2005-04-17 06:20:36 +08:00
|
|
|
/*
|
2014-06-25 02:27:04 +08:00
|
|
|
* Copyright (C) 2003 Jana Saout <jana@saout.de>
|
2005-04-17 06:20:36 +08:00
|
|
|
* Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
|
2015-05-15 23:00:25 +08:00
|
|
|
* Copyright (C) 2006-2015 Red Hat, Inc. All rights reserved.
|
2013-10-29 06:21:04 +08:00
|
|
|
* Copyright (C) 2013 Milan Broz <gmazyland@gmail.com>
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* This file is released under the GPL.
|
|
|
|
*/
|
|
|
|
|
2008-02-08 10:11:09 +08:00
|
|
|
#include <linux/completion.h>
|
2006-08-22 18:29:17 +08:00
|
|
|
#include <linux/err.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/kernel.h>
|
2016-11-21 22:58:51 +08:00
|
|
|
#include <linux/key.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/bio.h>
|
|
|
|
#include <linux/blkdev.h>
|
|
|
|
#include <linux/mempool.h>
|
|
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/crypto.h>
|
|
|
|
#include <linux/workqueue.h>
|
2015-02-13 21:25:59 +08:00
|
|
|
#include <linux/kthread.h>
|
2006-10-20 14:28:16 +08:00
|
|
|
#include <linux/backing-dev.h>
|
2011-07-27 07:09:06 +08:00
|
|
|
#include <linux/atomic.h>
|
2005-09-17 15:55:31 +08:00
|
|
|
#include <linux/scatterlist.h>
|
2015-02-13 21:27:41 +08:00
|
|
|
#include <linux/rbtree.h>
|
2016-12-02 01:20:52 +08:00
|
|
|
#include <linux/ctype.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <asm/page.h>
|
2006-09-03 06:56:39 +08:00
|
|
|
#include <asm/unaligned.h>
|
2011-01-14 03:59:55 +08:00
|
|
|
#include <crypto/hash.h>
|
|
|
|
#include <crypto/md5.h>
|
|
|
|
#include <crypto/algapi.h>
|
2016-01-24 21:16:36 +08:00
|
|
|
#include <crypto/skcipher.h>
|
2016-11-21 22:58:51 +08:00
|
|
|
#include <keys/user-type.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-10-22 00:44:59 +08:00
|
|
|
#include <linux/device-mapper.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-06-26 15:27:35 +08:00
|
|
|
#define DM_MSG_PREFIX "crypt"
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* context holding the current state of a multi-part conversion
|
|
|
|
*/
|
|
|
|
struct convert_context {
|
2008-02-08 10:11:09 +08:00
|
|
|
struct completion restart;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct bio *bio_in;
|
|
|
|
struct bio *bio_out;
|
2013-10-12 06:45:43 +08:00
|
|
|
struct bvec_iter iter_in;
|
|
|
|
struct bvec_iter iter_out;
|
2012-07-27 22:08:05 +08:00
|
|
|
sector_t cc_sector;
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_t cc_pending;
|
2016-01-24 21:16:36 +08:00
|
|
|
struct skcipher_request *req;
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2008-02-08 10:10:38 +08:00
|
|
|
/*
|
|
|
|
* per bio private data
|
|
|
|
*/
|
|
|
|
struct dm_crypt_io {
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc;
|
2008-02-08 10:10:38 +08:00
|
|
|
struct bio *base_bio;
|
|
|
|
struct work_struct work;
|
|
|
|
|
|
|
|
struct convert_context ctx;
|
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_t io_pending;
|
2008-02-08 10:10:38 +08:00
|
|
|
int error;
|
2008-02-08 10:10:54 +08:00
|
|
|
sector_t sector;
|
2015-02-13 21:25:59 +08:00
|
|
|
|
2015-02-13 21:27:41 +08:00
|
|
|
struct rb_node rb_node;
|
2014-03-29 03:51:55 +08:00
|
|
|
} CRYPTO_MINALIGN_ATTR;
|
2008-02-08 10:10:38 +08:00
|
|
|
|
2008-02-08 10:11:04 +08:00
|
|
|
struct dm_crypt_request {
|
2009-03-17 01:44:33 +08:00
|
|
|
struct convert_context *ctx;
|
2008-02-08 10:11:04 +08:00
|
|
|
struct scatterlist sg_in;
|
|
|
|
struct scatterlist sg_out;
|
2011-01-14 03:59:54 +08:00
|
|
|
sector_t iv_sector;
|
2008-02-08 10:11:04 +08:00
|
|
|
};
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
struct crypt_config;
|
|
|
|
|
|
|
|
struct crypt_iv_operations {
|
|
|
|
int (*ctr)(struct crypt_config *cc, struct dm_target *ti,
|
2007-10-20 05:42:37 +08:00
|
|
|
const char *opts);
|
2005-04-17 06:20:36 +08:00
|
|
|
void (*dtr)(struct crypt_config *cc);
|
2009-12-11 07:51:56 +08:00
|
|
|
int (*init)(struct crypt_config *cc);
|
2009-12-11 07:51:57 +08:00
|
|
|
int (*wipe)(struct crypt_config *cc);
|
2011-01-14 03:59:54 +08:00
|
|
|
int (*generator)(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq);
|
|
|
|
int (*post)(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq);
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2009-12-11 07:51:55 +08:00
|
|
|
struct iv_essiv_private {
|
2016-01-24 21:16:36 +08:00
|
|
|
struct crypto_ahash *hash_tfm;
|
2009-12-11 07:51:56 +08:00
|
|
|
u8 *salt;
|
2009-12-11 07:51:55 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct iv_benbi_private {
|
|
|
|
int shift;
|
|
|
|
};
|
|
|
|
|
2011-01-14 03:59:55 +08:00
|
|
|
#define LMK_SEED_SIZE 64 /* hash + 0 */
|
|
|
|
struct iv_lmk_private {
|
|
|
|
struct crypto_shash *hash_tfm;
|
|
|
|
u8 *seed;
|
|
|
|
};
|
|
|
|
|
2013-10-29 06:21:04 +08:00
|
|
|
#define TCW_WHITENING_SIZE 16
|
|
|
|
struct iv_tcw_private {
|
|
|
|
struct crypto_shash *crc32_tfm;
|
|
|
|
u8 *iv_seed;
|
|
|
|
u8 *whitening;
|
|
|
|
};
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Crypt: maps a linear range of a block device
|
|
|
|
* and encrypts / decrypts at the same time.
|
|
|
|
*/
|
2015-02-13 21:27:08 +08:00
|
|
|
enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID,
|
2016-09-21 22:22:29 +08:00
|
|
|
DM_CRYPT_SAME_CPU, DM_CRYPT_NO_OFFLOAD };
|
2011-01-14 03:59:53 +08:00
|
|
|
|
|
|
|
/*
|
2014-02-21 07:01:01 +08:00
|
|
|
* The fields in here must be read only after initialization.
|
2011-01-14 03:59:53 +08:00
|
|
|
*/
|
2005-04-17 06:20:36 +08:00
|
|
|
struct crypt_config {
|
|
|
|
struct dm_dev *dev;
|
|
|
|
sector_t start;
|
|
|
|
|
|
|
|
/*
|
2008-02-08 10:11:07 +08:00
|
|
|
* pool for per bio private data, crypto requests and
|
|
|
|
* encryption requeusts/buffer pages
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2008-02-08 10:11:07 +08:00
|
|
|
mempool_t *req_pool;
|
2005-04-17 06:20:36 +08:00
|
|
|
mempool_t *page_pool;
|
2006-10-03 16:15:40 +08:00
|
|
|
struct bio_set *bs;
|
2015-02-13 21:24:41 +08:00
|
|
|
struct mutex bio_alloc_lock;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-10-20 05:38:58 +08:00
|
|
|
struct workqueue_struct *io_queue;
|
|
|
|
struct workqueue_struct *crypt_queue;
|
2008-03-29 05:16:07 +08:00
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
struct task_struct *write_thread;
|
|
|
|
wait_queue_head_t write_thread_wait;
|
2015-02-13 21:27:41 +08:00
|
|
|
struct rb_root write_tree;
|
2015-02-13 21:25:59 +08:00
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
char *cipher;
|
2011-01-14 03:59:52 +08:00
|
|
|
char *cipher_string;
|
2016-11-21 22:58:51 +08:00
|
|
|
char *key_string;
|
2010-08-12 11:14:07 +08:00
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
const struct crypt_iv_operations *iv_gen_ops;
|
2006-12-06 05:41:52 +08:00
|
|
|
union {
|
2009-12-11 07:51:55 +08:00
|
|
|
struct iv_essiv_private essiv;
|
|
|
|
struct iv_benbi_private benbi;
|
2011-01-14 03:59:55 +08:00
|
|
|
struct iv_lmk_private lmk;
|
2013-10-29 06:21:04 +08:00
|
|
|
struct iv_tcw_private tcw;
|
2006-12-06 05:41:52 +08:00
|
|
|
} iv_gen_private;
|
2005-04-17 06:20:36 +08:00
|
|
|
sector_t iv_offset;
|
|
|
|
unsigned int iv_size;
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
/* ESSIV: struct crypto_cipher *essiv_tfm */
|
|
|
|
void *iv_private;
|
2016-01-24 21:16:36 +08:00
|
|
|
struct crypto_skcipher **tfms;
|
2011-01-14 03:59:54 +08:00
|
|
|
unsigned tfms_count;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2008-02-08 10:11:07 +08:00
|
|
|
/*
|
|
|
|
* Layout of each crypto request:
|
|
|
|
*
|
2016-01-24 21:16:36 +08:00
|
|
|
* struct skcipher_request
|
2008-02-08 10:11:07 +08:00
|
|
|
* context
|
|
|
|
* padding
|
|
|
|
* struct dm_crypt_request
|
|
|
|
* padding
|
|
|
|
* IV
|
|
|
|
*
|
|
|
|
* The padding is added so that dm_crypt_request and the IV are
|
|
|
|
* correctly aligned.
|
|
|
|
*/
|
|
|
|
unsigned int dmreq_start;
|
|
|
|
|
2014-03-29 03:51:55 +08:00
|
|
|
unsigned int per_bio_data_size;
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
unsigned long flags;
|
2005-04-17 06:20:36 +08:00
|
|
|
unsigned int key_size;
|
2013-10-29 06:21:03 +08:00
|
|
|
unsigned int key_parts; /* independent parts in key buffer */
|
|
|
|
unsigned int key_extra_size; /* additional keys length */
|
2005-04-17 06:20:36 +08:00
|
|
|
u8 key[0];
|
|
|
|
};
|
|
|
|
|
2016-07-16 05:30:20 +08:00
|
|
|
#define MIN_IOS 64
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-07-13 00:26:32 +08:00
|
|
|
static void clone_init(struct dm_crypt_io *, struct bio *);
|
2008-02-08 10:10:52 +08:00
|
|
|
static void kcryptd_queue_crypt(struct dm_crypt_io *io);
|
2011-01-14 03:59:54 +08:00
|
|
|
static u8 *iv_of_dmreq(struct crypt_config *cc, struct dm_crypt_request *dmreq);
|
2007-05-09 17:32:52 +08:00
|
|
|
|
2011-01-14 03:59:53 +08:00
|
|
|
/*
|
|
|
|
* Use this to access cipher attributes that are the same for each CPU.
|
|
|
|
*/
|
2016-01-24 21:16:36 +08:00
|
|
|
static struct crypto_skcipher *any_tfm(struct crypt_config *cc)
|
2011-01-14 03:59:53 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
return cc->tfms[0];
|
2011-01-14 03:59:53 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Different IV generation algorithms:
|
|
|
|
*
|
2006-09-02 16:17:33 +08:00
|
|
|
* plain: the initial vector is the 32-bit little-endian version of the sector
|
2007-10-20 05:10:43 +08:00
|
|
|
* number, padded with zeros if necessary.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
2009-12-11 07:52:25 +08:00
|
|
|
* plain64: the initial vector is the 64-bit little-endian version of the sector
|
|
|
|
* number, padded with zeros if necessary.
|
|
|
|
*
|
2006-09-02 16:17:33 +08:00
|
|
|
* essiv: "encrypted sector|salt initial vector", the sector number is
|
|
|
|
* encrypted with the bulk cipher using a salt as key. The salt
|
|
|
|
* should be derived from the bulk cipher's key via hashing.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
2006-09-03 06:56:39 +08:00
|
|
|
* benbi: the 64-bit "big-endian 'narrow block'-count", starting at 1
|
|
|
|
* (needed for LRW-32-AES and possible other narrow block modes)
|
|
|
|
*
|
2007-05-09 17:32:55 +08:00
|
|
|
* null: the initial vector is always zero. Provides compatibility with
|
|
|
|
* obsolete loop_fish2 devices. Do not use for new devices.
|
|
|
|
*
|
2011-01-14 03:59:55 +08:00
|
|
|
* lmk: Compatible implementation of the block chaining mode used
|
|
|
|
* by the Loop-AES block device encryption system
|
|
|
|
* designed by Jari Ruusu. See http://loop-aes.sourceforge.net/
|
|
|
|
* It operates on full 512 byte sectors and uses CBC
|
|
|
|
* with an IV derived from the sector number, the data and
|
|
|
|
* optionally extra IV seed.
|
|
|
|
* This means that after decryption the first block
|
|
|
|
* of sector must be tweaked according to decrypted data.
|
|
|
|
* Loop-AES can use three encryption schemes:
|
|
|
|
* version 1: is plain aes-cbc mode
|
|
|
|
* version 2: uses 64 multikey scheme with lmk IV generator
|
|
|
|
* version 3: the same as version 2 with additional IV seed
|
|
|
|
* (it uses 65 keys, last key is used as IV seed)
|
|
|
|
*
|
2013-10-29 06:21:04 +08:00
|
|
|
* tcw: Compatible implementation of the block chaining mode used
|
|
|
|
* by the TrueCrypt device encryption system (prior to version 4.1).
|
2015-04-06 00:03:10 +08:00
|
|
|
* For more info see: https://gitlab.com/cryptsetup/cryptsetup/wikis/TrueCryptOnDiskFormat
|
2013-10-29 06:21:04 +08:00
|
|
|
* It operates on full 512 byte sectors and uses CBC
|
|
|
|
* with an IV derived from initial key and the sector number.
|
|
|
|
* In addition, whitening value is applied on every sector, whitening
|
|
|
|
* is calculated from initial key, sector number and mixed using CRC32.
|
|
|
|
* Note that this encryption scheme is vulnerable to watermarking attacks
|
|
|
|
* and should be used for old compatible containers access only.
|
|
|
|
*
|
2005-04-17 06:20:36 +08:00
|
|
|
* plumb: unimplemented, see:
|
|
|
|
* http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/454
|
|
|
|
*/
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
static int crypt_iv_plain_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
memset(iv, 0, cc->iv_size);
|
2011-08-02 19:32:01 +08:00
|
|
|
*(__le32 *)iv = cpu_to_le32(dmreq->iv_sector & 0xffffffff);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-12-11 07:52:25 +08:00
|
|
|
static int crypt_iv_plain64_gen(struct crypt_config *cc, u8 *iv,
|
2011-01-14 03:59:54 +08:00
|
|
|
struct dm_crypt_request *dmreq)
|
2009-12-11 07:52:25 +08:00
|
|
|
{
|
|
|
|
memset(iv, 0, cc->iv_size);
|
2011-08-02 19:32:01 +08:00
|
|
|
*(__le64 *)iv = cpu_to_le64(dmreq->iv_sector);
|
2009-12-11 07:52:25 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:56 +08:00
|
|
|
/* Initialise ESSIV - compute salt but no local memory allocations */
|
|
|
|
static int crypt_iv_essiv_init(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
|
2016-01-24 21:16:36 +08:00
|
|
|
AHASH_REQUEST_ON_STACK(req, essiv->hash_tfm);
|
2009-12-11 07:51:56 +08:00
|
|
|
struct scatterlist sg;
|
2011-01-14 03:59:53 +08:00
|
|
|
struct crypto_cipher *essiv_tfm;
|
2012-07-27 22:08:05 +08:00
|
|
|
int err;
|
2009-12-11 07:51:56 +08:00
|
|
|
|
|
|
|
sg_init_one(&sg, cc->key, cc->key_size);
|
2016-01-24 21:16:36 +08:00
|
|
|
ahash_request_set_tfm(req, essiv->hash_tfm);
|
|
|
|
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
|
|
|
|
ahash_request_set_crypt(req, &sg, essiv->salt, cc->key_size);
|
2009-12-11 07:51:56 +08:00
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
err = crypto_ahash_digest(req);
|
|
|
|
ahash_request_zero(req);
|
2009-12-11 07:51:56 +08:00
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
essiv_tfm = cc->iv_private;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
err = crypto_cipher_setkey(essiv_tfm, essiv->salt,
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_ahash_digestsize(essiv->hash_tfm));
|
2012-07-27 22:08:05 +08:00
|
|
|
if (err)
|
|
|
|
return err;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
|
|
|
return 0;
|
2009-12-11 07:51:56 +08:00
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:57 +08:00
|
|
|
/* Wipe salt and reset key derived from volume key */
|
|
|
|
static int crypt_iv_essiv_wipe(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
|
2016-01-24 21:16:36 +08:00
|
|
|
unsigned salt_size = crypto_ahash_digestsize(essiv->hash_tfm);
|
2011-01-14 03:59:53 +08:00
|
|
|
struct crypto_cipher *essiv_tfm;
|
2012-07-27 22:08:05 +08:00
|
|
|
int r, err = 0;
|
2009-12-11 07:51:57 +08:00
|
|
|
|
|
|
|
memset(essiv->salt, 0, salt_size);
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
essiv_tfm = cc->iv_private;
|
|
|
|
r = crypto_cipher_setkey(essiv_tfm, essiv->salt, salt_size);
|
|
|
|
if (r)
|
|
|
|
err = r;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set up per cpu cipher state */
|
|
|
|
static struct crypto_cipher *setup_essiv_cpu(struct crypt_config *cc,
|
|
|
|
struct dm_target *ti,
|
|
|
|
u8 *salt, unsigned saltsize)
|
|
|
|
{
|
|
|
|
struct crypto_cipher *essiv_tfm;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
/* Setup the essiv_tfm with the given salt */
|
|
|
|
essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
|
|
|
|
if (IS_ERR(essiv_tfm)) {
|
|
|
|
ti->error = "Error allocating crypto tfm for ESSIV";
|
|
|
|
return essiv_tfm;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (crypto_cipher_blocksize(essiv_tfm) !=
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_skcipher_ivsize(any_tfm(cc))) {
|
2011-01-14 03:59:53 +08:00
|
|
|
ti->error = "Block size of ESSIV cipher does "
|
|
|
|
"not match IV size of block cipher";
|
|
|
|
crypto_free_cipher(essiv_tfm);
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
}
|
|
|
|
|
|
|
|
err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
|
|
|
|
if (err) {
|
|
|
|
ti->error = "Failed to set key for ESSIV cipher";
|
|
|
|
crypto_free_cipher(essiv_tfm);
|
|
|
|
return ERR_PTR(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
return essiv_tfm;
|
2009-12-11 07:51:57 +08:00
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:55 +08:00
|
|
|
static void crypt_iv_essiv_dtr(struct crypt_config *cc)
|
|
|
|
{
|
2011-01-14 03:59:53 +08:00
|
|
|
struct crypto_cipher *essiv_tfm;
|
2009-12-11 07:51:55 +08:00
|
|
|
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_free_ahash(essiv->hash_tfm);
|
2009-12-11 07:51:56 +08:00
|
|
|
essiv->hash_tfm = NULL;
|
|
|
|
|
|
|
|
kzfree(essiv->salt);
|
|
|
|
essiv->salt = NULL;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
essiv_tfm = cc->iv_private;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
if (essiv_tfm)
|
|
|
|
crypto_free_cipher(essiv_tfm);
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
cc->iv_private = NULL;
|
2009-12-11 07:51:55 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
|
2007-10-20 05:42:37 +08:00
|
|
|
const char *opts)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2009-12-11 07:51:56 +08:00
|
|
|
struct crypto_cipher *essiv_tfm = NULL;
|
2016-01-24 21:16:36 +08:00
|
|
|
struct crypto_ahash *hash_tfm = NULL;
|
2009-12-11 07:51:56 +08:00
|
|
|
u8 *salt = NULL;
|
2012-07-27 22:08:05 +08:00
|
|
|
int err;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-12-11 07:51:56 +08:00
|
|
|
if (!opts) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Digest algorithm missing for ESSIV mode";
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:56 +08:00
|
|
|
/* Allocate hash algorithm */
|
2016-01-24 21:16:36 +08:00
|
|
|
hash_tfm = crypto_alloc_ahash(opts, 0, CRYPTO_ALG_ASYNC);
|
2006-08-24 17:10:20 +08:00
|
|
|
if (IS_ERR(hash_tfm)) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Error initializing ESSIV hash";
|
2009-12-11 07:51:56 +08:00
|
|
|
err = PTR_ERR(hash_tfm);
|
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
salt = kzalloc(crypto_ahash_digestsize(hash_tfm), GFP_KERNEL);
|
2009-12-11 07:51:56 +08:00
|
|
|
if (!salt) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Error kmallocing salt storage in ESSIV";
|
2009-12-11 07:51:56 +08:00
|
|
|
err = -ENOMEM;
|
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:56 +08:00
|
|
|
cc->iv_gen_private.essiv.salt = salt;
|
|
|
|
cc->iv_gen_private.essiv.hash_tfm = hash_tfm;
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
essiv_tfm = setup_essiv_cpu(cc, ti, salt,
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_ahash_digestsize(hash_tfm));
|
2012-07-27 22:08:05 +08:00
|
|
|
if (IS_ERR(essiv_tfm)) {
|
|
|
|
crypt_iv_essiv_dtr(cc);
|
|
|
|
return PTR_ERR(essiv_tfm);
|
2011-01-14 03:59:53 +08:00
|
|
|
}
|
2012-07-27 22:08:05 +08:00
|
|
|
cc->iv_private = essiv_tfm;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
2009-12-11 07:51:56 +08:00
|
|
|
|
|
|
|
bad:
|
|
|
|
if (hash_tfm && !IS_ERR(hash_tfm))
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_free_ahash(hash_tfm);
|
2009-12-11 07:51:56 +08:00
|
|
|
kfree(salt);
|
2009-12-11 07:51:56 +08:00
|
|
|
return err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypto_cipher *essiv_tfm = cc->iv_private;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
memset(iv, 0, cc->iv_size);
|
2011-08-02 19:32:01 +08:00
|
|
|
*(__le64 *)iv = cpu_to_le64(dmreq->iv_sector);
|
2011-01-14 03:59:53 +08:00
|
|
|
crypto_cipher_encrypt_one(essiv_tfm, iv, iv);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-09-03 06:56:39 +08:00
|
|
|
static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
|
|
|
|
const char *opts)
|
|
|
|
{
|
2016-01-24 21:16:36 +08:00
|
|
|
unsigned bs = crypto_skcipher_blocksize(any_tfm(cc));
|
2006-12-08 18:37:49 +08:00
|
|
|
int log = ilog2(bs);
|
2006-09-03 06:56:39 +08:00
|
|
|
|
|
|
|
/* we need to calculate how far we must shift the sector count
|
|
|
|
* to get the cipher block count, we use this shift in _gen */
|
|
|
|
|
|
|
|
if (1 << log != bs) {
|
|
|
|
ti->error = "cypher blocksize is not a power of 2";
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (log > 9) {
|
|
|
|
ti->error = "cypher blocksize is > 512";
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:55 +08:00
|
|
|
cc->iv_gen_private.benbi.shift = 9 - log;
|
2006-09-03 06:56:39 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void crypt_iv_benbi_dtr(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
static int crypt_iv_benbi_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
2006-09-03 06:56:39 +08:00
|
|
|
{
|
2006-12-06 05:41:52 +08:00
|
|
|
__be64 val;
|
|
|
|
|
2006-09-03 06:56:39 +08:00
|
|
|
memset(iv, 0, cc->iv_size - sizeof(u64)); /* rest is cleared below */
|
2006-12-06 05:41:52 +08:00
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
val = cpu_to_be64(((u64)dmreq->iv_sector << cc->iv_gen_private.benbi.shift) + 1);
|
2006-12-06 05:41:52 +08:00
|
|
|
put_unaligned(val, (__be64 *)(iv + cc->iv_size - sizeof(u64)));
|
2006-09-03 06:56:39 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
static int crypt_iv_null_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
2007-05-09 17:32:55 +08:00
|
|
|
{
|
|
|
|
memset(iv, 0, cc->iv_size);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:55 +08:00
|
|
|
static void crypt_iv_lmk_dtr(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
|
|
|
|
|
|
|
|
if (lmk->hash_tfm && !IS_ERR(lmk->hash_tfm))
|
|
|
|
crypto_free_shash(lmk->hash_tfm);
|
|
|
|
lmk->hash_tfm = NULL;
|
|
|
|
|
|
|
|
kzfree(lmk->seed);
|
|
|
|
lmk->seed = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_ctr(struct crypt_config *cc, struct dm_target *ti,
|
|
|
|
const char *opts)
|
|
|
|
{
|
|
|
|
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
|
|
|
|
|
|
|
|
lmk->hash_tfm = crypto_alloc_shash("md5", 0, 0);
|
|
|
|
if (IS_ERR(lmk->hash_tfm)) {
|
|
|
|
ti->error = "Error initializing LMK hash";
|
|
|
|
return PTR_ERR(lmk->hash_tfm);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* No seed in LMK version 2 */
|
|
|
|
if (cc->key_parts == cc->tfms_count) {
|
|
|
|
lmk->seed = NULL;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
lmk->seed = kzalloc(LMK_SEED_SIZE, GFP_KERNEL);
|
|
|
|
if (!lmk->seed) {
|
|
|
|
crypt_iv_lmk_dtr(cc);
|
|
|
|
ti->error = "Error kmallocing seed storage in LMK";
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_init(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
|
|
|
|
int subkey_size = cc->key_size / cc->key_parts;
|
|
|
|
|
|
|
|
/* LMK seed is on the position of LMK_KEYS + 1 key */
|
|
|
|
if (lmk->seed)
|
|
|
|
memcpy(lmk->seed, cc->key + (cc->tfms_count * subkey_size),
|
|
|
|
crypto_shash_digestsize(lmk->hash_tfm));
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_wipe(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
|
|
|
|
|
|
|
|
if (lmk->seed)
|
|
|
|
memset(lmk->seed, 0, LMK_SEED_SIZE);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq,
|
|
|
|
u8 *data)
|
|
|
|
{
|
|
|
|
struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
|
2012-07-02 19:50:54 +08:00
|
|
|
SHASH_DESC_ON_STACK(desc, lmk->hash_tfm);
|
2011-01-14 03:59:55 +08:00
|
|
|
struct md5_state md5state;
|
2013-10-29 06:21:03 +08:00
|
|
|
__le32 buf[4];
|
2011-01-14 03:59:55 +08:00
|
|
|
int i, r;
|
|
|
|
|
2012-07-02 19:50:54 +08:00
|
|
|
desc->tfm = lmk->hash_tfm;
|
|
|
|
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
|
2011-01-14 03:59:55 +08:00
|
|
|
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_init(desc);
|
2011-01-14 03:59:55 +08:00
|
|
|
if (r)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (lmk->seed) {
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_update(desc, lmk->seed, LMK_SEED_SIZE);
|
2011-01-14 03:59:55 +08:00
|
|
|
if (r)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Sector is always 512B, block size 16, add data of blocks 1-31 */
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_update(desc, data + 16, 16 * 31);
|
2011-01-14 03:59:55 +08:00
|
|
|
if (r)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* Sector is cropped to 56 bits here */
|
|
|
|
buf[0] = cpu_to_le32(dmreq->iv_sector & 0xFFFFFFFF);
|
|
|
|
buf[1] = cpu_to_le32((((u64)dmreq->iv_sector >> 32) & 0x00FFFFFF) | 0x80000000);
|
|
|
|
buf[2] = cpu_to_le32(4024);
|
|
|
|
buf[3] = 0;
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_update(desc, (u8 *)buf, sizeof(buf));
|
2011-01-14 03:59:55 +08:00
|
|
|
if (r)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* No MD5 padding here */
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_export(desc, &md5state);
|
2011-01-14 03:59:55 +08:00
|
|
|
if (r)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
for (i = 0; i < MD5_HASH_WORDS; i++)
|
|
|
|
__cpu_to_le32s(&md5state.hash[i]);
|
|
|
|
memcpy(iv, &md5state.hash, cc->iv_size);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
|
|
|
u8 *src;
|
|
|
|
int r = 0;
|
|
|
|
|
|
|
|
if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) {
|
2011-11-28 13:26:02 +08:00
|
|
|
src = kmap_atomic(sg_page(&dmreq->sg_in));
|
2011-01-14 03:59:55 +08:00
|
|
|
r = crypt_iv_lmk_one(cc, iv, dmreq, src + dmreq->sg_in.offset);
|
2011-11-28 13:26:02 +08:00
|
|
|
kunmap_atomic(src);
|
2011-01-14 03:59:55 +08:00
|
|
|
} else
|
|
|
|
memset(iv, 0, cc->iv_size);
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
|
|
|
u8 *dst;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
if (bio_data_dir(dmreq->ctx->bio_in) == WRITE)
|
|
|
|
return 0;
|
|
|
|
|
2011-11-28 13:26:02 +08:00
|
|
|
dst = kmap_atomic(sg_page(&dmreq->sg_out));
|
2011-01-14 03:59:55 +08:00
|
|
|
r = crypt_iv_lmk_one(cc, iv, dmreq, dst + dmreq->sg_out.offset);
|
|
|
|
|
|
|
|
/* Tweak the first block of plaintext sector */
|
|
|
|
if (!r)
|
|
|
|
crypto_xor(dst + dmreq->sg_out.offset, iv, cc->iv_size);
|
|
|
|
|
2011-11-28 13:26:02 +08:00
|
|
|
kunmap_atomic(dst);
|
2011-01-14 03:59:55 +08:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2013-10-29 06:21:04 +08:00
|
|
|
static void crypt_iv_tcw_dtr(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
|
|
|
|
|
|
|
kzfree(tcw->iv_seed);
|
|
|
|
tcw->iv_seed = NULL;
|
|
|
|
kzfree(tcw->whitening);
|
|
|
|
tcw->whitening = NULL;
|
|
|
|
|
|
|
|
if (tcw->crc32_tfm && !IS_ERR(tcw->crc32_tfm))
|
|
|
|
crypto_free_shash(tcw->crc32_tfm);
|
|
|
|
tcw->crc32_tfm = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_ctr(struct crypt_config *cc, struct dm_target *ti,
|
|
|
|
const char *opts)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
|
|
|
|
|
|
|
if (cc->key_size <= (cc->iv_size + TCW_WHITENING_SIZE)) {
|
|
|
|
ti->error = "Wrong key size for TCW";
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
tcw->crc32_tfm = crypto_alloc_shash("crc32", 0, 0);
|
|
|
|
if (IS_ERR(tcw->crc32_tfm)) {
|
|
|
|
ti->error = "Error initializing CRC32 in TCW";
|
|
|
|
return PTR_ERR(tcw->crc32_tfm);
|
|
|
|
}
|
|
|
|
|
|
|
|
tcw->iv_seed = kzalloc(cc->iv_size, GFP_KERNEL);
|
|
|
|
tcw->whitening = kzalloc(TCW_WHITENING_SIZE, GFP_KERNEL);
|
|
|
|
if (!tcw->iv_seed || !tcw->whitening) {
|
|
|
|
crypt_iv_tcw_dtr(cc);
|
|
|
|
ti->error = "Error allocating seed storage in TCW";
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_init(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
|
|
|
int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;
|
|
|
|
|
|
|
|
memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size);
|
|
|
|
memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size],
|
|
|
|
TCW_WHITENING_SIZE);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_wipe(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
|
|
|
|
|
|
|
memset(tcw->iv_seed, 0, cc->iv_size);
|
|
|
|
memset(tcw->whitening, 0, TCW_WHITENING_SIZE);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_whitening(struct crypt_config *cc,
|
|
|
|
struct dm_crypt_request *dmreq,
|
|
|
|
u8 *data)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
2016-06-28 22:32:32 +08:00
|
|
|
__le64 sector = cpu_to_le64(dmreq->iv_sector);
|
2013-10-29 06:21:04 +08:00
|
|
|
u8 buf[TCW_WHITENING_SIZE];
|
2012-07-02 19:50:54 +08:00
|
|
|
SHASH_DESC_ON_STACK(desc, tcw->crc32_tfm);
|
2013-10-29 06:21:04 +08:00
|
|
|
int i, r;
|
|
|
|
|
|
|
|
/* xor whitening with sector number */
|
|
|
|
memcpy(buf, tcw->whitening, TCW_WHITENING_SIZE);
|
|
|
|
