From: Liao Yuanhong <[email protected]> F2FS currently avoids inline data for encrypted regular files. This is because inline data is stored in the inode block, outside the regular bio-based data path where fscrypt and blk-crypto normally operate. As a result, devices that enable blk-crypto for encrypted file contents cannot use F2FS inline data for encrypted regular files, which wastes space for small files.
This series adds support for keeping small encrypted regular-file contents as inline data. The f2fs side defines a new on-disk feature, encrypted_inline_data, under which inline payloads of encrypted regular files are interpreted as ciphertext. The payload is encrypted before being stored in the inode block and decrypted back into page-cache plaintext on read. The fscrypt side prepares a software contents-key transform even when normal file contents use blk-crypto, so filesystems can encrypt filesystem-managed data regions that do not go through bio submission. The new fscrypt helper operates on fscrypt data units and leaves the filesystem responsible for deciding which filesystem-managed byte ranges need this treatment. The software crypto operation is limited to the inline payload. Since these files are small enough to remain inline, the expected read/write performance difference between hardware and software crypto is small, while the space saving from keeping the data inline is significant. The feature is guarded by CONFIG_F2FS_FS_ENCRYPTED_INLINE_DATA and by the F2FS encrypted_inline_data on-disk feature bit. Filesystems with this feature set are rejected if the kernel lacks the config option. Hardware-wrapped keys are not supported by this initial version. I would like to discuss whether this feature should remain disabled for hardware-wrapped keys, or whether there is an acceptable way to support the combination in the future. The f2fs-tools support for formatting filesystems with this feature will be submitted separately. Basic testing passed. Encrypted small files can be kept as inline data, and read/write verification succeeded. Liao Yuanhong (3): fscrypt: prepare software keys for filesystem-managed data units f2fs: support encrypted inline data Documentation: f2fs: document encrypted inline data Documentation/ABI/testing/sysfs-fs-f2fs | 5 +- Documentation/filesystems/f2fs.rst | 27 ++++++ fs/crypto/crypto.c | 63 +++++++++++++ fs/crypto/fscrypt_private.h | 3 +- fs/crypto/keysetup.c | 59 +++++++++--- fs/f2fs/Kconfig | 14 +++ fs/f2fs/data.c | 8 +- fs/f2fs/f2fs.h | 37 +++++++- fs/f2fs/file.c | 24 ++++- fs/f2fs/inline.c | 119 +++++++++++++++++++++--- fs/f2fs/super.c | 12 +++ fs/f2fs/sysfs.c | 8 ++ include/linux/fscrypt.h | 28 ++++++ 13 files changed, 370 insertions(+), 37 deletions(-) -- 2.34.1
