<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-rng/fs/crypto, branch master</title>
<subtitle>Development tree for the kernel CSPRNG</subtitle>
<id>https://git.zx2c4.com/linux-rng/atom/fs/crypto?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-rng/atom/fs/crypto?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/'/>
<updated>2025-12-01T17:02:34Z</updated>
<entry>
<title>Merge tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2025-12-01T17:02:34Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-12-01T17:02:34Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=9368f0f9419cde028a6e58331065900ff089bc36'/>
<id>urn:sha1:9368f0f9419cde028a6e58331065900ff089bc36</id>
<content type='text'>
Pull vfs inode updates from Christian Brauner:
 "Features:

   - Hide inode-&gt;i_state behind accessors. Open-coded accesses prevent
     asserting they are done correctly. One obvious aspect is locking,
     but significantly more can be checked. For example it can be
     detected when the code is clearing flags which are already missing,
     or is setting flags when it is illegal (e.g., I_FREEING when
     -&gt;i_count &gt; 0)

   - Provide accessors for -&gt;i_state, converts all filesystems using
     coccinelle and manual conversions (btrfs, ceph, smb, f2fs, gfs2,
     overlayfs, nilfs2, xfs), and makes plain -&gt;i_state access fail to
     compile

   - Rework I_NEW handling to operate without fences, simplifying the
     code after the accessor infrastructure is in place

  Cleanups:

   - Move wait_on_inode() from writeback.h to fs.h

   - Spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
     for clarity

   - Cosmetic fixes to LRU handling

   - Push list presence check into inode_io_list_del()

   - Touch up predicts in __d_lookup_rcu()

   - ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage

   - Assert on -&gt;i_count in iput_final()

   - Assert -&gt;i_lock held in __iget()

  Fixes:

   - Add missing fences to I_NEW handling"

* tag 'vfs-6.19-rc1.inode' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (22 commits)
  dcache: touch up predicts in __d_lookup_rcu()
  fs: push list presence check into inode_io_list_del()
  fs: cosmetic fixes to lru handling
  fs: rework I_NEW handling to operate without fences
  fs: make plain -&gt;i_state access fail to compile
  xfs: use the new -&gt;i_state accessors
  nilfs2: use the new -&gt;i_state accessors
  overlayfs: use the new -&gt;i_state accessors
  gfs2: use the new -&gt;i_state accessors
  f2fs: use the new -&gt;i_state accessors
  smb: use the new -&gt;i_state accessors
  ceph: use the new -&gt;i_state accessors
  btrfs: use the new -&gt;i_state accessors
  Manual conversion to use -&gt;i_state accessors of all places not covered by coccinelle
  Coccinelle-based conversion to use -&gt;i_state accessors
  fs: provide accessors for -&gt;i_state
  fs: spell out fenced -&gt;i_state accesses with explicit smp_wmb/smp_rmb
  fs: move wait_on_inode() from writeback.h to fs.h
  fs: add missing fences to I_NEW handling
  ocfs2: retire ocfs2_drop_inode() and I_WILL_FREE usage
  ...
</content>
</entry>
<entry>
<title>fscrypt: fix left shift underflow when inode-&gt;i_blkbits &gt; PAGE_SHIFT</title>
<updated>2025-11-05T00:37:38Z</updated>
<author>
<name>Yongpeng Yang</name>
<email>yangyongpeng@xiaomi.com</email>
</author>
<published>2025-11-05T00:36:42Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=1e39da974ce621ed874c6d3aaf65ad14848c9f0d'/>
<id>urn:sha1:1e39da974ce621ed874c6d3aaf65ad14848c9f0d</id>
<content type='text'>
When simulating an nvme device on qemu with both logical_block_size and
physical_block_size set to 8 KiB, an error trace appears during
partition table reading at boot time. The issue is caused by
inode-&gt;i_blkbits being larger than PAGE_SHIFT, which leads to a left
shift of -1 and triggering a UBSAN warning.

