On Thu, Oct 20, 2022 at 12:58:23PM -0400, Sweet Tea Dorminy wrote: > Some filesystems need to encrypt data based on extents, rather than on > inodes, due to features incompatible with inode-based encryption. For > instance, btrfs can have multiple inodes referencing a single block of > data, and moves logical data blocks to different physical locations on > disk in the background; these two features mean traditional inode-based > file contents encryption will not work for btrfs. > > This change introduces fscrypt_extent_context objects, in analogy to > existing context objects based on inodes. For a filesystem which opts to > use extent-based encryption, a new hook provides a new > fscrypt_extent_context, generated in close analogy to the IVs generated > with existing policies. During file content encryption/decryption, the > existing fscrypt_context object provides key information, while the new > fscrypt_extent_context provides IV information. For filename encryption, > the existing IV generation methods are still used, since filenames are > not stored in extents. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx> > --- > fs/crypto/crypto.c | 20 ++++++++-- > fs/crypto/fscrypt_private.h | 25 +++++++++++- > fs/crypto/inline_crypt.c | 28 ++++++++++--- > fs/crypto/policy.c | 79 +++++++++++++++++++++++++++++++++++++ > include/linux/fscrypt.h | 47 ++++++++++++++++++++++ > 5 files changed, 189 insertions(+), 10 deletions(-) > > diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c > index 7fe5979fbea2..08b495dc5c0c 100644 > --- a/fs/crypto/crypto.c > +++ b/fs/crypto/crypto.c > @@ -81,8 +81,22 @@ void fscrypt_generate_iv(union fscrypt_iv *iv, u64 lblk_num, > const struct fscrypt_info *ci) > { > u8 flags = fscrypt_policy_flags(&ci->ci_policy); > + struct inode *inode = ci->ci_inode; > + const struct fscrypt_operations *s_cop = inode->i_sb->s_cop; > > - memset(iv, 0, ci->ci_mode->ivsize); > + memset(iv, 0, sizeof(*iv)); > + if (s_cop->get_extent_context && lblk_num != U64_MAX) { > + size_t extent_offset; > + union fscrypt_extent_context ctx; > + int ret; > + > + ret = fscrypt_get_extent_context(inode, lblk_num, &ctx, > + &extent_offset, NULL); > + WARN_ON_ONCE(ret); > + memcpy(iv->raw, ctx.v1.iv.raw, sizeof(*iv)); > + iv->lblk_num += cpu_to_le64(extent_offset); > + return; > + } Please read through my review comment https://lore.kernel.org/linux-fscrypt/Yx6MnaUqUTdjCmX+@quark/ again, as it doesn't seem that you've addressed it. - Eric