dm-crypt.c 44.0 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3
/*
 * Copyright (C) 2003 Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
4
 * Copyright (C) 2006-2009 Red Hat, Inc. All rights reserved.
L
Linus Torvalds 已提交
5 6 7 8
 *
 * This file is released under the GPL.
 */

M
Milan Broz 已提交
9
#include <linux/completion.h>
10
#include <linux/err.h>
L
Linus Torvalds 已提交
11 12 13 14 15 16 17 18 19
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/bio.h>
#include <linux/blkdev.h>
#include <linux/mempool.h>
#include <linux/slab.h>
#include <linux/crypto.h>
#include <linux/workqueue.h>
20
#include <linux/backing-dev.h>
A
Andi Kleen 已提交
21
#include <linux/percpu.h>
A
Arun Sharma 已提交
22
#include <linux/atomic.h>
23
#include <linux/scatterlist.h>
L
Linus Torvalds 已提交
24
#include <asm/page.h>
25
#include <asm/unaligned.h>
M
Milan Broz 已提交
26 27 28
#include <crypto/hash.h>
#include <crypto/md5.h>
#include <crypto/algapi.h>
L
Linus Torvalds 已提交
29

30
#include <linux/device-mapper.h>
L
Linus Torvalds 已提交
31

32
#define DM_MSG_PREFIX "crypt"
L
Linus Torvalds 已提交
33 34 35 36 37

/*
 * context holding the current state of a multi-part conversion
 */
struct convert_context {
M
Milan Broz 已提交
38
	struct completion restart;
L
Linus Torvalds 已提交
39 40 41 42 43 44 45
	struct bio *bio_in;
	struct bio *bio_out;
	unsigned int offset_in;
	unsigned int offset_out;
	unsigned int idx_in;
	unsigned int idx_out;
	sector_t sector;
M
Mikulas Patocka 已提交
46
	atomic_t cc_pending;
L
Linus Torvalds 已提交
47 48
};

49 50 51 52 53 54 55 56 57 58
/*
 * per bio private data
 */
struct dm_crypt_io {
	struct dm_target *target;
	struct bio *base_bio;
	struct work_struct work;

	struct convert_context ctx;

M
Mikulas Patocka 已提交
59
	atomic_t io_pending;
60
	int error;
61
	sector_t sector;
M
Milan Broz 已提交
62
	struct dm_crypt_io *base_io;
63 64
};

65
struct dm_crypt_request {
66
	struct convert_context *ctx;
67 68
	struct scatterlist sg_in;
	struct scatterlist sg_out;
69
	sector_t iv_sector;
70 71
};

L
Linus Torvalds 已提交
72 73 74 75
struct crypt_config;

struct crypt_iv_operations {
	int (*ctr)(struct crypt_config *cc, struct dm_target *ti,
M
Milan Broz 已提交
76
		   const char *opts);
L
Linus Torvalds 已提交
77
	void (*dtr)(struct crypt_config *cc);
78
	int (*init)(struct crypt_config *cc);
79
	int (*wipe)(struct crypt_config *cc);
80 81 82 83
	int (*generator)(struct crypt_config *cc, u8 *iv,
			 struct dm_crypt_request *dmreq);
	int (*post)(struct crypt_config *cc, u8 *iv,
		    struct dm_crypt_request *dmreq);
L
Linus Torvalds 已提交
84 85
};

86
struct iv_essiv_private {
87 88
	struct crypto_hash *hash_tfm;
	u8 *salt;
89 90 91 92 93 94
};

struct iv_benbi_private {
	int shift;
};

M
Milan Broz 已提交
95 96 97 98 99 100
#define LMK_SEED_SIZE 64 /* hash + 0 */
struct iv_lmk_private {
	struct crypto_shash *hash_tfm;
	u8 *seed;
};

L
Linus Torvalds 已提交
101 102 103 104
/*
 * Crypt: maps a linear range of a block device
 * and encrypts / decrypts at the same time.
 */
M
Milan Broz 已提交
105
enum flags { DM_CRYPT_SUSPENDED, DM_CRYPT_KEY_VALID };
A
Andi Kleen 已提交
106 107 108 109 110 111 112 113

/*
 * Duplicated per-CPU state for cipher.
 */
struct crypt_cpu {
	struct ablkcipher_request *req;
	/* ESSIV: struct crypto_cipher *essiv_tfm */
	void *iv_private;
M
Milan Broz 已提交
114
	struct crypto_ablkcipher *tfms[0];
A
Andi Kleen 已提交
115 116 117 118 119 120
};

/*
 * The fields in here must be read only after initialization,
 * changing state should be in crypt_cpu.
 */
L
Linus Torvalds 已提交
121 122 123 124 125
struct crypt_config {
	struct dm_dev *dev;
	sector_t start;

	/*
M
Milan Broz 已提交
126 127
	 * pool for per bio private data, crypto requests and
	 * encryption requeusts/buffer pages
L
Linus Torvalds 已提交
128 129
	 */
	mempool_t *io_pool;
M
Milan Broz 已提交
130
	mempool_t *req_pool;
L
Linus Torvalds 已提交
131
	mempool_t *page_pool;
M
Milan Broz 已提交
132
	struct bio_set *bs;
L
Linus Torvalds 已提交
133

M
Milan Broz 已提交
134 135
	struct workqueue_struct *io_queue;
	struct workqueue_struct *crypt_queue;
M
Milan Broz 已提交
136

M
Milan Broz 已提交
137
	char *cipher;
138
	char *cipher_string;
M
Milan Broz 已提交
139

L
Linus Torvalds 已提交
140
	struct crypt_iv_operations *iv_gen_ops;
141
	union {
142 143
		struct iv_essiv_private essiv;
		struct iv_benbi_private benbi;
M
Milan Broz 已提交
144
		struct iv_lmk_private lmk;
145
	} iv_gen_private;
L
Linus Torvalds 已提交
146 147 148
	sector_t iv_offset;
	unsigned int iv_size;

A
Andi Kleen 已提交
149 150 151 152 153
	/*
	 * Duplicated per cpu state. Access through
	 * per_cpu_ptr() only.
	 */
	struct crypt_cpu __percpu *cpu;
M
Milan Broz 已提交
154
	unsigned tfms_count;
A
Andi Kleen 已提交
155

M
Milan Broz 已提交
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170
	/*
	 * Layout of each crypto request:
	 *
	 *   struct ablkcipher_request
	 *      context
	 *      padding
	 *   struct dm_crypt_request
	 *      padding
	 *   IV
	 *
	 * The padding is added so that dm_crypt_request and the IV are
	 * correctly aligned.
	 */
	unsigned int dmreq_start;

M
Milan Broz 已提交
171
	unsigned long flags;
L
Linus Torvalds 已提交
172
	unsigned int key_size;
M
Milan Broz 已提交
173
	unsigned int key_parts;
L
Linus Torvalds 已提交
174 175 176
	u8 key[0];
};

M
Milan Broz 已提交
177
#define MIN_IOS        16
L
Linus Torvalds 已提交
178 179
#define MIN_POOL_PAGES 32

180
static struct kmem_cache *_crypt_io_pool;
L
Linus Torvalds 已提交
181

A
Alasdair G Kergon 已提交
182
static void clone_init(struct dm_crypt_io *, struct bio *);
183
static void kcryptd_queue_crypt(struct dm_crypt_io *io);
184
static u8 *iv_of_dmreq(struct crypt_config *cc, struct dm_crypt_request *dmreq);
O
Olaf Kirch 已提交
185

A
Andi Kleen 已提交
186 187 188 189 190 191 192 193 194 195
static struct crypt_cpu *this_crypt_config(struct crypt_config *cc)
{
	return this_cpu_ptr(cc->cpu);
}

/*
 * Use this to access cipher attributes that are the same for each CPU.
 */
static struct crypto_ablkcipher *any_tfm(struct crypt_config *cc)
{
M
Milan Broz 已提交
196
	return __this_cpu_ptr(cc->cpu)->tfms[0];
A
Andi Kleen 已提交
197 198
}

L
Linus Torvalds 已提交
199 200 201
/*
 * Different IV generation algorithms:
 *
202
 * plain: the initial vector is the 32-bit little-endian version of the sector
203
 *        number, padded with zeros if necessary.
L
Linus Torvalds 已提交
204
 *
M
Milan Broz 已提交
205 206 207
 * plain64: the initial vector is the 64-bit little-endian version of the sector
 *        number, padded with zeros if necessary.
 *
208 209 210
 * essiv: "encrypted sector|salt initial vector", the sector number is
 *        encrypted with the bulk cipher using a salt as key. The salt
 *        should be derived from the bulk cipher's key via hashing.
L
Linus Torvalds 已提交
211
 *
212 213 214
 * benbi: the 64-bit "big-endian 'narrow block'-count", starting at 1
 *        (needed for LRW-32-AES and possible other narrow block modes)
 *
L
Ludwig Nussel 已提交
215 216 217
 * null: the initial vector is always zero.  Provides compatibility with
 *       obsolete loop_fish2 devices.  Do not use for new devices.
 *
M
Milan Broz 已提交
218 219 220 221 222 223 224 225 226 227 228 229 230 231
 * lmk:  Compatible implementation of the block chaining mode used
 *       by the Loop-AES block device encryption system
 *       designed by Jari Ruusu. See http://loop-aes.sourceforge.net/
 *       It operates on full 512 byte sectors and uses CBC
 *       with an IV derived from the sector number, the data and
 *       optionally extra IV seed.
 *       This means that after decryption the first block
 *       of sector must be tweaked according to decrypted data.
 *       Loop-AES can use three encryption schemes:
 *         version 1: is plain aes-cbc mode
 *         version 2: uses 64 multikey scheme with lmk IV generator
 *         version 3: the same as version 2 with additional IV seed
 *                   (it uses 65 keys, last key is used as IV seed)
 *
L
Linus Torvalds 已提交
232 233 234 235
 * plumb: unimplemented, see:
 * http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/454
 */

