[PATCH v3 00/13] Move fscrypt and fsverity out of struct inode

[Christian Brauner <brauner@xxxxxxxxxx>]

Hey,

As discussed, this moves the fscrypt and fsverity pointers out of struct
inode shrinking it by 16 bytes. The pointers move into the individual
filesystems that actually do make use of them.

In order to find the fscrypt and fsverity data pointers offsets from the
embedded struct inode in the filesystem's private inode data are stored
in struct super_operations. This means we get fast access to the data
pointers without having to rely on indirect calls.

Thanks!
Christian

Test results:

+ sudo ./check -g encrypt,verity
FSTYP         -- ext4
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-g9cfff4adb101 #268 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- -F /dev/nvme1n1p6
MOUNT_OPTIONS -- -o acl,user_xattr /dev/nvme1n1p6 /mnt/scratch

ext4/024        3s
generic/395        5s
generic/396        3s
generic/397        3s
generic/398        4s
generic/399        35s
generic/419        3s
generic/421        5s
generic/429        13s
generic/435        23s
generic/440        4s
generic/548        10s
generic/549        9s
generic/550       [not run] encryption policy '-c 9 -n 9 -f 0' is unusable; probably missing kernel crypto API support
generic/572        6s
generic/573        4s
generic/574        36s
generic/575        9s
generic/576        5s
generic/577        4s
generic/579        24s
generic/580        5s
generic/581        11s
generic/582        10s
generic/583        9s
generic/584       [not run] encryption policy '-c 9 -n 9 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/592        10s
generic/593        4s
generic/595        7s
generic/602        9s
generic/613        20s
generic/621        8s
generic/624        4s
generic/625        4s
generic/692        5s
generic/693       [not run] encryption policy '-c 1 -n 10 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/739        18s
Ran: ext4/024 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: generic/550 generic/584 generic/693
Passed all 37 tests

+ sudo ./check -g encrypt,verity
FSTYP         -- f2fs
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-g9cfff4adb101 #268 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- /dev/nvme1n1p6
MOUNT_OPTIONS -- -o acl,user_xattr /dev/nvme1n1p6 /mnt/scratch

f2fs/002       [not run] lz4 utility required, skipped this test
generic/395 5s ...  4s
generic/396 3s ...  4s
generic/397 3s ...  4s
generic/398 4s ...  4s
generic/399 35s ...  20s
generic/419 3s ...  4s
generic/421 5s ...  5s
generic/429 13s ...  14s
generic/435 23s ...  32s
generic/440 4s ...  4s
generic/548 10s ...  12s
generic/549 9s ...  12s
generic/550       [not run] encryption policy '-c 9 -n 9 -f 0' is unusable; probably missing kernel crypto API support
generic/572 6s ...  6s
generic/573 4s ...  4s
generic/574 36s ...  27s
generic/575 9s ...  10s
generic/576 5s ...  5s
generic/577 4s ...  4s
generic/579 24s ...  26s
generic/580 5s ...  5s
generic/581 11s ...  12s
generic/582 10s ...  12s
generic/583 9s ...  12s
generic/584       [not run] encryption policy '-c 9 -n 9 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/592 10s ...  13s
generic/593 4s ...  4s
generic/595 7s ...  7s
generic/602 9s ...  13s
generic/613 20s ...  24s
generic/621 8s ...  9s
generic/624 4s ...  3s
generic/625 4s ...  4s
generic/692 5s ...  5s
generic/693       [not run] encryption policy '-c 1 -n 10 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/739 18s ...  23s
Ran: f2fs/002 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: f2fs/002 generic/550 generic/584 generic/693
Passed all 37 tests

+ sudo ./check -g encrypt,verity
FSTYP         -- btrfs
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-g9cfff4adb101 #268 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- /dev/nvme1n1p6
MOUNT_OPTIONS -- /dev/nvme1n1p6 /mnt/scratch