[    2.697306] ------------[ cut here ]------------
[    2.697309] UBSAN: shift-out-of-bounds in fs/crypto/inline_crypt.c:336:37
[    2.697311] shift exponent -1 is negative
[    2.697315] CPU: 3 UID: 0 PID: 274 Comm: (udev-worker) Not tainted 6.18.0-rc2+ #34 PREEMPT(voluntary)
[    2.697317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[    2.697320] Call Trace:
[    2.697324]  &lt;TASK&gt;
[    2.697325]  dump_stack_lvl+0x76/0xa0
[    2.697340]  dump_stack+0x10/0x20
[    2.697342]  __ubsan_handle_shift_out_of_bounds+0x1e3/0x390
[    2.697351]  bh_get_inode_and_lblk_num.cold+0x12/0x94
[    2.697359]  fscrypt_set_bio_crypt_ctx_bh+0x44/0x90
[    2.697365]  submit_bh_wbc+0xb6/0x190
[    2.697370]  block_read_full_folio+0x194/0x270
[    2.697371]  ? __pfx_blkdev_get_block+0x10/0x10
[    2.697375]  ? __pfx_blkdev_read_folio+0x10/0x10
[    2.697377]  blkdev_read_folio+0x18/0x30
[    2.697379]  filemap_read_folio+0x40/0xe0
[    2.697382]  filemap_get_pages+0x5ef/0x7a0
[    2.697385]  ? mmap_region+0x63/0xd0
[    2.697389]  filemap_read+0x11d/0x520
[    2.697392]  blkdev_read_iter+0x7c/0x180
[    2.697393]  vfs_read+0x261/0x390
[    2.697397]  ksys_read+0x71/0xf0
[    2.697398]  __x64_sys_read+0x19/0x30
[    2.697399]  x64_sys_call+0x1e88/0x26a0
[    2.697405]  do_syscall_64+0x80/0x670
[    2.697410]  ? __x64_sys_newfstat+0x15/0x20
[    2.697414]  ? x64_sys_call+0x204a/0x26a0
[    2.697415]  ? do_syscall_64+0xb8/0x670
[    2.697417]  ? irqentry_exit_to_user_mode+0x2e/0x2a0
[    2.697420]  ? irqentry_exit+0x43/0x50
[    2.697421]  ? exc_page_fault+0x90/0x1b0
[    2.697422]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[    2.697425] RIP: 0033:0x75054cba4a06
[    2.697426] Code: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 &lt;48&gt; 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08
[    2.697427] RSP: 002b:00007fff973723a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[    2.697430] RAX: ffffffffffffffda RBX: 00005ea9a2c02760 RCX: 000075054cba4a06
[    2.697432] RDX: 0000000000002000 RSI: 000075054c190000 RDI: 000000000000001b
[    2.697433] RBP: 00007fff973723c0 R08: 0000000000000000 R09: 0000000000000000
[    2.697434] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[    2.697434] R13: 00005ea9a2c027c0 R14: 00005ea9a2be5608 R15: 00005ea9a2be55f0
[    2.697436]  &lt;/TASK&gt;
[    2.697436] ---[ end trace ]---

This situation can happen for block devices because when
CONFIG_TRANSPARENT_HUGEPAGE is enabled, the maximum logical_block_size
is 64 KiB. set_init_blocksize() then sets the block device
inode-&gt;i_blkbits to 13, which is within this limit.

File I/O does not trigger this problem because for filesystems that do
not support the FS_LBS feature, sb_set_blocksize() prevents
sb-&gt;s_blocksize_bits from being larger than PAGE_SHIFT. During inode
allocation, alloc_inode()-&gt;inode_init_always() assigns inode-&gt;i_blkbits
from sb-&gt;s_blocksize_bits. Currently, only xfs_fs_type has the FS_LBS
flag, and since xfs I/O paths do not reach submit_bh_wbc(), it does not
hit the left-shift underflow issue.

Signed-off-by: Yongpeng Yang &lt;yangyongpeng@xiaomi.com&gt;
Fixes: 47dd67532303 ("block/bdev: lift block size restrictions to 64k")
Cc: stable@vger.kernel.org
[EB: use folio_pos() and consolidate the two shifts by i_blkbits]
Link: https://lore.kernel.org/r/20251105003642.42796-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>Coccinelle-based conversion to use -&gt;i_state accessors</title>
<updated>2025-10-20T18:22:26Z</updated>
<author>
<name>Mateusz Guzik</name>
<email>mjguzik@gmail.com</email>
</author>
<published>2025-10-09T07:59:18Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=b4dbfd8653b34b0ab6c024ceda32af488c9b5602'/>
<id>urn:sha1:b4dbfd8653b34b0ab6c024ceda32af488c9b5602</id>
<content type='text'>
All places were patched by coccinelle with the default expecting that
-&gt;i_lock is held, afterwards entries got fixed up by hand to use
unlocked variants as needed.

The script:
@@
expression inode, flags;
@@

- inode-&gt;i_state &amp; flags
+ inode_state_read(inode) &amp; flags

@@
expression inode, flags;
@@

- inode-&gt;i_state &amp;= ~flags
+ inode_state_clear(inode, flags)

@@
expression inode, flag1, flag2;
@@

- inode-&gt;i_state &amp;= ~flag1 &amp; ~flag2
+ inode_state_clear(inode, flag1 | flag2)

@@
expression inode, flags;
@@

- inode-&gt;i_state |= flags
+ inode_state_set(inode, flags)

@@
expression inode, flags;
@@

- inode-&gt;i_state = flags
+ inode_state_assign(inode, flags)

@@
expression inode, flags;
@@

- flags = inode-&gt;i_state
+ flags = inode_state_read(inode)

@@
expression inode, flags;
@@

- READ_ONCE(inode-&gt;i_state) &amp; flags
+ inode_state_read(inode) &amp; flags

Signed-off-by: Mateusz Guzik &lt;mjguzik@gmail.com&gt;
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux</title>
<updated>2025-09-29T22:33:50Z</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-09-29T22:33:50Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=d60ac92c105fd8c09224b92c3e34dd03327ba3f4'/>
<id>urn:sha1:d60ac92c105fd8c09224b92c3e34dd03327ba3f4</id>
<content type='text'>
Pull fscrypt updates from Eric Biggers:
 "Make fs/crypto/ use the HMAC-SHA512 library functions instead of
  crypto_shash.

  This is simpler, faster, and more reliable"

* tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux:
  fscrypt: use HMAC-SHA512 library for HKDF
  fscrypt: Remove redundant __GFP_NOWARN
</content>
</entry>
<entry>
<title>fscrypt: use HMAC-SHA512 library for HKDF</title>
<updated>2025-09-06T04:01:51Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-09-06T03:59:13Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=19591f7e781fd1e68228f5b3bee60be6425af886'/>
<id>urn:sha1:19591f7e781fd1e68228f5b3bee60be6425af886</id>
<content type='text'>
For the HKDF-SHA512 key derivation needed by fscrypt, just use the
HMAC-SHA512 library functions directly.  These functions were introduced
in v6.17, and they provide simple and efficient direct support for
HMAC-SHA512.  This ends up being quite a bit simpler and more efficient
than using crypto/hkdf.c, as it avoids the generic crypto layer:

- The HMAC library can't fail, so callers don't need to handle errors
- No inefficient indirect calls
- No inefficient and error-prone dynamic allocations
- No inefficient and error-prone loading of algorithm by name
- Less stack usage

Benchmarks on x86_64 show that deriving a per-file key gets about 30%
faster, and FS_IOC_ADD_ENCRYPTION_KEY gets nearly twice as fast.

The only small downside is the HKDF-Expand logic gets duplicated again.
Then again, even considering that, the new fscrypt_hkdf_expand() is only
7 lines longer than the version that called hkdf_expand().  Later we
could add HKDF support to lib/crypto/, but for now let's just do this.

Link: https://lore.kernel.org/r/20250906035913.1141532-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>fscrypt: add support for info in fs-specific part of inode</title>
<updated>2025-08-21T11:58:07Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-08-10T07:56:55Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=93221de31a8df6710e02328f82dc68d7ab4ad9e6'/>
<id>urn:sha1:93221de31a8df6710e02328f82dc68d7ab4ad9e6</id>
<content type='text'>
Add an inode_info_offs field to struct fscrypt_operations, and update
fs/crypto/ to support it.  When set to a nonzero value, it specifies the
offset to the fscrypt_inode_info pointer within the filesystem-specific
part of the inode structure, to be used instead of inode::i_crypt_info.

Since this makes inode::i_crypt_info no longer necessarily used, update
comments that mentioned it.

This is a prerequisite for a later commit that removes
inode::i_crypt_info, saving memory and improving cache efficiency with
filesystems that don't support fscrypt.

Co-developed-by: Christian Brauner &lt;brauner@kernel.org&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
Link: https://lore.kernel.org/20250810075706.172910-3-ebiggers@kernel.org
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>fscrypt: replace raw loads of info pointer with helper function</title>
<updated>2025-08-21T11:58:06Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-08-10T07:56:54Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=6c9468aad215a198742c8375b0415e42521c905c'/>
<id>urn:sha1:6c9468aad215a198742c8375b0415e42521c905c</id>
<content type='text'>
Add and use a helper function fscrypt_get_inode_info_raw().  It loads an
inode's fscrypt info pointer using a raw dereference, which is
appropriate when the caller knows the key setup already happened.

This eliminates most occurrences of inode::i_crypt_info in the source,
in preparation for replacing that with a filesystem-specific field.

Co-developed-by: Christian Brauner &lt;brauner@kernel.org&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
Link: https://lore.kernel.org/20250810075706.172910-2-ebiggers@kernel.org
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>fscrypt: Remove redundant __GFP_NOWARN</title>
<updated>2025-08-11T17:27:32Z</updated>
<author>
<name>Qianfeng Rong</name>
<email>rongqianfeng@vivo.com</email>
</author>
<published>2025-08-03T10:22:40Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=0e6608d4938eb209616e8673c95364bb2a7d55bd'/>
<id>urn:sha1:0e6608d4938eb209616e8673c95364bb2a7d55bd</id>
<content type='text'>
GFP_NOWAIT already includes __GFP_NOWARN, so let's remove
the redundant __GFP_NOWARN.

Signed-off-by: Qianfeng Rong &lt;rongqianfeng@vivo.com&gt;
Link: https://lore.kernel.org/r/20250803102243.623705-3-rongqianfeng@vivo.com
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>fscrypt: Remove gfp_t argument from fscrypt_encrypt_block_inplace()</title>
<updated>2025-07-10T19:33:13Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-07-10T06:07:52Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=47462586f91358499897fddb20f6bb9cec5f4213'/>
<id>urn:sha1:47462586f91358499897fddb20f6bb9cec5f4213</id>
<content type='text'>
This argument is no longer used, so remove it.

Reviewed-by: Alex Markuze &lt;amarkuze@redhat.com&gt;
Link: https://lore.kernel.org/r/20250710060754.637098-6-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>fscrypt: Remove gfp_t argument from fscrypt_crypt_data_unit()</title>
<updated>2025-07-10T19:33:08Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-07-10T06:07:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=a9a95ecd9d3a24402a302595ee12029772a9f593'/>
<id>urn:sha1:a9a95ecd9d3a24402a302595ee12029772a9f593</id>
<content type='text'>
This argument is no longer used, so remove it.

Link: https://lore.kernel.org/r/20250710060754.637098-5-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
</feed>