236 237
static int crypt_iv_plain_gen(struct crypt_config *cc, u8 *iv,
			      struct dm_crypt_request *dmreq)
L
Linus Torvalds 已提交
238 239
{
	memset(iv, 0, cc->iv_size);
A
Alasdair G Kergon 已提交
240
	*(__le32 *)iv = cpu_to_le32(dmreq->iv_sector & 0xffffffff);
L
Linus Torvalds 已提交
241 242 243 244

	return 0;
}

M
Milan Broz 已提交
245
static int crypt_iv_plain64_gen(struct crypt_config *cc, u8 *iv,
246
				struct dm_crypt_request *dmreq)
M
Milan Broz 已提交
247 248
{
	memset(iv, 0, cc->iv_size);
A
Alasdair G Kergon 已提交
249
	*(__le64 *)iv = cpu_to_le64(dmreq->iv_sector);
M
Milan Broz 已提交
250 251 252 253

	return 0;
}

254 255 256 257 258 259
/* Initialise ESSIV - compute salt but no local memory allocations */
static int crypt_iv_essiv_init(struct crypt_config *cc)
{
	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
	struct hash_desc desc;
	struct scatterlist sg;
A
Andi Kleen 已提交
260 261
	struct crypto_cipher *essiv_tfm;
	int err, cpu;
262 263 264 265 266 267 268 269 270

	sg_init_one(&sg, cc->key, cc->key_size);
	desc.tfm = essiv->hash_tfm;
	desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;

	err = crypto_hash_digest(&desc, &sg, cc->key_size, essiv->salt);
	if (err)
		return err;

A
Andi Kleen 已提交
271 272 273 274
	for_each_possible_cpu(cpu) {
		essiv_tfm = per_cpu_ptr(cc->cpu, cpu)->iv_private,

		err = crypto_cipher_setkey(essiv_tfm, essiv->salt,
275
				    crypto_hash_digestsize(essiv->hash_tfm));
A
Andi Kleen 已提交
276 277 278 279 280
		if (err)
			return err;
	}

	return 0;
281 282
}

283 284 285 286 287
/* Wipe salt and reset key derived from volume key */
static int crypt_iv_essiv_wipe(struct crypt_config *cc)
{
	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
	unsigned salt_size = crypto_hash_digestsize(essiv->hash_tfm);
A
Andi Kleen 已提交
288 289
	struct crypto_cipher *essiv_tfm;
	int cpu, r, err = 0;
290 291 292

	memset(essiv->salt, 0, salt_size);

A
Andi Kleen 已提交
293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333
	for_each_possible_cpu(cpu) {
		essiv_tfm = per_cpu_ptr(cc->cpu, cpu)->iv_private;
		r = crypto_cipher_setkey(essiv_tfm, essiv->salt, salt_size);
		if (r)
			err = r;
	}

	return err;
}

/* Set up per cpu cipher state */
static struct crypto_cipher *setup_essiv_cpu(struct crypt_config *cc,
					     struct dm_target *ti,
					     u8 *salt, unsigned saltsize)
{
	struct crypto_cipher *essiv_tfm;
	int err;

	/* Setup the essiv_tfm with the given salt */
	essiv_tfm = crypto_alloc_cipher(cc->cipher, 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(essiv_tfm)) {
		ti->error = "Error allocating crypto tfm for ESSIV";
		return essiv_tfm;
	}

	if (crypto_cipher_blocksize(essiv_tfm) !=
	    crypto_ablkcipher_ivsize(any_tfm(cc))) {
		ti->error = "Block size of ESSIV cipher does "
			    "not match IV size of block cipher";
		crypto_free_cipher(essiv_tfm);
		return ERR_PTR(-EINVAL);
	}

	err = crypto_cipher_setkey(essiv_tfm, salt, saltsize);
	if (err) {
		ti->error = "Failed to set key for ESSIV cipher";
		crypto_free_cipher(essiv_tfm);
		return ERR_PTR(err);
	}

	return essiv_tfm;
334 335
}

336 337
static void crypt_iv_essiv_dtr(struct crypt_config *cc)
{
A
Andi Kleen 已提交
338 339 340
	int cpu;
	struct crypt_cpu *cpu_cc;
	struct crypto_cipher *essiv_tfm;
341 342
	struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;

343 344 345 346 347
	crypto_free_hash(essiv->hash_tfm);
	essiv->hash_tfm = NULL;

	kzfree(essiv->salt);
	essiv->salt = NULL;
A
Andi Kleen 已提交
348 349 350 351 352 353 354 355 356 357

	for_each_possible_cpu(cpu) {
		cpu_cc = per_cpu_ptr(cc->cpu, cpu);
		essiv_tfm = cpu_cc->iv_private;

		if (essiv_tfm)
			crypto_free_cipher(essiv_tfm);

		cpu_cc->iv_private = NULL;
	}
358 359
}

L
Linus Torvalds 已提交
360
static int crypt_iv_essiv_ctr(struct crypt_config *cc, struct dm_target *ti,
M
Milan Broz 已提交
361
			      const char *opts)
L
Linus Torvalds 已提交
362
{
363 364 365
	struct crypto_cipher *essiv_tfm = NULL;
	struct crypto_hash *hash_tfm = NULL;
	u8 *salt = NULL;
A
Andi Kleen 已提交
366
	int err, cpu;
L
Linus Torvalds 已提交
367

368
	if (!opts) {
369
		ti->error = "Digest algorithm missing for ESSIV mode";
L
Linus Torvalds 已提交
370 371 372
		return -EINVAL;
	}

373
	/* Allocate hash algorithm */
374 375
	hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
	if (IS_ERR(hash_tfm)) {
376
		ti->error = "Error initializing ESSIV hash";
377 378
		err = PTR_ERR(hash_tfm);
		goto bad;
L
Linus Torvalds 已提交
379 380
	}

381
	salt = kzalloc(crypto_hash_digestsize(hash_tfm), GFP_KERNEL);
382
	if (!salt) {
383
		ti->error = "Error kmallocing salt storage in ESSIV";
384 385
		err = -ENOMEM;
		goto bad;
L
Linus Torvalds 已提交
386 387
	}

388 389 390
	cc->iv_gen_private.essiv.salt = salt;
	cc->iv_gen_private.essiv.hash_tfm = hash_tfm;

A
Andi Kleen 已提交
391 392 393 394 395 396 397 398 399 400
	for_each_possible_cpu(cpu) {
		essiv_tfm = setup_essiv_cpu(cc, ti, salt,
					crypto_hash_digestsize(hash_tfm));
		if (IS_ERR(essiv_tfm)) {
			crypt_iv_essiv_dtr(cc);
			return PTR_ERR(essiv_tfm);
		}
		per_cpu_ptr(cc->cpu, cpu)->iv_private = essiv_tfm;
	}

L
Linus Torvalds 已提交
401
	return 0;
402 403 404 405

bad:
	if (hash_tfm && !IS_ERR(hash_tfm))
		crypto_free_hash(hash_tfm);
406
	kfree(salt);
407
	return err;
L
Linus Torvalds 已提交
408 409
}

410 411
static int crypt_iv_essiv_gen(struct crypt_config *cc, u8 *iv,
			      struct dm_crypt_request *dmreq)
L
Linus Torvalds 已提交
412
{
A
Andi Kleen 已提交
413 414
	struct crypto_cipher *essiv_tfm = this_crypt_config(cc)->iv_private;

L
Linus Torvalds 已提交
415
	memset(iv, 0, cc->iv_size);
A
Alasdair G Kergon 已提交
416
	*(__le64 *)iv = cpu_to_le64(dmreq->iv_sector);
A
Andi Kleen 已提交
417 418
	crypto_cipher_encrypt_one(essiv_tfm, iv, iv);

L
Linus Torvalds 已提交
419 420 421
	return 0;
}

422 423 424
static int crypt_iv_benbi_ctr(struct crypt_config *cc, struct dm_target *ti,
			      const char *opts)
{
A
Andi Kleen 已提交
425
	unsigned bs = crypto_ablkcipher_blocksize(any_tfm(cc));
426
	int log = ilog2(bs);
427 428 429 430 431 432 433 434 435 436 437 438 439 440

	/* we need to calculate how far we must shift the sector count
	 * to get the cipher block count, we use this shift in _gen */

	if (1 << log != bs) {
		ti->error = "cypher blocksize is not a power of 2";
		return -EINVAL;
	}

	if (log > 9) {
		ti->error = "cypher blocksize is > 512";
		return -EINVAL;
	}

441
	cc->iv_gen_private.benbi.shift = 9 - log;
442 443 444 445 446 447 448 449

	return 0;
}

static void crypt_iv_benbi_dtr(struct crypt_config *cc)
{
}

450 451
static int crypt_iv_benbi_gen(struct crypt_config *cc, u8 *iv,
			      struct dm_crypt_request *dmreq)
452
{
453 454
	__be64 val;

455
	memset(iv, 0, cc->iv_size - sizeof(u64)); /* rest is cleared below */
456

457
	val = cpu_to_be64(((u64)dmreq->iv_sector << cc->iv_gen_private.benbi.shift) + 1);
458
	put_unaligned(val, (__be64 *)(iv + cc->iv_size - sizeof(u64)));
459

L
Linus Torvalds 已提交
460 461 462
	return 0;
}

463 464
static int crypt_iv_null_gen(struct crypt_config *cc, u8 *iv,
			     struct dm_crypt_request *dmreq)
L
Ludwig Nussel 已提交
465 466 467 468 469 470
{
	memset(iv, 0, cc->iv_size);

	return 0;
}

M
Milan Broz 已提交
471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591
static void crypt_iv_lmk_dtr(struct crypt_config *cc)
{
	struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;

	if (lmk->hash_tfm && !IS_ERR(lmk->hash_tfm))
		crypto_free_shash(lmk->hash_tfm);
	lmk->hash_tfm = NULL;

	kzfree(lmk->seed);
	lmk->seed = NULL;
}

static int crypt_iv_lmk_ctr(struct crypt_config *cc, struct dm_target *ti,
			    const char *opts)
{
	struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;

	lmk->hash_tfm = crypto_alloc_shash("md5", 0, 0);
	if (IS_ERR(lmk->hash_tfm)) {
		ti->error = "Error initializing LMK hash";
		return PTR_ERR(lmk->hash_tfm);
	}

	/* No seed in LMK version 2 */
	if (cc->key_parts == cc->tfms_count) {
		lmk->seed = NULL;
		return 0;
	}

	lmk->seed = kzalloc(LMK_SEED_SIZE, GFP_KERNEL);
	if (!lmk->seed) {
		crypt_iv_lmk_dtr(cc);
		ti->error = "Error kmallocing seed storage in LMK";
		return -ENOMEM;
	}

	return 0;
}

static int crypt_iv_lmk_init(struct crypt_config *cc)
{
	struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
	int subkey_size = cc->key_size / cc->key_parts;

	/* LMK seed is on the position of LMK_KEYS + 1 key */
	if (lmk->seed)
		memcpy(lmk->seed, cc->key + (cc->tfms_count * subkey_size),
		       crypto_shash_digestsize(lmk->hash_tfm));

	return 0;
}

static int crypt_iv_lmk_wipe(struct crypt_config *cc)
{
	struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;

	if (lmk->seed)
		memset(lmk->seed, 0, LMK_SEED_SIZE);

	return 0;
}

static int crypt_iv_lmk_one(struct crypt_config *cc, u8 *iv,
			    struct dm_crypt_request *dmreq,
			    u8 *data)
{
	struct iv_lmk_private *lmk = &cc->iv_gen_private.lmk;
	struct {
		struct shash_desc desc;
		char ctx[crypto_shash_descsize(lmk->hash_tfm)];
	} sdesc;
	struct md5_state md5state;
	u32 buf[4];
	int i, r;

	sdesc.desc.tfm = lmk->hash_tfm;
	sdesc.desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;

	r = crypto_shash_init(&sdesc.desc);
	if (r)
		return r;

	if (lmk->seed) {
		r = crypto_shash_update(&sdesc.desc, lmk->seed, LMK_SEED_SIZE);
		if (r)
			return r;
	}

	/* Sector is always 512B, block size 16, add data of blocks 1-31 */
	r = crypto_shash_update(&sdesc.desc, data + 16, 16 * 31);
	if (r)
		return r;

	/* Sector is cropped to 56 bits here */
	buf[0] = cpu_to_le32(dmreq->iv_sector & 0xFFFFFFFF);
	buf[1] = cpu_to_le32((((u64)dmreq->iv_sector >> 32) & 0x00FFFFFF) | 0x80000000);
	buf[2] = cpu_to_le32(4024);
	buf[3] = 0;
	r = crypto_shash_update(&sdesc.desc, (u8 *)buf, sizeof(buf));
	if (r)
		return r;

	/* No MD5 padding here */
	r = crypto_shash_export(&sdesc.desc, &md5state);
	if (r)
		return r;

	for (i = 0; i < MD5_HASH_WORDS; i++)
		__cpu_to_le32s(&md5state.hash[i]);
	memcpy(iv, &md5state.hash, cc->iv_size);

	return 0;
}

static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv,
			    struct dm_crypt_request *dmreq)
{
	u8 *src;
	int r = 0;

	if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) {
592
		src = kmap_atomic(sg_page(&dmreq->sg_in));
M
Milan Broz 已提交
593
		r = crypt_iv_lmk_one(cc, iv, dmreq, src + dmreq->sg_in.offset);
594
		kunmap_atomic(src);
M
Milan Broz 已提交
595 596 597 598 599 600 601 602 603 604 605 606 607 608 609
	} else
		memset(iv, 0, cc->iv_size);

	return r;
}

static int crypt_iv_lmk_post(struct crypt_config *cc, u8 *iv,
			     struct dm_crypt_request *dmreq)
{
	u8 *dst;
	int r;

	if (bio_data_dir(dmreq->ctx->bio_in) == WRITE)
		return 0;

610
	dst = kmap_atomic(sg_page(&dmreq->sg_out));
M
Milan Broz 已提交
611 612 613 614 615 616
	r = crypt_iv_lmk_one(cc, iv, dmreq, dst + dmreq->sg_out.offset);

	/* Tweak the first block of plaintext sector */
	if (!r)
		crypto_xor(dst + dmreq->sg_out.offset, iv, cc->iv_size);

617
	kunmap_atomic(dst);
M
Milan Broz 已提交
618 619 620
	return r;
}

L
Linus Torvalds 已提交
621 622 623 624
static struct crypt_iv_operations crypt_iv_plain_ops = {
	.generator = crypt_iv_plain_gen
};

M
Milan Broz 已提交
625 626 627 628
static struct crypt_iv_operations crypt_iv_plain64_ops = {
	.generator = crypt_iv_plain64_gen
};

L
Linus Torvalds 已提交
629 630 631
static struct crypt_iv_operations crypt_iv_essiv_ops = {
	.ctr       = crypt_iv_essiv_ctr,
	.dtr       = crypt_iv_essiv_dtr,
632
	.init      = crypt_iv_essiv_init,
633
	.wipe      = crypt_iv_essiv_wipe,
L
Linus Torvalds 已提交
634 635 636
	.generator = crypt_iv_essiv_gen
};

637 638 639 640 641
static struct crypt_iv_operations crypt_iv_benbi_ops = {
	.ctr	   = crypt_iv_benbi_ctr,
	.dtr	   = crypt_iv_benbi_dtr,
	.generator = crypt_iv_benbi_gen
};
L
Linus Torvalds 已提交
642

L
Ludwig Nussel 已提交
643 644 645 646
static struct crypt_iv_operations crypt_iv_null_ops = {
	.generator = crypt_iv_null_gen
};

M
Milan Broz 已提交
647 648 649 650 651 652 653 654 655
static struct crypt_iv_operations crypt_iv_lmk_ops = {
	.ctr	   = crypt_iv_lmk_ctr,
	.dtr	   = crypt_iv_lmk_dtr,
	.init	   = crypt_iv_lmk_init,
	.wipe	   = crypt_iv_lmk_wipe,
	.generator = crypt_iv_lmk_gen,
	.post	   = crypt_iv_lmk_post
};

M
Milan Broz 已提交
656 657 658
static void crypt_convert_init(struct crypt_config *cc,
			       struct convert_context *ctx,
			       struct bio *bio_out, struct bio *bio_in,
659
			       sector_t sector)
L
Linus Torvalds 已提交
660 661 662 663 664 665 666 667
{
	ctx->bio_in = bio_in;
	ctx->bio_out = bio_out;
	ctx->offset_in = 0;
	ctx->offset_out = 0;
	ctx->idx_in = bio_in ? bio_in->bi_idx : 0;
	ctx->idx_out = bio_out ? bio_out->bi_idx : 0;
	ctx->sector = sector + cc->iv_offset;
M
Milan Broz 已提交
668
	init_completion(&ctx->restart);
L
Linus Torvalds 已提交
669 670
}

671 672 673 674 675 676 677 678 679 680 681 682
static struct dm_crypt_request *dmreq_of_req(struct crypt_config *cc,
					     struct ablkcipher_request *req)
{
	return (struct dm_crypt_request *)((char *)req + cc->dmreq_start);
}

static struct ablkcipher_request *req_of_dmreq(struct crypt_config *cc,
					       struct dm_crypt_request *dmreq)
{
	return (struct ablkcipher_request *)((char *)dmreq - cc->dmreq_start);
}

683 684 685 686 687 688 689
static u8 *iv_of_dmreq(struct crypt_config *cc,
		       struct dm_crypt_request *dmreq)
{
	return (u8 *)ALIGN((unsigned long)(dmreq + 1),
		crypto_ablkcipher_alignmask(any_tfm(cc)) + 1);
}

690
static int crypt_convert_block(struct crypt_config *cc,
M
Milan Broz 已提交
691 692
			       struct convert_context *ctx,
			       struct ablkcipher_request *req)
693 694 695
{
	struct bio_vec *bv_in = bio_iovec_idx(ctx->bio_in, ctx->idx_in);
	struct bio_vec *bv_out = bio_iovec_idx(ctx->bio_out, ctx->idx_out);
M
Milan Broz 已提交
696 697
	struct dm_crypt_request *dmreq;
	u8 *iv;
M
Mikulas Patocka 已提交
698
	int r;
M
Milan Broz 已提交
699

700
	dmreq = dmreq_of_req(cc, req);
701
	iv = iv_of_dmreq(cc, dmreq);
702

703
	dmreq->iv_sector = ctx->sector;
704
	dmreq->ctx = ctx;
M
Milan Broz 已提交
705 706
	sg_init_table(&dmreq->sg_in, 1);
	sg_set_page(&dmreq->sg_in, bv_in->bv_page, 1 << SECTOR_SHIFT,
707 708
		    bv_in->bv_offset + ctx->offset_in);

M
Milan Broz 已提交
709 710
	sg_init_table(&dmreq->sg_out, 1);
	sg_set_page(&dmreq->sg_out, bv_out->bv_page, 1 << SECTOR_SHIFT,
711 712 713 714 715 716 717 718 719 720 721 722 723 724
		    bv_out->bv_offset + ctx->offset_out);

	ctx->offset_in += 1 << SECTOR_SHIFT;
	if (ctx->offset_in >= bv_in->bv_len) {
		ctx->offset_in = 0;
		ctx->idx_in++;
	}

	ctx->offset_out += 1 << SECTOR_SHIFT;
	if (ctx->offset_out >= bv_out->bv_len) {
		ctx->offset_out = 0;
		ctx->idx_out++;
	}

M
Milan Broz 已提交
725
	if (cc->iv_gen_ops) {
726
		r = cc->iv_gen_ops->generator(cc, iv, dmreq);
M
Milan Broz 已提交
727 728 729 730 731 732 733 734 735 736 737 738
		if (r < 0)
			return r;
	}

	ablkcipher_request_set_crypt(req, &dmreq->sg_in, &dmreq->sg_out,
				     1 << SECTOR_SHIFT, iv);

	if (bio_data_dir(ctx->bio_in) == WRITE)
		r = crypto_ablkcipher_encrypt(req);
	else
		r = crypto_ablkcipher_decrypt(req);

739 740 741
	if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post)
		r = cc->iv_gen_ops->post(cc, iv, dmreq);

M
Milan Broz 已提交
742
	return r;
743 744
}

M
Milan Broz 已提交
745 746
static void kcryptd_async_done(struct crypto_async_request *async_req,
			       int error);
A
Andi Kleen 已提交
747

M
Milan Broz 已提交
748 749 750
static void crypt_alloc_req(struct crypt_config *cc,
			    struct convert_context *ctx)
{
A
Andi Kleen 已提交
751
	struct crypt_cpu *this_cc = this_crypt_config(cc);
M
Milan Broz 已提交
752
	unsigned key_index = ctx->sector & (cc->tfms_count - 1);
A
Andi Kleen 已提交
753 754 755 756

	if (!this_cc->req)
		this_cc->req = mempool_alloc(cc->req_pool, GFP_NOIO);

M
Milan Broz 已提交
757
	ablkcipher_request_set_tfm(this_cc->req, this_cc->tfms[key_index]);
A
Andi Kleen 已提交
758 759 760
	ablkcipher_request_set_callback(this_cc->req,
	    CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
	    kcryptd_async_done, dmreq_of_req(cc, this_cc->req));
M
Milan Broz 已提交
761 762
}

L
Linus Torvalds 已提交
763 764 765 766
/*
 * Encrypt / decrypt data from one bio to another one (can be the same one)
 */
static int crypt_convert(struct crypt_config *cc,
M
Milan Broz 已提交
767
			 struct convert_context *ctx)
L
Linus Torvalds 已提交
768
{
A
Andi Kleen 已提交
769
	struct crypt_cpu *this_cc = this_crypt_config(cc);
M
Milan Broz 已提交
770
	int r;
L
Linus Torvalds 已提交
771

M
Mikulas Patocka 已提交
772
	atomic_set(&ctx->cc_pending, 1);
M
Milan Broz 已提交
773

L
Linus Torvalds 已提交
774 775 776
	while(ctx->idx_in < ctx->bio_in->bi_vcnt &&
	      ctx->idx_out < ctx->bio_out->bi_vcnt) {

M
Milan Broz 已提交
777 778
		crypt_alloc_req(cc, ctx);

M
Mikulas Patocka 已提交
779
		atomic_inc(&ctx->cc_pending);
M
Milan Broz 已提交
780

A
Andi Kleen 已提交
781
		r = crypt_convert_block(cc, ctx, this_cc->req);
M
Milan Broz 已提交
782 783

		switch (r) {
M
Milan Broz 已提交
784
		/* async */
M
Milan Broz 已提交
785 786 787 788 789
		case -EBUSY:
			wait_for_completion(&ctx->restart);
			INIT_COMPLETION(ctx->restart);
			/* fall through*/
		case -EINPROGRESS:
A
Andi Kleen 已提交
790
			this_cc->req = NULL;
M
Milan Broz 已提交
791 792 793 794
			ctx->sector++;
			continue;

		/* sync */
M
Milan Broz 已提交
795
		case 0:
M
Mikulas Patocka 已提交
796
			atomic_dec(&ctx->cc_pending);
M
Milan Broz 已提交
797
			ctx->sector++;
M
Milan Broz 已提交
798
			cond_resched();
M
Milan Broz 已提交
799 800
			continue;

M
Milan Broz 已提交
801 802
		/* error */
		default:
M
Mikulas Patocka 已提交
803
			atomic_dec(&ctx->cc_pending);
M
Milan Broz 已提交
804 805
			return r;
		}
L
Linus Torvalds 已提交
806 807
	}

M
Milan Broz 已提交
808
	return 0;
L
Linus Torvalds 已提交
809 810
}

M
Milan Broz 已提交
811 812
static void dm_crypt_bio_destructor(struct bio *bio)
{
A
Alasdair G Kergon 已提交
813
	struct dm_crypt_io *io = bio->bi_private;
M
Milan Broz 已提交
814 815 816
	struct crypt_config *cc = io->target->private;

	bio_free(bio, cc->bs);
M
Milan Broz 已提交
817
}
M
Milan Broz 已提交
818

L
Linus Torvalds 已提交
819 820 821
/*
 * Generate a new unfragmented bio with the given size
 * This should never violate the device limitations
822 823
 * May return a smaller bio when running out of pages, indicated by
 * *out_of_pages set to 1.
L
Linus Torvalds 已提交
824
 */
825 826
static struct bio *crypt_alloc_buffer(struct dm_crypt_io *io, unsigned size,
				      unsigned *out_of_pages)
L
Linus Torvalds 已提交
827
{
O
Olaf Kirch 已提交
828
	struct crypt_config *cc = io->target->private;
829
	struct bio *clone;
L
Linus Torvalds 已提交
830
	unsigned int nr_iovecs = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
831
	gfp_t gfp_mask = GFP_NOIO | __GFP_HIGHMEM;
M
Milan Broz 已提交
832 833
	unsigned i, len;
	struct page *page;
L
Linus Torvalds 已提交
834

O
Olaf Kirch 已提交
835
	clone = bio_alloc_bioset(GFP_NOIO, nr_iovecs, cc->bs);
836
	if (!clone)
L
Linus Torvalds 已提交
837 838
		return NULL;

O
Olaf Kirch 已提交
839
	clone_init(io, clone);
840
	*out_of_pages = 0;
M
Milan Broz 已提交
841

842
	for (i = 0; i < nr_iovecs; i++) {
M
Milan Broz 已提交
843
		page = mempool_alloc(cc->page_pool, gfp_mask);
844 845
		if (!page) {
			*out_of_pages = 1;
L
Linus Torvalds 已提交
846
			break;
847
		}
L
Linus Torvalds 已提交
848 849

		/*
M
Mikulas Patocka 已提交
850 851 852
		 * If additional pages cannot be allocated without waiting,
		 * return a partially-allocated bio.  The caller will then try
		 * to allocate more bios while submitting this partial bio.
L
Linus Torvalds 已提交
853
		 */
M
Mikulas Patocka 已提交
854
		gfp_mask = (gfp_mask | __GFP_NOWARN) & ~__GFP_WAIT;
L
Linus Torvalds 已提交
855

M
Milan Broz 已提交
856 857 858 859 860 861
		len = (size > PAGE_SIZE) ? PAGE_SIZE : size;

		if (!bio_add_page(clone, page, len, 0)) {
			mempool_free(page, cc->page_pool);
			break;
		}
L
Linus Torvalds 已提交
862

M
Milan Broz 已提交
863
		size -= len;
L
Linus Torvalds 已提交
864 865
	}

866 867
	if (!clone->bi_size) {
		bio_put(clone);
L
Linus Torvalds 已提交
868 869 870
		return NULL;
	}

871
	return clone;
L
Linus Torvalds 已提交
872 873
}

N
Neil Brown 已提交
874
static void crypt_free_buffer_pages(struct crypt_config *cc, struct bio *clone)
L
Linus Torvalds 已提交
875
{
N
Neil Brown 已提交
876
	unsigned int i;
L
Linus Torvalds 已提交
877 878
	struct bio_vec *bv;

N
Neil Brown 已提交
879
	for (i = 0; i < clone->bi_vcnt; i++) {
880
		bv = bio_iovec_idx(clone, i);
L
Linus Torvalds 已提交
881 882 883 884 885 886
		BUG_ON(!bv->bv_page);
		mempool_free(bv->bv_page, cc->page_pool);
		bv->bv_page = NULL;
	}
}

M
Milan Broz 已提交
887 888 889 890 891 892 893 894 895 896 897
static struct dm_crypt_io *crypt_io_alloc(struct dm_target *ti,
					  struct bio *bio, sector_t sector)
{
	struct crypt_config *cc = ti->private;
	struct dm_crypt_io *io;

	io = mempool_alloc(cc->io_pool, GFP_NOIO);
	io->target = ti;
	io->base_bio = bio;
	io->sector = sector;
	io->error = 0;
M
Milan Broz 已提交
898
	io->base_io = NULL;
M
Mikulas Patocka 已提交
899
	atomic_set(&io->io_pending, 0);
M
Milan Broz 已提交
900 901 902 903

	return io;
}

M
Milan Broz 已提交
904 905
static void crypt_inc_pending(struct dm_crypt_io *io)
{
M
Mikulas Patocka 已提交
906
	atomic_inc(&io->io_pending);
M
Milan Broz 已提交
907 908
}

L
Linus Torvalds 已提交
909 910 911
/*
 * One of the bios was finished. Check for completion of
 * the whole request and correctly clean up the buffer.
M
Milan Broz 已提交
912
 * If base_io is set, wait for the last fragment to complete.
L
Linus Torvalds 已提交
913
 */
914
static void crypt_dec_pending(struct dm_crypt_io *io)
L
Linus Torvalds 已提交
915
{
916
	struct crypt_config *cc = io->target->private;
917 918 919
	struct bio *base_bio = io->base_bio;
	struct dm_crypt_io *base_io = io->base_io;
	int error = io->error;
L
Linus Torvalds 已提交
920

M
Mikulas Patocka 已提交
921
	if (!atomic_dec_and_test(&io->io_pending))
L
Linus Torvalds 已提交
922 923
		return;

924 925 926 927
	mempool_free(io, cc->io_pool);

	if (likely(!base_io))
		bio_endio(base_bio, error);
M
Milan Broz 已提交
928
	else {
929 930 931
		if (error && !base_io->error)
			base_io->error = error;
		crypt_dec_pending(base_io);
M
Milan Broz 已提交
932
	}
L
Linus Torvalds 已提交
933 934 935
}

/*
M
Milan Broz 已提交
936
 * kcryptd/kcryptd_io:
L
Linus Torvalds 已提交
937 938
 *
 * Needed because it would be very unwise to do decryption in an
939
 * interrupt context.
M
Milan Broz 已提交
940 941 942 943 944 945 946 947
 *
 * kcryptd performs the actual encryption or decryption.
 *
 * kcryptd_io performs the IO submission.
 *
 * They must be separated as otherwise the final stages could be
 * starved by new requests which can block in the first stages due
 * to memory allocation.
A
Andi Kleen 已提交
948 949 950
 *
 * The work is done per CPU global for all dm-crypt instances.
 * They should not depend on each other and do not block.
L
Linus Torvalds 已提交
951
 */
952
static void crypt_endio(struct bio *clone, int error)
953
{
A
Alasdair G Kergon 已提交
954
	struct dm_crypt_io *io = clone->bi_private;
955
	struct crypt_config *cc = io->target->private;
M
Milan Broz 已提交
956
	unsigned rw = bio_data_dir(clone);
957

M
Milan Broz 已提交
958 959 960
	if (unlikely(!bio_flagged(clone, BIO_UPTODATE) && !error))
		error = -EIO;

961
	/*
962
	 * free the processed pages
963
	 */
M
Milan Broz 已提交
964
	if (rw == WRITE)
N
Neil Brown 已提交
965
		crypt_free_buffer_pages(cc, clone);
966 967 968

	bio_put(clone);

M
Milan Broz 已提交
969 970 971 972
	if (rw == READ && !error) {
		kcryptd_queue_crypt(io);
		return;
	}
973 974 975 976 977

	if (unlikely(error))
		io->error = error;

	crypt_dec_pending(io);
978 979
}

A
Alasdair G Kergon 已提交
980
static void clone_init(struct dm_crypt_io *io, struct bio *clone)
981 982 983 984 985 986 987
{
	struct crypt_config *cc = io->target->private;

	clone->bi_private = io;
	clone->bi_end_io  = crypt_endio;
	clone->bi_bdev    = cc->dev->bdev;
	clone->bi_rw      = io->base_bio->bi_rw;
O
Olaf Kirch 已提交
988
	clone->bi_destructor = dm_crypt_bio_destructor;
989 990
}

991
static int kcryptd_io_read(struct dm_crypt_io *io, gfp_t gfp)
992 993 994 995
{
	struct crypt_config *cc = io->target->private;
	struct bio *base_bio = io->base_bio;
	struct bio *clone;
996

997 998 999 1000 1001
	/*
	 * The block layer might modify the bvec array, so always
	 * copy the required bvecs because we need the original
	 * one in order to decrypt the whole bio data *afterwards*.
	 */
1002
	clone = bio_alloc_bioset(gfp, bio_segments(base_bio), cc->bs);
J
Jens Axboe 已提交
1003
	if (!clone)
1004
		return 1;
1005

1006 1007
	crypt_inc_pending(io);

1008 1009 1010 1011
	clone_init(io, clone);
	clone->bi_idx = 0;
	clone->bi_vcnt = bio_segments(base_bio);
	clone->bi_size = base_bio->bi_size;
1012
	clone->bi_sector = cc->start + io->sector;
1013 1014 1015
	memcpy(clone->bi_io_vec, bio_iovec(base_bio),
	       sizeof(struct bio_vec) * clone->bi_vcnt);

1016
	generic_make_request(clone);
1017
	return 0;
1018 1019
}

1020 1021
static void kcryptd_io_write(struct dm_crypt_io *io)
{
M
Milan Broz 已提交
1022 1023
	struct bio *clone = io->ctx.bio_out;
	generic_make_request(clone);
1024 1025
}

1026 1027 1028 1029
static void kcryptd_io(struct work_struct *work)
{
	struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work);

1030 1031 1032 1033 1034 1035
	if (bio_data_dir(io->base_bio) == READ) {
		crypt_inc_pending(io);
		if (kcryptd_io_read(io, GFP_NOIO))
			io->error = -ENOMEM;
		crypt_dec_pending(io);
	} else
1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046
		kcryptd_io_write(io);
}

static void kcryptd_queue_io(struct dm_crypt_io *io)
{
	struct crypt_config *cc = io->target->private;

	INIT_WORK(&io->work, kcryptd_io);
	queue_work(cc->io_queue, &io->work);
}

1047
static void kcryptd_crypt_write_io_submit(struct dm_crypt_io *io, int async)
1048
{
M
Milan Broz 已提交
1049 1050 1051
	struct bio *clone = io->ctx.bio_out;
	struct crypt_config *cc = io->target->private;

1052
	if (unlikely(io->error < 0)) {
M
Milan Broz 已提交
1053 1054
		crypt_free_buffer_pages(cc, clone);
		bio_put(clone);
1055
		crypt_dec_pending(io);
M
Milan Broz 已提交
1056 1057 1058 1059 1060 1061 1062
		return;
	}

	/* crypt_convert should have filled the clone bio */
	BUG_ON(io->ctx.idx_out < clone->bi_vcnt);

	clone->bi_sector = cc->start + io->sector;
M
Milan Broz 已提交
1063

M
Milan Broz 已提交
1064 1065
	if (async)
		kcryptd_queue_io(io);
1066
	else
M
Milan Broz 已提交
1067
		generic_make_request(clone);
1068 1069
}

