netfs: Provide func to copy data to pagecache for buffered write David Howells
2023-12-07 21:21 ` [PATCH v3 26/59] netfs: Make netfs_read_folio() handle streaming-write pages David Howells
2023-12-07 21:21 ` [PATCH v3 27/59] netfs: Allocate multipage folios in the writepath David Howells
2023-12-07 21:21 ` [PATCH v3 28/59] netfs: Implement support for unbuffered/DIO read David Howells
2023-12-07 21:21 ` [PATCH v3 29/59] netfs: Implement unbuffered/DIO write support David Howells
2023-12-07 21:21 ` [PATCH v3 30/59] netfs: Implement buffered write API David Howells
2023-12-07 21:21 ` [PATCH v3 31/59] netfs: Allow buffered shared-writeable mmap through netfs_page_mkwrite() David Howells
2023-12-07 21:21 ` [PATCH v3 32/59] netfs: Provide netfs_file_read_iter() David Howells
2023-12-07 21:21 ` [PATCH v3 33/59] netfs, cachefiles: Pass upper bound length to allow expansion David Howells
2023-12-07 21:21 ` [PATCH v3 34/59] netfs: Provide a writepages implementation David Howells
2023-12-07 21:21 ` [PATCH v3 35/59] netfs: Provide minimum blocksize parameter David Howells
2023-12-07 21:21 ` [PATCH v3 36/59] netfs: Make netfs_skip_folio_read() take account of blocksize David Howells
2023-12-07 21:21 ` [PATCH v3 37/59] netfs: Perform content encryption David Howells
2023-12-07 21:21 ` David Howells [this message]
2023-12-07 21:21 ` [PATCH v3 39/59] netfs: Support decryption on ubuffered/DIO read David Howells
2023-12-07 21:21 ` [PATCH v3 40/59] netfs: Support encryption on Unbuffered/DIO write David Howells
2023-12-07 21:21 ` [PATCH v3 41/59] netfs: Provide a launder_folio implementation David Howells
2023-12-07 21:21 ` [PATCH v3 42/59] netfs: Implement a write-through caching option David Howells
2023-12-07 21:21 ` [PATCH v3 43/59] netfs: Rearrange netfs_io_subrequest to put request pointer first David Howells
2023-12-07 21:21 ` [PATCH v3 44/59] netfs: Optimise away reads above the point at which there can be no data David Howells
2023-12-07 21:21 ` [PATCH v3 45/59] afs: Use the netfs write helpers David Howells
2023-12-07 21:21 ` [PATCH v3 46/59] 9p: Use netfslib read/write_iter David Howells
2023-12-07 21:21 ` [PATCH v3 47/59] cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest David Howells
2023-12-07 21:21 ` [PATCH v3 48/59] cifs: Share server EOF pos with netfslib David Howells
2023-12-07 21:21 ` [PATCH v3 49/59] cifs: Set zero_point in the copy_file_range() and remap_file_range() David Howells
2023-12-07 21:21 ` [PATCH v3 50/59] cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest David Howells
2023-12-07 21:21 ` [PATCH v3 51/59] cifs: Use more fields from netfs_io_subrequest David Howells
2023-12-07 21:21 ` [PATCH v3 52/59] cifs: Make wait_mtu_credits take size_t args David Howells
2023-12-07 21:22 ` [PATCH v3 53/59] cifs: Implement netfslib hooks David Howells
2023-12-07 21:22 ` [PATCH v3 54/59] cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c David Howells
2023-12-07 21:22 ` [PATCH v3 55/59] cifs: Cut over to using netfslib David Howells
2023-12-07 21:22 ` [PATCH v3 56/59] cifs: Remove some code that's no longer used, part 1 David Howells
2023-12-07 21:22 ` [PATCH v3 57/59] cifs: Remove some code that's no longer used, part 2 David Howells
2023-12-07 21:22 ` [PATCH v3 58/59] cifs: Remove some code that's no longer used, part 3 David Howells
2023-12-07 21:22 ` [PATCH v3 59/59] netfs: Eliminate PG_fscache by setting folio->private and marking dirty David Howells
2023-12-07 21:38 ` Matthew Wilcox
2023-12-07 21:57 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231207212206.1379128-39-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=asmadeus@codewreck.org \
--cc=ceph-devel@vger.kernel.org \
--cc=christian@brauner.io \
--cc=ericvh@kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-cachefs@redhat.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nfs@vger.kernel.org \
--cc=marc.dionne@auristor.com \
--cc=netdev@vger.kernel.org \
--cc=pc@manguebit.com \
--cc=smfrench@gmail.com \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
--cc=v9fs@lists.linux.dev \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox