mk-rootfs.sh

hc

2023-12-11 072de836f53be56a70cecf70b43ae43b7ce17376

 kernel/block/keyslot-manager.c
..
..
@@ -10,7 +10,7 @@
10
10
  * into which encryption contexts may be programmed, and requests can be tagged
11
11
  * with a slot number to specify the key to use for en/decryption.
12
12
  *
13
- * As the number of slots are limited, and programming keys is expensive on
13
+ * As the number of slots is limited, and programming keys is expensive on
14
14
  * many inline encryption hardware, we don't want to program the same key into
15
15
  * multiple slots - if multiple requests are using the same key, we want to
16
16
  * program just one slot with that key and use that slot for all requests.
..
..
@@ -22,170 +22,78 @@
22
22
  * and tell it how to perform device specific operations like programming/
23
23
  * evicting keys from keyslots.
24
24
  *
25
- * Upper layers will call keyslot_manager_get_slot_for_key() to program a
25
+ * Upper layers will call blk_ksm_get_slot_for_key() to program a
26
26
  * key into some slot in the inline encryption hardware.
27
27
  */
28
-#include <crypto/algapi.h>
28
+
29
+#define pr_fmt(fmt) "blk-crypto: " fmt
30
+
29
31
 #include <linux/keyslot-manager.h>
32
+#include <linux/device.h>
30
33
 #include <linux/atomic.h>
31
34
 #include <linux/mutex.h>
32
35
 #include <linux/pm_runtime.h>
33
36
 #include <linux/wait.h>
34
37
 #include <linux/blkdev.h>
35
38
 
36
-struct keyslot {
39
+struct blk_ksm_keyslot {
37
40
 	atomic_t slot_refs;
38
41
 	struct list_head idle_slot_node;
39
42
 	struct hlist_node hash_node;
40
-	struct blk_crypto_key key;
43
+	const struct blk_crypto_key *key;
44
+	struct blk_keyslot_manager *ksm;
41
45
 };
42
46
 
43
-struct keyslot_manager {
44
-	unsigned int num_slots;
45
-	struct keyslot_mgmt_ll_ops ksm_ll_ops;
46
-	unsigned int features;
47
-	unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX];
48
-	unsigned int max_dun_bytes_supported;
49
-	void *ll_priv_data;
50
-
51
-#ifdef CONFIG_PM
52
-	/* Device for runtime power management (NULL if none) */
53
-	struct device *dev;
54
-#endif
55
-
56
-	/* Protects programming and evicting keys from the device */
57
-	struct rw_semaphore lock;
58
-
59
-	/* List of idle slots, with least recently used slot at front */
60
-	wait_queue_head_t idle_slots_wait_queue;
61
-	struct list_head idle_slots;
62
-	spinlock_t idle_slots_lock;
63
-
64
-	/*
65
-	 * Hash table which maps key hashes to keyslots, so that we can find a
66
-	 * key's keyslot in O(1) time rather than O(num_slots).  Protected by
67
-	 * 'lock'.  A cryptographic hash function is used so that timing attacks
68
-	 * can't leak information about the raw keys.
69
-	 */
70
-	struct hlist_head *slot_hashtable;
71
-	unsigned int slot_hashtable_size;
72
-
73
-	/* Per-keyslot data */
74
-	struct keyslot slots[];
75
-};
76
-
77
-static inline bool keyslot_manager_is_passthrough(struct keyslot_manager *ksm)
78
-{
79
-	return ksm->num_slots == 0;
80
-}
81
-
82
-#ifdef CONFIG_PM
83
-static inline void keyslot_manager_set_dev(struct keyslot_manager *ksm,
84
-					   struct device *dev)
85
-{
86
-	ksm->dev = dev;
87
-}
88
-
89
-/* If there's an underlying device and it's suspended, resume it. */
90
-static inline void keyslot_manager_pm_get(struct keyslot_manager *ksm)
91
-{
92
-	if (ksm->dev)
93
-		pm_runtime_get_sync(ksm->dev);
94
-}
95
-
96
-static inline void keyslot_manager_pm_put(struct keyslot_manager *ksm)
97
-{
98
-	if (ksm->dev)
99
-		pm_runtime_put_sync(ksm->dev);
100
-}
101
-#else /* CONFIG_PM */
102
-static inline void keyslot_manager_set_dev(struct keyslot_manager *ksm,
103
-					   struct device *dev)
104
-{
105
-}
106
-
107
-static inline void keyslot_manager_pm_get(struct keyslot_manager *ksm)
108
-{
109
-}
110
-
111
-static inline void keyslot_manager_pm_put(struct keyslot_manager *ksm)
112
-{
113
-}
114
-#endif /* !CONFIG_PM */
115
-
116
-static inline void keyslot_manager_hw_enter(struct keyslot_manager *ksm)
47
+static inline void blk_ksm_hw_enter(struct blk_keyslot_manager *ksm)
117
48
 {
118
49
 	/*
119
50
 	 * Calling into the driver requires ksm->lock held and the device
120
51
 	 * resumed.  But we must resume the device first, since that can acquire
121
-	 * and release ksm->lock via keyslot_manager_reprogram_all_keys().
52
+	 * and release ksm->lock via blk_ksm_reprogram_all_keys().
122
53
 	 */
123
-	keyslot_manager_pm_get(ksm);
54
+	if (ksm->dev)
55
+		pm_runtime_get_sync(ksm->dev);
124
56
 	down_write(&ksm->lock);
125
57
 }
126
58
 
127
-static inline void keyslot_manager_hw_exit(struct keyslot_manager *ksm)
59
+static inline void blk_ksm_hw_exit(struct blk_keyslot_manager *ksm)
128
60
 {
129
61
 	up_write(&ksm->lock);
130
-	keyslot_manager_pm_put(ksm);
62
+	if (ksm->dev)
63
+		pm_runtime_put_sync(ksm->dev);
64
+}
65
+
66
+static inline bool blk_ksm_is_passthrough(struct blk_keyslot_manager *ksm)
67
+{
68
+	return ksm->num_slots == 0;
131
69
 }
132
70
 
133
71
 /**
134
- * keyslot_manager_create() - Create a keyslot manager
135
- * @dev: Device for runtime power management (NULL if none)
72
+ * blk_ksm_init() - Initialize a keyslot manager
73
+ * @ksm: The keyslot_manager to initialize.
136
74
  * @num_slots: The number of key slots to manage.
137
- * @ksm_ll_ops: The struct keyslot_mgmt_ll_ops for the device that this keyslot
138
- *		manager will use to perform operations like programming and
139
- *		evicting keys.
140
- * @features: The supported features as a bitmask of BLK_CRYPTO_FEATURE_* flags.
141
- *	      Most drivers should set BLK_CRYPTO_FEATURE_STANDARD_KEYS here.
142
- * @crypto_mode_supported:	Array of size BLK_ENCRYPTION_MODE_MAX of
143
- *				bitmasks that represents whether a crypto mode
144
- *				and data unit size are supported. The i'th bit
145
- *				of crypto_mode_supported[crypto_mode] is set iff
146
- *				a data unit size of (1 << i) is supported. We
147
- *				only support data unit sizes that are powers of
148
- *				2.
149
- * @ll_priv_data: Private data passed as is to the functions in ksm_ll_ops.
150
75
  *
151
- * Allocate memory for and initialize a keyslot manager. Called by e.g.
152
- * storage drivers to set up a keyslot manager in their request_queue.
76
+ * Allocate memory for keyslots and initialize a keyslot manager. Called by
77
+ * e.g. storage drivers to set up a keyslot manager in their request_queue.
153
78
  *
154
- * Context: May sleep
155
- * Return: Pointer to constructed keyslot manager or NULL on error.
79
+ * Return: 0 on success, or else a negative error code.
156
80
  */
157
-struct keyslot_manager *keyslot_manager_create(
158
-	struct device *dev,
159
-	unsigned int num_slots,
160
-	const struct keyslot_mgmt_ll_ops *ksm_ll_ops,
161
-	unsigned int features,
162
-	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],
163
-	void *ll_priv_data)
81
+int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots)
164
82
 {
165
-	struct keyslot_manager *ksm;
166
83
 	unsigned int slot;
167
84
 	unsigned int i;
85
+	unsigned int slot_hashtable_size;
86
+
87
+	memset(ksm, 0, sizeof(*ksm));
168
88
 
169
89
 	if (num_slots == 0)
170
-		return NULL;
90
+		return -EINVAL;
171
91
 
172
-	/* Check that all ops are specified */
173
-	if (ksm_ll_ops->keyslot_program == NULL ||
174
-	    ksm_ll_ops->keyslot_evict == NULL)
175
-		return NULL;
176
-
177
-	ksm = kvzalloc(struct_size(ksm, slots, num_slots), GFP_KERNEL);
178
-	if (!ksm)
179
-		return NULL;
92
+	ksm->slots = kvcalloc(num_slots, sizeof(ksm->slots[0]), GFP_KERNEL);
93
+	if (!ksm->slots)
94
+		return -ENOMEM;
180
95
 
181
96
 	ksm->num_slots = num_slots;
182
-	ksm->ksm_ll_ops = *ksm_ll_ops;
183
-	ksm->features = features;
184
-	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,
185
-	       sizeof(ksm->crypto_mode_supported));
186
-	ksm->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;
187
-	ksm->ll_priv_data = ll_priv_data;
188
-	keyslot_manager_set_dev(ksm, dev);
189
97
 
190
98
 	init_rwsem(&ksm->lock);
191
99
 
..
..
@@ -193,120 +101,160 @@
193
101
 	INIT_LIST_HEAD(&ksm->idle_slots);
194
102
 
195
103
 	for (slot = 0; slot < num_slots; slot++) {
104
+		ksm->slots[slot].ksm = ksm;
196
105
 		list_add_tail(&ksm->slots[slot].idle_slot_node,
197
106
 			      &ksm->idle_slots);
198
107
 	}
199
108
 
200
109
 	spin_lock_init(&ksm->idle_slots_lock);
201
110
 
202
-	ksm->slot_hashtable_size = roundup_pow_of_two(num_slots);
203
-	ksm->slot_hashtable = kvmalloc_array(ksm->slot_hashtable_size,
111
+	slot_hashtable_size = roundup_pow_of_two(num_slots);
112
+	/*
113
+	 * hash_ptr() assumes bits != 0, so ensure the hash table has at least 2
114
+	 * buckets.  This only makes a difference when there is only 1 keyslot.
115
+	 */
116
+	if (slot_hashtable_size < 2)
117
+		slot_hashtable_size = 2;
118
+
119
+	ksm->log_slot_ht_size = ilog2(slot_hashtable_size);
120
+	ksm->slot_hashtable = kvmalloc_array(slot_hashtable_size,
204
121
 					     sizeof(ksm->slot_hashtable[0]),
205
122
 					     GFP_KERNEL);
206
123
 	if (!ksm->slot_hashtable)
207
-		goto err_free_ksm;
208
-	for (i = 0; i < ksm->slot_hashtable_size; i++)
124
+		goto err_destroy_ksm;
125
+	for (i = 0; i < slot_hashtable_size; i++)
209
126
 		INIT_HLIST_HEAD(&ksm->slot_hashtable[i]);
210
127
 
211
-	return ksm;
128
+	return 0;
212
129
 
213
-err_free_ksm:
214
-	keyslot_manager_destroy(ksm);
215
-	return NULL;
130
+err_destroy_ksm:
131
+	blk_ksm_destroy(ksm);
132
+	return -ENOMEM;
216
133
 }
217
-EXPORT_SYMBOL_GPL(keyslot_manager_create);
134
+EXPORT_SYMBOL_GPL(blk_ksm_init);
218
135
 
219
-void keyslot_manager_set_max_dun_bytes(struct keyslot_manager *ksm,
220
-				       unsigned int max_dun_bytes)
136
+static void blk_ksm_destroy_callback(void *ksm)
221
137
 {
222
-	ksm->max_dun_bytes_supported = max_dun_bytes;
138
+	blk_ksm_destroy(ksm);
223
139
 }
224
-EXPORT_SYMBOL_GPL(keyslot_manager_set_max_dun_bytes);
140
+
141
+/**
142
+ * devm_blk_ksm_init() - Resource-managed blk_ksm_init()
143
+ * @dev: The device which owns the blk_keyslot_manager.
144
+ * @ksm: The blk_keyslot_manager to initialize.
145
+ * @num_slots: The number of key slots to manage.
146
+ *
147
+ * Like blk_ksm_init(), but causes blk_ksm_destroy() to be called automatically
148
+ * on driver detach.
149
+ *
150
+ * Return: 0 on success, or else a negative error code.
151
+ */
152
+int devm_blk_ksm_init(struct device *dev, struct blk_keyslot_manager *ksm,
153
+		      unsigned int num_slots)
154
+{
155
+	int err = blk_ksm_init(ksm, num_slots);
156
+
157
+	if (err)
158
+		return err;
159
+
160
+	return devm_add_action_or_reset(dev, blk_ksm_destroy_callback, ksm);
161
+}
162
+EXPORT_SYMBOL_GPL(devm_blk_ksm_init);
225
163
 
226
164
 static inline struct hlist_head *
227
-hash_bucket_for_key(struct keyslot_manager *ksm,
228
-		    const struct blk_crypto_key *key)
165
+blk_ksm_hash_bucket_for_key(struct blk_keyslot_manager *ksm,
166
+			    const struct blk_crypto_key *key)
229
167
 {
230
-	return &ksm->slot_hashtable[blk_crypto_key_hash(key) &
231
-				    (ksm->slot_hashtable_size - 1)];
168
+	return &ksm->slot_hashtable[hash_ptr(key, ksm->log_slot_ht_size)];
232
169
 }
233
170
 
234
-static void remove_slot_from_lru_list(struct keyslot_manager *ksm, int slot)
171
+static void blk_ksm_remove_slot_from_lru_list(struct blk_ksm_keyslot *slot)
235
172
 {
173
+	struct blk_keyslot_manager *ksm = slot->ksm;
236
174
 	unsigned long flags;
237
175
 
238
176
 	spin_lock_irqsave(&ksm->idle_slots_lock, flags);
239
-	list_del(&ksm->slots[slot].idle_slot_node);
177
+	list_del(&slot->idle_slot_node);
240
178
 	spin_unlock_irqrestore(&ksm->idle_slots_lock, flags);
241
179
 }
242
180
 
243
-static int find_keyslot(struct keyslot_manager *ksm,
244
-			const struct blk_crypto_key *key)
181
+static struct blk_ksm_keyslot *blk_ksm_find_keyslot(
182
+					struct blk_keyslot_manager *ksm,
183
+					const struct blk_crypto_key *key)
245
184
 {
246
-	const struct hlist_head *head = hash_bucket_for_key(ksm, key);
247
-	const struct keyslot *slotp;
185
+	const struct hlist_head *head = blk_ksm_hash_bucket_for_key(ksm, key);
186
+	struct blk_ksm_keyslot *slotp;
248
187
 
249
188
 	hlist_for_each_entry(slotp, head, hash_node) {
250
-		if (slotp->key.hash == key->hash &&
251
-		    slotp->key.crypto_mode == key->crypto_mode &&
252
-		    slotp->key.size == key->size &&
253
-		    slotp->key.data_unit_size == key->data_unit_size &&
254
-		    !crypto_memneq(slotp->key.raw, key->raw, key->size))
255
-			return slotp - ksm->slots;
189
+		if (slotp->key == key)
190
+			return slotp;
256
191
 	}
257
-	return -ENOKEY;
192
+	return NULL;
258
193
 }
259
194
 
260
-static int find_and_grab_keyslot(struct keyslot_manager *ksm,
261
-				 const struct blk_crypto_key *key)
195
+static struct blk_ksm_keyslot *blk_ksm_find_and_grab_keyslot(
196
+					struct blk_keyslot_manager *ksm,
197
+					const struct blk_crypto_key *key)
262
198
 {
263
-	int slot;
199
+	struct blk_ksm_keyslot *slot;
264
200
 
265
-	slot = find_keyslot(ksm, key);
266
-	if (slot < 0)
267
-		return slot;
268
-	if (atomic_inc_return(&ksm->slots[slot].slot_refs) == 1) {
201
+	slot = blk_ksm_find_keyslot(ksm, key);
202
+	if (!slot)
203
+		return NULL;
204
+	if (atomic_inc_return(&slot->slot_refs) == 1) {
269
205
 		/* Took first reference to this slot; remove it from LRU list */
270
-		remove_slot_from_lru_list(ksm, slot);
206
+		blk_ksm_remove_slot_from_lru_list(slot);
271
207
 	}
272
208
 	return slot;
273
209
 }
274
210
 
211
+unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot)
212
+{
213
+	return slot - slot->ksm->slots;
214
+}
215
+EXPORT_SYMBOL_GPL(blk_ksm_get_slot_idx);
216
+
275
217
 /**
276
- * keyslot_manager_get_slot_for_key() - Program a key into a keyslot.
218
+ * blk_ksm_get_slot_for_key() - Program a key into a keyslot.
277
219
  * @ksm: The keyslot manager to program the key into.
278
220
  * @key: Pointer to the key object to program, including the raw key, crypto
279
221
  *	 mode, and data unit size.
222
+ * @slot_ptr: A pointer to return the pointer of the allocated keyslot.
280
223
  *
281
224
  * Get a keyslot that's been programmed with the specified key.  If one already
282
225
  * exists, return it with incremented refcount.  Otherwise, wait for a keyslot
283
226
  * to become idle and program it.
284
227
  *
285
228
  * Context: Process context. Takes and releases ksm->lock.
286
- * Return: The keyslot on success, else a -errno value.
229
+ * Return: BLK_STS_OK on success (and keyslot is set to the pointer of the
230
+ *	   allocated keyslot), or some other blk_status_t otherwise (and
231
+ *	   keyslot is set to NULL).
287
232
  */
288
-int keyslot_manager_get_slot_for_key(struct keyslot_manager *ksm,
289
-				     const struct blk_crypto_key *key)
233
+blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm,
234
+				      const struct blk_crypto_key *key,
235
+				      struct blk_ksm_keyslot **slot_ptr)
290
236
 {
291
-	int slot;
237
+	struct blk_ksm_keyslot *slot;
238
+	int slot_idx;
292
239
 	int err;
293
-	struct keyslot *idle_slot;
294
240
 
295
-	if (keyslot_manager_is_passthrough(ksm))
296
-		return 0;
241
+	*slot_ptr = NULL;
242
+
243
+	if (blk_ksm_is_passthrough(ksm))
244
+		return BLK_STS_OK;
297
245
 
298
246
 	down_read(&ksm->lock);
299
-	slot = find_and_grab_keyslot(ksm, key);
247
+	slot = blk_ksm_find_and_grab_keyslot(ksm, key);
300
248
 	up_read(&ksm->lock);
301
-	if (slot != -ENOKEY)
302
-		return slot;
249
+	if (slot)
250
+		goto success;
303
251
 
304
252
 	for (;;) {
305
-		keyslot_manager_hw_enter(ksm);
306
-		slot = find_and_grab_keyslot(ksm, key);
307
-		if (slot != -ENOKEY) {
308
-			keyslot_manager_hw_exit(ksm);
309
-			return slot;
253
+		blk_ksm_hw_enter(ksm);
254
+		slot = blk_ksm_find_and_grab_keyslot(ksm, key);
255
+		if (slot) {
256
+			blk_ksm_hw_exit(ksm);
257
+			goto success;
310
258
 		}
311
259
 
312
260
 		/*
..
..
@@ -316,182 +264,146 @@
316
264
 		if (!list_empty(&ksm->idle_slots))
317
265
 			break;
318
266
 
319
-		keyslot_manager_hw_exit(ksm);
267
+		blk_ksm_hw_exit(ksm);
320
268
 		wait_event(ksm->idle_slots_wait_queue,
321
269
 			   !list_empty(&ksm->idle_slots));
322
270
 	}
323
271
 
324
-	idle_slot = list_first_entry(&ksm->idle_slots, struct keyslot,
325
-					     idle_slot_node);
326
-	slot = idle_slot - ksm->slots;
272
+	slot = list_first_entry(&ksm->idle_slots, struct blk_ksm_keyslot,
273
+				idle_slot_node);
274
+	slot_idx = blk_ksm_get_slot_idx(slot);
327
275
 
328
-	err = ksm->ksm_ll_ops.keyslot_program(ksm, key, slot);
276
+	err = ksm->ksm_ll_ops.keyslot_program(ksm, key, slot_idx);
329
277
 	if (err) {
330
278
 		wake_up(&ksm->idle_slots_wait_queue);
331
-		keyslot_manager_hw_exit(ksm);
332
-		return err;
279
+		blk_ksm_hw_exit(ksm);
280
+		return errno_to_blk_status(err);
333
281
 	}
334
282
 
335
283
 	/* Move this slot to the hash list for the new key. */
336
-	if (idle_slot->key.crypto_mode != BLK_ENCRYPTION_MODE_INVALID)
337
-		hlist_del(&idle_slot->hash_node);
338
-	hlist_add_head(&idle_slot->hash_node, hash_bucket_for_key(ksm, key));
284
+	if (slot->key)
285
+		hlist_del(&slot->hash_node);
286
+	slot->key = key;
287
+	hlist_add_head(&slot->hash_node, blk_ksm_hash_bucket_for_key(ksm, key));
339
288
 
340
-	atomic_set(&idle_slot->slot_refs, 1);
341
-	idle_slot->key = *key;
289
+	atomic_set(&slot->slot_refs, 1);
342
290
 
343
-	remove_slot_from_lru_list(ksm, slot);
291
+	blk_ksm_remove_slot_from_lru_list(slot);
344
292
 
345
-	keyslot_manager_hw_exit(ksm);
346
-	return slot;
293
+	blk_ksm_hw_exit(ksm);
294
+success:
295
+	*slot_ptr = slot;
296
+	return BLK_STS_OK;
347
297
 }
348
298
 
349
299
 /**
350
- * keyslot_manager_get_slot() - Increment the refcount on the specified slot.
351
- * @ksm: The keyslot manager that we want to modify.
352
- * @slot: The slot to increment the refcount of.
353
- *
354
- * This function assumes that there is already an active reference to that slot
355
- * and simply increments the refcount. This is useful when cloning a bio that
356
- * already has a reference to a keyslot, and we want the cloned bio to also have
357
- * its own reference.
300
+ * blk_ksm_put_slot() - Release a reference to a slot
301
+ * @slot: The keyslot to release the reference of.
358
302
  *
359
303
  * Context: Any context.
360
304
  */
361
-void keyslot_manager_get_slot(struct keyslot_manager *ksm, unsigned int slot)
305
+void blk_ksm_put_slot(struct blk_ksm_keyslot *slot)
362
306
 {
363
-	if (keyslot_manager_is_passthrough(ksm))
364
-		return;
365
-
366
-	if (WARN_ON(slot >= ksm->num_slots))
367
-		return;
368
-
369
-	WARN_ON(atomic_inc_return(&ksm->slots[slot].slot_refs) < 2);
370
-}
371
-
372
-/**
373
- * keyslot_manager_put_slot() - Release a reference to a slot
374
- * @ksm: The keyslot manager to release the reference from.
375
- * @slot: The slot to release the reference from.
376
- *
377
- * Context: Any context.
378
- */
379
-void keyslot_manager_put_slot(struct keyslot_manager *ksm, unsigned int slot)
380
-{
307
+	struct blk_keyslot_manager *ksm;
381
308
 	unsigned long flags;
382
309
 
383
-	if (keyslot_manager_is_passthrough(ksm))
310
+	if (!slot)
384
311
 		return;
385
312
 
386
-	if (WARN_ON(slot >= ksm->num_slots))
387
-		return;
313
+	ksm = slot->ksm;
388
314
 
389
-	if (atomic_dec_and_lock_irqsave(&ksm->slots[slot].slot_refs,
315
+	if (atomic_dec_and_lock_irqsave(&slot->slot_refs,
390
316
 					&ksm->idle_slots_lock, flags)) {
391
-		list_add_tail(&ksm->slots[slot].idle_slot_node,
392
-			      &ksm->idle_slots);
317
+		list_add_tail(&slot->idle_slot_node, &ksm->idle_slots);
393
318
 		spin_unlock_irqrestore(&ksm->idle_slots_lock, flags);
394
319
 		wake_up(&ksm->idle_slots_wait_queue);
395
320
 	}
396
321
 }
397
322
 
398
323
 /**
399
- * keyslot_manager_crypto_mode_supported() - Find out if a crypto_mode /
400
- *					     data unit size / is_hw_wrapped_key
401
- *					     combination is supported by a ksm.
324
+ * blk_ksm_crypto_cfg_supported() - Find out if a crypto configuration is
325
+ *				    supported by a ksm.
402
326
  * @ksm: The keyslot manager to check
403
- * @crypto_mode: The crypto mode to check for.
404
- * @dun_bytes: The number of bytes that will be used to specify the DUN
405
- * @data_unit_size: The data_unit_size for the mode.
406
- * @is_hw_wrapped_key: Whether a hardware-wrapped key will be used.
327
+ * @cfg: The crypto configuration to check for.
407
328
  *
408
- * Calls and returns the result of the crypto_mode_supported function specified
409
- * by the ksm.
329
+ * Checks for crypto_mode/data unit size/dun bytes support.
410
330
  *
411
- * Context: Process context.
412
- * Return: Whether or not this ksm supports the specified crypto settings.
331
+ * Return: Whether or not this ksm supports the specified crypto config.
413
332
  */
414
-bool keyslot_manager_crypto_mode_supported(struct keyslot_manager *ksm,
415
-					   enum blk_crypto_mode_num crypto_mode,
416
-					   unsigned int dun_bytes,
417
-					   unsigned int data_unit_size,
418
-					   bool is_hw_wrapped_key)
333
+bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
334
+				  const struct blk_crypto_config *cfg)
419
335
 {
420
336
 	if (!ksm)
421
337
 		return false;
422
-	if (WARN_ON(crypto_mode >= BLK_ENCRYPTION_MODE_MAX))
338
+	if (!(ksm->crypto_modes_supported[cfg->crypto_mode] &
339
+	      cfg->data_unit_size))
423
340
 		return false;
424
-	if (WARN_ON(!is_power_of_2(data_unit_size)))
341
+	if (ksm->max_dun_bytes_supported < cfg->dun_bytes)
425
342
 		return false;
426
-	if (is_hw_wrapped_key) {
343
+	if (cfg->is_hw_wrapped) {
427
344
 		if (!(ksm->features & BLK_CRYPTO_FEATURE_WRAPPED_KEYS))
428
345
 			return false;
429
346
 	} else {
430
347
 		if (!(ksm->features & BLK_CRYPTO_FEATURE_STANDARD_KEYS))
431
348
 			return false;
432
349
 	}
433
-	if (!(ksm->crypto_mode_supported[crypto_mode] & data_unit_size))
434
-		return false;
435
-
436
-	return ksm->max_dun_bytes_supported >= dun_bytes;
350
+	return true;
437
351
 }
438
352
 
439
353
 /**
440
- * keyslot_manager_evict_key() - Evict a key from the lower layer device.
354
+ * blk_ksm_evict_key() - Evict a key from the lower layer device.
441
355
  * @ksm: The keyslot manager to evict from
442
356
  * @key: The key to evict
443
357
  *
444
358
  * Find the keyslot that the specified key was programmed into, and evict that
445
- * slot from the lower layer device if that slot is not currently in use.
359
+ * slot from the lower layer device. The slot must not be in use by any
360
+ * in-flight IO when this function is called.
446
361
  *
447
362
  * Context: Process context. Takes and releases ksm->lock.
448
- * Return: 0 on success, -EBUSY if the key is still in use, or another
449
- *	   -errno value on other error.
363
+ * Return: 0 on success or if there's no keyslot with the specified key, -EBUSY
364
+ *	   if the keyslot is still in use, or another -errno value on other
365
+ *	   error.
450
366
  */
451
-int keyslot_manager_evict_key(struct keyslot_manager *ksm,
452
-			      const struct blk_crypto_key *key)
367
+int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
368
+		      const struct blk_crypto_key *key)
453
369
 {
454
-	int slot;
455
-	int err;
456
-	struct keyslot *slotp;
370
+	struct blk_ksm_keyslot *slot;
371
+	int err = 0;
457
372
 