M
Milan Broz 已提交
1070
static void kcryptd_crypt_write_convert(struct dm_crypt_io *io)
1071 1072 1073
{
	struct crypt_config *cc = io->target->private;
	struct bio *clone;
M
Milan Broz 已提交
1074
	struct dm_crypt_io *new_io;
M
Milan Broz 已提交
1075
	int crypt_finished;
1076
	unsigned out_of_pages = 0;
M
Milan Broz 已提交
1077
	unsigned remaining = io->base_bio->bi_size;
M
Milan Broz 已提交
1078
	sector_t sector = io->sector;
M
Milan Broz 已提交
1079
	int r;
1080

M
Milan Broz 已提交
1081 1082 1083 1084
	/*
	 * Prevent io from disappearing until this function completes.
	 */
	crypt_inc_pending(io);
M
Milan Broz 已提交
1085
	crypt_convert_init(cc, &io->ctx, NULL, io->base_bio, sector);
M
Milan Broz 已提交
1086

1087 1088 1089 1090 1091
	/*
	 * The allocated buffers can be smaller than the whole bio,
	 * so repeat the whole process until all the data can be handled.
	 */
	while (remaining) {
1092
		clone = crypt_alloc_buffer(io, remaining, &out_of_pages);
1093
		if (unlikely(!clone)) {
1094
			io->error = -ENOMEM;
M
Milan Broz 已提交
1095
			break;
1096
		}
1097

1098 1099
		io->ctx.bio_out = clone;
		io->ctx.idx_out = 0;
1100

M
Milan Broz 已提交
1101
		remaining -= clone->bi_size;
M
Milan Broz 已提交
1102
		sector += bio_sectors(clone);
1103

M
Milan Broz 已提交
1104
		crypt_inc_pending(io);
1105

M
Milan Broz 已提交
1106
		r = crypt_convert(cc, &io->ctx);
1107 1108 1109
		if (r < 0)
			io->error = -EIO;

M
Mikulas Patocka 已提交
1110
		crypt_finished = atomic_dec_and_test(&io->ctx.cc_pending);
1111

M
Milan Broz 已提交
1112 1113
		/* Encryption was already finished, submit io now */
		if (crypt_finished) {
1114
			kcryptd_crypt_write_io_submit(io, 0);
M
Milan Broz 已提交
1115 1116 1117 1118 1119

			/*
			 * If there was an error, do not try next fragments.
			 * For async, error is processed in async handler.
			 */
1120
			if (unlikely(r < 0))
M
Milan Broz 已提交
1121
				break;
M
Milan Broz 已提交
1122 1123

			io->sector = sector;
M
Milan Broz 已提交
1124
		}
1125

1126 1127 1128 1129 1130
		/*
		 * Out of memory -> run queues
		 * But don't wait if split was due to the io size restriction
		 */
		if (unlikely(out_of_pages))
1131
			congestion_wait(BLK_RW_ASYNC, HZ/100);
1132

M
Milan Broz 已提交
1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159
		/*
		 * With async crypto it is unsafe to share the crypto context
		 * between fragments, so switch to a new dm_crypt_io structure.
		 */
		if (unlikely(!crypt_finished && remaining)) {
			new_io = crypt_io_alloc(io->target, io->base_bio,
						sector);
			crypt_inc_pending(new_io);
			crypt_convert_init(cc, &new_io->ctx, NULL,
					   io->base_bio, sector);
			new_io->ctx.idx_in = io->ctx.idx_in;
			new_io->ctx.offset_in = io->ctx.offset_in;

			/*
			 * Fragments after the first use the base_io
			 * pending count.
			 */
			if (!io->base_io)
				new_io->base_io = io;
			else {
				new_io->base_io = io->base_io;
				crypt_inc_pending(io->base_io);
				crypt_dec_pending(io);
			}

			io = new_io;
		}
1160
	}
M
Milan Broz 已提交
1161 1162

	crypt_dec_pending(io);
1163 1164
}

1165
static void kcryptd_crypt_read_done(struct dm_crypt_io *io)
1166 1167 1168 1169
{
	crypt_dec_pending(io);
}

1170
static void kcryptd_crypt_read_convert(struct dm_crypt_io *io)
1171 1172
{
	struct crypt_config *cc = io->target->private;
1173
	int r = 0;
L
Linus Torvalds 已提交
1174

M
Milan Broz 已提交
1175
	crypt_inc_pending(io);
M
Milan Broz 已提交
1176

1177
	crypt_convert_init(cc, &io->ctx, io->base_bio, io->base_bio,
1178
			   io->sector);
L
Linus Torvalds 已提交
1179

1180
	r = crypt_convert(cc, &io->ctx);
1181 1182
	if (r < 0)
		io->error = -EIO;
1183

M
Mikulas Patocka 已提交
1184
	if (atomic_dec_and_test(&io->ctx.cc_pending))
1185
		kcryptd_crypt_read_done(io);
M
Milan Broz 已提交
1186 1187

	crypt_dec_pending(io);
L
Linus Torvalds 已提交
1188 1189
}

M
Milan Broz 已提交
1190 1191 1192
static void kcryptd_async_done(struct crypto_async_request *async_req,
			       int error)
{
1193 1194
	struct dm_crypt_request *dmreq = async_req->data;
	struct convert_context *ctx = dmreq->ctx;
M
Milan Broz 已提交
1195 1196 1197 1198 1199 1200 1201 1202
	struct dm_crypt_io *io = container_of(ctx, struct dm_crypt_io, ctx);
	struct crypt_config *cc = io->target->private;

	if (error == -EINPROGRESS) {
		complete(&ctx->restart);
		return;
	}

1203 1204 1205
	if (!error && cc->iv_gen_ops && cc->iv_gen_ops->post)
		error = cc->iv_gen_ops->post(cc, iv_of_dmreq(cc, dmreq), dmreq);

1206 1207 1208
	if (error < 0)
		io->error = -EIO;

1209
	mempool_free(req_of_dmreq(cc, dmreq), cc->req_pool);
M
Milan Broz 已提交
1210

M
Mikulas Patocka 已提交
1211
	if (!atomic_dec_and_test(&ctx->cc_pending))
M
Milan Broz 已提交
1212 1213 1214
		return;

	if (bio_data_dir(io->base_bio) == READ)
1215
		kcryptd_crypt_read_done(io);
M
Milan Broz 已提交
1216
	else
1217
		kcryptd_crypt_write_io_submit(io, 1);
M
Milan Broz 已提交
1218 1219
}

1220
static void kcryptd_crypt(struct work_struct *work)
L
Linus Torvalds 已提交
1221
{
A
Alasdair G Kergon 已提交
1222
	struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work);
1223

M
Milan Broz 已提交
1224
	if (bio_data_dir(io->base_bio) == READ)
1225
		kcryptd_crypt_read_convert(io);
1226
	else
1227
		kcryptd_crypt_write_convert(io);
M
Milan Broz 已提交
1228 1229
}

1230
static void kcryptd_queue_crypt(struct dm_crypt_io *io)
M
Milan Broz 已提交
1231
{
1232
	struct crypt_config *cc = io->target->private;
M
Milan Broz 已提交
1233

1234 1235
	INIT_WORK(&io->work, kcryptd_crypt);
	queue_work(cc->crypt_queue, &io->work);
L
Linus Torvalds 已提交
1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247
}

/*
 * Decode key from its hex representation
 */
static int crypt_decode_key(u8 *key, char *hex, unsigned int size)
{
	char buffer[3];
	unsigned int i;

	buffer[2] = '\0';

1248
	for (i = 0; i < size; i++) {
L
Linus Torvalds 已提交
1249 1250 1251
		buffer[0] = *hex++;
		buffer[1] = *hex++;

M
majianpeng 已提交
1252
		if (kstrtou8(buffer, 16, &key[i]))
L
Linus Torvalds 已提交
1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268
			return -EINVAL;
	}

	if (*hex != '\0')
		return -EINVAL;

	return 0;
}

/*
 * Encode key into its hex representation
 */
static void crypt_encode_key(char *hex, u8 *key, unsigned int size)
{
	unsigned int i;

1269
	for (i = 0; i < size; i++) {
L
Linus Torvalds 已提交
1270 1271 1272 1273 1274 1275
		sprintf(hex, "%02x", *key);
		hex += 2;
		key++;
	}
}

M
Milan Broz 已提交
1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305
static void crypt_free_tfms(struct crypt_config *cc, int cpu)
{
	struct crypt_cpu *cpu_cc = per_cpu_ptr(cc->cpu, cpu);
	unsigned i;

	for (i = 0; i < cc->tfms_count; i++)
		if (cpu_cc->tfms[i] && !IS_ERR(cpu_cc->tfms[i])) {
			crypto_free_ablkcipher(cpu_cc->tfms[i]);
			cpu_cc->tfms[i] = NULL;
		}
}

static int crypt_alloc_tfms(struct crypt_config *cc, int cpu, char *ciphermode)
{
	struct crypt_cpu *cpu_cc = per_cpu_ptr(cc->cpu, cpu);
	unsigned i;
	int err;

	for (i = 0; i < cc->tfms_count; i++) {
		cpu_cc->tfms[i] = crypto_alloc_ablkcipher(ciphermode, 0, 0);
		if (IS_ERR(cpu_cc->tfms[i])) {
			err = PTR_ERR(cpu_cc->tfms[i]);
			crypt_free_tfms(cc, cpu);
			return err;
		}
	}

	return 0;
}

A
Andi Kleen 已提交
1306 1307
static int crypt_setkey_allcpus(struct crypt_config *cc)
{
M
Milan Broz 已提交
1308 1309
	unsigned subkey_size = cc->key_size >> ilog2(cc->tfms_count);
	int cpu, err = 0, i, r;
A
Andi Kleen 已提交
1310 1311

	for_each_possible_cpu(cpu) {
M
Milan Broz 已提交
1312 1313 1314 1315 1316 1317
		for (i = 0; i < cc->tfms_count; i++) {
			r = crypto_ablkcipher_setkey(per_cpu_ptr(cc->cpu, cpu)->tfms[i],
						     cc->key + (i * subkey_size), subkey_size);
			if (r)
				err = r;
		}
A
Andi Kleen 已提交
1318 1319 1320 1321 1322
	}

	return err;
}

M
Milan Broz 已提交
1323 1324
static int crypt_set_key(struct crypt_config *cc, char *key)
{
1325 1326 1327
	int r = -EINVAL;
	int key_string_len = strlen(key);

M
Milan Broz 已提交
1328
	/* The key size may not be changed. */
1329 1330
	if (cc->key_size != (key_string_len >> 1))
		goto out;
M
Milan Broz 已提交
1331

M
Milan Broz 已提交
1332 1333
	/* Hyphen (which gives a key_size of zero) means there is no key. */
	if (!cc->key_size && strcmp(key, "-"))
1334
		goto out;
M
Milan Broz 已提交
1335

M
Milan Broz 已提交
1336
	if (cc->key_size && crypt_decode_key(cc->key, key, cc->key_size) < 0)
1337
		goto out;
M
Milan Broz 已提交
1338 1339 1340

	set_bit(DM_CRYPT_KEY_VALID, &cc->flags);

1341 1342 1343 1344 1345 1346 1347
	r = crypt_setkey_allcpus(cc);

out:
	/* Hex key string not needed after here, so wipe it. */
	memset(key, '0', key_string_len);

	return r;
M
Milan Broz 已提交
1348 1349 1350 1351 1352 1353
}

static int crypt_wipe_key(struct crypt_config *cc)
{
	clear_bit(DM_CRYPT_KEY_VALID, &cc->flags);
	memset(&cc->key, 0, cc->key_size * sizeof(u8));
A
Andi Kleen 已提交
1354 1355

	return crypt_setkey_allcpus(cc);
M
Milan Broz 已提交
1356 1357
}

1358 1359 1360
static void crypt_dtr(struct dm_target *ti)
{
	struct crypt_config *cc = ti->private;
A
Andi Kleen 已提交
1361 1362
	struct crypt_cpu *cpu_cc;
	int cpu;
1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373

	ti->private = NULL;

	if (!cc)
		return;

	if (cc->io_queue)
		destroy_workqueue(cc->io_queue);
	if (cc->crypt_queue)
		destroy_workqueue(cc->crypt_queue);

A
Andi Kleen 已提交
1374 1375 1376 1377 1378
	if (cc->cpu)
		for_each_possible_cpu(cpu) {
			cpu_cc = per_cpu_ptr(cc->cpu, cpu);
			if (cpu_cc->req)
				mempool_free(cpu_cc->req, cc->req_pool);
M
Milan Broz 已提交
1379
			crypt_free_tfms(cc, cpu);
A
Andi Kleen 已提交
1380 1381
		}

1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397
	if (cc->bs)
		bioset_free(cc->bs);

	if (cc->page_pool)
		mempool_destroy(cc->page_pool);
	if (cc->req_pool)
		mempool_destroy(cc->req_pool);
	if (cc->io_pool)
		mempool_destroy(cc->io_pool);

	if (cc->iv_gen_ops && cc->iv_gen_ops->dtr)
		cc->iv_gen_ops->dtr(cc);

	if (cc->dev)
		dm_put_device(ti, cc->dev);

A
Andi Kleen 已提交
1398 1399 1400
	if (cc->cpu)
		free_percpu(cc->cpu);

M
Milan Broz 已提交
1401
	kzfree(cc->cipher);
1402
	kzfree(cc->cipher_string);
1403 1404 1405 1406 1407

	/* Must zero key material before freeing */
	kzfree(cc);
}

M
Milan Broz 已提交
1408 1409
static int crypt_ctr_cipher(struct dm_target *ti,
			    char *cipher_in, char *key)
L
Linus Torvalds 已提交
1410
{
M
Milan Broz 已提交
1411
	struct crypt_config *cc = ti->private;
M
Milan Broz 已提交
1412
	char *tmp, *cipher, *chainmode, *ivmode, *ivopts, *keycount;
M
Milan Broz 已提交
1413
	char *cipher_api = NULL;
A
Andi Kleen 已提交
1414
	int cpu, ret = -EINVAL;
1415
	char dummy;
L
Linus Torvalds 已提交
1416

M
Milan Broz 已提交
1417 1418 1419
	/* Convert to crypto api definition? */
	if (strchr(cipher_in, '(')) {
		ti->error = "Bad cipher specification";
L
Linus Torvalds 已提交
1420 1421 1422
		return -EINVAL;
	}

1423 1424 1425 1426
	cc->cipher_string = kstrdup(cipher_in, GFP_KERNEL);
	if (!cc->cipher_string)
		goto bad_mem;

M
Milan Broz 已提交
1427 1428
	/*
	 * Legacy dm-crypt cipher specification
M
Milan Broz 已提交
1429
	 * cipher[:keycount]-mode-iv:ivopts
M
Milan Broz 已提交
1430 1431
	 */
	tmp = cipher_in;
M
Milan Broz 已提交
1432 1433 1434 1435 1436
	keycount = strsep(&tmp, "-");
	cipher = strsep(&keycount, ":");

	if (!keycount)
		cc->tfms_count = 1;
1437
	else if (sscanf(keycount, "%u%c", &cc->tfms_count, &dummy) != 1 ||
M
Milan Broz 已提交
1438 1439 1440 1441 1442
		 !is_power_of_2(cc->tfms_count)) {
		ti->error = "Bad cipher key count specification";
		return -EINVAL;
	}
	cc->key_parts = cc->tfms_count;
M
Milan Broz 已提交
1443 1444 1445 1446 1447

	cc->cipher = kstrdup(cipher, GFP_KERNEL);
	if (!cc->cipher)
		goto bad_mem;

L
Linus Torvalds 已提交
1448 1449 1450 1451 1452
	chainmode = strsep(&tmp, "-");
	ivopts = strsep(&tmp, "-");
	ivmode = strsep(&ivopts, ":");

	if (tmp)
M
Milan Broz 已提交
1453
		DMWARN("Ignoring unexpected additional cipher options");
L
Linus Torvalds 已提交
1454

M
Milan Broz 已提交
1455 1456 1457
	cc->cpu = __alloc_percpu(sizeof(*(cc->cpu)) +
				 cc->tfms_count * sizeof(*(cc->cpu->tfms)),
				 __alignof__(struct crypt_cpu));
A
Andi Kleen 已提交
1458 1459 1460 1461 1462
	if (!cc->cpu) {
		ti->error = "Cannot allocate per cpu state";
		goto bad_mem;
	}

1463 1464 1465 1466
	/*
	 * For compatibility with the original dm-crypt mapping format, if
	 * only the cipher name is supplied, use cbc-plain.
	 */
M
Milan Broz 已提交
1467
	if (!chainmode || (!strcmp(chainmode, "plain") && !ivmode)) {
L
Linus Torvalds 已提交
1468 1469 1470 1471
		chainmode = "cbc";
		ivmode = "plain";
	}

1472
	if (strcmp(chainmode, "ecb") && !ivmode) {
M
Milan Broz 已提交
1473 1474
		ti->error = "IV mechanism required";
		return -EINVAL;
L
Linus Torvalds 已提交
1475 1476
	}

M
Milan Broz 已提交
1477 1478 1479 1480 1481 1482 1483 1484 1485
	cipher_api = kmalloc(CRYPTO_MAX_ALG_NAME, GFP_KERNEL);
	if (!cipher_api)
		goto bad_mem;

	ret = snprintf(cipher_api, CRYPTO_MAX_ALG_NAME,
		       "%s(%s)", chainmode, cipher);
	if (ret < 0) {
		kfree(cipher_api);
		goto bad_mem;
L
Linus Torvalds 已提交
1486 1487
	}

M
Milan Broz 已提交
1488
	/* Allocate cipher */
A
Andi Kleen 已提交
1489
	for_each_possible_cpu(cpu) {
M
Milan Broz 已提交
1490 1491
		ret = crypt_alloc_tfms(cc, cpu, cipher_api);
		if (ret < 0) {
A
Andi Kleen 已提交
1492 1493 1494
			ti->error = "Error allocating crypto tfm";
			goto bad;
		}
L
Linus Torvalds 已提交
1495 1496
	}

M
Milan Broz 已提交
1497 1498
	/* Initialize and set key */
	ret = crypt_set_key(cc, key);
1499
	if (ret < 0) {
1500
		ti->error = "Error decoding and setting key";
1501
		goto bad;
1502 1503
	}

