You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
kernel_samsung_sm7125/block/bio-crypt-ctx.c

143 lines
3.6 KiB

Integrate the new file encryption framework These changes integrate new file encryption framework to use new V2 encryption policies. These changes were earlier reverted in 'commit 4211691d298c ("Reverting crypto and incrementalfs changes")', as part of android-4.14.171 merge from Android common kernel. This patch attempts to bring them back post validation. commit a9a5450 ANDROID: dm: prevent default-key from being enabled without needed hooks commit e1a94e6 ANDROID: dm: add dm-default-key target for metadata encryption commit commit 232fd35 ANDROID: dm: enable may_passthrough_inline_crypto on some targets commit 53bc059 ANDROID: dm: add support for passing through inline crypto support commit aeed6db ANDROID: block: Introduce passthrough keyslot manager commit 4f27c8b ANDROID: ext4, f2fs: enable direct I/O with inline encryption commit c91db46 BACKPORT: FROMLIST: scsi: ufs: add program_key() variant op commit f9a8e4a ANDROID: block: export symbols needed for modules to use inline crypto commit 75fea5f ANDROID: block: fix some inline crypto bugs commit 2871f73 ANDROID: fscrypt: add support for hardware-wrapped keys commit bb5a657 ANDROID: block: add KSM op to derive software secret from wrapped key commit d42ba87 ANDROID: block: provide key size as input to inline crypto APIs commit 86646eb ANDROID: ufshcd-crypto: export cap find API commit 83bc20e ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag commit c266a13 ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto commit ea09b99 ANDROID: cuttlefish_defconfig: Enable blk-crypto fallback commit e12563c BACKPORT: FROMLIST: Update Inline Encryption from v5 to v6 of patch series commit 8e8f55d ANDROID: scsi: ufs: UFS init should not require inline crypto commit dae9899 ANDROID: scsi: ufs: UFS crypto variant operations API commit a69516d ANDROID: cuttlefish_defconfig: enable inline encryption commit b8f7b23 BACKPORT: FROMLIST: ext4: add inline encryption support commit e64327f BACKPORT: FROMLIST: f2fs: add inline encryption support commit a0dc8da BACKPORT: FROMLIST: fscrypt: add inline encryption support commit 19c3c62 BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS commit f858a99 BACKPORT: FROMLIST: scsi: ufs: UFS crypto API commit 011b834 BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions commit ec0b569 BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption commit 760b328 ANDROID: block: Fix bio_crypt_should_process WARN_ON commit 138adbb BACKPORT: FROMLIST: block: Add encryption context to struct bio commit 66b5609 BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.14-stable Git-commit: a9a545067a93d9821f965989b8eaea6fba7d27f7 Git-commit: e1a94e6b17e2610b56c5740b763df7858dad40f0 Git-commit: 232fd353e45d13576d507a011b5dac17e3c320ab Git-commit: 53bc059bc6d98631e8936ab9eeb7ac780c9ab2c3 Git-commit: aeed6db424b22148964d9788d4f9abac6e6cd7d8 Git-commit: 4f27c8b90bd223e967c98dc658961e67b9b864ae Git-commit: c91db466b51479ae761becc233d79c50ca3748a5 Git-commit: f9a8e4a5c5455a6bada70ed6d2f0af8900a872cb Git-commit: 75fea5f6057df78af1655f2f79a9c66a94bc838f Git-commit: 2871f731940165ed4042001a36bbe7d58f9d983b Git-commit: bb5a65771a206ae39086af1a9e78afeaf654cf03 Git-commit: d42ba87e29ab44aac446b5434298d1369c44fe3c Git-commit: 86646ebb1742a663c4c9c39c06d58dcb3f8f89e5 Git-commit: 83bc20ed4ba7dbf76964fd68905fde591b5de8b2 Git-commit: c266a1311e74b3ae1047a9d6abd6c6044059995c Git-commit: ea09b9954cc40b3088b8b2778b2daab12820a7e6 Git-commit: e12563c18d484e6379d03105b4565db7bb3a7975 Git-commit: 8e8f55d1a7e865562d2e3e022a7fcf13753a9c8e Git-commit: dae9899044f320bb119e02b45d816a493b1488ae Git-commit: a69516d0913e7f2c9bdde17c2ea6a793bb474830 Git-commit: b8f7b236748261bec545b69b39d7fb75e519f4ed Git-commit: e64327f5719b4a41e0de341ead7d48ed73216a23 Git-commit: a0dc8da519ccf2040af2dbbd6b4f688b50eb1755 Git-commit: 19c3c62836e5dbc9ceb620ecef0aa0c81578ed43 Git-commit: f858a9981a94a4e1d1b77b00bc05ab61b8431bce Git-commit: 011b8344c36d39255b8057c63d98e593e364ed7f Git-commit: ec0b569b5cc89391d9d6c90d2f76dc0a4db03e57 Git-commit: 760b3283e8056ffa6382722457c2e0cf08328629 Git-commit: 138adbbe5e4bfb6dee0571261f4d96a98f71d228 Git-commit: 66b5609826d60f80623643f1a7a1d865b5233f19 Change-Id: I171d90de41185824e0c7515f3a3b43ab88f4e058 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
4 years ago
// SPDX-License-Identifier: GPL-2.0
/*
* Copyright 2019 Google LLC
*/
#include <linux/bio.h>
#include <linux/blkdev.h>
#include <linux/keyslot-manager.h>
#include <linux/module.h>
#include <linux/slab.h>
#include "blk-crypto-internal.h"
static int num_prealloc_crypt_ctxs = 128;
module_param(num_prealloc_crypt_ctxs, int, 0444);
MODULE_PARM_DESC(num_prealloc_crypt_ctxs,
"Number of bio crypto contexts to preallocate");
static struct kmem_cache *bio_crypt_ctx_cache;
static mempool_t *bio_crypt_ctx_pool;
int __init bio_crypt_ctx_init(void)
{
size_t i;
bio_crypt_ctx_cache = KMEM_CACHE(bio_crypt_ctx, 0);
if (!bio_crypt_ctx_cache)
return -ENOMEM;
bio_crypt_ctx_pool = mempool_create_slab_pool(num_prealloc_crypt_ctxs,
bio_crypt_ctx_cache);
if (!bio_crypt_ctx_pool)
return -ENOMEM;
/* This is assumed in various places. */
BUILD_BUG_ON(BLK_ENCRYPTION_MODE_INVALID != 0);
/* Sanity check that no algorithm exceeds the defined limits. */
for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++) {
BUG_ON(blk_crypto_modes[i].keysize > BLK_CRYPTO_MAX_KEY_SIZE);
BUG_ON(blk_crypto_modes[i].ivsize > BLK_CRYPTO_MAX_IV_SIZE);
}
return 0;
}
struct bio_crypt_ctx *bio_crypt_alloc_ctx(gfp_t gfp_mask)
{
return mempool_alloc(bio_crypt_ctx_pool, gfp_mask);
}
EXPORT_SYMBOL_GPL(bio_crypt_alloc_ctx);
void bio_crypt_free_ctx(struct bio *bio)
{
mempool_free(bio->bi_crypt_context, bio_crypt_ctx_pool);
bio->bi_crypt_context = NULL;
}
void bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask)
{
const struct bio_crypt_ctx *src_bc = src->bi_crypt_context;
bio_clone_skip_dm_default_key(dst, src);
/*
* If a bio is fallback_crypted, then it will be decrypted when
* bio_endio is called. As we only want the data to be decrypted once,
* copies of the bio must not have have a crypt context.
*/
if (!src_bc || bio_crypt_fallback_crypted(src_bc))
return;
dst->bi_crypt_context = bio_crypt_alloc_ctx(gfp_mask);
*dst->bi_crypt_context = *src_bc;
if (src_bc->bc_keyslot >= 0)
keyslot_manager_get_slot(src_bc->bc_ksm, src_bc->bc_keyslot);
}
EXPORT_SYMBOL_GPL(bio_crypt_clone);
bool bio_crypt_should_process(struct request *rq)
{
struct bio *bio = rq->bio;
if (!bio || !bio->bi_crypt_context)
return false;
return rq->q->ksm == bio->bi_crypt_context->bc_ksm;
}
EXPORT_SYMBOL_GPL(bio_crypt_should_process);
/*
* Checks that two bio crypt contexts are compatible - i.e. that
* they are mergeable except for data_unit_num continuity.
*/
bool bio_crypt_ctx_compatible(struct bio *b_1, struct bio *b_2)
{
struct bio_crypt_ctx *bc1 = b_1->bi_crypt_context;
struct bio_crypt_ctx *bc2 = b_2->bi_crypt_context;
if (!bc1)
return !bc2;
return bc2 && bc1->bc_key == bc2->bc_key;
}
/*
* Checks that two bio crypt contexts are compatible, and also
* that their data_unit_nums are continuous (and can hence be merged)
* in the order b_1 followed by b_2.
*/
bool bio_crypt_ctx_mergeable(struct bio *b_1, unsigned int b1_bytes,
struct bio *b_2)
{
struct bio_crypt_ctx *bc1 = b_1->bi_crypt_context;
struct bio_crypt_ctx *bc2 = b_2->bi_crypt_context;
if (!bio_crypt_ctx_compatible(b_1, b_2))
return false;
return !bc1 || bio_crypt_dun_is_contiguous(bc1, b1_bytes, bc2->bc_dun);
}
void bio_crypt_ctx_release_keyslot(struct bio_crypt_ctx *bc)
{
keyslot_manager_put_slot(bc->bc_ksm, bc->bc_keyslot);
bc->bc_ksm = NULL;
bc->bc_keyslot = -1;
}
int bio_crypt_ctx_acquire_keyslot(struct bio_crypt_ctx *bc,
struct keyslot_manager *ksm)
{
int slot = keyslot_manager_get_slot_for_key(ksm, bc->bc_key);
if (slot < 0)
return slot;
bc->bc_keyslot = slot;
bc->bc_ksm = ksm;
return 0;
}