[PATCH v9 9/9] fscrypt: update documentation for direct I/O support

From: Satya Tangirala
Date: Fri Jun 04 2021 - 17:09:35 EST

Next message: Maximilian Luz: "[PATCH 2/2] platform/surface: aggregator: Drop unnecessary variable initialization"
Previous message: Maximilian Luz: "[PATCH 0/2] platform/surface: aggregator: Fixes for user-space interface extension series"
In reply to: Satya Tangirala: "[PATCH v9 8/9] f2fs: support direct I/O with fscrypt using blk-crypto"
Next in thread: Satya Tangirala: "[PATCH v9 1/9] block: blk-crypto-fallback: handle data unit split across multiple bvecs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Update fscrypt documentation to reflect the addition of direct I/O support
and document the necessary conditions for direct I/O on encrypted files.

Signed-off-by: Satya Tangirala <satyat@xxxxxxxxxx>
Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Reviewed-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
---
Documentation/filesystems/fscrypt.rst | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst
index 44b67ebd6e40..c0c1747fa2fb 100644
--- a/Documentation/filesystems/fscrypt.rst
+++ b/Documentation/filesystems/fscrypt.rst
@@ -1047,8 +1047,10 @@ astute users may notice some differences in behavior:
may be used to overwrite the source files but isn't guaranteed to be
effective on all filesystems and storage devices.

-- Direct I/O is not supported on encrypted files. Attempts to use
- direct I/O on such files will fall back to buffered I/O.
+- Direct I/O is supported on encrypted files only under some
+ circumstances (see `Direct I/O support`_ for details). When these
+ circumstances are not met, attempts to use direct I/O on encrypted
+ files will fall back to buffered I/O.

- The fallocate operations FALLOC_FL_COLLAPSE_RANGE and
FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will
@@ -1121,6 +1123,21 @@ It is not currently possible to backup and restore encrypted files
without the encryption key. This would require special APIs which
have not yet been implemented.

+Direct I/O support
+==================
+
+Direct I/O on encrypted files is supported through blk-crypto. In
+particular, this means the kernel must have CONFIG_BLK_INLINE_ENCRYPTION
+enabled, the filesystem must have had the 'inlinecrypt' mount option
+specified, and either hardware inline encryption must be present, or
+CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK must have been enabled. Further,
+the starting position in the file and the length of any I/O must be aligned
+to the filesystem block size (*not* necessarily the same as the block
+device's block size). If any of these conditions isn't met, attempts to do
+direct I/O on an encrypted file will fall back to buffered I/O. However,
+there aren't any additional requirements on user buffer alignment (apart
+from those already present when using direct I/O on unencrypted files).
+
Encryption policy enforcement
=============================

--
2.32.0.rc1.229.g3e70b5a671-goog

Next message: Maximilian Luz: "[PATCH 2/2] platform/surface: aggregator: Drop unnecessary variable initialization"
Previous message: Maximilian Luz: "[PATCH 0/2] platform/surface: aggregator: Fixes for user-space interface extension series"
In reply to: Satya Tangirala: "[PATCH v9 8/9] f2fs: support direct I/O with fscrypt using blk-crypto"
Next in thread: Satya Tangirala: "[PATCH v9 1/9] block: blk-crypto-fallback: handle data unit split across multiple bvecs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]