458
-	if (keyslot_manager_is_passthrough(ksm)) {
373
+	if (blk_ksm_is_passthrough(ksm)) {
459
374
 		if (ksm->ksm_ll_ops.keyslot_evict) {
460
-			keyslot_manager_hw_enter(ksm);
375
+			blk_ksm_hw_enter(ksm);
461
376
 			err = ksm->ksm_ll_ops.keyslot_evict(ksm, key, -1);
462
-			keyslot_manager_hw_exit(ksm);
377
+			blk_ksm_hw_exit(ksm);
463
378
 			return err;
464
379
 		}
465
380
 		return 0;
466
381
 	}
467
382
 
468
-	keyslot_manager_hw_enter(ksm);
469
-
470
-	slot = find_keyslot(ksm, key);
471
-	if (slot < 0) {
472
-		err = slot;
383
+	blk_ksm_hw_enter(ksm);
384
+	slot = blk_ksm_find_keyslot(ksm, key);
385
+	if (!slot)
473
386
 		goto out_unlock;
474
-	}
475
-	slotp = &ksm->slots[slot];
476
387
 
477
-	if (atomic_read(&slotp->slot_refs) != 0) {
388
+	if (WARN_ON_ONCE(atomic_read(&slot->slot_refs) != 0)) {
478
389
 		err = -EBUSY;
479
390
 		goto out_unlock;
480
391
 	}
481
-	err = ksm->ksm_ll_ops.keyslot_evict(ksm, key, slot);
392
+	err = ksm->ksm_ll_ops.keyslot_evict(ksm, key,
393
+					    blk_ksm_get_slot_idx(slot));
482
394
 	if (err)
483
395
 		goto out_unlock;
484
396
 
485
-	hlist_del(&slotp->hash_node);
486
-	memzero_explicit(&slotp->key, sizeof(slotp->key));
397
+	hlist_del(&slot->hash_node);
398
+	slot->key = NULL;
487
399
 	err = 0;
488
400
 out_unlock:
489
-	keyslot_manager_hw_exit(ksm);
401
+	blk_ksm_hw_exit(ksm);
490
402
 	return err;
491
403
 }
492
404
 
493
405
 /**
494
- * keyslot_manager_reprogram_all_keys() - Re-program all keyslots.
406
+ * blk_ksm_reprogram_all_keys() - Re-program all keyslots.
495
407
  * @ksm: The keyslot manager
496
408
  *
497
409
  * Re-program all keyslots that are supposed to have a key programmed.  This is
..
..
@@ -499,133 +411,57 @@
499
411
  *
500
412
  * Context: Process context. Takes and releases ksm->lock.
501
413
  */
502
-void keyslot_manager_reprogram_all_keys(struct keyslot_manager *ksm)
414
+void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm)
503
415
 {
504
416
 	unsigned int slot;
505
417
 
506
-	if (WARN_ON(keyslot_manager_is_passthrough(ksm)))
418
+	if (blk_ksm_is_passthrough(ksm))
507
419
 		return;
508
420
 
509
421
 	/* This is for device initialization, so don't resume the device */
510
422
 	down_write(&ksm->lock);
511
423
 	for (slot = 0; slot < ksm->num_slots; slot++) {
512
-		const struct keyslot *slotp = &ksm->slots[slot];
424
+		const struct blk_crypto_key *key = ksm->slots[slot].key;
513
425
 		int err;
514
426
 
515
-		if (slotp->key.crypto_mode == BLK_ENCRYPTION_MODE_INVALID)
427
+		if (!key)
516
428
 			continue;
517
429
 
518
-		err = ksm->ksm_ll_ops.keyslot_program(ksm, &slotp->key, slot);
430
+		err = ksm->ksm_ll_ops.keyslot_program(ksm, key, slot);
519
431
 		WARN_ON(err);
520
432
 	}
521
433
 	up_write(&ksm->lock);
522
434
 }
523
-EXPORT_SYMBOL_GPL(keyslot_manager_reprogram_all_keys);
435
+EXPORT_SYMBOL_GPL(blk_ksm_reprogram_all_keys);
524
436
 
525
-/**
526
- * keyslot_manager_private() - return the private data stored with ksm
527
- * @ksm: The keyslot manager
528
- *
529
- * Returns the private data passed to the ksm when it was created.
530
- */
531
-void *keyslot_manager_private(struct keyslot_manager *ksm)
437
+void blk_ksm_destroy(struct blk_keyslot_manager *ksm)
532
438
 {
533
-	return ksm->ll_priv_data;
534
-}
535
-EXPORT_SYMBOL_GPL(keyslot_manager_private);
536
-
537
-void keyslot_manager_destroy(struct keyslot_manager *ksm)
538
-{
539
-	if (ksm) {
540
-		kvfree(ksm->slot_hashtable);
541
-		memzero_explicit(ksm, struct_size(ksm, slots, ksm->num_slots));
542
-		kvfree(ksm);
543
-	}
544
-}
545
-EXPORT_SYMBOL_GPL(keyslot_manager_destroy);
546
-
547
-/**
548
- * keyslot_manager_create_passthrough() - Create a passthrough keyslot manager
549
- * @dev: Device for runtime power management (NULL if none)
550
- * @ksm_ll_ops: The struct keyslot_mgmt_ll_ops
551
- * @features: Bitmask of BLK_CRYPTO_FEATURE_* flags
552
- * @crypto_mode_supported: Bitmasks for supported encryption modes
553
- * @ll_priv_data: Private data passed as is to the functions in ksm_ll_ops.
554
- *
555
- * Allocate memory for and initialize a passthrough keyslot manager.
556
- * Called by e.g. storage drivers to set up a keyslot manager in their
557
- * request_queue, when the storage driver wants to manage its keys by itself.
558
- * This is useful for inline encryption hardware that don't have a small fixed
559
- * number of keyslots, and for layered devices.
560
- *
561
- * See keyslot_manager_create() for more details about the parameters.
562
- *
563
- * Context: This function may sleep
564
- * Return: Pointer to constructed keyslot manager or NULL on error.
565
- */
566
-struct keyslot_manager *keyslot_manager_create_passthrough(
567
-	struct device *dev,
568
-	const struct keyslot_mgmt_ll_ops *ksm_ll_ops,
569
-	unsigned int features,
570
-	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],
571
-	void *ll_priv_data)
572
-{
573
-	struct keyslot_manager *ksm;
574
-
575
-	ksm = kzalloc(sizeof(*ksm), GFP_KERNEL);
576
439
 	if (!ksm)
577
-		return NULL;
578
-
579
-	ksm->ksm_ll_ops = *ksm_ll_ops;
580
-	ksm->features = features;
581
-	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,
582
-	       sizeof(ksm->crypto_mode_supported));
583
-	ksm->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;
584
-	ksm->ll_priv_data = ll_priv_data;
585
-	keyslot_manager_set_dev(ksm, dev);
586
-
587
-	init_rwsem(&ksm->lock);
588
-
589
-	return ksm;
440
+		return;
441
+	kvfree(ksm->slot_hashtable);
442
+	kvfree_sensitive(ksm->slots, sizeof(ksm->slots[0]) * ksm->num_slots);
443
+	memzero_explicit(ksm, sizeof(*ksm));
590
444
 }
591
-EXPORT_SYMBOL_GPL(keyslot_manager_create_passthrough);
445
+EXPORT_SYMBOL_GPL(blk_ksm_destroy);
592
446
 
593
-/**
594
- * keyslot_manager_intersect_modes() - restrict supported modes by child device
595
- * @parent: The keyslot manager for parent device
596
- * @child: The keyslot manager for child device, or NULL
597
- *
598
- * Clear any crypto mode support bits in @parent that aren't set in @child.
599
- * If @child is NULL, then all parent bits are cleared.
600
- *
601
- * Only use this when setting up the keyslot manager for a layered device,
602
- * before it's been exposed yet.
603
- */
604
-void keyslot_manager_intersect_modes(struct keyslot_manager *parent,
605
-				     const struct keyslot_manager *child)
447
+bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q)
606
448
 {
607
-	if (child) {
608
-		unsigned int i;
609
-
610
-		parent->features &= child->features;
611
-		parent->max_dun_bytes_supported =
612
-			min(parent->max_dun_bytes_supported,
613
-			    child->max_dun_bytes_supported);
614
-		for (i = 0; i < ARRAY_SIZE(child->crypto_mode_supported); i++) {
615
-			parent->crypto_mode_supported[i] &=
616
-				child->crypto_mode_supported[i];
617
-		}
618
-	} else {
619
-		parent->features = 0;
620
-		parent->max_dun_bytes_supported = 0;
621
-		memset(parent->crypto_mode_supported, 0,
622
-		       sizeof(parent->crypto_mode_supported));
449
+	if (blk_integrity_queue_supports_integrity(q)) {
450
+		pr_warn("Integrity and hardware inline encryption are not supported together. Disabling hardware inline encryption.\n");
451
+		return false;
623
452
 	}
453
+	q->ksm = ksm;
454
+	return true;
624
455
 }
625
-EXPORT_SYMBOL_GPL(keyslot_manager_intersect_modes);
456
+EXPORT_SYMBOL_GPL(blk_ksm_register);
457
+
458
+void blk_ksm_unregister(struct request_queue *q)
459
+{
460
+	q->ksm = NULL;
461
+}
626
462
 
627
463
 /**
628
- * keyslot_manager_derive_raw_secret() - Derive software secret from wrapped key
464
+ * blk_ksm_derive_raw_secret() - Derive software secret from wrapped key
629
465
  * @ksm: The keyslot manager
630
466
  * @wrapped_key: The wrapped key
631
467
  * @wrapped_key_size: Size of the wrapped key in bytes
..
..
@@ -641,23 +477,154 @@
641
477
  * Return: 0 on success, -EOPNOTSUPP if hardware-wrapped keys are unsupported,
642
478
  *	   or another -errno code.
643
479
  */
644
-int keyslot_manager_derive_raw_secret(struct keyslot_manager *ksm,
645
-				      const u8 *wrapped_key,
646
-				      unsigned int wrapped_key_size,
647
-				      u8 *secret, unsigned int secret_size)
480
+int blk_ksm_derive_raw_secret(struct blk_keyslot_manager *ksm,
481
+			      const u8 *wrapped_key,
482
+			      unsigned int wrapped_key_size,
483
+			      u8 *secret, unsigned int secret_size)
648
484
 {
649
485
 	int err;
650
486
 
651
487
 	if (ksm->ksm_ll_ops.derive_raw_secret) {
652
-		keyslot_manager_hw_enter(ksm);
488
+		blk_ksm_hw_enter(ksm);
653
489
 		err = ksm->ksm_ll_ops.derive_raw_secret(ksm, wrapped_key,
654
490
 							wrapped_key_size,
655
491
 							secret, secret_size);
656
-		keyslot_manager_hw_exit(ksm);
492
+		blk_ksm_hw_exit(ksm);
657
493
 	} else {
658
494
 		err = -EOPNOTSUPP;
659
495
 	}
660
496
 
661
497
 	return err;
662
498
 }
663
-EXPORT_SYMBOL_GPL(keyslot_manager_derive_raw_secret);
499
+EXPORT_SYMBOL_GPL(blk_ksm_derive_raw_secret);
500
+
501
+/**
502
+ * blk_ksm_intersect_modes() - restrict supported modes by child device
503
+ * @parent: The keyslot manager for parent device
504
+ * @child: The keyslot manager for child device, or NULL
505
+ *
506
+ * Clear any crypto mode support bits in @parent that aren't set in @child.
507
+ * If @child is NULL, then all parent bits are cleared.
508
+ *
509
+ * Only use this when setting up the keyslot manager for a layered device,
510
+ * before it's been exposed yet.
511
+ */
512
+void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent,
513
+			     const struct blk_keyslot_manager *child)
514
+{
515
+	if (child) {
516
+		unsigned int i;
517
+
518
+		parent->max_dun_bytes_supported =
519
+			min(parent->max_dun_bytes_supported,
520
+			    child->max_dun_bytes_supported);
521
+		for (i = 0; i < ARRAY_SIZE(child->crypto_modes_supported);
522
+		     i++) {
523
+			parent->crypto_modes_supported[i] &=
524
+				child->crypto_modes_supported[i];
525
+		}
526
+		parent->features &= child->features;
527
+	} else {
528
+		parent->max_dun_bytes_supported = 0;
529
+		memset(parent->crypto_modes_supported, 0,
530
+		       sizeof(parent->crypto_modes_supported));
531
+		parent->features = 0;
532
+	}
533
+}
534
+EXPORT_SYMBOL_GPL(blk_ksm_intersect_modes);
535
+
536
+/**
537
+ * blk_ksm_is_superset() - Check if a KSM supports a superset of crypto modes
538
+ *			   and DUN bytes that another KSM supports. Here,
539
+ *			   "superset" refers to the mathematical meaning of the
540
+ *			   word - i.e. if two KSMs have the *same* capabilities,
541
+ *			   they *are* considered supersets of each other.
542
+ * @ksm_superset: The KSM that we want to verify is a superset
543
+ * @ksm_subset: The KSM that we want to verify is a subset
544
+ *
545
+ * Return: True if @ksm_superset supports a superset of the crypto modes and DUN
546
+ *	   bytes that @ksm_subset supports.
547
+ */
548
+bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset,
549
+			 struct blk_keyslot_manager *ksm_subset)
550
+{
551
+	int i;
552
+
553
+	if (!ksm_subset)
554
+		return true;
555
+
556
+	if (!ksm_superset)
557
+		return false;
558
+
559
+	for (i = 0; i < ARRAY_SIZE(ksm_superset->crypto_modes_supported); i++) {
560
+		if (ksm_subset->crypto_modes_supported[i] &
561
+		    (~ksm_superset->crypto_modes_supported[i])) {
562
+			return false;
563
+		}
564
+	}
565
+
566
+	if (ksm_subset->max_dun_bytes_supported >
567
+	    ksm_superset->max_dun_bytes_supported) {
568
+		return false;
569
+	}
570
+
571
+	if (ksm_subset->features & ~ksm_superset->features)
572
+		return false;
573
+
574
+	return true;
575
+}
576
+EXPORT_SYMBOL_GPL(blk_ksm_is_superset);
577
+
578
+/**
579
+ * blk_ksm_update_capabilities() - Update the restrictions of a KSM to those of
580
+ *				   another KSM
581
+ * @target_ksm: The KSM whose restrictions to update.
582
+ * @reference_ksm: The KSM to whose restrictions this function will update
583
+ *		   @target_ksm's restrictions to.
584
+ *
585
+ * Blk-crypto requires that crypto capabilities that were
586
+ * advertised when a bio was created continue to be supported by the
587
+ * device until that bio is ended. This is turn means that a device cannot
588
+ * shrink its advertised crypto capabilities without any explicit
589
+ * synchronization with upper layers. So if there's no such explicit
590
+ * synchronization, @reference_ksm must support all the crypto capabilities that
591
+ * @target_ksm does
592
+ * (i.e. we need blk_ksm_is_superset(@reference_ksm, @target_ksm) == true).
593
+ *
594
+ * Note also that as long as the crypto capabilities are being expanded, the
595
+ * order of updates becoming visible is not important because it's alright
596
+ * for blk-crypto to see stale values - they only cause blk-crypto to
597
+ * believe that a crypto capability isn't supported when it actually is (which
598
+ * might result in blk-crypto-fallback being used if available, or the bio being
599
+ * failed).
600
+ */
601
+void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm,
602
+				 struct blk_keyslot_manager *reference_ksm)
603
+{
604
+	memcpy(target_ksm->crypto_modes_supported,
605
+	       reference_ksm->crypto_modes_supported,
606
+	       sizeof(target_ksm->crypto_modes_supported));
607
+
608
+	target_ksm->max_dun_bytes_supported =
609
+				reference_ksm->max_dun_bytes_supported;
610
+
611
+	target_ksm->features = reference_ksm->features;
612
+}
613
+EXPORT_SYMBOL_GPL(blk_ksm_update_capabilities);
614
+
615
+/**
616
+ * blk_ksm_init_passthrough() - Init a passthrough keyslot manager
617
+ * @ksm: The keyslot manager to init
618
+ *
619
+ * Initialize a passthrough keyslot manager.
620
+ * Called by e.g. storage drivers to set up a keyslot manager in their
621
+ * request_queue, when the storage driver wants to manage its keys by itself.
622
+ * This is useful for inline encryption hardware that doesn't have the concept
623
+ * of keyslots, and for layered devices.
624
+ */
625
+void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm)
626
+{
627
+	memset(ksm, 0, sizeof(*ksm));
628
+	init_rwsem(&ksm->lock);
629
+}
630
+EXPORT_SYMBOL_GPL(blk_ksm_init_passthrough);