Re: [PATCH v5 0/9] fs: multigrain timestamp redux

struct inode. Either that will need to > be changed, or we'll need to come up with a different way to do this for > bcachefs. > > [1]: > https://lore.kernel.org/linux-fsdevel/20230807-mgctime-v7-0-d1dec143a...@kernel.org/ > > Signed-off-by: Jeff Layton Reviewed-by: Josef Bacik Thanks, Josef

Re: [PATCH v2 09/11] btrfs: convert to multigrain timestamps

On Mon, Jul 01, 2024 at 09:57:43AM -0400, Jeff Layton wrote: > On Mon, 2024-07-01 at 09:49 -0400, Josef Bacik wrote: > > On Mon, Jul 01, 2024 at 06:26:45AM -0400, Jeff Layton wrote: > > > Enable multigrain timestamps, which should ensure that there is an > > > appar

Re: [PATCH v2 00/11] fs: multigrain timestamp redux

. > > [1]: > https://lore.kernel.org/linux-fsdevel/20230807-mgctime-v7-0-d1dec143a...@kernel.org/ > > Signed-off-by: Jeff Layton I have a few nits that need to be addressed, but you can add Reviewed-by: Josef Bacik to the series once they're addressed. Thanks, Josef

Re: [PATCH v2 11/11] Documentation: add a new file documenting multigrain timestamps

On Mon, Jul 01, 2024 at 06:26:47AM -0400, Jeff Layton wrote: > Add a high-level document that describes how multigrain timestamps work, > rationale for them, and some info about implementation and tradeoffs. > > Signed-off-by: Jeff Layton > --- > Documentation/filesystems/multigrain-ts.rst | 126

Re: [PATCH v2 09/11] btrfs: convert to multigrain timestamps

On Mon, Jul 01, 2024 at 06:26:45AM -0400, Jeff Layton wrote: > Enable multigrain timestamps, which should ensure that there is an > apparent change to the timestamp whenever it has been written after > being actively observed via getattr. > > Beyond enabling the FS_MGTIME flag, this patch eliminat

Re: [PATCH v2 07/11] xfs: switch to multigrain timestamps

On Mon, Jul 01, 2024 at 06:26:43AM -0400, Jeff Layton wrote: > Enable multigrain timestamps, which should ensure that there is an > apparent change to the timestamp whenever it has been written after > being actively observed via getattr. > > Also, anytime the mtime changes, the ctime must also ch

Re: [PATCH v4 00/46] btrfs: add fscrypt support

On Tue, Apr 09, 2024 at 07:42:22PM -0400, Eric Biggers wrote: > Hi Josef and Sweet Tea, > > On Fri, Dec 01, 2023 at 05:10:57PM -0500, Josef Bacik wrote: > > Hello, > > > > v3 can be found here > > > > https://lore.kernel.org/linux-btrfs/co

Re: [f2fs-dev] [PATCH 1/3] btrfs: call btrfs_close_devices from ->kill_sb

On Sat, Dec 16, 2023 at 05:12:21AM +0100, Christoph Hellwig wrote: > On Fri, Dec 15, 2023 at 04:45:50PM -0500, Josef Bacik wrote: > > I ran it through, you broke a test that isn't upstream yet to test the old > > mount > > api double mount thing that I have a test for &

Re: [f2fs-dev] [PATCH 1/3] btrfs: call btrfs_close_devices from ->kill_sb

On Wed, Dec 13, 2023 at 09:41:23AM +0100, Christoph Hellwig wrote: > On Tue, Dec 12, 2023 at 08:00:16PM -0800, Eric Biggers wrote: > > From: Christoph Hellwig > > > > blkdev_put must not be called under sb->s_umount to avoid a lock order > > reversal with disk->open_mutex once call backs from blo

Re: [PATCH 1/3] btrfs: call btrfs_close_devices from ->kill_sb

On Wed, Dec 13, 2023 at 09:41:23AM +0100, Christoph Hellwig wrote: > On Tue, Dec 12, 2023 at 08:00:16PM -0800, Eric Biggers wrote: > > From: Christoph Hellwig > > > > blkdev_put must not be called under sb->s_umount to avoid a lock order > > reversal with disk->open_mutex once call backs from blo

