On Fri, Feb 21, 2025 at 10:22:54PM +0000, Matthew Wilcox wrote: > On Fri, Feb 21, 2025 at 09:09:38PM +0000, Eric Biggers wrote: > > > Yup, I haven't figured out how to do large folio support, so any > > > filesystem using fscrypt can't support large folios for now. I'm > > > working on "separate folio and page" at the moment rather than "enable > > > large folios everywhere". > > > > It might be a good idea to make the limitation to small folios clear in the > > function's kerneldoc and/or in a WARN_ON_ONCE(). > > I can add a VM_BUG_ON like the other > this-is-not-yet-ready-for-large-folios tests. > > > > Maybe someone else will figure out how to > > > support large folios in fscrypt and I won't have to ;-) > > > > Decryption is easy and already done, but encryption is harder. We have to > > encrypt into bounce pages, since we can't overwrite the plaintext in the page > > cache. And when encrypting a large folio, I don't think we can rely on being > > able to allocate a large bounce folio of the same size; it may just not be > > available at the time. So we'd still need bounce pages, and the filesystem > > would have to keep track of potentially multiple bounce pages per folio. > > > > However, this is all specific to the original fs-layer file contents encryption > > path. The newer inline crypto one should just work, even without hardware > > support since block/blk-crypto-fallback.c would be used. (blk-crypto-fallback > > operates at the bio level, handles en/decryption, and manages bounce pages > > itself.) It actually might be time to remove the fs-layer file contents > > encryption path and just support the inline crypto one. > > That should be fine for f2fs and ext4, but ceph might be unhappy since > it doesn't use bios. Would we need an analagous function for network > filesystems? Oof, I forgot about ceph again. Something similar applies to ubifs (it's not block based), but ubifs uses its own bounce buffers, so it never calls fscrypt_encrypt_pagecache_blocks(). ceph does call it, though. So yes, while moving to "block based filesystems will always use inline crypto" would simplify some of fs/crypto/ and allow block-based filesystems to use large folios on encrypted files, ceph would need a different solution. I think it still has to involve encrypting the folio's data into a list of bounce pages, keeping track of them during the write, and freeing them at the end of the write. So we'd have to look at what is the easiest way to do that in the ceph case. - Eric
