From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0CD7C352BE for ; Wed, 8 Apr 2020 03:57:25 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C51F52080C; Wed, 8 Apr 2020 03:57:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.sourceforge.net header.i=@lists.sourceforge.net header.b="Ayu3UqGT"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="k7uA2uoC"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="MLStGoQo"; dkim=neutral (0-bit key) header.d=google.com header.i=@google.com header.b="EbA4+PTD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C51F52080C Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=lists.sourceforge.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: Reply-To:From:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Subject:To:References:Mime-Version:Message-Id: In-Reply-To:Date:Sender:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iDRQaZNqB8YMpXe4IMJuQ2PinNZ6q276k4KKqaL+s4A=; b=Ayu3UqGTvMKerMjZOX1hszW8W 0RnrRGpy9r6JFHt4owKRyspqhaCqUixxXfYpnJjxTQBwZkCs/MR80Vs3blpAXxOW4nlB6jcvGUsZW 8W3SWg32My+AIvhyydWIENvMy1sUg6S2prTozCDmA2obu5dKa044JDDaRflS8wWMzcwzw=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jM1q9-0007sR-EH; Wed, 08 Apr 2020 03:57:25 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <3nEuNXgYKAGMTBUZBUHPPHMF.DPN@flex--satyat.bounces.google.com>) id 1jM1q8-0007sJ-ND for linux-f2fs-devel@lists.sourceforge.net; Wed, 08 Apr 2020 03:57:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=R63k+AfysXRo+KgVRO7Z6nFDHUcUfFcV6SnK1eQRL6M=; b=k7uA2uoCXxgNkxXmQFn59+zu7 +KKAI3EioY4aCbpicNJpjc1p4wyTBAAcrHkfGuVrGCAOUJY+CzXPo9ICDIZmE/XYiyWFxUPnW1QBK VE2xF1w7gAG0giWcEePaB3pfWG2vznG0OyK9G6MlyAeFDrbv4xETiYei3dumnweZK8pSs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Cc:To:From:Subject:References:Mime-Version:Message-Id: In-Reply-To:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=R63k+AfysXRo+KgVRO7Z6nFDHUcUfFcV6SnK1eQRL6M=; b=MLStGoQouNNbxT1zONMX6LVChH kA3ljCVpPS6XIYqa7/eKBZumI9lftj5nzcpKGtgTH2wYSJ+aczPPqzi3orE8RrxX9OE4aWKLbYVaD xTv2vg+bMJLwbSDggD93HaqERLiCQg+bkM4NoG/rYX3TJi/KL0P9YgpVvXcxwKJ3YRT8=; Received: from mail-pl1-f202.google.com ([209.85.214.202]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) id 1jM1q6-007kNH-PP for linux-f2fs-devel@lists.sourceforge.net; Wed, 08 Apr 2020 03:57:24 +0000 Received: by mail-pl1-f202.google.com with SMTP id a8so4062439plm.2 for ; Tue, 07 Apr 2020 20:57:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=R63k+AfysXRo+KgVRO7Z6nFDHUcUfFcV6SnK1eQRL6M=; b=EbA4+PTDy2+dipLkMxCGkSOn3xK3neIY4SLpHSjfVMC8UMOcn6o/Nw/1JbY8nYjtqB tABJBFWJEJmgNu8RcJT4kbUo0F980e48dMipw3hYe985GvZ+IXqD6muziFCcEFghtg2S 8w42m9TeIMdmKp8Cj8uAcxnT188v3/6ig7aq51qrIQ09GES4aMaQzydyzMj8EqoPg3kx f2H2/+Om8n00RcqYl7vfTwwsLRM+C+mrOZHe0qfjVph+Z4Oy64Ry+yrq2q8tCHkiff2N zF1wI+Fcqee7eU6oOsnJ8MNKrIuO6sRwQHjzlUwWytrU+v6REm3F2uLDMN2FAVTwz8oz vsSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=R63k+AfysXRo+KgVRO7Z6nFDHUcUfFcV6SnK1eQRL6M=; b=sE3uS9IDhVMIgghHHalMJMJ/qL/havN679sPyoowITGroerpYTXSCjUxEIz0901t0A sCPFZi/VrtDUGLvxn1lb+8RNVkYDtiQpdEN9NV1WWgmbnYc8IR5iLxZyPbwZvbWvgBWW 5NozZEMpEJ01vTgBvIxG5rjDbNVf2gfOO348vx7WN3BJ/iMpiITRnDMKbf/sWOgMIw0k Jhb12s7azmS7Ko9CrSAJQzOY+y9z+VaJpmj9Bi4t+aWpyVsrcpUDESGpLe0/Hwj6Fiez Z8057TsO5LPV5Vq0LB4eADKx1svObc6CYqyfBWb13cvyOkjtQhHJvi7ZYZEX/jIepU1w mf0g== X-Gm-Message-State: AGi0PubIWaSYqjziQzkm4yTNUBwmBUcQop5b71UyqU71m0pzs7AMKyYj upEFEbXrBO30MYb9t1Hj4tIpKCcoD4Q= X-Google-Smtp-Source: APiQypJ9qpq8KunwOUGMv+PZhAX21JVqOelW4cxBH/GQHSsxncC5enjkQSMfCbJNkSXIDmd7pSvCVX1fIm4= X-Received: by 2002:a17:90a:c583:: with SMTP id l3mr3082112pjt.84.1586318236101; Tue, 07 Apr 2020 20:57:16 -0700 (PDT) Date: Tue, 7 Apr 2020 20:56:46 -0700 In-Reply-To: <20200408035654.247908-1-satyat@google.com> Message-Id: <20200408035654.247908-5-satyat@google.com> Mime-Version: 1.0 References: <20200408035654.247908-1-satyat@google.com> X-Mailer: git-send-email 2.26.0.110.g2183baf09c-goog To: linux-block@vger.kernel.org, linux-scsi@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-ext4@vger.kernel.org X-Headers-End: 1jM1q6-007kNH-PP Subject: [f2fs-dev] [PATCH v10 04/12] block: Make blk-integrity preclude hardware inline encryption X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Satya Tangirala via Linux-f2fs-devel Reply-To: Satya Tangirala Cc: Kuohong Wang , Satya Tangirala , Barani Muthukumaran , Kim Boojin Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net Whenever a device supports blk-integrity, the kernel will now always pretend that the device doesn't support inline encryption (essentially by setting the keyslot manager in the request queue to NULL). There's no hardware currently that supports both integrity and inline encryption. However, it seems possible that there will be such hardware in the near future (like the NVMe key per I/O support that might support both inline encryption and PI). But properly integrating both features is not trivial, and without real hardware that implements both, it is difficult to tell if it will be done correctly by the majority of hardware that support both. So it seems best not to support both features together right now, and to decide what to do at probe time. Signed-off-by: Satya Tangirala --- block/bio-integrity.c | 3 +++ block/blk-integrity.c | 7 +++++++ block/keyslot-manager.c | 19 +++++++++++++++++++ include/linux/blkdev.h | 30 ++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+) diff --git a/block/bio-integrity.c b/block/bio-integrity.c index bf62c25cde8f4..3579ac0f6ec1f 100644 --- a/block/bio-integrity.c +++ b/block/bio-integrity.c @@ -42,6 +42,9 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, struct bio_set *bs = bio->bi_pool; unsigned inline_vecs; + if (WARN_ON_ONCE(bio_has_crypt_ctx(bio))) + return ERR_PTR(-EOPNOTSUPP); + if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) { bip = kmalloc(struct_size(bip, bip_inline_vecs, nr_vecs), gfp_mask); inline_vecs = nr_vecs; diff --git a/block/blk-integrity.c b/block/blk-integrity.c index ff1070edbb400..b45711fc37df4 100644 --- a/block/blk-integrity.c +++ b/block/blk-integrity.c @@ -409,6 +409,13 @@ void blk_integrity_register(struct gendisk *disk, struct blk_integrity *template bi->tag_size = template->tag_size; disk->queue->backing_dev_info->capabilities |= BDI_CAP_STABLE_WRITES; + +#ifdef CONFIG_BLK_INLINE_ENCRYPTION + if (disk->queue->ksm) { + pr_warn("blk-integrity: Integrity and hardware inline encryption are not supported together. Unregistering keyslot manager from request queue, to disable hardware inline encryption.\n"); + blk_ksm_unregister(disk->queue); + } +#endif } EXPORT_SYMBOL(blk_integrity_register); diff --git a/block/keyslot-manager.c b/block/keyslot-manager.c index bae8d67a1f3fd..7cdd428f343e8 100644 --- a/block/keyslot-manager.c +++ b/block/keyslot-manager.c @@ -25,6 +25,9 @@ * Upper layers will call blk_ksm_get_slot_for_key() to program a * key into some slot in the inline encryption hardware. */ + +#define pr_fmt(fmt) "blk_crypto: " fmt + #include #include #include @@ -376,3 +379,19 @@ void blk_ksm_destroy(struct blk_keyslot_manager *ksm) memzero_explicit(ksm, sizeof(*ksm)); } EXPORT_SYMBOL_GPL(blk_ksm_destroy); + +bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q) +{ + if (blk_integrity_queue_supports_integrity(q)) { + pr_warn("Integrity and hardware inline encryption are not supported together. Hardware inline encryption is being disabled.\n"); + return false; + } + q->ksm = ksm; + return true; +} +EXPORT_SYMBOL_GPL(blk_ksm_register); + +void blk_ksm_unregister(struct request_queue *q) +{ + q->ksm = NULL; +} diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 98aae4638fda9..17738dab8ae04 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -1562,6 +1562,12 @@ struct blk_integrity *bdev_get_integrity(struct block_device *bdev) return blk_get_integrity(bdev->bd_disk); } +static inline bool +blk_integrity_queue_supports_integrity(struct request_queue *q) +{ + return q->integrity.profile; +} + static inline bool blk_integrity_rq(struct request *rq) { return rq->cmd_flags & REQ_INTEGRITY; @@ -1642,6 +1648,11 @@ static inline struct blk_integrity *blk_get_integrity(struct gendisk *disk) { return NULL; } +static inline bool +blk_integrity_queue_supports_integrity(struct request_queue *q) +{ + return false; +} static inline int blk_integrity_compare(struct gendisk *a, struct gendisk *b) { return 0; @@ -1693,6 +1704,25 @@ static inline struct bio_vec *rq_integrity_vec(struct request *rq) #endif /* CONFIG_BLK_DEV_INTEGRITY */ +#ifdef CONFIG_BLK_INLINE_ENCRYPTION + +bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q); + +void blk_ksm_unregister(struct request_queue *q); + +#else /* CONFIG_BLK_INLINE_ENCRYPTION */ + +static inline bool blk_ksm_register(struct blk_keyslot_manager *ksm, + struct request_queue *q) +{ + return true; +} + +static inline void blk_ksm_unregister(struct request_queue *q) { } + +#endif /* CONFIG_BLK_INLINE_ENCRYPTION */ + + struct block_device_operations { int (*open) (struct block_device *, fmode_t); void (*release) (struct gendisk *, fmode_t); -- 2.26.0.110.g2183baf09c-goog _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel