[PATCH v4 00/15] Move fscrypt and fsverity out of struct inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

As discussed, this moves the fscrypt and fsverity pointers out of struct
inode shrinking it by 16 bytes. The pointers move into the individual
filesystems that actually do make use of them.

In order to find the fscrypt and fsverity data pointers offsets from the
embedded struct inode in the filesystem's private inode data are stored
in struct fscrypt_operations and struct fsverity_operations
respectively. This means we get fast access to the data pointers without
having to rely on indirect calls.

Thanks to everyone for the very helpful reviews! The two obvious
suggestions other than moving it into struct super_operations were
moving it directly into struct super_block and moving it into struct
fscrypt_operations and struct fsverity_operations. I chose the latter as
I think that's just cleaner.

Thanks!
Christian

Test results:

+ sudo ./check -g encrypt,verity
FSTYP         -- ext4
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-gaa8ca50672ad #275 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- -F /dev/nvme0n1p6
MOUNT_OPTIONS -- -o acl,user_xattr /dev/nvme0n1p6 /mnt/scratch

ext4/024        3s
generic/395        4s
generic/396        3s
generic/397        4s
generic/398        4s
generic/399        35s
generic/419        4s
generic/421        4s
generic/429        14s
generic/435        23s
generic/440        4s
generic/548        9s
generic/549        9s
generic/550       [not run] encryption policy '-c 9 -n 9 -f 0' is unusable; probably missing kernel crypto API support
generic/572        6s
generic/573        3s
generic/574        38s
generic/575        10s
generic/576        5s
generic/577        4s
generic/579        25s
generic/580        4s
generic/581        11s
generic/582        10s
generic/583        10s
generic/584       [not run] encryption policy '-c 9 -n 9 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/592        10s
generic/593        4s
generic/595        8s
generic/602        11s
generic/613        21s
generic/621        9s
generic/624        4s
generic/625        4s
generic/692        5s
generic/693       [not run] encryption policy '-c 1 -n 10 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/739        18s
Ran: ext4/024 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: generic/550 generic/584 generic/693
Passed all 37 tests

+ sudo ./check -g encrypt,verity
FSTYP         -- btrfs
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-gaa8ca50672ad #275 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- /dev/nvme0n1p6
MOUNT_OPTIONS -- /dev/nvme0n1p6 /mnt/scratch

btrfs/277       [not run] kernel does not support send stream 3
btrfs/290       [not run] btrfs-corrupt-block utility required, skipped this test
btrfs/291       [not run] This test requires a valid $LOGWRITES_DEV
generic/395 4s ... [not run] No encryption support for btrfs
generic/396 3s ... [not run] No encryption support for btrfs
generic/397 4s ... [not run] No encryption support for btrfs
generic/398 5s ... [not run] No encryption support for btrfs
generic/399 35s ... [not run] No encryption support for btrfs
generic/419 4s ... [not run] No encryption support for btrfs
generic/421 4s ... [not run] No encryption support for btrfs
generic/429 14s ... [not run] No encryption support for btrfs
generic/435 23s ... [not run] No encryption support for btrfs
generic/440 4s ... [not run] No encryption support for btrfs
generic/548 9s ... [not run] No encryption support for btrfs
generic/549 9s ... [not run] No encryption support for btrfs
generic/550       [not run] No encryption support for btrfs
generic/572 6s ...  7s
generic/573 3s ...  3s
generic/574 38s ... [not run] btrfs-corrupt-block utility required, skipped this test
generic/575 10s ...  9s
generic/576 5s ... [not run] No encryption support for btrfs
generic/577 4s ...  4s
generic/579 25s ...  24s
generic/580 4s ... [not run] No encryption support for btrfs
generic/581 11s ... [not run] No encryption support for btrfs
generic/582 10s ... [not run] No encryption support for btrfs
generic/583 10s ... [not run] No encryption support for btrfs
generic/584       [not run] No encryption support for btrfs
generic/592 10s ... [not run] No encryption support for btrfs
generic/593 4s ... [not run] No encryption support for btrfs
generic/595 8s ... [not run] No encryption support for btrfs
generic/602 11s ... [not run] No encryption support for btrfs
generic/613 21s ... [not run] No encryption support for btrfs
generic/621 9s ... [not run] No encryption support for btrfs
generic/624 4s ...  4s
generic/625 4s ...  3s
generic/692 5s ...  5s
generic/693       [not run] No encryption support for btrfs
generic/739 18s ... [not run] No encryption support for btrfs
Ran: btrfs/277 btrfs/290 btrfs/291 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: btrfs/277 btrfs/290 btrfs/291 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/574 generic/576 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/693 generic/739
Passed all 39 tests

+ sudo ./check -g encrypt,verity
FSTYP         -- f2fs
PLATFORM      -- Linux/x86_64 localhost 6.16.0-rc1-gaa8ca50672ad #275 SMP PREEMPT_DYNAMIC Fri Jun  5 15:58:00 CEST 2015
MKFS_OPTIONS  -- /dev/nvme0n1p6
MOUNT_OPTIONS -- -o acl,user_xattr /dev/nvme0n1p6 /mnt/scratch

f2fs/002        22s
generic/395 4s ...  4s
generic/396 3s ...  3s
generic/397 4s ...  4s
generic/398 5s ...  5s
generic/399 35s ...  19s
generic/419 4s ...  4s
generic/421 4s ...  5s
generic/429 14s ...  14s
generic/435 23s ...  34s
generic/440 4s ...  5s
generic/548 9s ...  12s
generic/549 9s ...  12s
generic/550       [not run] encryption policy '-c 9 -n 9 -f 0' is unusable; probably missing kernel crypto API support
generic/572 7s ...  7s
generic/573 3s ...  4s
generic/574 38s ...  29s
generic/575 9s ...  10s
generic/576 5s ...  5s
generic/577 4s ...  4s
generic/579 24s ...  25s
generic/580 4s ...  3s
generic/581 11s ...  8s
generic/582 10s ...  9s
generic/583 10s ...  9s
generic/584       [not run] encryption policy '-c 9 -n 9 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/592 10s ...  9s
generic/593 4s ...  3s
generic/595 8s ...  7s
generic/602 11s ...  9s
generic/613 21s ...  18s
generic/621 9s ...  8s
generic/624 4s ...  2s
generic/625 3s ...  3s
generic/692 5s ...  3s
generic/693       [not run] encryption policy '-c 1 -n 10 -v 2 -f 0' is unusable; probably missing kernel crypto API support
generic/739 18s ...  17s
Ran: f2fs/002 generic/395 generic/396 generic/397 generic/398 generic/399 generic/419 generic/421 generic/429 generic/435 generic/440 generic/548 generic/549 generic/550 generic/572 generic/573 generic/574 generic/575 generic/576 generic/577 generic/579 generic/580 generic/581 generic/582 generic/583 generic/584 generic/592 generic/593 generic/595 generic/602 generic/613 generic/621 generic/624 generic/625 generic/692 generic/693 generic/739
Not run: generic/550 generic/584 generic/693
Passed all 37 tests

---
Changes in v4:
- Stash offsets in struct fscrypt_operations and struct
  fsverity_operations.
- Link to v3: https://lore.kernel.org/20250722-work-inode-fscrypt-v3-0-bdc1033420a0@xxxxxxxxxx

Changes in v3:
- Stash offsets in struct super_operations.
- Link to v2: https://lore.kernel.org/20250722-work-inode-fscrypt-v2-0-782f1fdeaeba@xxxxxxxxxx

Changes in v2:
- First full implementation.
- Link to v1: https://lore.kernel.org/20250715-work-inode-fscrypt-v1-1-aa3ef6f44b6b@xxxxxxxxxx

---
Christian Brauner (15):
      fs: add fscrypt offset
      fs/crypto: use accessors
      ext4: move fscrypt to filesystem inode
      ubifs: move fscrypt to filesystem inode
      f2fs: move fscrypt to filesystem inode
      ceph: move fscrypt to filesystem inode
      fs: drop i_crypt_info from struct inode
      fscrypt: rephrase documentation and comments
      fs: add fsverity offset
      fs/verity: use accessors
      btrfs: move fsverity to filesystem inode
      ext4: move fsverity to filesystem inode
      f2fs: move fsverity to filesystem inode
      fs: drop i_verity_info from struct inode
      fsverity: rephrase documentation and comments

 fs/btrfs/btrfs_inode.h       |  3 +++
 fs/btrfs/inode.c             |  3 +++
 fs/btrfs/verity.c            |  4 ++++
 fs/ceph/crypto.c             |  4 ++++
 fs/ceph/inode.c              |  1 +
 fs/ceph/super.h              |  1 +
 fs/crypto/bio.c              |  2 +-
 fs/crypto/crypto.c           |  8 ++++----
 fs/crypto/fname.c            |  8 ++++----
 fs/crypto/fscrypt_private.h  |  4 ++--
 fs/crypto/hooks.c            |  2 +-
 fs/crypto/inline_crypt.c     | 10 +++++-----
 fs/crypto/keysetup.c         | 44 +++++++++++++++++++++++++++-----------------
 fs/crypto/policy.c           |  6 +++---
 fs/ext4/crypto.c             |  4 ++++
 fs/ext4/ext4.h               |  8 ++++++++
 fs/ext4/super.c              |  6 ++++++
 fs/ext4/verity.c             |  4 ++++
 fs/f2fs/f2fs.h               |  6 ++++++
 fs/f2fs/super.c              | 10 ++++++++++
 fs/f2fs/verity.c             |  4 ++++
 fs/ubifs/crypto.c            |  4 ++++
 fs/ubifs/ubifs.h             |  3 +++
 fs/verity/enable.c           |  6 +++---
 fs/verity/fsverity_private.h |  9 +++++----
 fs/verity/open.c             | 25 ++++++++++++++++---------
 fs/verity/verify.c           |  2 +-
 include/linux/fs.h           | 10 ----------
 include/linux/fscrypt.h      | 42 ++++++++++++++++++++++++++++++++++++++----
 include/linux/fsverity.h     | 34 +++++++++++++++++++++++++++-------
 include/linux/netfs.h        |  7 +++++++
 31 files changed, 209 insertions(+), 75 deletions(-)
---
base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494
change-id: 20250715-work-inode-fscrypt-2b63b276e793
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux