Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2319876imm; Mon, 28 May 2018 06:02:10 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI3AfXZgexsg7e4VP+74btOnrzf9hUobHV4gfuZmKZoM/h4p1HcdlMycziv2DajWNuib4PL X-Received: by 2002:a65:4a04:: with SMTP id s4-v6mr4197610pgq.376.1527512530540; Mon, 28 May 2018 06:02:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527512530; cv=none; d=google.com; s=arc-20160816; b=XYFUu97Oj73J5z9fajNeYFnTvtbyB3pMTC6L20JJnRpSauJg1rvDGXmlx8BhMudwRm 0tNfiWrO0+ACcxjUdIFI/YZTOcDkbpJbBW/McvyFVb+fHQ1VAXhYWbnhHoC50BUqqv/t qO/CYWa5AA2G6sJgfC57scFjLAijA6tDJu4dNFE6tVukKTVfXKEJ/hlkmtLl/VF23Zg3 Qd8qaYjOyTOxi1oev/IDvhsWVPTTkbYASmoniOq9o+E6uxbHfL+dtZEApdKGiZ2J2uwI /UjVADFmupHaT/WRqGVF2rVWvYM6Lr+DXIfbrrK8zwuwEGNZAn80oMTVNjY3buB7rfS3 c4aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:from:cc :subject:to:dkim-signature:arc-authentication-results; bh=7blVnXe5i8PoEqzgjV/dFaLPWOwjTK5Ye1lnVqiuB2Y=; b=nsrX5KLkBKeILTp+K6k9peQ1d1PYGe06eZE7JYSeE0JwmOGMF2zoFygTO572BmpJra XwX3JurgQxYqYKwQh6gbh51270HpqaHtJPQPAqPjr1197gltXsY8gHYnLdBS6Cb0CJo9 BCIqU9lBnFvE3xsJr735FDo8jh+Q7Qqj+XhWJvG8Fi0sPVvJQAu+6kQmb1l2tsbwmzmR WqFdqypdlgVHvTa3oVsxkoKqDABV0nmXPZLIEd4wy9+6BjT9vb36CDc6IesqQtrBVlnT 4mvAfADeWLc9EGsUfJK1wGURb3PcV7WYMxePDRa2LeWuZeU5lu8btnLsEOcfcJowFzmE kCZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@synopsys.com header.s=mail header.b=QMoTKQXR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s24-v6si28723329pfm.257.2018.05.28.06.01.53; Mon, 28 May 2018 06:02:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@synopsys.com header.s=mail header.b=QMoTKQXR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1165115AbeE1NBO (ORCPT + 99 others); Mon, 28 May 2018 09:01:14 -0400 Received: from smtprelay.synopsys.com ([198.182.37.59]:50774 "EHLO smtprelay.synopsys.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1165094AbeE1NBH (ORCPT ); Mon, 28 May 2018 09:01:07 -0400 Received: from mailhost.synopsys.com (mailhost1.synopsys.com [10.12.238.239]) by smtprelay.synopsys.com (Postfix) with ESMTP id 313C61E04A3 for ; Mon, 28 May 2018 15:01:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=synopsys.com; s=mail; t=1527512466; bh=NKKtOobHfLXGGf5skxGWqrJZhc4dH3o7uiEqpzQtfjQ=; h=To:Subject:CC:From:Date:From; b=QMoTKQXRFO2/JL5iCkMVJEI2IQwiBqDccwtOEbN4UWJeKEV/DdLUwvMQZYoG6Du88 LaQyfPJW++JGQalW+e06InQfZ8rEnTusfNl8NYJQNwnV0mxRKJYgI03wEADuCLHM/p vGS175vvP0rUiJQjn2dGz0fa9wc4hQI4KTto0EJsBYa/dLFkaZ6TRfpE7At9oAOvsI 4WVjCzbvMTRZNzcLFr2GZcWUkAfXSztxPswxDMuzlgclD7HWcQ99NgucVsXRxtdJ14 yF5krl5rOv8h5nZVSSrnjEhcCLa15+fWUT0uhfcabgt/dviMNU4fQPm2Z9vevgCyxU Lv6R4sznntp+w== Received: from US01WEHTC2.internal.synopsys.com (us01wehtc2.internal.synopsys.com [10.12.239.237]) by mailhost.synopsys.com (Postfix) with ESMTP id 90F2F504D; Mon, 28 May 2018 06:01:05 -0700 (PDT) Received: from US01WEHTC1.internal.synopsys.com (10.12.239.236) by US01WEHTC2.internal.synopsys.com (10.12.239.237) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 28 May 2018 06:01:05 -0700 Received: from [10.0.2.15] (10.144.133.104) by us01wehtc1.internal.synopsys.com (10.12.239.231) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 28 May 2018 06:01:04 -0700 To: "Alasdair Kergon ; Mike Snitzer" Subject: [PATCH] md: dm-crypt: Add Inline Encryption support for dmcrypt CC: , "Manjunath M Bettegowda ; Prabu Thangamuthu ; Tejas Joglekar" From: Ladvine D Almeida Message-ID: Date: Mon, 28 May 2018 14:01:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.144.133.104] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds new option -- perform_inline_encrypt that set the option inside dmcrypt to use inline encryption for the configured mapping. I want to introduce inline encryption support in the UFS Host Controller driver. The usage of the same for accomplishing the Full Disk Encryption is done by the following changes in the dmcrypt subsystem: - New function crypt_inline_encrypt_submit() is added to the dmcrypt which associate the crypto context to the bios which are submitted by the subsystem. - Successful configuration for the inline encryption will result in the crypto transformation job being bypassed in the dmcrypt layer and the actual encryption happens inline to the block device. Another patch set is sent to the block layer community for CONFIG_BLK_DEV_INLINE_ENCRYPTION config, which enables changes in the block layer for adding the bi_ie_private variable to the bio structure. Signed-off-by: Ladvine D Almeida --- drivers/md/dm-crypt.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 44ff473..a9ed567 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -39,6 +39,7 @@ #include #define DM_MSG_PREFIX "crypt" +#define REQ_INLINE_ENCRYPTION REQ_DRV /* * context holding the current state of a multi-part conversion @@ -125,7 +126,8 @@ struct iv_tcw_private { * and encrypts / decrypts at the same time. */ enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID, - DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD }; + DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD, + DM_CRYPT_INLINE_ENCRYPT }; enum cipher_flags { CRYPT_MODE_INTEGRITY_AEAD, /* Use authenticated mode for cihper */ @@ -215,6 +217,10 @@ struct crypt_config { u8 *authenc_key; /* space for keys in authenc() format (if used) */ u8 key[0]; +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + void *ie_private; /* crypto context for inline enc drivers */ + int key_cfg_idx; /* key configuration index for inline enc */ +#endif }; #define MIN_IOS 64 @@ -1470,6 +1476,20 @@ static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc, atomic_set(&io->io_pending, 0); } +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION +static void crypt_inline_encrypt_submit(struct crypt_config *cc, + struct dm_target *ti, struct bio *bio) +{ + bio_set_dev(bio, cc->dev->bdev); + if (bio_sectors(bio)) + bio->bi_iter.bi_sector = cc->start + + dm_target_offset(ti, bio->bi_iter.bi_sector); + bio->bi_opf |= REQ_INLINE_ENCRYPTION; + bio->bi_ie_private = cc->ie_private; + generic_make_request(bio); +} +#endif + static void crypt_inc_pending(struct dm_crypt_io *io) { atomic_inc(&io->io_pending); @@ -1960,6 +1980,9 @@ static int crypt_setkey(struct crypt_config *cc) /* Ignore extra keys (which are used for IV etc) */ subkey_size = crypt_subkey_size(cc); +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + cc->key_cfg_idx = -1; +#endif if (crypt_integrity_hmac(cc)) { if (subkey_size < cc->key_mac_size) @@ -1978,10 +2001,19 @@ static int crypt_setkey(struct crypt_config *cc) r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], cc->key + (i * subkey_size), subkey_size); - else + else { r = crypto_skcipher_setkey(cc->cipher_tfm.tfms[i], cc->key + (i * subkey_size), subkey_size); +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + if (r > 0) { + cc->key_cfg_idx = r; + cc->ie_private = cc->cipher_tfm.tfms[i]; + r = 0; + } +#endif + } + if (r) err = r; } @@ -2654,6 +2686,10 @@ static int crypt_ctr_optional(struct dm_target *ti, unsigned int argc, char **ar cc->sector_shift = __ffs(cc->sector_size) - SECTOR_SHIFT; } else if (!strcasecmp(opt_string, "iv_large_sectors")) set_bit(CRYPT_IV_LARGE_SECTORS, &cc->cipher_flags); +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + else if (!strcasecmp(opt_string, "perform_inline_encrypt")) + set_bit(DM_CRYPT_INLINE_ENCRYPT, &cc->flags); +#endif else { ti->error = "Invalid feature arguments"; return -EINVAL; @@ -2892,6 +2928,13 @@ static int crypt_map(struct dm_target *ti, struct bio *bio) if (unlikely(bio->bi_iter.bi_size & (cc->sector_size - 1))) return DM_MAPIO_KILL; +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + if (cc->key_cfg_idx > 0) { + crypt_inline_encrypt_submit(cc, ti, bio); + return DM_MAPIO_SUBMITTED; + } +#endif + io = dm_per_bio_data(bio, cc->per_bio_data_size); crypt_io_init(io, cc, bio, dm_target_offset(ti, bio->bi_iter.bi_sector)); @@ -2954,6 +2997,10 @@ static void crypt_status(struct dm_target *ti, status_type_t type, num_feature_args += test_bit(DM_CRYPT_NO_OFFLOAD, &cc->flags); num_feature_args += cc->sector_size != (1 << SECTOR_SHIFT); num_feature_args += test_bit(CRYPT_IV_LARGE_SECTORS, &cc->cipher_flags); +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + num_feature_args += + test_bit(DM_CRYPT_INLINE_ENCRYPT, &cc->flags); +#endif if (cc->on_disk_tag_size) num_feature_args++; if (num_feature_args) { @@ -2970,6 +3017,10 @@ static void crypt_status(struct dm_target *ti, status_type_t type, DMEMIT(" sector_size:%d", cc->sector_size); if (test_bit(CRYPT_IV_LARGE_SECTORS, &cc->cipher_flags)) DMEMIT(" iv_large_sectors"); +#ifdef CONFIG_BLK_DEV_INLINE_ENCRYPTION + if (test_bit(DM_CRYPT_INLINE_ENCRYPT, &cc->flags)) + DMEMIT(" perform_inline_encrypt"); +#endif } break; -- 2.7.4