fs/crypto/inline_crypt.c
Source file repositories/reference/linux-study-clean/fs/crypto/inline_crypt.c
File Facts
- System
- Linux kernel
- Corpus path
fs/crypto/inline_crypt.c- Extension
.c- Size
- 14668 bytes
- Lines
- 448
- Domain
- Core OS
- Bucket
- VFS And Filesystem Core
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/blk-crypto.hlinux/blkdev.hlinux/buffer_head.hlinux/export.hlinux/sched/mm.hlinux/slab.hlinux/uio.hfscrypt_private.h
Detected Declarations
function fscrypt_get_dun_bytesfunction fscrypt_log_blk_crypto_implfunction fscrypt_select_encryption_implfunction fscrypt_prepare_inline_crypt_keyfunction fscrypt_destroy_inline_crypt_keyfunction fscrypt_derive_sw_secretfunction __fscrypt_inode_uses_inline_cryptofunction fscrypt_generate_dunfunction fscrypt_set_bio_crypt_ctxfunction fscrypt_mergeable_biofunction fscrypt_dio_supportedfunction fscrypt_limit_io_blocksexport __fscrypt_inode_uses_inline_cryptoexport fscrypt_set_bio_crypt_ctxexport fscrypt_mergeable_bioexport fscrypt_dio_supportedexport fscrypt_limit_io_blocks
Annotated Snippet
blk_crypto_config_supported_natively(devs[i], cfg)) {
if (!xchg(&mode->logged_blk_crypto_native, 1))
pr_info("fscrypt: %s using blk-crypto (native)\n",
mode->friendly_name);
} else if (!xchg(&mode->logged_blk_crypto_fallback, 1)) {
pr_info("fscrypt: %s using blk-crypto-fallback\n",
mode->friendly_name);
}
}
}
/* Enable inline encryption for this file if supported. */
int fscrypt_select_encryption_impl(struct fscrypt_inode_info *ci,
bool is_hw_wrapped_key)
{
const struct inode *inode = ci->ci_inode;
struct super_block *sb = inode->i_sb;
struct blk_crypto_config crypto_cfg;
struct block_device **devs;
unsigned int num_devs;
unsigned int i;
/* The file must need contents encryption, not filenames encryption */
if (!S_ISREG(inode->i_mode))
return 0;
/* The crypto mode must have a blk-crypto counterpart */
if (ci->ci_mode->blk_crypto_mode == BLK_ENCRYPTION_MODE_INVALID)
return 0;
/* The filesystem must be mounted with -o inlinecrypt */
if (!(sb->s_flags & SB_INLINECRYPT))
return 0;
/*
* When a page contains multiple logically contiguous filesystem blocks,
* some filesystem code only calls fscrypt_mergeable_bio() for the first
* block in the page. This is fine for most of fscrypt's IV generation
* strategies, where contiguous blocks imply contiguous IVs. But it
* doesn't work with IV_INO_LBLK_32. For now, simply exclude
* IV_INO_LBLK_32 with blocksize != PAGE_SIZE from inline encryption.
*/
if ((fscrypt_policy_flags(&ci->ci_policy) &
FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) &&
sb->s_blocksize != PAGE_SIZE)
return 0;
/*
* On all the filesystem's block devices, blk-crypto must support the
* crypto configuration that the file would use.
*/
crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode;
crypto_cfg.data_unit_size = 1U << ci->ci_data_unit_bits;
crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci);
crypto_cfg.key_type = is_hw_wrapped_key ?
BLK_CRYPTO_KEY_TYPE_HW_WRAPPED : BLK_CRYPTO_KEY_TYPE_RAW;
devs = fscrypt_get_devices(sb, &num_devs);
if (IS_ERR(devs))
return PTR_ERR(devs);
for (i = 0; i < num_devs; i++) {
if (!blk_crypto_config_supported(devs[i], &crypto_cfg))
goto out_free_devs;
}
fscrypt_log_blk_crypto_impl(ci->ci_mode, devs, num_devs, &crypto_cfg);
ci->ci_inlinecrypt = true;
out_free_devs:
kfree(devs);
return 0;
}
int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
const u8 *key_bytes, size_t key_size,
bool is_hw_wrapped,
const struct fscrypt_inode_info *ci)
{
const struct inode *inode = ci->ci_inode;
struct super_block *sb = inode->i_sb;
enum blk_crypto_mode_num crypto_mode = ci->ci_mode->blk_crypto_mode;
enum blk_crypto_key_type key_type = is_hw_wrapped ?
BLK_CRYPTO_KEY_TYPE_HW_WRAPPED : BLK_CRYPTO_KEY_TYPE_RAW;
struct blk_crypto_key *blk_key;
struct block_device **devs;
unsigned int num_devs;
unsigned int i;
int err;
Annotation
- Immediate include surface: `linux/blk-crypto.h`, `linux/blkdev.h`, `linux/buffer_head.h`, `linux/export.h`, `linux/sched/mm.h`, `linux/slab.h`, `linux/uio.h`, `fscrypt_private.h`.
- Detected declarations: `function fscrypt_get_dun_bytes`, `function fscrypt_log_blk_crypto_impl`, `function fscrypt_select_encryption_impl`, `function fscrypt_prepare_inline_crypt_key`, `function fscrypt_destroy_inline_crypt_key`, `function fscrypt_derive_sw_secret`, `function __fscrypt_inode_uses_inline_crypto`, `function fscrypt_generate_dun`, `function fscrypt_set_bio_crypt_ctx`, `function fscrypt_mergeable_bio`.
- Atlas domain: Core OS / VFS And Filesystem Core.
- Implementation status: integration implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.