crypto_xor(buf, (u8 *)§or, 8);
|
|
|
|
crypto_xor(&buf[8], (u8 *)§or, 8);
|
|
|
|
|
|
|
|
/* calculate crc32 for every 32bit part and xor it */
|
2012-07-02 19:50:54 +08:00
|
|
|
desc->tfm = tcw->crc32_tfm;
|
|
|
|
desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
|
2013-10-29 06:21:04 +08:00
|
|
|
for (i = 0; i < 4; i++) {
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_init(desc);
|
2013-10-29 06:21:04 +08:00
|
|
|
if (r)
|
|
|
|
goto out;
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_update(desc, &buf[i * 4], 4);
|
2013-10-29 06:21:04 +08:00
|
|
|
if (r)
|
|
|
|
goto out;
|
2012-07-02 19:50:54 +08:00
|
|
|
r = crypto_shash_final(desc, &buf[i * 4]);
|
2013-10-29 06:21:04 +08:00
|
|
|
if (r)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
crypto_xor(&buf[0], &buf[12], 4);
|
|
|
|
crypto_xor(&buf[4], &buf[8], 4);
|
|
|
|
|
|
|
|
/* apply whitening (8 bytes) to whole sector */
|
|
|
|
for (i = 0; i < ((1 << SECTOR_SHIFT) / 8); i++)
|
|
|
|
crypto_xor(data + i * 8, buf, 8);
|
|
|
|
out:
|
2014-11-22 16:36:04 +08:00
|
|
|
memzero_explicit(buf, sizeof(buf));
|
2013-10-29 06:21:04 +08:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_gen(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
|
|
|
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
|
2016-06-28 22:32:32 +08:00
|
|
|
__le64 sector = cpu_to_le64(dmreq->iv_sector);
|
2013-10-29 06:21:04 +08:00
|
|
|
u8 *src;
|
|
|
|
int r = 0;
|
|
|
|
|
|
|
|
/* Remove whitening from ciphertext */
|
|
|
|
if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) {
|
|
|
|
src = kmap_atomic(sg_page(&dmreq->sg_in));
|
|
|
|
r = crypt_iv_tcw_whitening(cc, dmreq, src + dmreq->sg_in.offset);
|
|
|
|
kunmap_atomic(src);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Calculate IV */
|
|
|
|
memcpy(iv, tcw->iv_seed, cc->iv_size);
|
|
|
|
crypto_xor(iv, (u8 *)§or, 8);
|
|
|
|
if (cc->iv_size > 8)
|
|
|
|
crypto_xor(&iv[8], (u8 *)§or, cc->iv_size - 8);
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_iv_tcw_post(struct crypt_config *cc, u8 *iv,
|
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
|
|
|
u8 *dst;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
if (bio_data_dir(dmreq->ctx->bio_in) != WRITE)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Apply whitening on ciphertext */
|
|
|
|
dst = kmap_atomic(sg_page(&dmreq->sg_out));
|
|
|
|
r = crypt_iv_tcw_whitening(cc, dmreq, dst + dmreq->sg_out.offset);
|
|
|
|
kunmap_atomic(dst);
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_plain_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.generator = crypt_iv_plain_gen
|
|
|
|
};
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_plain64_ops = {
|
2009-12-11 07:52:25 +08:00
|
|
|
.generator = crypt_iv_plain64_gen
|
|
|
|
};
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_essiv_ops = {
|
2005-04-17 06:20:36 +08:00
|
|
|
.ctr = crypt_iv_essiv_ctr,
|
|
|
|
.dtr = crypt_iv_essiv_dtr,
|
2009-12-11 07:51:56 +08:00
|
|
|
.init = crypt_iv_essiv_init,
|
2009-12-11 07:51:57 +08:00
|
|
|
.wipe = crypt_iv_essiv_wipe,
|
2005-04-17 06:20:36 +08:00
|
|
|
.generator = crypt_iv_essiv_gen
|
|
|
|
};
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_benbi_ops = {
|
2006-09-03 06:56:39 +08:00
|
|
|
.ctr = crypt_iv_benbi_ctr,
|
|
|
|
.dtr = crypt_iv_benbi_dtr,
|
|
|
|
.generator = crypt_iv_benbi_gen
|
|
|
|
};
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_null_ops = {
|
2007-05-09 17:32:55 +08:00
|
|
|
.generator = crypt_iv_null_gen
|
|
|
|
};
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_lmk_ops = {
|
2011-01-14 03:59:55 +08:00
|
|
|
.ctr = crypt_iv_lmk_ctr,
|
|
|
|
.dtr = crypt_iv_lmk_dtr,
|
|
|
|
.init = crypt_iv_lmk_init,
|
|
|
|
.wipe = crypt_iv_lmk_wipe,
|
|
|
|
.generator = crypt_iv_lmk_gen,
|
|
|
|
.post = crypt_iv_lmk_post
|
|
|
|
};
|
|
|
|
|
2015-11-29 21:09:19 +08:00
|
|
|
static const struct crypt_iv_operations crypt_iv_tcw_ops = {
|
2013-10-29 06:21:04 +08:00
|
|
|
.ctr = crypt_iv_tcw_ctr,
|
|
|
|
.dtr = crypt_iv_tcw_dtr,
|
|
|
|
.init = crypt_iv_tcw_init,
|
|
|
|
.wipe = crypt_iv_tcw_wipe,
|
|
|
|
.generator = crypt_iv_tcw_gen,
|
|
|
|
.post = crypt_iv_tcw_post
|
|
|
|
};
|
|
|
|
|
2007-10-20 05:42:37 +08:00
|
|
|
static void crypt_convert_init(struct crypt_config *cc,
|
|
|
|
struct convert_context *ctx,
|
|
|
|
struct bio *bio_out, struct bio *bio_in,
|
2008-02-08 10:10:41 +08:00
|
|
|
sector_t sector)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
ctx->bio_in = bio_in;
|
|
|
|
ctx->bio_out = bio_out;
|
2013-10-12 06:45:43 +08:00
|
|
|
if (bio_in)
|
|
|
|
ctx->iter_in = bio_in->bi_iter;
|
|
|
|
if (bio_out)
|
|
|
|
ctx->iter_out = bio_out->bi_iter;
|
2012-07-27 22:08:05 +08:00
|
|
|
ctx->cc_sector = sector + cc->iv_offset;
|
2008-02-08 10:11:09 +08:00
|
|
|
init_completion(&ctx->restart);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2009-03-17 01:44:33 +08:00
|
|
|
static struct dm_crypt_request *dmreq_of_req(struct crypt_config *cc,
|
2016-01-24 21:16:36 +08:00
|
|
|
struct skcipher_request *req)
|
2009-03-17 01:44:33 +08:00
|
|
|
{
|
|
|
|
return (struct dm_crypt_request *)((char *)req + cc->dmreq_start);
|
|
|
|
}
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
static struct skcipher_request *req_of_dmreq(struct crypt_config *cc,
|
2009-03-17 01:44:33 +08:00
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
2016-01-24 21:16:36 +08:00
|
|
|
return (struct skcipher_request *)((char *)dmreq - cc->dmreq_start);
|
2009-03-17 01:44:33 +08:00
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
static u8 *iv_of_dmreq(struct crypt_config *cc,
|
|
|
|
struct dm_crypt_request *dmreq)
|
|
|
|
{
|
|
|
|
return (u8 *)ALIGN((unsigned long)(dmreq + 1),
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_skcipher_alignmask(any_tfm(cc)) + 1);
|
2011-01-14 03:59:54 +08:00
|
|
|
}
|
|
|
|
|
2008-02-08 10:11:04 +08:00
|
|
|
static int crypt_convert_block(struct crypt_config *cc,
|
2008-02-08 10:11:14 +08:00
|
|
|
struct convert_context *ctx,
|
2016-01-24 21:16:36 +08:00
|
|
|
struct skcipher_request *req)
|
2008-02-08 10:11:04 +08:00
|
|
|
{
|
2013-10-12 06:45:43 +08:00
|
|
|
struct bio_vec bv_in = bio_iter_iovec(ctx->bio_in, ctx->iter_in);
|
|
|
|
struct bio_vec bv_out = bio_iter_iovec(ctx->bio_out, ctx->iter_out);
|
2008-02-08 10:11:14 +08:00
|
|
|
struct dm_crypt_request *dmreq;
|
|
|
|
u8 *iv;
|
2012-07-27 22:08:04 +08:00
|
|
|
int r;
|
2008-02-08 10:11:14 +08:00
|
|
|
|
2009-03-17 01:44:33 +08:00
|
|
|
dmreq = dmreq_of_req(cc, req);
|
2011-01-14 03:59:54 +08:00
|
|
|
iv = iv_of_dmreq(cc, dmreq);
|
2008-02-08 10:11:04 +08:00
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
dmreq->iv_sector = ctx->cc_sector;
|
2009-03-17 01:44:33 +08:00
|
|
|
dmreq->ctx = ctx;
|
2008-02-08 10:11:14 +08:00
|
|
|
sg_init_table(&dmreq->sg_in, 1);
|
2013-10-12 06:45:43 +08:00
|
|
|
sg_set_page(&dmreq->sg_in, bv_in.bv_page, 1 << SECTOR_SHIFT,
|
|
|
|
bv_in.bv_offset);
|
2008-02-08 10:11:04 +08:00
|
|
|
|
2008-02-08 10:11:14 +08:00
|
|
|
sg_init_table(&dmreq->sg_out, 1);
|
2013-10-12 06:45:43 +08:00
|
|
|
sg_set_page(&dmreq->sg_out, bv_out.bv_page, 1 << SECTOR_SHIFT,
|
|
|
|
bv_out.bv_offset);
|
2008-02-08 10:11:04 +08:00
|
|
|
|
2013-10-12 06:45:43 +08:00
|
|
|
bio_advance_iter(ctx->bio_in, &ctx->iter_in, 1 << SECTOR_SHIFT);
|
|
|
|
bio_advance_iter(ctx->bio_out, &ctx->iter_out, 1 << SECTOR_SHIFT);
|
2008-02-08 10:11:04 +08:00
|
|
|
|
2008-02-08 10:11:14 +08:00
|
|
|
if (cc->iv_gen_ops) {
|
2011-01-14 03:59:54 +08:00
|
|
|
r = cc->iv_gen_ops->generator(cc, iv, dmreq);
|
2008-02-08 10:11:14 +08:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
skcipher_request_set_crypt(req, &dmreq->sg_in, &dmreq->sg_out,
|
|
|
|
1 << SECTOR_SHIFT, iv);
|
2008-02-08 10:11:14 +08:00
|
|
|
|
|
|
|
if (bio_data_dir(ctx->bio_in) == WRITE)
|
2016-01-24 21:16:36 +08:00
|
|
|
r = crypto_skcipher_encrypt(req);
|
2008-02-08 10:11:14 +08:00
|
|
|
else
|
2016-01-24 21:16:36 +08:00
|
|
|
r = crypto_skcipher_decrypt(req);
|
2008-02-08 10:11:14 +08:00
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post)
|
|
|
|
r = cc->iv_gen_ops->post(cc, iv, dmreq);
|
|
|
|
|
2008-02-08 10:11:14 +08:00
|
|
|
return r;
|
2008-02-08 10:11:04 +08:00
|
|
|
}
|
|
|
|
|
2008-02-08 10:11:12 +08:00
|
|
|
static void kcryptd_async_done(struct crypto_async_request *async_req,
|
|
|
|
int error);
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2008-02-08 10:11:07 +08:00
|
|
|
static void crypt_alloc_req(struct crypt_config *cc,
|
|
|
|
struct convert_context *ctx)
|
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
unsigned key_index = ctx->cc_sector & (cc->tfms_count - 1);
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2014-02-21 07:01:01 +08:00
|
|
|
if (!ctx->req)
|
|
|
|
ctx->req = mempool_alloc(cc->req_pool, GFP_NOIO);
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
skcipher_request_set_tfm(ctx->req, cc->tfms[key_index]);
|
2015-05-15 23:00:25 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Use REQ_MAY_BACKLOG so a cipher driver internally backlogs
|
|
|
|
* requests if driver request queue is full.
|
|
|
|
*/
|
2016-01-24 21:16:36 +08:00
|
|
|
skcipher_request_set_callback(ctx->req,
|
2011-01-14 03:59:53 +08:00
|
|
|
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
|
2014-02-21 07:01:01 +08:00
|
|
|
kcryptd_async_done, dmreq_of_req(cc, ctx->req));
|
2008-02-08 10:11:07 +08:00
|
|
|
}
|
|
|
|
|
2014-03-29 03:51:55 +08:00
|
|
|
static void crypt_free_req(struct crypt_config *cc,
|
2016-01-24 21:16:36 +08:00
|
|
|
struct skcipher_request *req, struct bio *base_bio)
|
2014-03-29 03:51:55 +08:00
|
|
|
{
|
|
|
|
struct dm_crypt_io *io = dm_per_bio_data(base_bio, cc->per_bio_data_size);
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
if ((struct skcipher_request *)(io + 1) != req)
|
2014-03-29 03:51:55 +08:00
|
|
|
mempool_free(req, cc->req_pool);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Encrypt / decrypt data from one bio to another one (can be the same one)
|
|
|
|
*/
|
|
|
|
static int crypt_convert(struct crypt_config *cc,
|
2007-10-20 05:42:37 +08:00
|
|
|
struct convert_context *ctx)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2008-03-29 05:16:07 +08:00
|
|
|
int r;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_set(&ctx->cc_pending, 1);
|
2008-10-10 20:37:08 +08:00
|
|
|
|
2013-10-12 06:45:43 +08:00
|
|
|
while (ctx->iter_in.bi_size && ctx->iter_out.bi_size) {
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-02-08 10:11:14 +08:00
|
|
|
crypt_alloc_req(cc, ctx);
|
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_inc(&ctx->cc_pending);
|
2008-03-29 05:16:07 +08:00
|
|
|
|
2014-02-21 07:01:01 +08:00
|
|
|
r = crypt_convert_block(cc, ctx, ctx->req);
|
2008-02-08 10:11:14 +08:00
|
|
|
|
|
|
|
switch (r) {
|
2015-05-15 23:00:25 +08:00
|
|
|
/*
|
|
|
|
* The request was queued by a crypto driver
|
|
|
|
* but the driver request queue is full, let's wait.
|
|
|
|
*/
|
2008-02-08 10:11:14 +08:00
|
|
|
case -EBUSY:
|
|
|
|
wait_for_completion(&ctx->restart);
|
2013-11-15 06:32:02 +08:00
|
|
|
reinit_completion(&ctx->restart);
|
2015-05-15 23:00:25 +08:00
|
|
|
/* fall through */
|
|
|
|
/*
|
|
|
|
* The request is queued and processed asynchronously,
|
|
|
|
* completion function kcryptd_async_done() will be called.
|
|
|
|
*/
|
Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY"
This reverts Linux 4.1-rc1 commit 0618764cb25f6fa9fb31152995de42a8a0496475.
The problem which that commit attempts to fix actually lies in the
Freescale CAAM crypto driver not dm-crypt.
dm-crypt uses CRYPTO_TFM_REQ_MAY_BACKLOG. This means the the crypto
driver should internally backlog requests which arrive when the queue is
full and process them later. Until the crypto hw's queue becomes full,
the driver returns -EINPROGRESS. When the crypto hw's queue if full,
the driver returns -EBUSY, and if CRYPTO_TFM_REQ_MAY_BACKLOG is set, is
expected to backlog the request and process it when the hardware has
queue space. At the point when the driver takes the request from the
backlog and starts processing it, it calls the completion function with
a status of -EINPROGRESS. The completion function is called (for a
second time, in the case of backlogged requests) with a status/err of 0
when a request is done.
Crypto drivers for hardware without hardware queueing use the helpers,
crypto_init_queue(), crypto_enqueue_request(), crypto_dequeue_request()
and crypto_get_backlog() helpers to implement this behaviour correctly,
while others implement this behaviour without these helpers (ccp, for
example).
dm-crypt (before the patch that needs reverting) uses this API
correctly. It queues up as many requests as the hw queues will allow
(i.e. as long as it gets back -EINPROGRESS from the request function).
Then, when it sees at least one backlogged request (gets -EBUSY), it
waits till that backlogged request is handled (completion gets called
with -EINPROGRESS), and then continues. The references to
af_alg_wait_for_completion() and af_alg_complete() in that commit's
commit message are irrelevant because those functions only handle one
request at a time, unlink dm-crypt.
The problem is that the Freescale CAAM driver, which that commit
describes as having being tested with, fails to implement the
backlogging behaviour correctly. In cam_jr_enqueue(), if the hardware
queue is full, it simply returns -EBUSY without backlogging the request.
What the observed deadlock was is not described in the commit message
but it is obviously the wait_for_completion() in crypto_convert() where
dm-crypto would wait for the completion being called with -EINPROGRESS
in the case of backlogged requests. This completion will never be
completed due to the bug in the CAAM driver.
Commit 0618764cb25 incorrectly made dm-crypt wait for every request,
even when the driver/hardware queues are not full, which means that
dm-crypt will never see -EBUSY. This means that that commit will cause
a performance regression on all crypto drivers which implement the API
correctly.
Revert it. Correct backlog handling should be implemented in the CAAM
driver instead.
Cc'ing stable purely because commit 0618764cb25 did. If for some reason
a stable@ kernel did pick up commit 0618764cb25 it should get reverted.
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Reviewed-by: Horia Geanta <horia.geanta@freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2015-05-05 21:15:56 +08:00
|
|
|
case -EINPROGRESS:
|
2014-02-21 07:01:01 +08:00
|
|
|
ctx->req = NULL;
|
2012-07-27 22:08:05 +08:00
|
|
|
ctx->cc_sector++;
|
2008-03-29 05:16:07 +08:00
|
|
|
continue;
|
2015-05-15 23:00:25 +08:00
|
|
|
/*
|
|
|
|
* The request was already processed (synchronously).
|
|
|
|
*/
|
2008-02-08 10:11:14 +08:00
|
|
|
case 0:
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_dec(&ctx->cc_pending);
|
2012-07-27 22:08:05 +08:00
|
|
|
ctx->cc_sector++;
|
2008-07-02 16:34:28 +08:00
|
|
|
cond_resched();
|
2008-02-08 10:11:14 +08:00
|
|
|
continue;
|
|
|
|
|
2015-05-15 23:00:25 +08:00
|
|
|
/* There was an error while processing the request. */
|
2008-03-29 05:16:07 +08:00
|
|
|
default:
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_dec(&ctx->cc_pending);
|
2008-03-29 05:16:07 +08:00
|
|
|
return r;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-03-29 05:16:07 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
static void crypt_free_buffer_pages(struct crypt_config *cc, struct bio *clone);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* Generate a new unfragmented bio with the given size
|
2015-09-10 09:34:51 +08:00
|
|
|
* This should never violate the device limitations (but only because
|
|
|
|
* max_segment_size is being constrained to PAGE_SIZE).
|
2015-02-13 21:24:41 +08:00
|
|
|
*
|
|
|
|
* This function may be called concurrently. If we allocate from the mempool
|
|
|
|
* concurrently, there is a possibility of deadlock. For example, if we have
|
|
|
|
* mempool of 256 pages, two processes, each wanting 256, pages allocate from
|
|
|
|
* the mempool concurrently, it may deadlock in a situation where both processes
|
|
|
|
* have allocated 128 pages and the mempool is exhausted.
|
|
|
|
*
|
|
|
|
* In order to avoid this scenario we allocate the pages under a mutex.
|
|
|
|
*
|
|
|
|
* In order to not degrade performance with excessive locking, we try
|
|
|
|
* non-blocking allocations without a mutex first but on failure we fallback
|
|
|
|
* to blocking allocations with a mutex.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2015-02-13 21:23:52 +08:00
|
|
|
static struct bio *crypt_alloc_buffer(struct dm_crypt_io *io, unsigned size)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2006-10-03 16:15:37 +08:00
|
|
|
struct bio *clone;
|
2005-04-17 06:20:36 +08:00
|
|
|
unsigned int nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
|
2015-02-13 21:24:41 +08:00
|
|
|
gfp_t gfp_mask = GFP_NOWAIT | __GFP_HIGHMEM;
|
|
|
|
unsigned i, len, remaining_size;
|
2007-12-13 22:16:10 +08:00
|
|
|
struct page *page;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
retry:
|
2015-11-07 08:28:21 +08:00
|
|
|
if (unlikely(gfp_mask & __GFP_DIRECT_RECLAIM))
|
2015-02-13 21:24:41 +08:00
|
|
|
mutex_lock(&cc->bio_alloc_lock);
|
|
|
|
|
2007-05-09 17:32:53 +08:00
|
|
|
clone = bio_alloc_bioset(GFP_NOIO, nr_iovecs, cc->bs);
|
2006-10-03 16:15:37 +08:00
|
|
|
if (!clone)
|
2015-02-13 21:24:41 +08:00
|
|
|
goto return_clone;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-05-09 17:32:52 +08:00
|
|
|
clone_init(io, clone);
|
2006-10-03 16:15:40 +08:00
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
remaining_size = size;
|
|
|
|
|
2007-05-09 17:32:54 +08:00
|
|
|
for (i = 0; i < nr_iovecs; i++) {
|
2007-12-13 22:16:10 +08:00
|
|
|
page = mempool_alloc(cc->page_pool, gfp_mask);
|
2015-02-13 21:24:41 +08:00
|
|
|
if (!page) {
|
|
|
|
crypt_free_buffer_pages(cc, clone);
|
|
|
|
bio_put(clone);
|
2015-11-07 08:28:21 +08:00
|
|
|
gfp_mask |= __GFP_DIRECT_RECLAIM;
|
2015-02-13 21:24:41 +08:00
|
|
|
goto retry;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
len = (remaining_size > PAGE_SIZE) ? PAGE_SIZE : remaining_size;
|
2007-12-13 22:16:10 +08:00
|
|
|
|
2016-10-29 16:08:06 +08:00
|
|
|
bio_add_page(clone, page, len, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
remaining_size -= len;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
return_clone:
|
2015-11-07 08:28:21 +08:00
|
|
|
if (unlikely(gfp_mask & __GFP_DIRECT_RECLAIM))
|
2015-02-13 21:24:41 +08:00
|
|
|
mutex_unlock(&cc->bio_alloc_lock);
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
return clone;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-10-16 19:48:46 +08:00
|
|
|
static void crypt_free_buffer_pages(struct crypt_config *cc, struct bio *clone)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2007-10-16 19:48:46 +08:00
|
|
|
unsigned int i;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct bio_vec *bv;
|
|
|
|
|
2012-09-06 06:22:02 +08:00
|
|
|
bio_for_each_segment_all(bv, clone, i) {
|
2005-04-17 06:20:36 +08:00
|
|
|
BUG_ON(!bv->bv_page);
|
|
|
|
mempool_free(bv->bv_page, cc->page_pool);
|
|
|
|
bv->bv_page = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-29 03:51:55 +08:00
|
|
|
static void crypt_io_init(struct dm_crypt_io *io, struct crypt_config *cc,
|
|
|
|
struct bio *bio, sector_t sector)
|
2008-10-10 20:37:03 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
io->cc = cc;
|
2008-10-10 20:37:03 +08:00
|
|
|
io->base_bio = bio;
|
|
|
|
io->sector = sector;
|
|
|
|
io->error = 0;
|
2014-02-21 07:01:01 +08:00
|
|
|
io->ctx.req = NULL;
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_set(&io->io_pending, 0);
|
2008-10-10 20:37:03 +08:00
|
|
|
}
|
|
|
|
|
2008-10-10 20:37:02 +08:00
|
|
|
static void crypt_inc_pending(struct dm_crypt_io *io)
|
|
|
|
{
|
2012-07-27 22:08:04 +08:00
|
|
|
atomic_inc(&io->io_pending);
|
2008-10-10 20:37:02 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* One of the bios was finished. Check for completion of
|
|
|
|
* the whole request and correctly clean up the buffer.
|
|
|
|
*/
|
2008-02-08 10:10:43 +08:00
|
|
|
static void crypt_dec_pending(struct dm_crypt_io *io)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2009-03-17 01:44:36 +08:00
|
|
|
struct bio *base_bio = io->base_bio;
|
|
|
|
int error = io->error;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
if (!atomic_dec_and_test(&io->io_pending))
|
2005-04-17 06:20:36 +08:00
|
|
|
return;
|
|
|
|
|
2014-02-21 07:01:01 +08:00
|
|
|
if (io->ctx.req)
|
2014-03-29 03:51:55 +08:00
|
|
|
crypt_free_req(cc, io->ctx.req, base_bio);
|
2009-03-17 01:44:36 +08:00
|
|
|
|
2015-07-20 21:29:37 +08:00
|
|
|
base_bio->bi_error = error;
|
|
|
|
bio_endio(base_bio);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-20 05:38:58 +08:00
|
|
|
* kcryptd/kcryptd_io:
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
* Needed because it would be very unwise to do decryption in an
|
2006-10-03 16:15:39 +08:00
|
|
|
* interrupt context.
|
2007-10-20 05:38:58 +08:00
|
|
|
*
|
|
|
|
* kcryptd performs the actual encryption or decryption.
|
|
|
|
*
|
|
|
|
* kcryptd_io performs the IO submission.
|
|
|
|
*
|
|
|
|
* They must be separated as otherwise the final stages could be
|
|
|
|
* starved by new requests which can block in the first stages due
|
|
|
|
* to memory allocation.
|
2011-01-14 03:59:53 +08:00
|
|
|
*
|
|
|
|
* The work is done per CPU global for all dm-crypt instances.
|
|
|
|
* They should not depend on each other and do not block.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
2015-07-20 21:29:37 +08:00
|
|
|
static void crypt_endio(struct bio *clone)
|
2006-10-03 16:15:37 +08:00
|
|
|
{
|
2007-07-13 00:26:32 +08:00
|
|
|
struct dm_crypt_io *io = clone->bi_private;
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2008-02-08 10:10:46 +08:00
|
|
|
unsigned rw = bio_data_dir(clone);
|
2015-08-11 07:05:18 +08:00
|
|
|
int error;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
|
|
|
/*
|
2007-09-27 18:47:43 +08:00
|
|
|
* free the processed pages
|
2006-10-03 16:15:37 +08:00
|
|
|
*/
|
2008-02-08 10:10:46 +08:00
|
|
|
if (rw == WRITE)
|
2007-10-16 19:48:46 +08:00
|
|
|
crypt_free_buffer_pages(cc, clone);
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2015-08-11 07:05:18 +08:00
|
|
|
error = clone->bi_error;
|
2006-10-03 16:15:37 +08:00
|
|
|
bio_put(clone);
|
|
|
|
|
2015-08-11 07:05:18 +08:00
|
|
|
if (rw == READ && !error) {
|
2008-02-08 10:10:46 +08:00
|
|
|
kcryptd_queue_crypt(io);
|
|
|
|
return;
|
|
|
|
}
|
2008-02-08 10:10:43 +08:00
|
|
|
|
2015-08-11 07:05:18 +08:00
|
|
|
if (unlikely(error))
|
|
|
|
io->error = error;
|
2008-02-08 10:10:43 +08:00
|
|
|
|
|
|
|
crypt_dec_pending(io);
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
2007-07-13 00:26:32 +08:00
|
|
|
static void clone_init(struct dm_crypt_io *io, struct bio *clone)
|
2006-10-03 16:15:37 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
|
|
|
clone->bi_private = io;
|
|
|
|
clone->bi_end_io = crypt_endio;
|
|
|
|
clone->bi_bdev = cc->dev->bdev;
|
2016-10-28 22:48:16 +08:00
|
|
|
clone->bi_opf = io->base_bio->bi_opf;
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:53 +08:00
|
|
|
static int kcryptd_io_read(struct dm_crypt_io *io, gfp_t gfp)
|
2006-10-03 16:15:37 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2006-10-03 16:15:37 +08:00
|
|
|
struct bio *clone;
|
2006-10-03 16:15:38 +08:00
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
/*
|
2015-04-10 04:53:24 +08:00
|
|
|
* We need the original biovec array in order to decrypt
|
|
|
|
* the whole bio data *afterwards* -- thanks to immutable
|
|
|
|
* biovecs we don't need to worry about the block layer
|
|
|
|
* modifying the biovec array; so leverage bio_clone_fast().
|
2006-10-03 16:15:37 +08:00
|
|
|
*/
|
2015-04-10 04:53:24 +08:00
|
|
|
clone = bio_clone_fast(io->base_bio, gfp, cc->bs);
|
2011-03-10 15:52:07 +08:00
|
|
|
if (!clone)
|
2011-01-14 03:59:53 +08:00
|
|
|
return 1;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2011-01-14 03:59:53 +08:00
|
|
|
crypt_inc_pending(io);
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
clone_init(io, clone);
|
2013-10-12 06:44:27 +08:00
|
|
|
clone->bi_iter.bi_sector = cc->start + io->sector;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2006-10-03 16:15:38 +08:00
|
|
|
generic_make_request(clone);
|
2011-01-14 03:59:53 +08:00
|
|
|
return 0;
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
static void kcryptd_io_read_work(struct work_struct *work)
|
|
|
|
{
|
|
|
|
struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work);
|
|
|
|
|
|
|
|
crypt_inc_pending(io);
|
|
|
|
if (kcryptd_io_read(io, GFP_NOIO))
|
|
|
|
io->error = -ENOMEM;
|
|
|
|
crypt_dec_pending(io);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void kcryptd_queue_read(struct dm_crypt_io *io)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = io->cc;
|
|
|
|
|
|
|
|
INIT_WORK(&io->work, kcryptd_io_read_work);
|
|
|
|
queue_work(cc->io_queue, &io->work);
|
|
|
|
}
|
|
|
|
|
2008-02-08 10:10:49 +08:00
|
|
|
static void kcryptd_io_write(struct dm_crypt_io *io)
|
|
|
|
{
|
2008-02-08 10:11:12 +08:00
|
|
|
struct bio *clone = io->ctx.bio_out;
|
2015-02-13 21:25:59 +08:00
|
|
|
|
2008-02-08 10:11:12 +08:00
|
|
|
generic_make_request(clone);
|
2008-02-08 10:10:49 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:27:41 +08:00
|
|
|
#define crypt_io_from_node(node) rb_entry((node), struct dm_crypt_io, rb_node)
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
static int dmcrypt_write(void *data)
|
2008-02-08 10:10:52 +08:00
|
|
|
{
|
2015-02-13 21:25:59 +08:00
|
|
|
struct crypt_config *cc = data;
|
2015-02-13 21:27:41 +08:00
|
|
|
struct dm_crypt_io *io;
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
while (1) {
|
2015-02-13 21:27:41 +08:00
|
|
|
struct rb_root write_tree;
|
2015-02-13 21:25:59 +08:00
|
|
|
struct blk_plug plug;
|
2008-02-08 10:10:52 +08:00
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
DECLARE_WAITQUEUE(wait, current);
|
2008-02-08 10:10:52 +08:00
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
spin_lock_irq(&cc->write_thread_wait.lock);
|
|
|
|
continue_locked:
|
2008-02-08 10:10:52 +08:00
|
|
|
|
2015-02-13 21:27:41 +08:00
|
|
|
if (!RB_EMPTY_ROOT(&cc->write_tree))
|
2015-02-13 21:25:59 +08:00
|
|
|
goto pop_from_list;
|
|
|
|
|
2016-09-21 22:22:29 +08:00
|
|
|
set_current_state(TASK_INTERRUPTIBLE);
|
2015-02-13 21:25:59 +08:00
|
|
|
__add_wait_queue(&cc->write_thread_wait, &wait);
|
|
|
|
|
|
|
|
spin_unlock_irq(&cc->write_thread_wait.lock);
|
|
|
|
|
2016-09-21 22:22:29 +08:00
|
|
|
if (unlikely(kthread_should_stop())) {
|
sched/core: Remove set_task_state()
This is a nasty interface and setting the state of a foreign task must
not be done. As of the following commit:
be628be0956 ("bcache: Make gc wakeup sane, remove set_task_state()")
... everyone in the kernel calls set_task_state() with current, allowing
the helper to be removed.
However, as the comment indicates, it is still around for those archs
where computing current is more expensive than using a pointer, at least
in theory. An important arch that is affected is arm64, however this has
been addressed now [1] and performance is up to par making no difference
with either calls.
Of all the callers, if any, it's the locking bits that would care most
about this -- ie: we end up passing a tsk pointer to a lot of the lock
slowpath, and setting ->state on that. The following numbers are based
on two tests: a custom ad-hoc microbenchmark that just measures
latencies (for ~65 million calls) between get_task_state() vs
get_current_state().
Secondly for a higher overview, an unlink microbenchmark was used,
which pounds on a single file with open, close,unlink combos with
increasing thread counts (up to 4x ncpus). While the workload is quite
unrealistic, it does contend a lot on the inode mutex or now rwsem.
[1] https://lkml.kernel.org/r/1483468021-8237-1-git-send-email-mark.rutland@arm.com
== 1. x86-64 ==
Avg runtime set_task_state(): 601 msecs
Avg runtime set_current_state(): 552 msecs
vanilla dirty
Hmean unlink1-processes-2 36089.26 ( 0.00%) 38977.33 ( 8.00%)
Hmean unlink1-processes-5 28555.01 ( 0.00%) 29832.55 ( 4.28%)
Hmean unlink1-processes-8 37323.75 ( 0.00%) 44974.57 ( 20.50%)
Hmean unlink1-processes-12 43571.88 ( 0.00%) 44283.01 ( 1.63%)
Hmean unlink1-processes-21 34431.52 ( 0.00%) 38284.45 ( 11.19%)
Hmean unlink1-processes-30 34813.26 ( 0.00%) 37975.17 ( 9.08%)
Hmean unlink1-processes-48 37048.90 ( 0.00%) 39862.78 ( 7.59%)
Hmean unlink1-processes-79 35630.01 ( 0.00%) 36855.30 ( 3.44%)
Hmean unlink1-processes-110 36115.85 ( 0.00%) 39843.91 ( 10.32%)
Hmean unlink1-processes-141 32546.96 ( 0.00%) 35418.52 ( 8.82%)
Hmean unlink1-processes-172 34674.79 ( 0.00%) 36899.21 ( 6.42%)
Hmean unlink1-processes-203 37303.11 ( 0.00%) 36393.04 ( -2.44%)
Hmean unlink1-processes-224 35712.13 ( 0.00%) 36685.96 ( 2.73%)
== 2. ppc64le ==
Avg runtime set_task_state(): 938 msecs
Avg runtime set_current_state: 940 msecs
vanilla dirty
Hmean unlink1-processes-2 19269.19 ( 0.00%) 30704.50 ( 59.35%)
Hmean unlink1-processes-5 20106.15 ( 0.00%) 21804.15 ( 8.45%)
Hmean unlink1-processes-8 17496.97 ( 0.00%) 17243.28 ( -1.45%)
Hmean unlink1-processes-12 14224.15 ( 0.00%) 17240.21 ( 21.20%)
Hmean unlink1-processes-21 14155.66 ( 0.00%) 15681.23 ( 10.78%)
Hmean unlink1-processes-30 14450.70 ( 0.00%) 15995.83 ( 10.69%)
Hmean unlink1-processes-48 16945.57 ( 0.00%) 16370.42 ( -3.39%)
Hmean unlink1-processes-79 15788.39 ( 0.00%) 14639.27 ( -7.28%)
Hmean unlink1-processes-110 14268.48 ( 0.00%) 14377.40 ( 0.76%)
Hmean unlink1-processes-141 14023.65 ( 0.00%) 16271.69 ( 16.03%)
Hmean unlink1-processes-172 13417.62 ( 0.00%) 16067.55 ( 19.75%)
Hmean unlink1-processes-203 15293.08 ( 0.00%) 15440.40 ( 0.96%)
Hmean unlink1-processes-234 13719.32 ( 0.00%) 16190.74 ( 18.01%)
Hmean unlink1-processes-265 16400.97 ( 0.00%) 16115.22 ( -1.74%)
Hmean unlink1-processes-296 14388.60 ( 0.00%) 16216.13 ( 12.70%)
Hmean unlink1-processes-320 15771.85 ( 0.00%) 15905.96 ( 0.85%)
x86-64 (known to be fast for get_current()/this_cpu_read_stable() caching)
and ppc64 (with paca) show similar improvements in the unlink microbenches.
The small delta for ppc64 (2ms), does not represent the gains on the unlink
runs. In the case of x86, there was a decent amount of variation in the
latency runs, but always within a 20 to 50ms increase), ppc was more constant.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: mark.rutland@arm.com
Link: http://lkml.kernel.org/r/1483479794-14013-5-git-send-email-dave@stgolabs.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-01-04 05:43:14 +08:00
|
|
|
set_current_state(TASK_RUNNING);
|
2016-09-21 22:22:29 +08:00
|
|
|
remove_wait_queue(&cc->write_thread_wait, &wait);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
schedule();
|
|
|
|
|
sched/core: Remove set_task_state()
This is a nasty interface and setting the state of a foreign task must
not be done. As of the following commit:
be628be0956 ("bcache: Make gc wakeup sane, remove set_task_state()")
... everyone in the kernel calls set_task_state() with current, allowing
the helper to be removed.
However, as the comment indicates, it is still around for those archs
where computing current is more expensive than using a pointer, at least
in theory. An important arch that is affected is arm64, however this has
been addressed now [1] and performance is up to par making no difference
with either calls.
Of all the callers, if any, it's the locking bits that would care most
about this -- ie: we end up passing a tsk pointer to a lot of the lock
slowpath, and setting ->state on that. The following numbers are based
on two tests: a custom ad-hoc microbenchmark that just measures
latencies (for ~65 million calls) between get_task_state() vs
get_current_state().
Secondly for a higher overview, an unlink microbenchmark was used,
which pounds on a single file with open, close,unlink combos with
increasing thread counts (up to 4x ncpus). While the workload is quite
unrealistic, it does contend a lot on the inode mutex or now rwsem.
[1] https://lkml.kernel.org/r/1483468021-8237-1-git-send-email-mark.rutland@arm.com
== 1. x86-64 ==
Avg runtime set_task_state(): 601 msecs
Avg runtime set_current_state(): 552 msecs
vanilla dirty
Hmean unlink1-processes-2 36089.26 ( 0.00%) 38977.33 ( 8.00%)
Hmean unlink1-processes-5 28555.01 ( 0.00%) 29832.55 ( 4.28%)
Hmean unlink1-processes-8 37323.75 ( 0.00%) 44974.57 ( 20.50%)
Hmean unlink1-processes-12 43571.88 ( 0.00%) 44283.01 ( 1.63%)
Hmean unlink1-processes-21 34431.52 ( 0.00%) 38284.45 ( 11.19%)
Hmean unlink1-processes-30 34813.26 ( 0.00%) 37975.17 ( 9.08%)
Hmean unlink1-processes-48 37048.90 ( 0.00%) 39862.78 ( 7.59%)
Hmean unlink1-processes-79 35630.01 ( 0.00%) 36855.30 ( 3.44%)
Hmean unlink1-processes-110 36115.85 ( 0.00%) 39843.91 ( 10.32%)
Hmean unlink1-processes-141 32546.96 ( 0.00%) 35418.52 ( 8.82%)
Hmean unlink1-processes-172 34674.79 ( 0.00%) 36899.21 ( 6.42%)
Hmean unlink1-processes-203 37303.11 ( 0.00%) 36393.04 ( -2.44%)
Hmean unlink1-processes-224 35712.13 ( 0.00%) 36685.96 ( 2.73%)
== 2. ppc64le ==
Avg runtime set_task_state(): 938 msecs
Avg runtime set_current_state: 940 msecs
vanilla dirty
Hmean unlink1-processes-2 19269.19 ( 0.00%) 30704.50 ( 59.35%)
Hmean unlink1-processes-5 20106.15 ( 0.00%) 21804.15 ( 8.45%)
Hmean unlink1-processes-8 17496.97 ( 0.00%) 17243.28 ( -1.45%)
Hmean unlink1-processes-12 14224.15 ( 0.00%) 17240.21 ( 21.20%)
Hmean unlink1-processes-21 14155.66 ( 0.00%) 15681.23 ( 10.78%)
Hmean unlink1-processes-30 14450.70 ( 0.00%) 15995.83 ( 10.69%)
Hmean unlink1-processes-48 16945.57 ( 0.00%) 16370.42 ( -3.39%)
Hmean unlink1-processes-79 15788.39 ( 0.00%) 14639.27 ( -7.28%)
Hmean unlink1-processes-110 14268.48 ( 0.00%) 14377.40 ( 0.76%)
Hmean unlink1-processes-141 14023.65 ( 0.00%) 16271.69 ( 16.03%)
Hmean unlink1-processes-172 13417.62 ( 0.00%) 16067.55 ( 19.75%)
Hmean unlink1-processes-203 15293.08 ( 0.00%) 15440.40 ( 0.96%)
Hmean unlink1-processes-234 13719.32 ( 0.00%) 16190.74 ( 18.01%)
Hmean unlink1-processes-265 16400.97 ( 0.00%) 16115.22 ( -1.74%)
Hmean unlink1-processes-296 14388.60 ( 0.00%) 16216.13 ( 12.70%)
Hmean unlink1-processes-320 15771.85 ( 0.00%) 15905.96 ( 0.85%)
x86-64 (known to be fast for get_current()/this_cpu_read_stable() caching)
and ppc64 (with paca) show similar improvements in the unlink microbenches.
The small delta for ppc64 (2ms), does not represent the gains on the unlink
runs. In the case of x86, there was a decent amount of variation in the
latency runs, but always within a 20 to 50ms increase), ppc was more constant.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dave@stgolabs.net
Cc: mark.rutland@arm.com
Link: http://lkml.kernel.org/r/1483479794-14013-5-git-send-email-dave@stgolabs.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-01-04 05:43:14 +08:00
|
|
|
set_current_state(TASK_RUNNING);
|
2015-02-13 21:25:59 +08:00
|
|
|
spin_lock_irq(&cc->write_thread_wait.lock);
|
|
|
|
__remove_wait_queue(&cc->write_thread_wait, &wait);
|
|
|
|
goto continue_locked;
|
|
|
|
|
|
|
|
pop_from_list:
|
2015-02-13 21:27:41 +08:00
|
|
|
write_tree = cc->write_tree;
|
|
|
|
cc->write_tree = RB_ROOT;
|
2015-02-13 21:25:59 +08:00
|
|
|
spin_unlock_irq(&cc->write_thread_wait.lock);
|
|
|
|
|
2015-02-13 21:27:41 +08:00
|
|
|
BUG_ON(rb_parent(write_tree.rb_node));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Note: we cannot walk the tree here with rb_next because
|
|
|
|
* the structures may be freed when kcryptd_io_write is called.
|
|
|
|
*/
|
2015-02-13 21:25:59 +08:00
|
|
|
blk_start_plug(&plug);
|
|
|
|
do {
|
2015-02-13 21:27:41 +08:00
|
|
|
io = crypt_io_from_node(rb_first(&write_tree));
|
|
|
|
rb_erase(&io->rb_node, &write_tree);
|
2015-02-13 21:25:59 +08:00
|
|
|
kcryptd_io_write(io);
|
2015-02-13 21:27:41 +08:00
|
|
|
} while (!RB_EMPTY_ROOT(&write_tree));
|
2015-02-13 21:25:59 +08:00
|
|
|
blk_finish_plug(&plug);
|
|
|
|
}
|
|
|
|
return 0;
|
2008-02-08 10:10:52 +08:00
|
|
|
}
|
|
|
|
|
2012-03-29 01:41:22 +08:00
|
|
|
static void kcryptd_crypt_write_io_submit(struct dm_crypt_io *io, int async)
|
2008-02-08 10:10:49 +08:00
|
|
|
{
|
2008-02-08 10:10:57 +08:00
|
|
|
struct bio *clone = io->ctx.bio_out;
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2015-02-13 21:25:59 +08:00
|
|
|
unsigned long flags;
|
2015-02-13 21:27:41 +08:00
|
|
|
sector_t sector;
|
|
|
|
struct rb_node **rbp, *parent;
|
2008-02-08 10:10:57 +08:00
|
|
|
|
2012-03-29 01:41:22 +08:00
|
|
|
if (unlikely(io->error < 0)) {
|
2008-02-08 10:10:57 +08:00
|
|
|
crypt_free_buffer_pages(cc, clone);
|
|
|
|
bio_put(clone);
|
2008-10-10 20:37:06 +08:00
|
|
|
crypt_dec_pending(io);
|
2008-02-08 10:10:57 +08:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* crypt_convert should have filled the clone bio */
|
2013-10-12 06:45:43 +08:00
|
|
|
BUG_ON(io->ctx.iter_out.bi_size);
|
2008-02-08 10:10:57 +08:00
|
|
|
|
2013-10-12 06:44:27 +08:00
|
|
|
clone->bi_iter.bi_sector = cc->start + io->sector;
|
2008-02-08 10:11:02 +08:00
|
|
|
|
2015-02-13 21:27:08 +08:00
|
|
|
if (likely(!async) && test_bit(DM_CRYPT_NO_OFFLOAD, &cc->flags)) {
|
|
|
|
generic_make_request(clone);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
spin_lock_irqsave(&cc->write_thread_wait.lock, flags);
|
2015-02-13 21:27:41 +08:00
|
|
|
rbp = &cc->write_tree.rb_node;
|
|
|
|
parent = NULL;
|
|
|
|
sector = io->sector;
|
|
|
|
while (*rbp) {
|
|
|
|
parent = *rbp;
|
|
|
|
if (sector < crypt_io_from_node(parent)->sector)
|
|
|
|
rbp = &(*rbp)->rb_left;
|
|
|
|
else
|
|
|
|
rbp = &(*rbp)->rb_right;
|
|
|
|
}
|
|
|
|
rb_link_node(&io->rb_node, parent, rbp);
|
|
|
|
rb_insert_color(&io->rb_node, &cc->write_tree);
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
wake_up_locked(&cc->write_thread_wait);
|
|
|
|
spin_unlock_irqrestore(&cc->write_thread_wait.lock, flags);
|
2008-02-08 10:10:49 +08:00
|
|
|
}
|
|
|
|
|
2008-10-10 20:37:04 +08:00
|
|
|
static void kcryptd_crypt_write_convert(struct dm_crypt_io *io)
|
2006-10-03 16:15:37 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2006-10-03 16:15:37 +08:00
|
|
|
struct bio *clone;
|
2008-10-10 20:37:08 +08:00
|
|
|
int crypt_finished;
|
2008-10-22 00:45:00 +08:00
|
|
|
sector_t sector = io->sector;
|
2008-02-08 10:10:57 +08:00
|
|
|
int r;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2008-10-10 20:37:04 +08:00
|
|
|
/*
|
|
|
|
* Prevent io from disappearing until this function completes.
|
|
|
|
*/
|
|
|
|
crypt_inc_pending(io);
|
2008-10-22 00:45:00 +08:00
|
|
|
crypt_convert_init(cc, &io->ctx, NULL, io->base_bio, sector);
|
2008-10-10 20:37:04 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
clone = crypt_alloc_buffer(io, io->base_bio->bi_iter.bi_size);
|
|
|
|
if (unlikely(!clone)) {
|
|
|
|
io->error = -EIO;
|
|
|
|
goto dec;
|
|
|
|
}
|
2008-10-10 20:37:08 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
io->ctx.bio_out = clone;
|
|
|
|
io->ctx.iter_out = clone->bi_iter;
|
2008-10-22 00:45:00 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
sector += bio_sectors(clone);
|
2006-10-03 16:15:38 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
crypt_inc_pending(io);
|
|
|
|
r = crypt_convert(cc, &io->ctx);
|
|
|
|
if (r)
|
|
|
|
io->error = -EIO;
|
|
|
|
crypt_finished = atomic_dec_and_test(&io->ctx.cc_pending);
|
2008-10-10 20:37:08 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
/* Encryption was already finished, submit io now */
|
|
|
|
if (crypt_finished) {
|
|
|
|
kcryptd_crypt_write_io_submit(io, 0);
|
|
|
|
io->sector = sector;
|
2006-10-03 16:15:38 +08:00
|
|
|
}
|
2008-02-08 10:11:02 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
dec:
|
2008-02-08 10:11:02 +08:00
|
|
|
crypt_dec_pending(io);
|
2008-02-08 10:10:59 +08:00
|
|
|
}
|
|
|
|
|
2012-03-29 01:41:22 +08:00
|
|
|
static void kcryptd_crypt_read_done(struct dm_crypt_io *io)
|
2008-02-08 10:10:43 +08:00
|
|
|
{
|
|
|
|
crypt_dec_pending(io);
|
|
|
|
}
|
|
|
|
|
2008-02-08 10:10:49 +08:00
|
|
|
static void kcryptd_crypt_read_convert(struct dm_crypt_io *io)
|
2006-10-03 16:15:37 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2008-02-08 10:10:43 +08:00
|
|
|
int r = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-10-10 20:37:02 +08:00
|
|
|
crypt_inc_pending(io);
|
2008-02-08 10:11:14 +08:00
|
|
|
|
2008-02-08 10:10:38 +08:00
|
|
|
crypt_convert_init(cc, &io->ctx, io->base_bio, io->base_bio,
|
2008-02-08 10:10:54 +08:00
|
|
|
io->sector);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-02-08 10:10:43 +08:00
|
|
|
r = crypt_convert(cc, &io->ctx);
|
2012-03-29 01:41:22 +08:00
|
|
|
if (r < 0)
|
|
|
|
io->error = -EIO;
|
2008-02-08 10:10:43 +08:00
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
if (atomic_dec_and_test(&io->ctx.cc_pending))
|
2012-03-29 01:41:22 +08:00
|
|
|
kcryptd_crypt_read_done(io);
|
2008-02-08 10:11:14 +08:00
|
|
|
|
|
|
|
crypt_dec_pending(io);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-02-08 10:11:12 +08:00
|
|
|
static void kcryptd_async_done(struct crypto_async_request *async_req,
|
|
|
|
int error)
|
|
|
|
{
|
2009-03-17 01:44:33 +08:00
|
|
|
struct dm_crypt_request *dmreq = async_req->data;
|
|
|
|
struct convert_context *ctx = dmreq->ctx;
|
2008-02-08 10:11:12 +08:00
|
|
|
struct dm_crypt_io *io = container_of(ctx, struct dm_crypt_io, ctx);
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2008-02-08 10:11:12 +08:00
|
|
|
|
2015-05-15 23:00:25 +08:00
|
|
|
/*
|
|
|
|
* A request from crypto driver backlog is going to be processed now,
|
|
|
|
* finish the completion and continue in crypt_convert().
|
|
|
|
* (Callback will be called for the second time for this request.)
|
|
|
|
*/
|
Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY"
This reverts Linux 4.1-rc1 commit 0618764cb25f6fa9fb31152995de42a8a0496475.
The problem which that commit attempts to fix actually lies in the
Freescale CAAM crypto driver not dm-crypt.
dm-crypt uses CRYPTO_TFM_REQ_MAY_BACKLOG. This means the the crypto
driver should internally backlog requests which arrive when the queue is
full and process them later. Until the crypto hw's queue becomes full,
the driver returns -EINPROGRESS. When the crypto hw's queue if full,
the driver returns -EBUSY, and if CRYPTO_TFM_REQ_MAY_BACKLOG is set, is
expected to backlog the request and process it when the hardware has
queue space. At the point when the driver takes the request from the
backlog and starts processing it, it calls the completion function with
a status of -EINPROGRESS. The completion function is called (for a
second time, in the case of backlogged requests) with a status/err of 0
when a request is done.
Crypto drivers for hardware without hardware queueing use the helpers,
crypto_init_queue(), crypto_enqueue_request(), crypto_dequeue_request()
and crypto_get_backlog() helpers to implement this behaviour correctly,
while others implement this behaviour without these helpers (ccp, for
example).
dm-crypt (before the patch that needs reverting) uses this API
correctly. It queues up as many requests as the hw queues will allow
(i.e. as long as it gets back -EINPROGRESS from the request function).
Then, when it sees at least one backlogged request (gets -EBUSY), it
waits till that backlogged request is handled (completion gets called
with -EINPROGRESS), and then continues. The references to
af_alg_wait_for_completion() and af_alg_complete() in that commit's
commit message are irrelevant because those functions only handle one
request at a time, unlink dm-crypt.
The problem is that the Freescale CAAM driver, which that commit
describes as having being tested with, fails to implement the
backlogging behaviour correctly. In cam_jr_enqueue(), if the hardware
queue is full, it simply returns -EBUSY without backlogging the request.
What the observed deadlock was is not described in the commit message
but it is obviously the wait_for_completion() in crypto_convert() where
dm-crypto would wait for the completion being called with -EINPROGRESS
in the case of backlogged requests. This completion will never be
completed due to the bug in the CAAM driver.
Commit 0618764cb25 incorrectly made dm-crypt wait for every request,
even when the driver/hardware queues are not full, which means that
dm-crypt will never see -EBUSY. This means that that commit will cause
a performance regression on all crypto drivers which implement the API
correctly.
Revert it. Correct backlog handling should be implemented in the CAAM
driver instead.
Cc'ing stable purely because commit 0618764cb25 did. If for some reason
a stable@ kernel did pick up commit 0618764cb25 it should get reverted.
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Reviewed-by: Horia Geanta <horia.geanta@freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2015-05-05 21:15:56 +08:00
|
|
|
if (error == -EINPROGRESS) {
|
|
|
|
complete(&ctx->restart);
|
2008-02-08 10:11:12 +08:00
|
|
|
return;
|
Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY"
This reverts Linux 4.1-rc1 commit 0618764cb25f6fa9fb31152995de42a8a0496475.
The problem which that commit attempts to fix actually lies in the
Freescale CAAM crypto driver not dm-crypt.
dm-crypt uses CRYPTO_TFM_REQ_MAY_BACKLOG. This means the the crypto
driver should internally backlog requests which arrive when the queue is
full and process them later. Until the crypto hw's queue becomes full,
the driver returns -EINPROGRESS. When the crypto hw's queue if full,
the driver returns -EBUSY, and if CRYPTO_TFM_REQ_MAY_BACKLOG is set, is
expected to backlog the request and process it when the hardware has
queue space. At the point when the driver takes the request from the
backlog and starts processing it, it calls the completion function with
a status of -EINPROGRESS. The completion function is called (for a
second time, in the case of backlogged requests) with a status/err of 0
when a request is done.
Crypto drivers for hardware without hardware queueing use the helpers,
crypto_init_queue(), crypto_enqueue_request(), crypto_dequeue_request()
and crypto_get_backlog() helpers to implement this behaviour correctly,
while others implement this behaviour without these helpers (ccp, for
example).
dm-crypt (before the patch that needs reverting) uses this API
correctly. It queues up as many requests as the hw queues will allow
(i.e. as long as it gets back -EINPROGRESS from the request function).
Then, when it sees at least one backlogged request (gets -EBUSY), it
waits till that backlogged request is handled (completion gets called
with -EINPROGRESS), and then continues. The references to
af_alg_wait_for_completion() and af_alg_complete() in that commit's
commit message are irrelevant because those functions only handle one
request at a time, unlink dm-crypt.
The problem is that the Freescale CAAM driver, which that commit
describes as having being tested with, fails to implement the
backlogging behaviour correctly. In cam_jr_enqueue(), if the hardware
queue is full, it simply returns -EBUSY without backlogging the request.
What the observed deadlock was is not described in the commit message
but it is obviously the wait_for_completion() in crypto_convert() where
dm-crypto would wait for the completion being called with -EINPROGRESS
in the case of backlogged requests. This completion will never be
completed due to the bug in the CAAM driver.