Re: [PATCH] fscrypt: move the call to fscrypt_destroy_keyring() into ->put_super()

utomatically for filesystems, which is unfortunate, though this is in > line with most of the other fscrypt functions. > > (The fscrypt keyring destruction has now been changed an embarrassingly > large number of times. Hopefully this will be The Last Change That > Finally Gets I

Re: [PATCH v4 00/46] btrfs: add fscrypt support

On Fri, Dec 01, 2023 at 05:10:57PM -0500, Josef Bacik wrote: > Hello, > > v3 can be found here > > https://lore.kernel.org/linux-btrfs/cover.1697480198.git.jo...@toxicpanda.com/ Sorry Eric, it's been a long week and I forgot how to use email, didn't cc you or linux-fscr

Re: [PATCH 07/12] btrfs: test snapshotting encrypted subvol

On Mon, Nov 27, 2023 at 10:16:28PM +0800, Anand Jain wrote: > > > On 31/10/2023 23:39, Filipe Manana wrote: > > On Tue, Oct 10, 2023 at 9:26 PM Josef Bacik wrote: > > > > > > From: Sweet Tea Dorminy > > > > > > Make sure that sna

Re: [PATCH v2 00/36] btrfs: add fscrypt support

On Tue, Nov 21, 2023 at 03:02:32PM -0800, Eric Biggers wrote: > On Tue, Oct 10, 2023 at 04:40:15PM -0400, Josef Bacik wrote: > > Hello, > > > > This is the next version of the fscrypt support. It is based on a > > combination > > of Sterba's for-next branch

Re: [PATCH 09/12] fstests: split generic/580 into two tests

On Thu, Nov 02, 2023 at 07:42:50PM +0800, Anand Jain wrote: > On 10/11/23 04:26, Josef Bacik wrote: > > generic/580 tests both v1 and v2 encryption policies, however btrfs only > > supports v2 policies. Split this into two tests so that we can get the > > v2 coverage for b

Re: [PATCH] fscrypt: track master key presence separately from secret

more complex (despite simplifying FS_IOC_GET_ENCRYPTION_KEY_STATUS), > since it would have introduced redundancy and had weird locking rules. > > Signed-off-by: Eric Biggers Based my fscrypt patches ontop of this one, ran tests with both btrfs and ext4 with it applied, in addition to my normal review stuff. You can add Reviewed-by: Josef Bacik Thanks, Josef

[PATCH v2 32/36] btrfs: populate ordered_extent with the orig offset

this as an argument and plumb it through everywhere, this will be used when setting up the bio. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c| 15 ++- fs/btrfs/ordered-data.c | 22 -- fs/btrfs/ordered-data.h | 12 +--- 3 files changed, 31 inserti

[PATCH v2 27/36] btrfs: explicitly track file extent length for replace and drop

-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ctree.h| 2 ++ fs/btrfs/file.c | 4 ++-- fs/btrfs/inode.c| 7 +-- fs/btrfs/reflink.c | 1 + fs/btrfs/tree-log.c | 5 +++-- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs

[PATCH v2 26/36] btrfs: add an optional encryption context to the end of file extents

extent item. Add the appropriate accessors to make it easy to read this information if we have encryption set, and then update the tree-checker to validate that if this is indeed set properly that the size matches properly. Signed-off-by: Josef Bacik --- fs/btrfs/accessors.h| 48

[PATCH v2 16/36] btrfs: implement fscrypt ioctls

pt flag in order to have a filesystem with any encryption. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 28 1 file changed, 28 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 1f

[PATCH v2 22/36] btrfs: add fscrypt_info and encryption_type to ordered_extent

We're going to need these to update the file extent items once the writes are complete. Add them and add the pieces necessary to assign them and free everything. Signed-off-by: Josef Bacik --- fs/btrfs/ordered-data.c | 2 ++ fs/btrfs/ordered-data.h | 6 ++ 2 files changed, 8 inser

