Hello, This is the next version of the fscrypt support. It is based on a combination of Sterba's for-next branch and the fscrypt for-next branch. The fscrypt stuff should apply cleanly to the fscrypt for-next, but it won't apply cleanly to our btrfs for-next branch. I did this in case Eric wants to go ahead and merge the fscrypt side, then we can figure out what to do on the btrfs side. v1 was posted here https://lore.kernel.org/linux-btrfs/cover.1695750478.git.josef@xxxxxxxxxxxxxx/ v1->v2: - Dropped the rename patch as it's in the fscrypt tree. - Implemented the soft delete master key idea in a different way that's hopefully more straightforward and easier to understand. - A small fixup related to master keys being removed. This has been tested with the updated fstests, everything appears to be working well. Thanks, Josef Josef Bacik (21): fscrypt: use a flag to indicate that the master key is being evicted fscrypt: don't wipe mk secret until the last active user is gone fscrypt: add per-extent encryption support fscrypt: disable all but standard v2 policies for extent encryption blk-crypto: add a process bio callback fscrypt: add documentation about extent encryption btrfs: add infrastructure for safe em freeing btrfs: add fscrypt_info and encryption_type to ordered_extent btrfs: plumb through setting the fscrypt_info for ordered extents btrfs: populate the ordered_extent with the fscrypt context btrfs: keep track of fscrypt info and orig_start for dio reads btrfs: add an optional encryption context to the end of file extents btrfs: pass through fscrypt_extent_info to the file extent helpers btrfs: pass the fscrypt_info through the replace extent infrastructure btrfs: implement the fscrypt extent encryption hooks btrfs: setup fscrypt_extent_info for new extents btrfs: populate ordered_extent with the orig offset btrfs: set the bio fscrypt context when applicable btrfs: add a bio argument to btrfs_csum_one_bio btrfs: add orig_logical to btrfs_bio btrfs: implement process_bio cb for fscrypt Omar Sandoval (7): fscrypt: expose fscrypt_nokey_name btrfs: disable various operations on encrypted inodes btrfs: start using fscrypt hooks btrfs: add inode encryption contexts btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag btrfs: adapt readdir for encrypted and nokey names btrfs: implement fscrypt ioctls Sweet Tea Dorminy (8): btrfs: disable verity on encrypted inodes btrfs: handle nokey names. btrfs: add encryption to CONFIG_BTRFS_DEBUG btrfs: add get_devices hook for fscrypt btrfs: turn on inlinecrypt mount option for encrypt btrfs: set file extent encryption excplicitly btrfs: add fscrypt_info and encryption_type to extent_map btrfs: explicitly track file extent length for replace and drop Documentation/filesystems/fscrypt.rst | 36 ++ block/blk-crypto-fallback.c | 28 ++ block/blk-crypto-profile.c | 2 + block/blk-crypto.c | 6 +- fs/btrfs/Makefile | 1 + fs/btrfs/accessors.h | 50 +++ fs/btrfs/bio.c | 45 ++- fs/btrfs/bio.h | 6 + fs/btrfs/btrfs_inode.h | 3 +- fs/btrfs/compression.c | 6 + fs/btrfs/ctree.h | 4 + fs/btrfs/defrag.c | 10 +- fs/btrfs/delayed-inode.c | 29 +- fs/btrfs/delayed-inode.h | 6 +- fs/btrfs/dir-item.c | 108 +++++- fs/btrfs/dir-item.h | 11 +- fs/btrfs/extent_io.c | 81 ++++- fs/btrfs/extent_io.h | 3 + fs/btrfs/extent_map.c | 106 +++++- fs/btrfs/extent_map.h | 12 + fs/btrfs/file-item.c | 17 +- fs/btrfs/file-item.h | 7 +- fs/btrfs/file.c | 16 +- fs/btrfs/fs.h | 3 +- fs/btrfs/fscrypt.c | 326 ++++++++++++++++++ fs/btrfs/fscrypt.h | 95 +++++ fs/btrfs/inode.c | 476 ++++++++++++++++++++------ fs/btrfs/ioctl.c | 41 ++- fs/btrfs/ordered-data.c | 26 +- fs/btrfs/ordered-data.h | 21 +- fs/btrfs/reflink.c | 8 + fs/btrfs/root-tree.c | 8 +- fs/btrfs/root-tree.h | 2 +- fs/btrfs/super.c | 17 + fs/btrfs/sysfs.c | 6 + fs/btrfs/tree-checker.c | 66 +++- fs/btrfs/tree-log.c | 26 +- fs/btrfs/verity.c | 3 + fs/crypto/crypto.c | 10 +- fs/crypto/fname.c | 39 +-- fs/crypto/fscrypt_private.h | 61 +++- fs/crypto/hooks.c | 2 +- fs/crypto/inline_crypt.c | 87 ++++- fs/crypto/keyring.c | 23 +- fs/crypto/keysetup.c | 159 ++++++++- fs/crypto/policy.c | 59 ++++ include/linux/blk-crypto-profile.h | 7 + include/linux/blk-crypto.h | 9 +- include/linux/fscrypt.h | 122 +++++++ include/uapi/linux/btrfs.h | 1 + include/uapi/linux/btrfs_tree.h | 35 +- 51 files changed, 2095 insertions(+), 236 deletions(-) create mode 100644 fs/btrfs/fscrypt.c create mode 100644 fs/btrfs/fscrypt.h -- 2.41.0