On Fri, Feb 21, 2020 at 03:50:48AM -0800, Satya Tangirala wrote: > diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c > index 65cb09fa6ead..7c157130c16a 100644 > --- a/fs/crypto/keysetup.c > +++ b/fs/crypto/keysetup.c > @@ -19,6 +19,8 @@ struct fscrypt_mode fscrypt_modes[] = { > .cipher_str = "xts(aes)", > .keysize = 64, > .ivsize = 16, > + .blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_256_XTS, > + .blk_crypto_dun_bytes_required = 8, > }, > [FSCRYPT_MODE_AES_256_CTS] = { > .friendly_name = "AES-256-CTS-CBC", > @@ -31,6 +33,8 @@ struct fscrypt_mode fscrypt_modes[] = { > .cipher_str = "essiv(cbc(aes),sha256)", > .keysize = 16, > .ivsize = 16, > + .blk_crypto_mode = BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV, > + .blk_crypto_dun_bytes_required = 8, > }, > [FSCRYPT_MODE_AES_128_CTS] = { > .friendly_name = "AES-128-CTS-CBC", > @@ -43,6 +47,8 @@ struct fscrypt_mode fscrypt_modes[] = { > .cipher_str = "adiantum(xchacha12,aes)", > .keysize = 32, > .ivsize = 32, > + .blk_crypto_mode = BLK_ENCRYPTION_MODE_ADIANTUM, > + .blk_crypto_dun_bytes_required = 24, > }, > }; The DUN bytes required is actually determined by the IV generation method too. Currently fscrypt has the following combinations: AES-256-XTS: 8 bytes AES-128-CBC-ESSIV: 8 bytes Adiantum without DIRECT_KEY: 8 bytes Adiantum with DIRECT_KEY: 24 bytes I.e., DIRECT_KEY is only allowed with Adiantum, but not required for it. So it's technically incorrect to always pass dun_bytes_required=24 for Adiantum. And it's conceivable that in the future we could add an fscrypt setting that uses AES-256-XTS with 16 IV bytes. Such a setting wouldn't be usable with UFS inline encryption, yet the existing AES-256-XTS settings still would. So, how about instead of putting .blk_crypto_dun_bytes_required in the crypto_mode table, using logic like: dun_bytes_required = 8; if (flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY) dun_bytes_required += 16; > diff --git a/include/linux/fs.h b/include/linux/fs.h > index 3cd4fe6b845e..2331ff0464b2 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -1370,6 +1370,7 @@ extern int send_sigurg(struct fown_struct *fown); > #define SB_NODIRATIME 2048 /* Do not update directory access times */ > #define SB_SILENT 32768 > #define SB_POSIXACL (1<<16) /* VFS does not apply the umask */ > +#define SB_INLINE_CRYPT (1<<17) /* inodes in SB use blk-crypto */ > #define SB_KERNMOUNT (1<<22) /* this is a kern_mount call */ > #define SB_I_VERSION (1<<23) /* Update inode I_version field */ > #define SB_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */ This flag probably should be called "SB_INLINECRYPT" to match the mount option, which is "inlinecrypt" not "inline_crypt". Also, the addition of this flag, along with the update to show_sb_opts() in fs/proc_namespace.c which I think is needed, maybe should go in a separate patch whose subject is prefixed with "fs: " to make it clearer to reviewers that this part is a VFS-level change. - Eric