Commit 0618764cb25 incorrectly made dm-crypt wait for every request,
even when the driver/hardware queues are not full, which means that
dm-crypt will never see -EBUSY. This means that that commit will cause
a performance regression on all crypto drivers which implement the API
correctly.
Revert it. Correct backlog handling should be implemented in the CAAM
driver instead.
Cc'ing stable purely because commit 0618764cb25 did. If for some reason
a stable@ kernel did pick up commit 0618764cb25 it should get reverted.
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Reviewed-by: Horia Geanta <horia.geanta@freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2015-05-05 21:15:56 +08:00
|
|
|
}
|
2008-02-08 10:11:12 +08:00
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
if (!error && cc->iv_gen_ops && cc->iv_gen_ops->post)
|
|
|
|
error = cc->iv_gen_ops->post(cc, iv_of_dmreq(cc, dmreq), dmreq);
|
|
|
|
|
2012-03-29 01:41:22 +08:00
|
|
|
if (error < 0)
|
|
|
|
io->error = -EIO;
|
|
|
|
|
2014-03-29 03:51:55 +08:00
|
|
|
crypt_free_req(cc, req_of_dmreq(cc, dmreq), io->base_bio);
|
2008-02-08 10:11:12 +08:00
|
|
|
|
2012-07-27 22:08:04 +08:00
|
|
|
if (!atomic_dec_and_test(&ctx->cc_pending))
|
Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY"
This reverts Linux 4.1-rc1 commit 0618764cb25f6fa9fb31152995de42a8a0496475.
The problem which that commit attempts to fix actually lies in the
Freescale CAAM crypto driver not dm-crypt.
dm-crypt uses CRYPTO_TFM_REQ_MAY_BACKLOG. This means the the crypto
driver should internally backlog requests which arrive when the queue is
full and process them later. Until the crypto hw's queue becomes full,
the driver returns -EINPROGRESS. When the crypto hw's queue if full,
the driver returns -EBUSY, and if CRYPTO_TFM_REQ_MAY_BACKLOG is set, is
expected to backlog the request and process it when the hardware has
queue space. At the point when the driver takes the request from the
backlog and starts processing it, it calls the completion function with
a status of -EINPROGRESS. The completion function is called (for a
second time, in the case of backlogged requests) with a status/err of 0
when a request is done.
Crypto drivers for hardware without hardware queueing use the helpers,
crypto_init_queue(), crypto_enqueue_request(), crypto_dequeue_request()
and crypto_get_backlog() helpers to implement this behaviour correctly,
while others implement this behaviour without these helpers (ccp, for
example).
dm-crypt (before the patch that needs reverting) uses this API
correctly. It queues up as many requests as the hw queues will allow
(i.e. as long as it gets back -EINPROGRESS from the request function).
Then, when it sees at least one backlogged request (gets -EBUSY), it
waits till that backlogged request is handled (completion gets called
with -EINPROGRESS), and then continues. The references to
af_alg_wait_for_completion() and af_alg_complete() in that commit's
commit message are irrelevant because those functions only handle one
request at a time, unlink dm-crypt.
The problem is that the Freescale CAAM driver, which that commit
describes as having being tested with, fails to implement the
backlogging behaviour correctly. In cam_jr_enqueue(), if the hardware
queue is full, it simply returns -EBUSY without backlogging the request.
What the observed deadlock was is not described in the commit message
but it is obviously the wait_for_completion() in crypto_convert() where
dm-crypto would wait for the completion being called with -EINPROGRESS
in the case of backlogged requests. This completion will never be
completed due to the bug in the CAAM driver.
Commit 0618764cb25 incorrectly made dm-crypt wait for every request,
even when the driver/hardware queues are not full, which means that
dm-crypt will never see -EBUSY. This means that that commit will cause
a performance regression on all crypto drivers which implement the API
correctly.
Revert it. Correct backlog handling should be implemented in the CAAM
driver instead.
Cc'ing stable purely because commit 0618764cb25 did. If for some reason
a stable@ kernel did pick up commit 0618764cb25 it should get reverted.
Signed-off-by: Rabin Vincent <rabin.vincent@axis.com>
Reviewed-by: Horia Geanta <horia.geanta@freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2015-05-05 21:15:56 +08:00
|
|
|
return;
|
2008-02-08 10:11:12 +08:00
|
|
|
|
|
|
|
if (bio_data_dir(io->base_bio) == READ)
|
2012-03-29 01:41:22 +08:00
|
|
|
kcryptd_crypt_read_done(io);
|
2008-02-08 10:11:12 +08:00
|
|
|
else
|
2012-03-29 01:41:22 +08:00
|
|
|
kcryptd_crypt_write_io_submit(io, 1);
|
2008-02-08 10:11:12 +08:00
|
|
|
}
|
|
|
|
|
2008-02-08 10:10:52 +08:00
|
|
|
static void kcryptd_crypt(struct work_struct *work)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2007-07-13 00:26:32 +08:00
|
|
|
struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work);
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2007-10-20 05:38:58 +08:00
|
|
|
if (bio_data_dir(io->base_bio) == READ)
|
2008-02-08 10:10:52 +08:00
|
|
|
kcryptd_crypt_read_convert(io);
|
2008-02-08 10:10:49 +08:00
|
|
|
else
|
2008-02-08 10:10:52 +08:00
|
|
|
kcryptd_crypt_write_convert(io);
|
2007-10-20 05:38:58 +08:00
|
|
|
}
|
|
|
|
|
2008-02-08 10:10:52 +08:00
|
|
|
static void kcryptd_queue_crypt(struct dm_crypt_io *io)
|
2007-10-20 05:38:58 +08:00
|
|
|
{
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = io->cc;
|
2007-10-20 05:38:58 +08:00
|
|
|
|
2008-02-08 10:10:52 +08:00
|
|
|
INIT_WORK(&io->work, kcryptd_crypt);
|
|
|
|
queue_work(cc->crypt_queue, &io->work);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Decode key from its hex representation
|
|
|
|
*/
|
|
|
|
static int crypt_decode_key(u8 *key, char *hex, unsigned int size)
|
|
|
|
{
|
|
|
|
char buffer[3];
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
buffer[2] = '\0';
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
for (i = 0; i < size; i++) {
|
2005-04-17 06:20:36 +08:00
|
|
|
buffer[0] = *hex++;
|
|
|
|
buffer[1] = *hex++;
|
|
|
|
|
2012-07-27 22:07:59 +08:00
|
|
|
if (kstrtou8(buffer, 16, &key[i]))
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (*hex != '\0')
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
static void crypt_free_tfms(struct crypt_config *cc)
|
2011-01-14 03:59:54 +08:00
|
|
|
{
|
|
|
|
unsigned i;
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
if (!cc->tfms)
|
|
|
|
return;
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
for (i = 0; i < cc->tfms_count; i++)
|
2012-07-27 22:08:05 +08:00
|
|
|
if (cc->tfms[i] && !IS_ERR(cc->tfms[i])) {
|
2016-01-24 21:16:36 +08:00
|
|
|
crypto_free_skcipher(cc->tfms[i]);
|
2012-07-27 22:08:05 +08:00
|
|
|
cc->tfms[i] = NULL;
|
2011-01-14 03:59:54 +08:00
|
|
|
}
|
2012-07-27 22:08:05 +08:00
|
|
|
|
|
|
|
kfree(cc->tfms);
|
|
|
|
cc->tfms = NULL;
|
2011-01-14 03:59:54 +08:00
|
|
|
}
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
static int crypt_alloc_tfms(struct crypt_config *cc, char *ciphermode)
|
2011-01-14 03:59:54 +08:00
|
|
|
{
|
|
|
|
unsigned i;
|
|
|
|
int err;
|
|
|
|
|
2016-08-31 00:51:44 +08:00
|
|
|
cc->tfms = kzalloc(cc->tfms_count * sizeof(struct crypto_skcipher *),
|
2012-07-27 22:08:05 +08:00
|
|
|
GFP_KERNEL);
|
|
|
|
if (!cc->tfms)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2011-01-14 03:59:54 +08:00
|
|
|
for (i = 0; i < cc->tfms_count; i++) {
|
2016-01-24 21:16:36 +08:00
|
|
|
cc->tfms[i] = crypto_alloc_skcipher(ciphermode, 0, 0);
|
2012-07-27 22:08:05 +08:00
|
|
|
if (IS_ERR(cc->tfms[i])) {
|
|
|
|
err = PTR_ERR(cc->tfms[i]);
|
|
|
|
crypt_free_tfms(cc);
|
2011-01-14 03:59:54 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-08-25 19:12:54 +08:00
|
|
|
static int crypt_setkey(struct crypt_config *cc)
|
2011-01-14 03:59:53 +08:00
|
|
|
{
|
2013-10-29 06:21:03 +08:00
|
|
|
unsigned subkey_size;
|
2012-07-27 22:08:05 +08:00
|
|
|
int err = 0, i, r;
|
|
|
|
|
2013-10-29 06:21:03 +08:00
|
|
|
/* Ignore extra keys (which are used for IV etc) */
|
|
|
|
subkey_size = (cc->key_size - cc->key_extra_size) >> ilog2(cc->tfms_count);
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
for (i = 0; i < cc->tfms_count; i++) {
|
2016-01-24 21:16:36 +08:00
|
|
|
r = crypto_skcipher_setkey(cc->tfms[i],
|
|
|
|
cc->key + (i * subkey_size),
|
|
|
|
subkey_size);
|
2012-07-27 22:08:05 +08:00
|
|
|
if (r)
|
|
|
|
err = r;
|
2011-01-14 03:59:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
#ifdef CONFIG_KEYS
|
|
|
|
|
2016-12-02 01:20:52 +08:00
|
|
|
static bool contains_whitespace(const char *str)
|
|
|
|
{
|
|
|
|
while (*str)
|
|
|
|
if (isspace(*str++))
|
|
|
|
return true;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
|
|
|
|
{
|
|
|
|
char *new_key_string, *key_desc;
|
|
|
|
int ret;
|
|
|
|
struct key *key;
|
|
|
|
const struct user_key_payload *ukp;
|
|
|
|
|
2016-12-02 01:20:52 +08:00
|
|
|
/*
|
|
|
|
* Reject key_string with whitespace. dm core currently lacks code for
|
|
|
|
* proper whitespace escaping in arguments on DM_TABLE_STATUS path.
|
|
|
|
*/
|
|
|
|
if (contains_whitespace(key_string)) {
|
|
|
|
DMERR("whitespace chars not allowed in key string");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
/* look for next ':' separating key_type from key_description */
|
|
|
|
key_desc = strpbrk(key_string, ":");
|
|
|
|
if (!key_desc || key_desc == key_string || !strlen(key_desc + 1))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (strncmp(key_string, "logon:", key_desc - key_string + 1) &&
|
|
|
|
strncmp(key_string, "user:", key_desc - key_string + 1))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
new_key_string = kstrdup(key_string, GFP_KERNEL);
|
|
|
|
if (!new_key_string)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
key = request_key(key_string[0] == 'l' ? &key_type_logon : &key_type_user,
|
|
|
|
key_desc + 1, NULL);
|
|
|
|
if (IS_ERR(key)) {
|
|
|
|
kzfree(new_key_string);
|
|
|
|
return PTR_ERR(key);
|
|
|
|
}
|
|
|
|
|
2017-01-31 22:47:11 +08:00
|
|
|
down_read(&key->sem);
|
2016-11-21 22:58:51 +08:00
|
|
|
|
|
|
|
ukp = user_key_payload(key);
|
|
|
|
if (!ukp) {
|
2017-01-31 22:47:11 +08:00
|
|
|
up_read(&key->sem);
|
2016-11-21 22:58:51 +08:00
|
|
|
key_put(key);
|
|
|
|
kzfree(new_key_string);
|
|
|
|
return -EKEYREVOKED;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (cc->key_size != ukp->datalen) {
|
2017-01-31 22:47:11 +08:00
|
|
|
up_read(&key->sem);
|
2016-11-21 22:58:51 +08:00
|
|
|
key_put(key);
|
|
|
|
kzfree(new_key_string);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(cc->key, ukp->data, cc->key_size);
|
|
|
|
|
2017-01-31 22:47:11 +08:00
|
|
|
up_read(&key->sem);
|
2016-11-21 22:58:51 +08:00
|
|
|
key_put(key);
|
|
|
|
|
|
|
|
/* clear the flag since following operations may invalidate previously valid key */
|
|
|
|
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
|
|
|
|
|
|
|
|
ret = crypt_setkey(cc);
|
|
|
|
|
|
|
|
/* wipe the kernel key payload copy in each case */
|
|
|
|
memset(cc->key, 0, cc->key_size * sizeof(u8));
|
|
|
|
|
|
|
|
if (!ret) {
|
|
|
|
set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
|
|
|
|
kzfree(cc->key_string);
|
|
|
|
cc->key_string = new_key_string;
|
|
|
|
} else
|
|
|
|
kzfree(new_key_string);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int get_key_size(char **key_string)
|
|
|
|
{
|
|
|
|
char *colon, dummy;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (*key_string[0] != ':')
|
|
|
|
return strlen(*key_string) >> 1;
|
|
|
|
|
|
|
|
/* look for next ':' in key string */
|
|
|
|
colon = strpbrk(*key_string + 1, ":");
|
|
|
|
if (!colon)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (sscanf(*key_string + 1, "%u%c", &ret, &dummy) != 2 || dummy != ':')
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
*key_string = colon;
|
|
|
|
|
|
|
|
/* remaining key string should be :<logon|user>:<key_desc> */
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string)
|
|
|
|
{
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int get_key_size(char **key_string)
|
|
|
|
{
|
|
|
|
return (*key_string[0] == ':') ? -EINVAL : strlen(*key_string) >> 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
static int crypt_set_key(struct crypt_config *cc, char *key)
|
|
|
|
{
|
2011-03-24 21:54:27 +08:00
|
|
|
int r = -EINVAL;
|
|
|
|
int key_string_len = strlen(key);
|
|
|
|
|
2011-01-14 03:59:49 +08:00
|
|
|
/* Hyphen (which gives a key_size of zero) means there is no key. */
|
|
|
|
if (!cc->key_size && strcmp(key, "-"))
|
2011-03-24 21:54:27 +08:00
|
|
|
goto out;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
/* ':' means the key is in kernel keyring, short-circuit normal key processing */
|
|
|
|
if (key[0] == ':') {
|
|
|
|
r = crypt_set_keyring_key(cc, key + 1);
|
2011-03-24 21:54:27 +08:00
|
|
|
goto out;
|
2016-11-21 22:58:51 +08:00
|
|
|
}
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2016-11-02 22:02:08 +08:00
|
|
|
/* clear the flag since following operations may invalidate previously valid key */
|
|
|
|
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
/* wipe references to any kernel keyring key */
|
|
|
|
kzfree(cc->key_string);
|
|
|
|
cc->key_string = NULL;
|
|
|
|
|
2011-01-14 03:59:49 +08:00
|
|
|
if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)
|
2011-03-24 21:54:27 +08:00
|
|
|
goto out;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
2016-08-25 19:12:54 +08:00
|
|
|
r = crypt_setkey(cc);
|
2016-11-02 22:02:08 +08:00
|
|
|
if (!r)
|
|
|
|
set_bit(DM_CRYPT_KEY_VALID, &cc->flags);
|
2011-03-24 21:54:27 +08:00
|
|
|
|
|
|
|
out:
|
|
|
|
/* Hex key string not needed after here, so wipe it. */
|
|
|
|
memset(key, '0', key_string_len);
|
|
|
|
|
|
|
|
return r;
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_wipe_key(struct crypt_config *cc)
|
|
|
|
{
|
|
|
|
clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
|
|
|
|
memset(&cc->key, 0, cc->key_size * sizeof(u8));
|
2016-11-21 22:58:51 +08:00
|
|
|
kzfree(cc->key_string);
|
|
|
|
cc->key_string = NULL;
|
2011-01-14 03:59:53 +08:00
|
|
|
|
2016-08-25 19:12:54 +08:00
|
|
|
return crypt_setkey(cc);
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
static void crypt_dtr(struct dm_target *ti)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
|
|
|
|
|
|
|
ti->private = NULL;
|
|
|
|
|
|
|
|
if (!cc)
|
|
|
|
return;
|
|
|
|
|
2016-09-21 22:22:29 +08:00
|
|
|
if (cc->write_thread)
|
2015-02-13 21:25:59 +08:00
|
|
|
kthread_stop(cc->write_thread);
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
if (cc->io_queue)
|
|
|
|
destroy_workqueue(cc->io_queue);
|
|
|
|
if (cc->crypt_queue)
|
|
|
|
destroy_workqueue(cc->crypt_queue);
|
|
|
|
|
2012-07-27 22:08:05 +08:00
|
|
|
crypt_free_tfms(cc);
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
if (cc->bs)
|
|
|
|
bioset_free(cc->bs);
|
|
|
|
|
2015-09-13 20:15:05 +08:00
|
|
|
mempool_destroy(cc->page_pool);
|
|
|
|
mempool_destroy(cc->req_pool);
|
2010-08-12 11:14:06 +08:00
|
|
|
|
|
|
|
if (cc->iv_gen_ops && cc->iv_gen_ops->dtr)
|
|
|
|
cc->iv_gen_ops->dtr(cc);
|
|
|
|
|
|
|
|
if (cc->dev)
|
|
|
|
dm_put_device(ti, cc->dev);
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
kzfree(cc->cipher);
|
2011-01-14 03:59:52 +08:00
|
|
|
kzfree(cc->cipher_string);
|
2016-11-21 22:58:51 +08:00
|
|
|
kzfree(cc->key_string);
|
2010-08-12 11:14:06 +08:00
|
|
|
|
|
|
|
/* Must zero key material before freeing */
|
|
|
|
kzfree(cc);
|
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
static int crypt_ctr_cipher(struct dm_target *ti,
|
|
|
|
char *cipher_in, char *key)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2010-08-12 11:14:07 +08:00
|
|
|
struct crypt_config *cc = ti->private;
|
2011-01-14 03:59:54 +08:00
|
|
|
char *tmp, *cipher, *chainmode, *ivmode, *ivopts, *keycount;
|
2010-08-12 11:14:07 +08:00
|
|
|
char *cipher_api = NULL;
|
2012-07-27 22:08:05 +08:00
|
|
|
int ret = -EINVAL;
|
dm: reject trailing characters in sccanf input
Device mapper uses sscanf to convert arguments to numbers. The problem is that
the way we use it ignores additional unmatched characters in the scanned string.
For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
but also it will match number with some garbage appended, like "123abc".
As a result, device mapper accepts garbage after some numbers. For example
the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
will pass without an error.
This patch fixes all sscanf uses in device mapper. It appends "%c" with
a pointer to a dummy character variable to every sscanf statement.
The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
only if string is a null-terminated number (optionally preceded by some
whitespace characters). If there is some character appended after the number,
sscanf matches "%c", writes the character to the dummy variable and returns 2.
We check the return value for 1 and consequently reject numbers with some
garbage appended.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2012-03-29 01:41:26 +08:00
|
|
|
char dummy;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
/* Convert to crypto api definition? */
|
|
|
|
if (strchr(cipher_in, '(')) {
|
|
|
|
ti->error = "Bad cipher specification";
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2011-01-14 03:59:52 +08:00
|
|
|
cc->cipher_string = kstrdup(cipher_in, GFP_KERNEL);
|
|
|
|
if (!cc->cipher_string)
|
|
|
|
goto bad_mem;
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
/*
|
|
|
|
* Legacy dm-crypt cipher specification
|
2011-01-14 03:59:54 +08:00
|
|
|
* cipher[:keycount]-mode-iv:ivopts
|
2010-08-12 11:14:07 +08:00
|
|
|
*/
|
|
|
|
tmp = cipher_in;
|
2011-01-14 03:59:54 +08:00
|
|
|
keycount = strsep(&tmp, "-");
|
|
|
|
cipher = strsep(&keycount, ":");
|
|
|
|
|
|
|
|
if (!keycount)
|
|
|
|
cc->tfms_count = 1;
|
dm: reject trailing characters in sccanf input
Device mapper uses sscanf to convert arguments to numbers. The problem is that
the way we use it ignores additional unmatched characters in the scanned string.
For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
but also it will match number with some garbage appended, like "123abc".
As a result, device mapper accepts garbage after some numbers. For example
the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
will pass without an error.
This patch fixes all sscanf uses in device mapper. It appends "%c" with
a pointer to a dummy character variable to every sscanf statement.
The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
only if string is a null-terminated number (optionally preceded by some
whitespace characters). If there is some character appended after the number,
sscanf matches "%c", writes the character to the dummy variable and returns 2.
We check the return value for 1 and consequently reject numbers with some
garbage appended.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2012-03-29 01:41:26 +08:00
|
|
|
else if (sscanf(keycount, "%u%c", &cc->tfms_count, &dummy) != 1 ||
|
2011-01-14 03:59:54 +08:00
|
|
|
!is_power_of_2(cc->tfms_count)) {
|
|
|
|
ti->error = "Bad cipher key count specification";
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
cc->key_parts = cc->tfms_count;
|
2013-10-29 06:21:03 +08:00
|
|
|
cc->key_extra_size = 0;
|
2010-08-12 11:14:07 +08:00
|
|
|
|
|
|
|
cc->cipher = kstrdup(cipher, GFP_KERNEL);
|
|
|
|
if (!cc->cipher)
|
|
|
|
goto bad_mem;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
chainmode = strsep(&tmp, "-");
|
|
|
|
ivopts = strsep(&tmp, "-");
|
|
|
|
ivmode = strsep(&ivopts, ":");
|
|
|
|
|
|
|
|
if (tmp)
|
2010-08-12 11:14:07 +08:00
|
|
|
DMWARN("Ignoring unexpected additional cipher options");
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-01-14 03:59:52 +08:00
|
|
|
/*
|
|
|
|
* For compatibility with the original dm-crypt mapping format, if
|
|
|
|
* only the cipher name is supplied, use cbc-plain.
|
|
|
|
*/
|
2010-08-12 11:14:07 +08:00
|
|
|
if (!chainmode || (!strcmp(chainmode, "plain") && !ivmode)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
chainmode = "cbc";
|
|
|
|
ivmode = "plain";
|
|
|
|
}
|
|
|
|
|
2006-08-22 18:29:17 +08:00
|
|
|
if (strcmp(chainmode, "ecb") && !ivmode) {
|
2010-08-12 11:14:07 +08:00
|
|
|
ti->error = "IV mechanism required";
|
|
|
|
return -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
cipher_api = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL);
|
|
|
|
if (!cipher_api)
|
|
|
|
goto bad_mem;
|
|
|
|
|
|
|
|
ret = snprintf(cipher_api, CRYPTO_MAX_ALG_NAME,
|
|
|
|
"%s(%s)", chainmode, cipher);
|
|
|
|
if (ret < 0) {
|
|
|
|
kfree(cipher_api);
|
|
|
|
goto bad_mem;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
/* Allocate cipher */
|
2012-07-27 22:08:05 +08:00
|
|
|
ret = crypt_alloc_tfms(cc, cipher_api);
|
|
|
|
if (ret < 0) {
|
|
|
|
ti->error = "Error allocating crypto tfm";
|
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
/* Initialize IV */
|
2016-01-24 21:16:36 +08:00
|
|
|
cc->iv_size = crypto_skcipher_ivsize(any_tfm(cc));
|
2010-08-12 11:14:07 +08:00
|
|
|
if (cc->iv_size)
|
|
|
|
/* at least a 64 bit sector number should fit in our buffer */
|
|
|
|
cc->iv_size = max(cc->iv_size,
|
|
|
|
(unsigned int)(sizeof(u64) / sizeof(u8)));
|
|
|
|
else if (ivmode) {
|
|
|
|
DMWARN("Selected cipher does not support IVs");
|
|
|
|
ivmode = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Choose ivmode, see comments at iv code. */
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ivmode == NULL)
|
|
|
|
cc->iv_gen_ops = NULL;
|
|
|
|
else if (strcmp(ivmode, "plain") == 0)
|
|
|
|
cc->iv_gen_ops = &crypt_iv_plain_ops;
|
2009-12-11 07:52:25 +08:00
|
|
|
else if (strcmp(ivmode, "plain64") == 0)
|
|
|
|
cc->iv_gen_ops = &crypt_iv_plain64_ops;
|
2005-04-17 06:20:36 +08:00
|
|
|
else if (strcmp(ivmode, "essiv") == 0)
|
|
|
|
cc->iv_gen_ops = &crypt_iv_essiv_ops;
|
2006-09-03 06:56:39 +08:00
|
|
|
else if (strcmp(ivmode, "benbi") == 0)
|
|
|
|
cc->iv_gen_ops = &crypt_iv_benbi_ops;
|
2007-05-09 17:32:55 +08:00
|
|
|
else if (strcmp(ivmode, "null") == 0)
|
|
|
|
cc->iv_gen_ops = &crypt_iv_null_ops;
|
2011-01-14 03:59:55 +08:00
|
|
|
else if (strcmp(ivmode, "lmk") == 0) {
|
|
|
|
cc->iv_gen_ops = &crypt_iv_lmk_ops;
|
2013-10-29 06:21:04 +08:00
|
|
|
/*
|
|
|
|
* Version 2 and 3 is recognised according
|
2011-01-14 03:59:55 +08:00
|
|
|
* to length of provided multi-key string.
|
|
|
|
* If present (version 3), last key is used as IV seed.
|
2013-10-29 06:21:04 +08:00
|
|
|
* All keys (including IV seed) are always the same size.
|
2011-01-14 03:59:55 +08:00
|
|
|
*/
|
2013-10-29 06:21:03 +08:00
|
|
|
if (cc->key_size % cc->key_parts) {
|
2011-01-14 03:59:55 +08:00
|
|
|
cc->key_parts++;
|
2013-10-29 06:21:03 +08:00
|
|
|
cc->key_extra_size = cc->key_size / cc->key_parts;
|
|
|
|
}
|
2013-10-29 06:21:04 +08:00
|
|
|
} else if (strcmp(ivmode, "tcw") == 0) {
|
|
|
|
cc->iv_gen_ops = &crypt_iv_tcw_ops;
|
|
|
|
cc->key_parts += 2; /* IV + whitening */
|
|
|
|
cc->key_extra_size = cc->iv_size + TCW_WHITENING_SIZE;
|
2011-01-14 03:59:55 +08:00
|
|
|
} else {
|
2010-08-12 11:14:07 +08:00
|
|
|
ret = -EINVAL;
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Invalid IV mode";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-10-29 06:21:03 +08:00
|
|
|
/* Initialize and set key */
|
|
|
|
ret = crypt_set_key(cc, key);
|
|
|
|
if (ret < 0) {
|
|
|
|
ti->error = "Error decoding and setting key";
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
/* Allocate IV */
|
|
|
|
if (cc->iv_gen_ops && cc->iv_gen_ops->ctr) {
|
|
|
|
ret = cc->iv_gen_ops->ctr(cc, ti, ivopts);
|
|
|
|
if (ret < 0) {
|
|
|
|
ti->error = "Error creating IV";
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
/* Initialize IV (set keys for ESSIV etc) */
|
|
|
|
if (cc->iv_gen_ops && cc->iv_gen_ops->init) {
|
|
|
|
ret = cc->iv_gen_ops->init(cc);
|
|
|
|
if (ret < 0) {
|
|
|
|
ti->error = "Error initialising IV";
|
|
|
|
goto bad;
|
|
|
|
}
|
2009-12-11 07:51:56 +08:00
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:07 +08:00
|
|
|
ret = 0;
|
|
|
|
bad:
|
|
|
|
kfree(cipher_api);
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
bad_mem:
|
|
|
|
ti->error = "Cannot allocate cipher strings";
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Construct an encryption mapping:
|
2016-11-21 22:58:51 +08:00
|
|
|
* <cipher> [<key>|:<key_size>:<user|logon>:<key_description>] <iv_offset> <dev_path> <start>
|
2010-08-12 11:14:07 +08:00
|
|
|
*/
|
|
|
|
static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc;
|
2016-11-21 22:58:51 +08:00
|
|
|
int key_size;
|
|
|
|
unsigned int opt_params;
|
2010-08-12 11:14:07 +08:00
|
|
|
unsigned long long tmpll;
|
|
|
|
int ret;
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
size_t iv_size_padding;
|
2011-08-02 19:32:08 +08:00
|
|
|
struct dm_arg_set as;
|
|
|
|
const char *opt_string;
|
dm: reject trailing characters in sccanf input
Device mapper uses sscanf to convert arguments to numbers. The problem is that
the way we use it ignores additional unmatched characters in the scanned string.
For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
but also it will match number with some garbage appended, like "123abc".
As a result, device mapper accepts garbage after some numbers. For example
the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
will pass without an error.
This patch fixes all sscanf uses in device mapper. It appends "%c" with
a pointer to a dummy character variable to every sscanf statement.
The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
only if string is a null-terminated number (optionally preceded by some
whitespace characters). If there is some character appended after the number,
sscanf matches "%c", writes the character to the dummy variable and returns 2.
We check the return value for 1 and consequently reject numbers with some
garbage appended.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2012-03-29 01:41:26 +08:00
|
|
|
char dummy;
|
2011-08-02 19:32:08 +08:00
|
|
|
|
|
|
|
static struct dm_arg _args[] = {
|
2015-02-13 21:27:08 +08:00
|
|
|
{0, 3, "Invalid number of feature args"},
|
2011-08-02 19:32:08 +08:00
|
|
|
};
|
2010-08-12 11:14:07 +08:00
|
|
|
|
2011-08-02 19:32:08 +08:00
|
|
|
if (argc < 5) {
|
2010-08-12 11:14:07 +08:00
|
|
|
ti->error = "Not enough arguments";
|
|
|
|
return -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
key_size = get_key_size(&argv[1]);
|
|
|
|
if (key_size < 0) {
|
|
|
|
ti->error = "Cannot parse key size";
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2010-08-12 11:14:07 +08:00
|
|
|
|
|
|
|
cc = kzalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL);
|
|
|
|
if (!cc) {
|
|
|
|
ti->error = "Cannot allocate encryption context";
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
2011-01-14 03:59:49 +08:00
|
|
|
cc->key_size = key_size;
|
2010-08-12 11:14:07 +08:00
|
|
|
|
|
|
|
ti->private = cc;
|
|
|
|
ret = crypt_ctr_cipher(ti, argv[0], argv[1]);
|
|
|
|
if (ret < 0)
|
|
|
|
goto bad;
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
cc->dmreq_start = sizeof(struct skcipher_request);
|
|
|
|
cc->dmreq_start += crypto_skcipher_reqsize(any_tfm(cc));
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
cc->dmreq_start = ALIGN(cc->dmreq_start, __alignof__(struct dm_crypt_request));
|
|
|
|
|
2016-01-24 21:16:36 +08:00
|
|
|
if (crypto_skcipher_alignmask(any_tfm(cc)) < CRYPTO_MINALIGN) {
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
/* Allocate the padding exactly */
|
|
|
|
iv_size_padding = -(cc->dmreq_start + sizeof(struct dm_crypt_request))
|
2016-01-24 21:16:36 +08:00
|
|
|
& crypto_skcipher_alignmask(any_tfm(cc));
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* If the cipher requires greater alignment than kmalloc
|
|
|
|
* alignment, we don't know the exact position of the
|
|
|
|
* initialization vector. We must assume worst case.
|
|
|
|
*/
|
2016-01-24 21:16:36 +08:00
|
|
|
iv_size_padding = crypto_skcipher_alignmask(any_tfm(cc));
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
}
|
2008-02-08 10:11:07 +08:00
|
|
|
|
2015-02-13 21:25:26 +08:00
|
|
|
ret = -ENOMEM;
|
2008-02-08 10:11:07 +08:00
|
|
|
cc->req_pool = mempool_create_kmalloc_pool(MIN_IOS, cc->dmreq_start +
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
sizeof(struct dm_crypt_request) + iv_size_padding + cc->iv_size);
|
2008-02-08 10:11:07 +08:00
|
|
|
if (!cc->req_pool) {
|
|
|
|
ti->error = "Cannot allocate crypt request mempool";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2008-02-08 10:11:07 +08:00
|
|
|
}
|
|
|
|
|
2016-02-01 02:28:26 +08:00
|
|
|
cc->per_bio_data_size = ti->per_io_data_size =
|
dm crypt: fix access beyond the end of allocated space
The DM crypt target accesses memory beyond allocated space resulting in
a crash on 32 bit x86 systems.
This bug is very old (it dates back to 2.6.25 commit 3a7f6c990ad04 "dm
crypt: use async crypto"). However, this bug was masked by the fact
that kmalloc rounds the size up to the next power of two. This bug
wasn't exposed until 3.17-rc1 commit 298a9fa08a ("dm crypt: use per-bio
data"). By switching to using per-bio data there was no longer any
padding beyond the end of a dm-crypt allocated memory block.
To minimize allocation overhead dm-crypt puts several structures into one
block allocated with kmalloc. The block holds struct ablkcipher_request,
cipher-specific scratch pad (crypto_ablkcipher_reqsize(any_tfm(cc))),
struct dm_crypt_request and an initialization vector.
The variable dmreq_start is set to offset of struct dm_crypt_request
within this memory block. dm-crypt allocates the block with this size:
cc->dmreq_start + sizeof(struct dm_crypt_request) + cc->iv_size.
When accessing the initialization vector, dm-crypt uses the function
iv_of_dmreq, which performs this calculation: ALIGN((unsigned long)(dmreq
+ 1), crypto_ablkcipher_alignmask(any_tfm(cc)) + 1).
dm-crypt allocated "cc->iv_size" bytes beyond the end of dm_crypt_request
structure. However, when dm-crypt accesses the initialization vector, it
takes a pointer to the end of dm_crypt_request, aligns it, and then uses
it as the initialization vector. If the end of dm_crypt_request is not
aligned on a crypto_ablkcipher_alignmask(any_tfm(cc)) boundary the
alignment causes the initialization vector to point beyond the allocated
space.
Fix this bug by calculating the variable iv_size_padding and adding it
to the allocated size.
Also correct the alignment of dm_crypt_request. struct dm_crypt_request
is specific to dm-crypt (it isn't used by the crypto subsystem at all),
so it is aligned on __alignof__(struct dm_crypt_request).
Also align per_bio_data_size on ARCH_KMALLOC_MINALIGN, so that it is
aligned as if the block was allocated with kmalloc.
Reported-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Tested-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2014-08-28 23:09:31 +08:00
|
|
|
ALIGN(sizeof(struct dm_crypt_io) + cc->dmreq_start +
|
|
|
|
sizeof(struct dm_crypt_request) + iv_size_padding + cc->iv_size,
|
|
|
|
ARCH_KMALLOC_MINALIGN);
|
2014-03-29 03:51:55 +08:00
|
|
|
|
2015-02-13 21:23:52 +08:00
|
|
|
cc->page_pool = mempool_create_page_pool(BIO_MAX_PAGES, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!cc->page_pool) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Cannot allocate page mempool";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-12-10 22:35:05 +08:00
|
|
|
cc->bs = bioset_create(MIN_IOS, 0);
|
2006-10-03 16:15:40 +08:00
|
|
|
if (!cc->bs) {
|
|
|
|
ti->error = "Cannot allocate crypt bioset";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2006-10-03 16:15:40 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:24:41 +08:00
|
|
|
mutex_init(&cc->bio_alloc_lock);
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
ret = -EINVAL;
|
dm: reject trailing characters in sccanf input
Device mapper uses sscanf to convert arguments to numbers. The problem is that
the way we use it ignores additional unmatched characters in the scanned string.
For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
but also it will match number with some garbage appended, like "123abc".
As a result, device mapper accepts garbage after some numbers. For example
the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
will pass without an error.
This patch fixes all sscanf uses in device mapper. It appends "%c" with
a pointer to a dummy character variable to every sscanf statement.
The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
only if string is a null-terminated number (optionally preceded by some
whitespace characters). If there is some character appended after the number,
sscanf matches "%c", writes the character to the dummy variable and returns 2.
We check the return value for 1 and consequently reject numbers with some
garbage appended.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2012-03-29 01:41:26 +08:00
|
|
|
if (sscanf(argv[2], "%llu%c", &tmpll, &dummy) != 1) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Invalid iv_offset sector";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2006-03-27 17:17:48 +08:00
|
|
|
cc->iv_offset = tmpll;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-07-31 21:20:36 +08:00
|
|
|
ret = dm_get_device(ti, argv[3], dm_table_get_mode(ti->table), &cc->dev);
|
|
|
|
if (ret) {
|
2010-08-12 11:14:06 +08:00
|
|
|
ti->error = "Device lookup failed";
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2015-07-31 21:20:36 +08:00
|
|
|
ret = -EINVAL;
|
dm: reject trailing characters in sccanf input
Device mapper uses sscanf to convert arguments to numbers. The problem is that
the way we use it ignores additional unmatched characters in the scanned string.
For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number,
but also it will match number with some garbage appended, like "123abc".
As a result, device mapper accepts garbage after some numbers. For example
the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"'
will pass without an error.
This patch fixes all sscanf uses in device mapper. It appends "%c" with
a pointer to a dummy character variable to every sscanf statement.
The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds
only if string is a null-terminated number (optionally preceded by some
whitespace characters). If there is some character appended after the number,
sscanf matches "%c", writes the character to the dummy variable and returns 2.
We check the return value for 1 and consequently reject numbers with some
garbage appended.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
2012-03-29 01:41:26 +08:00
|
|
|
if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1) {
|
2006-06-26 15:27:35 +08:00
|
|
|
ti->error = "Invalid device sector";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2006-03-27 17:17:48 +08:00
|
|
|
cc->start = tmpll;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-08-02 19:32:08 +08:00
|
|
|
argv += 5;
|
|
|
|
argc -= 5;
|
|
|
|
|
|
|
|
/* Optional parameters */
|
|
|
|
if (argc) {
|
|
|
|
as.argc = argc;
|
|
|
|
as.argv = argv;
|
|
|
|
|
|
|
|
ret = dm_read_arg_group(_args, &as, &opt_params, &ti->error);
|
|
|
|
if (ret)
|
|
|
|
goto bad;
|
|
|
|
|
2015-04-17 10:00:50 +08:00
|
|
|
ret = -EINVAL;
|
2015-02-13 21:23:09 +08:00
|
|
|
while (opt_params--) {
|
|
|
|
opt_string = dm_shift_arg(&as);
|
|
|
|
if (!opt_string) {
|
|
|
|
ti->error = "Not enough feature arguments";
|
|
|
|
goto bad;
|
|
|
|
}
|
2011-08-02 19:32:08 +08:00
|
|
|
|
2015-02-13 21:23:09 +08:00
|
|
|
if (!strcasecmp(opt_string, "allow_discards"))
|
|
|
|
ti->num_discard_bios = 1;
|
|
|
|
|
|
|
|
else if (!strcasecmp(opt_string, "same_cpu_crypt"))
|
|
|
|
set_bit(DM_CRYPT_SAME_CPU, &cc->flags);
|
|
|
|
|
2015-02-13 21:27:08 +08:00
|
|
|
else if (!strcasecmp(opt_string, "submit_from_crypt_cpus"))
|
|
|
|
set_bit(DM_CRYPT_NO_OFFLOAD, &cc->flags);
|
|
|
|
|
2015-02-13 21:23:09 +08:00
|
|
|
else {
|
|
|
|
ti->error = "Invalid feature arguments";
|
|
|
|
goto bad;
|
|
|
|
}
|
2011-08-02 19:32:08 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
ret = -ENOMEM;
|
2013-07-30 20:40:21 +08:00
|
|
|
cc->io_queue = alloc_workqueue("kcryptd_io", WQ_MEM_RECLAIM, 1);
|
2007-10-20 05:38:58 +08:00
|
|
|
if (!cc->io_queue) {
|
|
|
|
ti->error = "Couldn't create kcryptd io queue";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2007-10-20 05:38:58 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:23:09 +08:00
|
|
|
if (test_bit(DM_CRYPT_SAME_CPU, &cc->flags))
|
|
|
|
cc->crypt_queue = alloc_workqueue("kcryptd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM, 1);
|
|
|
|
else
|
|
|
|
cc->crypt_queue = alloc_workqueue("kcryptd", WQ_CPU_INTENSIVE | WQ_MEM_RECLAIM | WQ_UNBOUND,
|
|
|
|
num_online_cpus());
|
2007-10-20 05:38:58 +08:00
|
|
|
if (!cc->crypt_queue) {
|
2007-10-20 05:38:57 +08:00
|
|
|
ti->error = "Couldn't create kcryptd queue";
|
2010-08-12 11:14:06 +08:00
|
|
|
goto bad;
|
2007-10-20 05:38:57 +08:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:25:59 +08:00
|
|
|
init_waitqueue_head(&cc->write_thread_wait);
|
2015-02-13 21:27:41 +08:00
|
|
|
cc->write_tree = RB_ROOT;
|
2015-02-13 21:25:59 +08:00
|
|
|
|
|
|
|
cc->write_thread = kthread_create(dmcrypt_write, cc, "dmcrypt_write");
|
|
|
|
if (IS_ERR(cc->write_thread)) {
|
|
|
|
ret = PTR_ERR(cc->write_thread);
|
|
|
|
cc->write_thread = NULL;
|
|
|
|
ti->error = "Couldn't spawn write thread";
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
wake_up_process(cc->write_thread);
|
|
|
|
|
2013-03-02 06:45:47 +08:00
|
|
|
ti->num_flush_bios = 1;
|
2012-07-27 22:08:08 +08:00
|
|
|
ti->discard_zeroes_data_unsupported = true;
|
2011-09-26 06:26:21 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
2010-08-12 11:14:06 +08:00
|
|
|
bad:
|
|
|
|
crypt_dtr(ti);
|
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2012-12-22 04:23:41 +08:00
|
|
|
static int crypt_map(struct dm_target *ti, struct bio *bio)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2007-07-13 00:26:32 +08:00
|
|
|
struct dm_crypt_io *io;
|
2012-07-27 22:08:05 +08:00
|
|
|
struct crypt_config *cc = ti->private;
|
2009-06-22 17:12:23 +08:00
|
|
|
|
2011-08-02 19:32:08 +08:00
|
|
|
/*
|
2016-06-06 03:32:25 +08:00
|
|
|
* If bio is REQ_PREFLUSH or REQ_OP_DISCARD, just bypass crypt queues.
|
|
|
|
* - for REQ_PREFLUSH device-mapper core ensures that no IO is in-flight
|
2016-06-06 03:32:04 +08:00
|
|
|
* - for REQ_OP_DISCARD caller must use flush if IO ordering matters
|
2011-08-02 19:32:08 +08:00
|
|
|
*/
|
2016-08-06 05:35:16 +08:00
|
|
|
if (unlikely(bio->bi_opf & REQ_PREFLUSH ||
|
2016-06-06 03:32:25 +08:00
|
|
|
bio_op(bio) == REQ_OP_DISCARD)) {
|
2009-06-22 17:12:23 +08:00
|
|
|
bio->bi_bdev = cc->dev->bdev;
|
2011-08-02 19:32:08 +08:00
|
|
|
if (bio_sectors(bio))
|
2013-10-12 06:44:27 +08:00
|
|
|
bio->bi_iter.bi_sector = cc->start +
|
|
|
|
dm_target_offset(ti, bio->bi_iter.bi_sector);
|
2009-06-22 17:12:23 +08:00
|
|
|
return DM_MAPIO_REMAPPED;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-08-31 04:38:42 +08:00
|
|
|
/*
|
|
|
|
* Check if bio is too large, split as needed.
|
|
|
|
*/
|
|
|
|
if (unlikely(bio->bi_iter.bi_size > (BIO_MAX_PAGES << PAGE_SHIFT)) &&
|
|
|
|
bio_data_dir(bio) == WRITE)
|
|
|
|
dm_accept_partial_bio(bio, ((BIO_MAX_PAGES << PAGE_SHIFT) >> SECTOR_SHIFT));
|
|
|
|
|
2014-03-29 03:51:55 +08:00
|
|
|
io = dm_per_bio_data(bio, cc->per_bio_data_size);
|
|
|
|
crypt_io_init(io, cc, bio, dm_target_offset(ti, bio->bi_iter.bi_sector));
|
2016-01-24 21:16:36 +08:00
|
|
|
io->ctx.req = (struct skcipher_request *)(io + 1);
|
2007-10-20 05:38:58 +08:00
|
|
|
|
2011-01-14 03:59:53 +08:00
|
|
|
if (bio_data_dir(io->base_bio) == READ) {
|
|
|
|
if (kcryptd_io_read(io, GFP_NOWAIT))
|
2015-02-13 21:25:59 +08:00
|
|
|
kcryptd_queue_read(io);
|
2011-01-14 03:59:53 +08:00
|
|
|
} else
|
2007-10-20 05:38:58 +08:00
|
|
|
kcryptd_queue_crypt(io);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-12-08 18:41:06 +08:00
|
|
|
return DM_MAPIO_SUBMITTED;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-03-02 06:45:44 +08:00
|
|
|
static void crypt_status(struct dm_target *ti, status_type_t type,
|
|
|
|
unsigned status_flags, char *result, unsigned maxlen)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2010-08-12 11:14:07 +08:00
|
|
|
struct crypt_config *cc = ti->private;
|
2013-03-02 06:45:44 +08:00
|
|
|
unsigned i, sz = 0;
|
2015-02-13 21:23:09 +08:00
|
|
|
int num_feature_args = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case STATUSTYPE_INFO:
|
|
|
|
result[0] = '\0';
|
|
|
|
break;
|
|
|
|
|
|
|
|
case STATUSTYPE_TABLE:
|
2011-01-14 03:59:52 +08:00
|
|
|
DMEMIT("%s ", cc->cipher_string);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-11-21 22:58:51 +08:00
|
|
|
if (cc->key_size > 0) {
|
|
|
|
if (cc->key_string)
|
|
|
|
DMEMIT(":%u:%s", cc->key_size, cc->key_string);
|
|
|
|
else
|
|
|
|
for (i = 0; i < cc->key_size; i++)
|
|
|
|
DMEMIT("%02x", cc->key[i]);
|
|
|
|
} else
|
2013-03-02 06:45:44 +08:00
|
|
|
DMEMIT("-");
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-27 17:17:48 +08:00
|
|
|
DMEMIT(" %llu %s %llu", (unsigned long long)cc->iv_offset,
|
|
|
|
cc->dev->name, (unsigned long long)cc->start);
|
2011-08-02 19:32:08 +08:00
|
|
|
|
2015-02-13 21:23:09 +08:00
|
|
|
num_feature_args += !!ti->num_discard_bios;
|
|
|
|
num_feature_args += test_bit(DM_CRYPT_SAME_CPU, &cc->flags);
|
2015-02-13 21:27:08 +08:00
|
|
|
num_feature_args += test_bit(DM_CRYPT_NO_OFFLOAD, &cc->flags);
|
2015-02-13 21:23:09 +08:00
|
|
|
if (num_feature_args) {
|
|
|
|
DMEMIT(" %d", num_feature_args);
|
|
|
|
if (ti->num_discard_bios)
|
|
|
|
DMEMIT(" allow_discards");
|
|
|
|
if (test_bit(DM_CRYPT_SAME_CPU, &cc->flags))
|
|
|
|
DMEMIT(" same_cpu_crypt");
|
2015-02-13 21:27:08 +08:00
|
|
|
if (test_bit(DM_CRYPT_NO_OFFLOAD, &cc->flags))
|
|
|
|
DMEMIT(" submit_from_crypt_cpus");
|
2015-02-13 21:23:09 +08:00
|
|
|
}
|
2011-08-02 19:32:08 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-10-03 16:15:37 +08:00
|
|
|
static void crypt_postsuspend(struct dm_target *ti)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
|
|
|
|
|
|
|
set_bit(DM_CRYPT_SUSPENDED, &cc->flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int crypt_preresume(struct dm_target *ti)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
|
|
|
|
|
|
|
if (!test_bit(DM_CRYPT_KEY_VALID, &cc->flags)) {
|
|
|
|
DMERR("aborting resume - crypt key is not set.");
|
|
|
|
return -EAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void crypt_resume(struct dm_target *ti)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
|
|
|
|
|
|
|
clear_bit(DM_CRYPT_SUSPENDED, &cc->flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Message interface
|
|
|
|
* key set <key>
|
|
|
|
* key wipe
|
|
|
|
*/
|
|
|
|
static int crypt_message(struct dm_target *ti, unsigned argc, char **argv)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
2016-11-21 22:58:51 +08:00
|
|
|
int key_size, ret = -EINVAL;
|
2006-10-03 16:15:37 +08:00
|
|
|
|
|
|
|
if (argc < 2)
|
|
|
|
goto error;
|
|
|
|
|
2011-08-02 19:32:04 +08:00
|
|
|
if (!strcasecmp(argv[0], "key")) {
|
2006-10-03 16:15:37 +08:00
|
|
|
if (!test_bit(DM_CRYPT_SUSPENDED, &cc->flags)) {
|
|
|
|
DMWARN("not suspended during key manipulation.");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2011-08-02 19:32:04 +08:00
|
|
|
if (argc == 3 && !strcasecmp(argv[1], "set")) {
|
2016-11-21 22:58:51 +08:00
|
|
|
/* The key size may not be changed. */
|
|
|
|
key_size = get_key_size(&argv[2]);
|
|
|
|
if (key_size < 0 || cc->key_size != key_size) {
|
|
|
|
memset(argv[2], '0', strlen(argv[2]));
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-12-11 07:51:57 +08:00
|
|
|
ret = crypt_set_key(cc, argv[2]);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
if (cc->iv_gen_ops && cc->iv_gen_ops->init)
|
|
|
|
ret = cc->iv_gen_ops->init(cc);
|
|
|
|
return ret;
|
|
|
|
}
|
2011-08-02 19:32:04 +08:00
|
|
|
if (argc == 2 && !strcasecmp(argv[1], "wipe")) {
|
2009-12-11 07:51:57 +08:00
|
|
|
if (cc->iv_gen_ops && cc->iv_gen_ops->wipe) {
|
|
|
|
ret = cc->iv_gen_ops->wipe(cc);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
2006-10-03 16:15:37 +08:00
|
|
|
return crypt_wipe_key(cc);
|
2009-12-11 07:51:57 +08:00
|
|
|
}
|
2006-10-03 16:15:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
error:
|
|
|
|
DMWARN("unrecognised message received.");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-06-22 17:12:33 +08:00
|
|
|
static int crypt_iterate_devices(struct dm_target *ti,
|
|
|
|
iterate_devices_callout_fn fn, void *data)
|
|
|
|
{
|
|
|
|
struct crypt_config *cc = ti->private;
|
|
|
|
|
2009-07-24 03:30:42 +08:00
|
|
|
return fn(ti, cc->dev, cc->start, ti->len, data);
|
2009-06-22 17:12:33 +08:00
|
|
|
}
|
|
|
|
|
2015-09-10 09:34:51 +08:00
|
|
|
static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Unfortunate constraint that is required to avoid the potential
|
|
|
|
* for exceeding underlying device's max_segments limits -- due to
|
|
|
|
* crypt_alloc_buffer() possibly allocating pages for the encryption
|
|
|
|
* bio that are not as physically contiguous as the original bio.
|
|
|
|
*/
|
|
|
|
limits->max_segment_size = PAGE_SIZE;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static struct target_type crypt_target = {
|
|
|
|
.name = "crypt",
|
2016-11-21 22:58:51 +08:00
|
|
|
.version = {1, 15, 0},
|
2005-04-17 06:20:36 +08:00
|
|
|
.module = THIS_MODULE,
|
|
|
|
.ctr = crypt_ctr,
|
|
|
|
.dtr = crypt_dtr,
|
|
|
|
.map = crypt_map,
|
|
|
|
.status = crypt_status,
|
2006-10-03 16:15:37 +08:00
|
|
|
.postsuspend = crypt_postsuspend,
|
|
|
|
.preresume = crypt_preresume,
|
|
|
|
.resume = crypt_resume,
|
|
|
|
.message = crypt_message,
|
2009-06-22 17:12:33 +08:00
|
|
|
.iterate_devices = crypt_iterate_devices,
|
2015-09-10 09:34:51 +08:00
|
|
|
.io_hints = crypt_io_hints,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static int __init dm_crypt_init(void)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = dm_register_target(&crypt_target);
|
2015-02-13 21:25:26 +08:00
|
|
|
if (r < 0)
|
2006-06-26 15:27:35 +08:00
|
|
|
DMERR("register failed %d", r);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit dm_crypt_exit(void)
|
|
|
|
{
|
2009-01-06 11:04:58 +08:00
|
|
|
dm_unregister_target(&crypt_target);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
module_init(dm_crypt_init);
|
|
|
|
module_exit(dm_crypt_exit);
|
|
|
|
|
2014-06-25 02:27:04 +08:00
|
|
|
MODULE_AUTHOR("Jana Saout <jana@saout.de>");
|
2005-04-17 06:20:36 +08:00
|
|
|
MODULE_DESCRIPTION(DM_NAME " target for transparent encryption / decryption");
|
|
|
|
MODULE_LICENSE("GPL");
|