btrfs/277       [not run] kernel does not support send stream 3
btrfs/290       [not run] btrfs-corrupt-block utility required, skipped this test
btrfs/291       [not run] This test requires a valid $LOGWRITES_DEV
generic/395 4s ... [not run] No encryption support for btrfs
generic/396 4s ... [not run] No encryption support for btrfs
generic/397 4s ... [not run] No encryption support for btrfs
generic/398 4s ... [not run] No encryption support for btrfs
generic/399 20s ... [not run] No encryption support for btrfs
generic/419 4s ... [not run] No encryption support for btrfs
generic/421 5s ... [not run] No encryption support for btrfs
generic/429 14s ... [not run] No encryption support for btrfs
generic/435 32s ... [not run] No encryption support for btrfs
generic/440 4s ... [not run] No encryption support for btrfs
generic/548 12s ... [not run] No encryption support for btrfs
generic/549 12s ... [not run] No encryption support for btrfs
generic/550       [not run] No encryption support for btrfs
generic/572 6s ...  6s
generic/573 4s ...  3s
generic/574 27s ... [not run] btrfs-corrupt-block utility required, skipped this test
generic/575 10s ...  8s
generic/576 5s ... [not run] No encryption support for btrfs
generic/577 4s ...  5s
generic/579 26s ...  24s
generic/580 5s ... [not run] No encryption support for btrfs
generic/581 12s ... [not run] No encryption support for btrfs
generic/582 12s ... [not run] No encryption support for btrfs
generic/583 12s ... [not run] No encryption support for btrfs
generic/584       [not run] No encryption support for btrfs
generic/592 13s ... [not run] No encryption support for btrfs
generic/593 4s ... [not run] No encryption support for btrfs
generic/595 7s ... [not run] No encryption support for btrfs
generic/602 13s ... [not run] No encryption support for btrfs
generic/613 24s ... [not run] No encryption support for btrfs
generic/621 9s ... [not run] No encryption support for btrfs
generic/624 3s ...  2s
generic/625 4s ...  2s
generic/692 5s ...  3s
generic/693       [not run] No encryption support for btrfs
generic/739 23s ... [not run] No encryption support for btrfs
Ran: btrfs/277 btrfs/290 btrfs/291 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: btrfs/277 btrfs/290 btrfs/291 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/574 generic/576 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/693 generic/739
Passed all 39 tests

---
Changes in v3:
- Stash offsets in struct super_operations.
- Link to v2: https://lore.kernel.org/20250722-work-inode-fscrypt-v2-0-782f1fdeaeba@xxxxxxxxxx

Changes in v2:
- First full implementation.
- Link to v1: https://lore.kernel.org/20250715-work-inode-fscrypt-v1-1-aa3ef6f44b6b@xxxxxxxxxx

---
Christian Brauner (13):
      fs: add fscrypt offset
      fs/crypto: use accessors
      ext4: move fscrypt to filesystem inode
      ubifs: move fscrypt to filesystem inode
      f2fs: move fscrypt to filesystem inode
      ceph: move fscrypt to filesystem inode
      fs: drop i_crypt_info from struct inode
      fs: add fsverity offset
      fs/verity: use accessors
      btrfs: move fsverity to filesystem inode
      ext4: move fsverity to filesystem inode
      f2fs: move fsverity to filesystem inode
      fs: drop i_verity_info from struct inode

 fs/btrfs/btrfs_inode.h       |  3 +++
 fs/btrfs/inode.c             |  3 +++
 fs/btrfs/super.c             |  4 ++++
 fs/ceph/super.c              |  4 ++++
 fs/crypto/bio.c              |  2 +-
 fs/crypto/crypto.c           |  8 ++++----
 fs/crypto/fname.c            |  8 ++++----
 fs/crypto/fscrypt_private.h  |  2 +-
 fs/crypto/hooks.c            |  2 +-
 fs/crypto/inline_crypt.c     | 10 +++++-----
 fs/crypto/keysetup.c         | 27 ++++++++++++++++-----------
 fs/crypto/policy.c           |  6 +++---
 fs/ext4/ext4.h               |  8 ++++++++
 fs/ext4/mballoc-test.c       |  4 ++++
 fs/ext4/super.c              | 14 ++++++++++++++
 fs/f2fs/f2fs.h               |  6 ++++++
 fs/f2fs/super.c              | 14 ++++++++++++++
 fs/ubifs/super.c             |  4 ++++
 fs/ubifs/ubifs.h             |  3 +++
 fs/verity/enable.c           |  2 +-
 fs/verity/fsverity_private.h |  2 +-
 fs/verity/open.c             | 17 ++++++++++-------
 fs/verity/verify.c           |  2 +-
 include/linux/fs.h           | 10 ++--------
 include/linux/fscrypt.h      | 31 +++++++++++++++++++++++++++++--
 include/linux/fsverity.h     | 21 ++++++++++++++-------
 include/linux/netfs.h        |  6 ++++++
 27 files changed, 166 insertions(+), 57 deletions(-)
---
base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494
change-id: 20250715-work-inode-fscrypt-2b63b276e793