From: Josef Bacik <josef@toxicpanda.com>
To: linux-fscrypt@vger.kernel.org, ebiggers@kernel.org,
linux-btrfs@vger.kernel.org
Subject: [PATCH v2 05/36] blk-crypto: add a process bio callback
Date: Tue, 10 Oct 2023 16:40:20 -0400 [thread overview]
Message-ID: <ab3493e225d34845fa953c429b3cd07c112ec7e7.1696970227.git.josef@toxicpanda.com> (raw)
In-Reply-To: <cover.1696970227.git.josef@toxicpanda.com>
Btrfs does checksumming, and the checksums need to match the bytes on
disk. In order to facilitate this add a process bio callback for the
blk-crypto layer. This allows the file system to specify a callback and
then can process the encrypted bio as necessary.
For btrfs, writes will have the checksums calculated and saved into our
relevant data structures for storage once the write completes. For
reads we will validate the checksums match what is on disk and error out
if there is a mismatch.
This is incompatible with native encryption obviously, so make sure we
don't use native encryption if this callback is set.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
---
block/blk-crypto-fallback.c | 28 ++++++++++++++++++++++++++++
block/blk-crypto-profile.c | 2 ++
block/blk-crypto.c | 6 +++++-
fs/crypto/inline_crypt.c | 3 ++-
include/linux/blk-crypto-profile.h | 7 +++++++
include/linux/blk-crypto.h | 9 +++++++--
include/linux/fscrypt.h | 14 ++++++++++++++
7 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c
index e6468eab2681..8b4a83534127 100644
--- a/block/blk-crypto-fallback.c
+++ b/block/blk-crypto-fallback.c
@@ -346,6 +346,15 @@ static bool blk_crypto_fallback_encrypt_bio(struct bio **bio_ptr)
}
}
+ /* Process the encrypted bio before we submit it. */
+ if (bc->bc_key->crypto_cfg.process_bio) {
+ blk_st = bc->bc_key->crypto_cfg.process_bio(src_bio, enc_bio);
+ if (blk_st != BLK_STS_OK) {
+ src_bio->bi_status = blk_st;
+ goto out_free_bounce_pages;
+ }
+ }
+
enc_bio->bi_private = src_bio;
enc_bio->bi_end_io = blk_crypto_fallback_encrypt_endio;
*bio_ptr = enc_bio;
@@ -391,6 +400,24 @@ static void blk_crypto_fallback_decrypt_bio(struct work_struct *work)
unsigned int i;
blk_status_t blk_st;
+ /*
+ * Process the bio first before trying to decrypt.
+ *
+ * NOTE: btrfs expects that this bio is the same that was submitted. If
+ * at any point this changes we will need to update process_bio to take
+ * f_ctx->crypt_iter in order to make sure we can iterate the pages for
+ * checksumming. We're currently saving this in our btrfs_bio, so this
+ * works, but if at any point in the future we start allocating a bounce
+ * bio or something we need to update this callback.
+ */
+ if (bc->bc_key->crypto_cfg.process_bio) {
+ blk_st = bc->bc_key->crypto_cfg.process_bio(bio, bio);
+ if (blk_st != BLK_STS_OK) {
+ bio->bi_status = blk_st;
+ goto out_no_keyslot;
+ }
+ }
+
/*
* Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for
* this bio's algorithm and key.
@@ -560,6 +587,7 @@ static int blk_crypto_fallback_init(void)
blk_crypto_fallback_profile->ll_ops = blk_crypto_fallback_ll_ops;
blk_crypto_fallback_profile->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;
+ blk_crypto_fallback_profile->process_bio_supported = true;
/* All blk-crypto modes have a crypto API fallback. */
for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++)
diff --git a/block/blk-crypto-profile.c b/block/blk-crypto-profile.c
index 7fabc883e39f..640cf2ea3fcc 100644
--- a/block/blk-crypto-profile.c
+++ b/block/blk-crypto-profile.c
@@ -352,6 +352,8 @@ bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile,
return false;
if (profile->max_dun_bytes_supported < cfg->dun_bytes)
return false;
+ if (cfg->process_bio && !profile->process_bio_supported)
+ return false;
return true;
}
diff --git a/block/blk-crypto.c b/block/blk-crypto.c
index 4d760b092deb..50556952df19 100644
--- a/block/blk-crypto.c
+++ b/block/blk-crypto.c
@@ -321,6 +321,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio,
* @dun_bytes: number of bytes that will be used to specify the DUN when this
* key is used
* @data_unit_size: the data unit size to use for en/decryption
+ * @process_bio: the call back if the upper layer needs to process the encrypted
+ * bio
*
* Return: 0 on success, -errno on failure. The caller is responsible for
* zeroizing both blk_key and raw_key when done with them.
@@ -328,7 +330,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio,
int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
enum blk_crypto_mode_num crypto_mode,
unsigned int dun_bytes,
- unsigned int data_unit_size)
+ unsigned int data_unit_size,
+ blk_crypto_process_bio_t process_bio)
{
const struct blk_crypto_mode *mode;
@@ -350,6 +353,7 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
blk_key->crypto_cfg.crypto_mode = crypto_mode;
blk_key->crypto_cfg.dun_bytes = dun_bytes;
blk_key->crypto_cfg.data_unit_size = data_unit_size;
+ blk_key->crypto_cfg.process_bio = process_bio;
blk_key->data_unit_size_bits = ilog2(data_unit_size);
blk_key->size = mode->keysize;
memcpy(blk_key->raw, raw_key, mode->keysize);
diff --git a/fs/crypto/inline_crypt.c b/fs/crypto/inline_crypt.c
index 4eeb75410ba8..57776c548a06 100644
--- a/fs/crypto/inline_crypt.c
+++ b/fs/crypto/inline_crypt.c
@@ -168,7 +168,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
err = blk_crypto_init_key(blk_key, raw_key, crypto_mode,
fscrypt_get_dun_bytes(ci),
- 1U << ci->ci_data_unit_bits);
+ 1U << ci->ci_data_unit_bits,
+ sb->s_cop->process_bio);
if (err) {
fscrypt_err(inode, "error %d initializing blk-crypto key", err);
goto fail;
diff --git a/include/linux/blk-crypto-profile.h b/include/linux/blk-crypto-profile.h
index 90ab33cb5d0e..3c002e85631a 100644
--- a/include/linux/blk-crypto-profile.h
+++ b/include/linux/blk-crypto-profile.h
@@ -100,6 +100,13 @@ struct blk_crypto_profile {
*/
struct device *dev;
+ /**
+ * @process_bio_supported: Some things, like btrfs, require the
+ * encrypted data for checksumming. Drivers set this to true if they can
+ * handle the process_bio() callback.
+ */
+ bool process_bio_supported;
+
/* private: The following fields shouldn't be accessed by drivers. */
/* Number of keyslots, or 0 if not applicable */
diff --git a/include/linux/blk-crypto.h b/include/linux/blk-crypto.h
index 5e5822c18ee4..194c1d727013 100644
--- a/include/linux/blk-crypto.h
+++ b/include/linux/blk-crypto.h
@@ -6,7 +6,7 @@
#ifndef __LINUX_BLK_CRYPTO_H
#define __LINUX_BLK_CRYPTO_H
-#include <linux/types.h>
+#include <linux/blk_types.h>
enum blk_crypto_mode_num {
BLK_ENCRYPTION_MODE_INVALID,
@@ -17,6 +17,9 @@ enum blk_crypto_mode_num {
BLK_ENCRYPTION_MODE_MAX,
};
+typedef blk_status_t (blk_crypto_process_bio_t)(struct bio *orig_bio,
+ struct bio *enc_bio);
+
#define BLK_CRYPTO_MAX_KEY_SIZE 64
/**
* struct blk_crypto_config - an inline encryption key's crypto configuration
@@ -31,6 +34,7 @@ struct blk_crypto_config {
enum blk_crypto_mode_num crypto_mode;
unsigned int data_unit_size;
unsigned int dun_bytes;
+ blk_crypto_process_bio_t *process_bio;
};
/**
@@ -90,7 +94,8 @@ bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc,
int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
enum blk_crypto_mode_num crypto_mode,
unsigned int dun_bytes,
- unsigned int data_unit_size);
+ unsigned int data_unit_size,
+ blk_crypto_process_bio_t process_bio);
int blk_crypto_start_using_key(struct block_device *bdev,
const struct blk_crypto_key *key);
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index ea8fdc6f3b83..a3576da6a9fa 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -16,6 +16,7 @@
#include <linux/fs.h>
#include <linux/mm.h>
#include <linux/slab.h>
+#include <linux/blk-crypto.h>
#include <uapi/linux/fscrypt.h>
/*
@@ -199,6 +200,19 @@ struct fscrypt_operations {
*/
struct block_device **(*get_devices)(struct super_block *sb,
unsigned int *num_devs);
+
+ /*
+ * A callback if the file system requires the ability to process the
+ * encrypted bio.
+ *
+ * @orig_bio: the original bio submitted.
+ * @enc_bio: the encrypted bio.
+ *
+ * For writes the enc_bio will be different from the orig_bio, for reads
+ * they will be the same. For reads we get the bio before it is
+ * decrypted, for writes we get the bio before it is submitted.
+ */
+ blk_crypto_process_bio_t *process_bio;
};
static inline struct fscrypt_inode_info *
--
2.41.0
next prev parent reply other threads:[~2023-10-10 20:41 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 20:40 [PATCH v2 00/36] btrfs: add fscrypt support Josef Bacik
2023-10-10 20:40 ` [PATCH v2 01/36] fscrypt: use a flag to indicate that the master key is being evicted Josef Bacik
2023-10-15 6:22 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 02/36] fscrypt: don't wipe mk secret until the last active user is gone Josef Bacik
2023-10-15 6:25 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 03/36] fscrypt: add per-extent encryption support Josef Bacik
2023-10-15 6:36 ` Eric Biggers
2023-10-10 20:40 ` [PATCH v2 04/36] fscrypt: disable all but standard v2 policies for extent encryption Josef Bacik
2023-10-15 6:27 ` Eric Biggers
2023-10-10 20:40 ` Josef Bacik [this message]
2023-10-15 6:32 ` [PATCH v2 05/36] blk-crypto: add a process bio callback Eric Biggers
2023-10-10 20:40 ` [PATCH v2 06/36] fscrypt: expose fscrypt_nokey_name Josef Bacik
2023-10-10 20:40 ` [PATCH v2 07/36] fscrypt: add documentation about extent encryption Josef Bacik
2023-10-10 20:40 ` [PATCH v2 08/36] btrfs: add infrastructure for safe em freeing Josef Bacik
2023-10-10 20:40 ` [PATCH v2 09/36] btrfs: disable various operations on encrypted inodes Josef Bacik
2023-10-10 20:40 ` [PATCH v2 10/36] btrfs: disable verity " Josef Bacik
2023-10-10 20:40 ` [PATCH v2 11/36] btrfs: start using fscrypt hooks Josef Bacik
2023-10-10 20:40 ` [PATCH v2 12/36] btrfs: add inode encryption contexts Josef Bacik
2023-10-10 20:40 ` [PATCH v2 13/36] btrfs: add new FEATURE_INCOMPAT_ENCRYPT flag Josef Bacik
2023-10-10 20:40 ` [PATCH v2 14/36] btrfs: adapt readdir for encrypted and nokey names Josef Bacik
2023-10-10 20:40 ` [PATCH v2 15/36] btrfs: handle " Josef Bacik
2023-10-10 20:40 ` [PATCH v2 16/36] btrfs: implement fscrypt ioctls Josef Bacik
2023-10-10 20:40 ` [PATCH v2 17/36] btrfs: add encryption to CONFIG_BTRFS_DEBUG Josef Bacik
2023-10-10 20:40 ` [PATCH v2 18/36] btrfs: add get_devices hook for fscrypt Josef Bacik
2023-10-10 20:40 ` [PATCH v2 19/36] btrfs: turn on inlinecrypt mount option for encrypt Josef Bacik
2023-10-10 20:40 ` [PATCH v2 20/36] btrfs: set file extent encryption excplicitly Josef Bacik
2023-10-10 20:40 ` [PATCH v2 21/36] btrfs: add fscrypt_info and encryption_type to extent_map Josef Bacik
2023-10-10 20:40 ` [PATCH v2 22/36] btrfs: add fscrypt_info and encryption_type to ordered_extent Josef Bacik
2023-10-10 20:40 ` [PATCH v2 23/36] btrfs: plumb through setting the fscrypt_info for ordered extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 24/36] btrfs: populate the ordered_extent with the fscrypt context Josef Bacik
2023-10-10 20:40 ` [PATCH v2 25/36] btrfs: keep track of fscrypt info and orig_start for dio reads Josef Bacik
2023-10-10 20:40 ` [PATCH v2 26/36] btrfs: add an optional encryption context to the end of file extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 27/36] btrfs: explicitly track file extent length for replace and drop Josef Bacik
2023-10-10 20:40 ` [PATCH v2 28/36] btrfs: pass through fscrypt_extent_info to the file extent helpers Josef Bacik
2023-10-10 20:40 ` [PATCH v2 29/36] btrfs: pass the fscrypt_info through the replace extent infrastructure Josef Bacik
2023-10-10 20:40 ` [PATCH v2 30/36] btrfs: implement the fscrypt extent encryption hooks Josef Bacik
2023-10-10 20:40 ` [PATCH v2 31/36] btrfs: setup fscrypt_extent_info for new extents Josef Bacik
2023-10-10 20:40 ` [PATCH v2 32/36] btrfs: populate ordered_extent with the orig offset Josef Bacik
2023-10-10 20:40 ` [PATCH v2 33/36] btrfs: set the bio fscrypt context when applicable Josef Bacik
2023-10-10 20:40 ` [PATCH v2 34/36] btrfs: add a bio argument to btrfs_csum_one_bio Josef Bacik
2023-10-10 20:40 ` [PATCH v2 35/36] btrfs: add orig_logical to btrfs_bio Josef Bacik
2023-10-10 20:40 ` [PATCH v2 36/36] btrfs: implement process_bio cb for fscrypt Josef Bacik
2023-11-21 23:02 ` [PATCH v2 00/36] btrfs: add fscrypt support Eric Biggers
2023-11-22 13:58 ` Josef Bacik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ab3493e225d34845fa953c429b3cd07c112ec7e7.1696970227.git.josef@toxicpanda.com \
--to=josef@toxicpanda.com \
--cc=ebiggers@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).