[PATCH v2 23/36] btrfs: plumb through setting the fscrypt_info for ordered extents

We're going to be getting fscrypt_info from the extent maps, update the helpers to take an fscrypt_info argument and use that to set the encryption type on the ordered extent. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c| 20 +++- fs/btrfs/ordered-data.c

[PATCH v2 17/36] btrfs: add encryption to CONFIG_BTRFS_DEBUG

From: Sweet Tea Dorminy Since encryption is currently under BTRFS_DEBUG, this adds its dependencies: inline encryption from fscrypt, and the inline encryption fallback path from the block layer. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 2 ++ 1 file

[PATCH v2 34/36] btrfs: add a bio argument to btrfs_csum_one_bio

llow us to csum the encrypted bio and stuff the csums into the corresponding bbio to be used later when the IO completes. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 2 +- fs/btrfs/file-item.c | 3 +-- fs/btrfs/file-item.h | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff

[PATCH v2 20/36] btrfs: set file extent encryption excplicitly

From: Sweet Tea Dorminy This puts the long-preserved 1-byte encryption field to work, storing whether the extent is encrypted. Update the tree-checker to allow for the encryption bit to be set to our valid types. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH v2 28/36] btrfs: pass through fscrypt_extent_info to the file extent helpers

Now that we have the fscrypt_extnet_info in all of the supporting structures, pass this through and set the file extent encryption bit accordingly from the supporting structures. In subsequent patches code will be added to populate these appropriately. Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH v2 35/36] btrfs: add orig_logical to btrfs_bio

when csum'ing the bio instead of the bio->iter.bi_sector. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 9 + fs/btrfs/bio.h | 3 +++ fs/btrfs/file-item.c | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index 90e4

[PATCH v2 31/36] btrfs: setup fscrypt_extent_info for new extents

tents. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 39 +-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4f23c3af60be..b0109b313217 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7396,7 +73

[PATCH v2 33/36] btrfs: set the bio fscrypt context when applicable

the lblk of 0, 4k into the extent has the lblk of 4k, etc. This is done to allow things like relocation to continue to work properly. Signed-off-by: Josef Bacik --- fs/btrfs/compression.c | 6 fs/btrfs/extent_io.c | 63 +- fs/btrfs/fscrypt.c

[PATCH v2 36/36] btrfs: implement process_bio cb for fscrypt

t's submitted. We check the csums before decryption. If it doesn't match we simply error out and we let the normal path handle the repair work. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 34 +- fs/btrfs/bio.h | 3 +++ fs/btrfs/fscrypt.c |

[PATCH v2 24/36] btrfs: populate the ordered_extent with the fscrypt context

The fscrypt_extent_info will be tied to the extent_map lifetime, so it will be created when we create the IO em, or it'll already exist in the NOCOW case. Use this fscrypt_info when creating the ordered extent to make sure everything is passed through properly. Signed-off-by: Josef

[PATCH v2 30/36] btrfs: implement the fscrypt extent encryption hooks

nd save it into the file extent item when we create a new file extent item. Signed-off-by: Josef Bacik --- fs/btrfs/defrag.c| 10 - fs/btrfs/file-item.c | 11 +- fs/btrfs/file-item.h | 5 - fs/btrfs/file.c | 9 fs/btrfs/fscryp

[PATCH v2 14/36] btrfs: adapt readdir for encrypted and nokey names

fscrypt_name are changed to so require at all callsites. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/btrfs_inode.h | 2 +- fs/btrfs/delayed-inode.c | 29 ++- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 77 +++

[PATCH v2 29/36] btrfs: pass the fscrypt_info through the replace extent infrastructure

Prealloc uses the btrfs_replace_file_extents() infrastructure to insert its new extents. We need to set the fscrypt context on these extents, so pass this through the btrfs_replace_extent_info so it can be used in a later patch when we hook in this infrastructure. Signed-off-by: Josef Bacik

[PATCH v2 21/36] btrfs: add fscrypt_info and encryption_type to extent_map

subsequent code for transferring it in the split and merge cases, as well as the code necessary to free them. A future patch will add the code to load them as appropriate. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/extent_map.c | 32 +--- fs

[PATCH v2 18/36] btrfs: add get_devices hook for fscrypt

From: Sweet Tea Dorminy Since extent encryption requires inline encryption, even though we expect to use the inlinecrypt software fallback most of the time, we need to enumerate all the devices in use by btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH v2 25/36] btrfs: keep track of fscrypt info and orig_start for dio reads

We keep track of this information in the ordered extent for writes, but we need it for reads as well. Add fscrypt_extent_info and orig_start to the dio_data so we can populate this on reads. This will be used later when we attach the fscrypt context to the bios. Signed-off-by: Josef Bacik

[PATCH v2 19/36] btrfs: turn on inlinecrypt mount option for encrypt

had a encrypted file, or when encryption is enabled on a directory, update the mount flags to include inlinecrypt. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 3 +++ fs/btrfs/super.c | 10 ++ 2 files changed, 13 insertions(+) diff --git a/fs/btrfs/io

[PATCH v2 15/36] btrfs: handle nokey names.

n the nokey name, and we can extract it from the fscrypt_name structure in such a case. Additionally, for nokey names, if we find the nokey name on disk we can update the fscrypt_name with the disk name, so add that to searching for diritems. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef

[PATCH v2 11/36] btrfs: start using fscrypt hooks

minimal set also, and introduce the new fscrypt.[ch] files to hold the fscrypt-specific functionality. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/Makefile | 1 + fs/btrfs/btrfs_inode.h | 1 + fs/btrfs/file.c| 3 ++ fs

[PATCH v2 13/36] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag

From: Omar Sandoval As encrypted files will be incompatible with older filesystem versions, new filesystems should be created with an incompat flag for fscrypt, which will gate access to the encryption ioctls. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef

[PATCH v2 12/36] btrfs: add inode encryption contexts

in a new item type. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/fscrypt.c | 117 fs/btrfs/fscrypt.h | 2 + fs/btrfs/inode.c| 19 ++ fs/btrfs/ioctl.c

[PATCH v2 07/36] fscrypt: add documentation about extent encryption

Add a couple of sections to the fscrypt documentation about per-extent encryption. Signed-off-by: Josef Bacik --- Documentation/filesystems/fscrypt.rst | 36 +++ 1 file changed, 36 insertions(+) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation

[PATCH v2 06/36] fscrypt: expose fscrypt_nokey_name

: Josef Bacik --- fs/crypto/fname.c | 39 +-- include/linux/fscrypt.h | 37 + 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 7b3fc189593a..5607ee52703e 100644

[PATCH v2 05/36] blk-crypto: add a process bio callback

ative encryption if this callback is set. Signed-off-by: Josef Bacik --- block/blk-crypto-fallback.c| 28 block/blk-crypto-profile.c | 2 ++ block/blk-crypto.c | 6 +- fs/crypto/inline_crypt.c | 3 ++- include/linux/blk-c

[PATCH v2 08/36] btrfs: add infrastructure for safe em freeing

list and do the appropriate freeing work in a safe manner. Signed-off-by: Josef Bacik --- fs/btrfs/extent_map.c | 80 --- fs/btrfs/extent_map.h | 10 ++ fs/btrfs/tree-log.c | 6 ++-- 3 files changed, 89 insertions(+), 7 deletions(-) diff --git

[PATCH v2 09/36] btrfs: disable various operations on encrypted inodes

Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 3 ++- fs/btrfs/reflink.c | 7 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index c9317c047587..4806ff34224a 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -630,7 +630,8

[PATCH v2 10/36] btrfs: disable verity on encrypted inodes

From: Sweet Tea Dorminy Right now there isn't a way to encrypt things that aren't either filenames in directories or data on blocks on disk with extent encryption, so for now, disable verity usage with encryption on btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Baci

[PATCH v2 03/36] fscrypt: add per-extent encryption support

s we're deriving a per-extent key to use for the encryption, the inode still controls the policy and access to the master key. Signed-off-by: Josef Bacik --- fs/crypto/crypto.c | 10 ++- fs/crypto/fscrypt_private.h | 44 ++ fs/crypto/inline_crypt.c| 84 +++

[PATCH v2 04/36] fscrypt: disable all but standard v2 policies for extent encryption

The different encryption related options for fscrypt are too numerous to support for extent based encryption. Support for a few of these options could possibly be added, but since they're niche options simply reject them for file systems using extent based encryption. Signed-off-by: Josef

[PATCH v2 02/36] fscrypt: don't wipe mk secret until the last active user is gone

Until then no new users are allowed, and this allows currently open files to continue to operate until they're closed. Signed-off-by: Josef Bacik --- fs/crypto/keyring.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index e0

[PATCH v2 01/36] fscrypt: use a flag to indicate that the master key is being evicted

th about whether or not the key is available for use. Signed-off-by: Josef Bacik --- fs/crypto/fscrypt_private.h | 17 - fs/crypto/hooks.c | 2 +- fs/crypto/keyring.c | 20 ++-- fs/crypto/keysetup.c| 4 ++-- 4 files changed, 25 insertion

[PATCH v2 00/36] btrfs: add fscrypt support

soft delete master key idea in a different way that's hopefully more straightforward and easier to understand. - A small fixup related to master keys being removed. This has been tested with the updated fstests, everything appears to be working well. Thanks, Josef Josef Bacik (21):

[PATCH 05/12] common/verity: explicitly don't allow btrfs encryption

From: Sweet Tea Dorminy Currently btrfs encryption doesn't support verity, but it is planned to one day. To be explicit about the lack of support, add a custom error message to the combination. Signed-off-by: Sweet Tea Dorminy --- common/verity | 4 1 file changed, 4 insertions(+) diff -

[PATCH 12/12] fstest: add a fsstress+fscrypt test

I noticed we don't run fsstress with fscrypt in any of our tests, and this was helpful in uncovering a couple of symlink related corner cases for the btrfs support work. Add a basic test that creates a encrypted directory and runs fsstress in that directory. Signed-off-by: Josef

[PATCH 11/12] fstests: split generic/613 into two tests

ently random. Signed-off-by: Josef Bacik --- tests/generic/613 | 20 ++-- tests/generic/613.out | 5 +- tests/generic/735 | 117 ++ tests/generic/735.out | 14 + 4 files changed, 138 insertions(+), 18 deletions(-) create mode 100644 tests/ge

[PATCH 07/12] btrfs: test snapshotting encrypted subvol

From: Sweet Tea Dorminy Make sure that snapshots of encrypted data are readable and writeable. Test deliberately high-numbered to not conflict. Signed-off-by: Sweet Tea Dorminy --- tests/btrfs/614 | 76 ++ tests/btrfs/614.out | 111

[PATCH 10/12] fstests: split generic/581 into two tests

generic/581 is mostly a v2 policy test, but it does do some quick checks of v1 policies as a normal user. Split the v1 and v2 related parts into two different tests so that the v2 part can get properly tested for btrfs file systems, which only support v2 policies. Signed-off-by: Josef Bacik

[PATCH 08/12] fstests: properly test for v1 encryption policies in encrypt tests

With btrfs adding fscrypt support we're limiting the usage to plain v2 policies only. This means we need to update the _require's for generic/593 that tests both v1 and v2 policies. The other sort of tests will be split into two tests in later patches. Signed-off-by: Josef Bacik -

[PATCH 09/12] fstests: split generic/580 into two tests

generic/580 tests both v1 and v2 encryption policies, however btrfs only supports v2 policies. Split this into two tests so that we can get the v2 coverage for btrfs. Signed-off-by: Josef Bacik --- tests/generic/580 | 118 ++ tests/generic/580.out

[PATCH 04/12] common/encrypt: enable making a encrypted btrfs filesystem

From: Sweet Tea Dorminy Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 6 ++ 1 file changed, 6 insertions(+) diff --git a/common/encrypt b/common/encrypt index 2c1925da..1372af66 100644 --- a/common/encrypt +++ b/common/encrypt @@ -153,6 +153,9 @@ _scratch_mkfs_encrypted()

[PATCH 06/12] btrfs: add simple test of reflink of encrypted data

From: Sweet Tea Dorminy Make sure that we succeed at reflinking encrypted data. Test deliberately numbered with a high number so it won't conflict with tests between now and merge. --- tests/btrfs/613 | 59 + tests/btrfs/613.out | 13 ++ 2

[PATCH 02/12] common/encrypt: add btrfs to get_encryption_*nonce

From: Sweet Tea Dorminy Add the modes of getting the encryption nonces, either inode or extent, to the various get_encryption_nonce functions. For now, no encrypt test makes a file with more than one extent, so we can just grab the first extent's nonce for the data nonce; when we write a bigger f

[PATCH 03/12] common/encrypt: add btrfs to get_ciphertext_filename

From: Sweet Tea Dorminy Add the relevant call to get an encrypted filename from btrfs. Signed-off-by: Sweet Tea Dorminy --- common/encrypt | 16 1 file changed, 16 insertions(+) diff --git a/common/encrypt b/common/encrypt index fc1c8cc7..2c1925da 100644 --- a/common/encrypt

[PATCH 00/12] fstests: fscrypt test updates

;ve tested these with ext4 and btrfs (with our patches) to make sure everything works properly. Thanks, Josef Josef Bacik (5): fstests: properly test for v1 encryption policies in encrypt tests fstests: split generic/580 into two tests fstests: split generic/581 into two tests fstests: split g

[PATCH 01/12] common/encrypt: separate data and inode nonces

From: Sweet Tea Dorminy btrfs will have different inode and data nonces, so we need to be specific about which nonce each use needs. For now, there is no difference in the two functions. Signed-off-by: Sweet Tea Dorminy --- common/encrypt| 33 ++--- tests/f2fs/0

Master key removal semantics

Hello, While getting the fstests stuff nailed down to deal with btrfs I ran into failures with generic/595, specifically the multi-threaded part. In one thread we have a loop adding and removing the master key. In the other thread we have us trying to echo a character into a flie in the encrypte

[PATCH 35/35] btrfs: implement process_bio cb for fscrypt

t's submitted. We check the csums before decryption. If it doesn't match we simply error out and we let the normal path handle the repair work. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 34 +- fs/btrfs/bio.h | 3 +++ fs/btrfs/fscrypt.c |

[PATCH 34/35] btrfs: add orig_logical to btrfs_bio

when csum'ing the bio instead of the bio->iter.bi_sector. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 9 + fs/btrfs/bio.h | 3 +++ fs/btrfs/file-item.c | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/bio.c b/fs/btrfs/bio.c index 90e4

[PATCH 33/35] btrfs: add a bio argument to btrfs_csum_one_bio

llow us to csum the encrypted bio and stuff the csums into the corresponding bbio to be used later when the IO completes. Signed-off-by: Josef Bacik --- fs/btrfs/bio.c | 2 +- fs/btrfs/file-item.c | 3 +-- fs/btrfs/file-item.h | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff

[PATCH 32/35] btrfs: set the bio fscrypt context when applicable

the lblk of 0, 4k into the extent has the lblk of 4k, etc. This is done to allow things like relocation to continue to work properly. Signed-off-by: Josef Bacik --- fs/btrfs/compression.c | 6 fs/btrfs/extent_io.c | 63 +- fs/btrfs/fscrypt.c

[PATCH 30/35] btrfs: setup fscrypt_extent_info for new extents

tents. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 39 +-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 9414991d6b6b..aa536b838ce3 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7398,7 +73

[PATCH 31/35] btrfs: populate ordered_extent with the orig offset

this as an argument and plumb it through everywhere, this will be used when setting up the bio. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c| 15 ++- fs/btrfs/ordered-data.c | 22 -- fs/btrfs/ordered-data.h | 12 +--- 3 files changed, 31 inserti

[PATCH 29/35] btrfs: implement the fscrypt extent encryption hooks

nd save it into the file extent item when we create a new file extent item. Signed-off-by: Josef Bacik --- fs/btrfs/defrag.c| 10 - fs/btrfs/file-item.c | 11 +- fs/btrfs/file-item.h | 5 - fs/btrfs/file.c | 9 + fs/btrfs/fscryp

[PATCH 28/35] btrfs: pass the fscrypt_info through the replace extent infrastructure

Prealloc uses the btrfs_replace_file_extents() infrastructure to insert its new extents. We need to set the fscrypt context on these extents, so pass this through the btrfs_replace_extent_info so it can be used in a later patch when we hook in this infrastructure. Signed-off-by: Josef Bacik

[PATCH 26/35] btrfs: explicitly track file extent length for replace and drop

-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ctree.h| 2 ++ fs/btrfs/file.c | 4 ++-- fs/btrfs/inode.c| 7 +-- fs/btrfs/reflink.c | 1 + fs/btrfs/tree-log.c | 5 +++-- 5 files changed, 13 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs

[PATCH 25/35] btrfs: add an optional encryption context to the end of file extents

extent item. Add the appropriate accessors to make it easy to read this information if we have encryption set, and then update the tree-checker to validate that if this is indeed set properly that the size matches properly. Signed-off-by: Josef Bacik --- fs/btrfs/accessors.h| 48

[PATCH 27/35] btrfs: pass through fscrypt_extent_info to the file extent helpers

Now that we have the fscrypt_extnet_info in all of the supporting structures, pass this through and set the file extent encryption bit accordingly from the supporting structures. In subsequent patches code will be added to populate these appropriately. Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH 20/35] btrfs: add fscrypt_info and encryption_type to extent_map

subsequent code for transferring it in the split and merge cases, as well as the code necessary to free them. A future patch will add the code to load them as appropriate. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/extent_map.c | 32 +--- fs

[PATCH 23/35] btrfs: populate the ordered_extent with the fscrypt context

The fscrypt_extent_info will be tied to the extent_map lifetime, so it will be created when we create the IO em, or it'll already exist in the NOCOW case. Use this fscrypt_info when creating the ordered extent to make sure everything is passed through properly. Signed-off-by: Josef

[PATCH 21/35] btrfs: add fscrypt_info and encryption_type to ordered_extent

We're going to need these to update the file extent items once the writes are complete. Add them and add the pieces necessary to assign them and free everything. Signed-off-by: Josef Bacik --- fs/btrfs/ordered-data.c | 2 ++ fs/btrfs/ordered-data.h | 6 ++ 2 files changed, 8 inser

[PATCH 22/35] btrfs: plumb through setting the fscrypt_info for ordered extents

We're going to be getting fscrypt_info from the extent maps, update the helpers to take an fscrypt_info argument and use that to set the encryption type on the ordered extent. Signed-off-by: Josef Bacik --- fs/btrfs/inode.c| 20 +++- fs/btrfs/ordered-data.c

[PATCH 24/35] btrfs: keep track of fscrypt info and orig_start for dio reads

We keep track of this information in the ordered extent for writes, but we need it for reads as well. Add fscrypt_extent_info and orig_start to the dio_data so we can populate this on reads. This will be used later when we attach the fscrypt context to the bios. Signed-off-by: Josef Bacik

[PATCH 15/35] btrfs: implement fscrypt ioctls

pt flag in order to have a filesystem with any encryption. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 28 1 file changed, 28 insertions(+) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index ae

[PATCH 19/35] btrfs: set file extent encryption excplicitly

From: Sweet Tea Dorminy This puts the long-preserved 1-byte encryption field to work, storing whether the extent is encrypted. Update the tree-checker to allow for the encryption bit to be set to our valid types. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH 17/35] btrfs: add get_devices hook for fscrypt

From: Sweet Tea Dorminy Since extent encryption requires inline encryption, even though we expect to use the inlinecrypt software fallback most of the time, we need to enumerate all the devices in use by btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs

[PATCH 18/35] btrfs: turn on inlinecrypt mount option for encrypt

had a encrypted file, or when encryption is enabled on a directory, update the mount flags to include inlinecrypt. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 3 +++ fs/btrfs/super.c | 10 ++ 2 files changed, 13 insertions(+) diff --git a/fs/btrfs/io

[PATCH 14/35] btrfs: handle nokey names.

n the nokey name, and we can extract it from the fscrypt_name structure in such a case. Additionally, for nokey names, if we find the nokey name on disk we can update the fscrypt_name with the disk name, so add that to searching for diritems. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef

[PATCH 16/35] btrfs: add encryption to CONFIG_BTRFS_DEBUG

From: Sweet Tea Dorminy Since encryption is currently under BTRFS_DEBUG, this adds its dependencies: inline encryption from fscrypt, and the inline encryption fallback path from the block layer. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/ioctl.c | 2 ++ 1 file

[PATCH 13/35] btrfs: adapt readdir for encrypted and nokey names

fscrypt_name are changed to so require at all callsites. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/btrfs_inode.h | 2 +- fs/btrfs/delayed-inode.c | 29 ++- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 77 +++

[PATCH 11/35] btrfs: add inode encryption contexts

in a new item type. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/fscrypt.c | 117 fs/btrfs/fscrypt.h | 2 + fs/btrfs/inode.c| 19 ++ fs/btrfs/ioctl.c

[PATCH 03/35] fscrypt: disable all but standard v2 policies for extent encryption

The different encryption related options for fscrypt are too numerous to support for extent based encryption. Support for a few of these options could possibly be added, but since they're niche options simply reject them for file systems using extent based encryption. Signed-off-by: Josef

[PATCH 09/35] btrfs: disable verity on encrypted inodes

From: Sweet Tea Dorminy Right now there isn't a way to encrypt things that aren't either filenames in directories or data on blocks on disk with extent encryption, so for now, disable verity usage with encryption on btrfs. Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Baci

[PATCH 05/35] fscrypt: expose fscrypt_nokey_name

: Josef Bacik --- fs/crypto/fname.c | 39 +-- include/linux/fscrypt.h | 37 + 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c index 7b3fc189593a..5607ee52703e 100644

[PATCH 12/35] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag

From: Omar Sandoval As encrypted files will be incompatible with older filesystem versions, new filesystems should be created with an incompat flag for fscrypt, which will gate access to the encryption ioctls. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef

[PATCH 10/35] btrfs: start using fscrypt hooks

minimal set also, and introduce the new fscrypt.[ch] files to hold the fscrypt-specific functionality. Also add the key prefix for fscrypt v1 keys. Signed-off-by: Omar Sandoval Signed-off-by: Sweet Tea Dorminy Signed-off-by: Josef Bacik --- fs/btrfs/Makefile | 1 + fs/btrfs/btrfs_inode.h

[PATCH 06/35] fscrypt: add documentation about extent encryption

Add a couple of sections to the fscrypt documentation about per-extent encryption. Signed-off-by: Josef Bacik --- Documentation/filesystems/fscrypt.rst | 36 +++ 1 file changed, 36 insertions(+) diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation

[PATCH 07/35] btrfs: add infrastructure for safe em freeing

list and do the appropriate freeing work in a safe manner. Signed-off-by: Josef Bacik --- fs/btrfs/extent_map.c | 80 --- fs/btrfs/extent_map.h | 10 ++ fs/btrfs/tree-log.c | 6 ++-- 3 files changed, 89 insertions(+), 7 deletions(-) diff --git

[PATCH 08/35] btrfs: disable various operations on encrypted inodes

Signed-off-by: Josef Bacik --- fs/btrfs/inode.c | 3 ++- fs/btrfs/reflink.c | 7 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 52576deda654..6cba648d5656 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -630,7 +630,8

[PATCH 04/35] blk-crypto: add a process bio callback

ative encryption if this callback is set. Signed-off-by: Josef Bacik --- block/blk-crypto-fallback.c| 28 block/blk-crypto-profile.c | 2 ++ block/blk-crypto.c | 6 +- fs/crypto/inline_crypt.c | 3 ++- include/linux/blk-c

  1   2   3   4   5   6   7   8   9   10   >