M
Milan Broz 已提交
1504
	/* Initialize IV */
A
Andi Kleen 已提交
1505
	cc->iv_size = crypto_ablkcipher_ivsize(any_tfm(cc));
M
Milan Broz 已提交
1506 1507 1508 1509 1510 1511 1512 1513 1514 1515
	if (cc->iv_size)
		/* at least a 64 bit sector number should fit in our buffer */
		cc->iv_size = max(cc->iv_size,
				  (unsigned int)(sizeof(u64) / sizeof(u8)));
	else if (ivmode) {
		DMWARN("Selected cipher does not support IVs");
		ivmode = NULL;
	}

	/* Choose ivmode, see comments at iv code. */
L
Linus Torvalds 已提交
1516 1517 1518 1519
	if (ivmode == NULL)
		cc->iv_gen_ops = NULL;
	else if (strcmp(ivmode, "plain") == 0)
		cc->iv_gen_ops = &crypt_iv_plain_ops;
M
Milan Broz 已提交
1520 1521
	else if (strcmp(ivmode, "plain64") == 0)
		cc->iv_gen_ops = &crypt_iv_plain64_ops;
L
Linus Torvalds 已提交
1522 1523
	else if (strcmp(ivmode, "essiv") == 0)
		cc->iv_gen_ops = &crypt_iv_essiv_ops;
1524 1525
	else if (strcmp(ivmode, "benbi") == 0)
		cc->iv_gen_ops = &crypt_iv_benbi_ops;
L
Ludwig Nussel 已提交
1526 1527
	else if (strcmp(ivmode, "null") == 0)
		cc->iv_gen_ops = &crypt_iv_null_ops;
M
Milan Broz 已提交
1528 1529 1530 1531 1532 1533 1534 1535 1536
	else if (strcmp(ivmode, "lmk") == 0) {
		cc->iv_gen_ops = &crypt_iv_lmk_ops;
		/* Version 2 and 3 is recognised according
		 * to length of provided multi-key string.
		 * If present (version 3), last key is used as IV seed.
		 */
		if (cc->key_size % cc->key_parts)
			cc->key_parts++;
	} else {
M
Milan Broz 已提交
1537
		ret = -EINVAL;
1538
		ti->error = "Invalid IV mode";
1539
		goto bad;
L
Linus Torvalds 已提交
1540 1541
	}

1542 1543 1544 1545 1546 1547 1548 1549
	/* Allocate IV */
	if (cc->iv_gen_ops && cc->iv_gen_ops->ctr) {
		ret = cc->iv_gen_ops->ctr(cc, ti, ivopts);
		if (ret < 0) {
			ti->error = "Error creating IV";
			goto bad;
		}
	}
L
Linus Torvalds 已提交
1550

1551 1552 1553 1554 1555 1556 1557
	/* Initialize IV (set keys for ESSIV etc) */
	if (cc->iv_gen_ops && cc->iv_gen_ops->init) {
		ret = cc->iv_gen_ops->init(cc);
		if (ret < 0) {
			ti->error = "Error initialising IV";
			goto bad;
		}
1558 1559
	}

M
Milan Broz 已提交
1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576
	ret = 0;
bad:
	kfree(cipher_api);
	return ret;

bad_mem:
	ti->error = "Cannot allocate cipher strings";
	return -ENOMEM;
}

/*
 * Construct an encryption mapping:
 * <cipher> <key> <iv_offset> <dev_path> <start>
 */
static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
{
	struct crypt_config *cc;
1577
	unsigned int key_size, opt_params;
M
Milan Broz 已提交
1578 1579
	unsigned long long tmpll;
	int ret;
1580 1581
	struct dm_arg_set as;
	const char *opt_string;
1582
	char dummy;
1583 1584 1585 1586

	static struct dm_arg _args[] = {
		{0, 1, "Invalid number of feature args"},
	};
M
Milan Broz 已提交
1587

1588
	if (argc < 5) {
M
Milan Broz 已提交
1589 1590
		ti->error = "Not enough arguments";
		return -EINVAL;
L
Linus Torvalds 已提交
1591 1592
	}

M
Milan Broz 已提交
1593 1594 1595 1596 1597 1598 1599
	key_size = strlen(argv[1]) >> 1;

	cc = kzalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL);
	if (!cc) {
		ti->error = "Cannot allocate encryption context";
		return -ENOMEM;
	}
M
Milan Broz 已提交
1600
	cc->key_size = key_size;
M
Milan Broz 已提交
1601 1602 1603 1604 1605 1606

	ti->private = cc;
	ret = crypt_ctr_cipher(ti, argv[0], argv[1]);
	if (ret < 0)
		goto bad;

1607
	ret = -ENOMEM;
1608
	cc->io_pool = mempool_create_slab_pool(MIN_IOS, _crypt_io_pool);
L
Linus Torvalds 已提交
1609
	if (!cc->io_pool) {
1610
		ti->error = "Cannot allocate crypt io mempool";
1611
		goto bad;
L
Linus Torvalds 已提交
1612 1613
	}

M
Milan Broz 已提交
1614
	cc->dmreq_start = sizeof(struct ablkcipher_request);
A
Andi Kleen 已提交
1615
	cc->dmreq_start += crypto_ablkcipher_reqsize(any_tfm(cc));
M
Milan Broz 已提交
1616
	cc->dmreq_start = ALIGN(cc->dmreq_start, crypto_tfm_ctx_alignment());
A
Andi Kleen 已提交
1617
	cc->dmreq_start += crypto_ablkcipher_alignmask(any_tfm(cc)) &
M
Milan Broz 已提交
1618
			   ~(crypto_tfm_ctx_alignment() - 1);
M
Milan Broz 已提交
1619 1620 1621 1622 1623

	cc->req_pool = mempool_create_kmalloc_pool(MIN_IOS, cc->dmreq_start +
			sizeof(struct dm_crypt_request) + cc->iv_size);
	if (!cc->req_pool) {
		ti->error = "Cannot allocate crypt request mempool";
1624
		goto bad;
M
Milan Broz 已提交
1625 1626
	}

1627
	cc->page_pool = mempool_create_page_pool(MIN_POOL_PAGES, 0);
L
Linus Torvalds 已提交
1628
	if (!cc->page_pool) {
1629
		ti->error = "Cannot allocate page mempool";
1630
		goto bad;
L
Linus Torvalds 已提交
1631 1632
	}

1633
	cc->bs = bioset_create(MIN_IOS, 0);
M
Milan Broz 已提交
1634 1635
	if (!cc->bs) {
		ti->error = "Cannot allocate crypt bioset";
1636
		goto bad;
M
Milan Broz 已提交
1637 1638
	}

1639
	ret = -EINVAL;
1640
	if (sscanf(argv[2], "%llu%c", &tmpll, &dummy) != 1) {
1641
		ti->error = "Invalid iv_offset sector";
1642
		goto bad;
L
Linus Torvalds 已提交
1643
	}
A
Andrew Morton 已提交
1644
	cc->iv_offset = tmpll;
L
Linus Torvalds 已提交
1645

1646 1647 1648 1649 1650
	if (dm_get_device(ti, argv[3], dm_table_get_mode(ti->table), &cc->dev)) {
		ti->error = "Device lookup failed";
		goto bad;
	}

1651
	if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1) {
1652
		ti->error = "Invalid device sector";
1653
		goto bad;
L
Linus Torvalds 已提交
1654
	}
A
Andrew Morton 已提交
1655
	cc->start = tmpll;
L
Linus Torvalds 已提交
1656

1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680
	argv += 5;
	argc -= 5;

	/* Optional parameters */
	if (argc) {
		as.argc = argc;
		as.argv = argv;

		ret = dm_read_arg_group(_args, &as, &opt_params, &ti->error);
		if (ret)
			goto bad;

		opt_string = dm_shift_arg(&as);

		if (opt_params == 1 && opt_string &&
		    !strcasecmp(opt_string, "allow_discards"))
			ti->num_discard_requests = 1;
		else if (opt_params) {
			ret = -EINVAL;
			ti->error = "Invalid feature arguments";
			goto bad;
		}
	}

1681
	ret = -ENOMEM;
A
Andi Kleen 已提交
1682 1683 1684 1685
	cc->io_queue = alloc_workqueue("kcryptd_io",
				       WQ_NON_REENTRANT|
				       WQ_MEM_RECLAIM,
				       1);
M
Milan Broz 已提交
1686 1687
	if (!cc->io_queue) {
		ti->error = "Couldn't create kcryptd io queue";
1688
		goto bad;
M
Milan Broz 已提交
1689 1690
	}

A
Andi Kleen 已提交
1691 1692 1693 1694 1695
	cc->crypt_queue = alloc_workqueue("kcryptd",
					  WQ_NON_REENTRANT|
					  WQ_CPU_INTENSIVE|
					  WQ_MEM_RECLAIM,
					  1);
M
Milan Broz 已提交
1696
	if (!cc->crypt_queue) {
1697
		ti->error = "Couldn't create kcryptd queue";
1698
		goto bad;
1699 1700
	}

M
Mikulas Patocka 已提交
1701
	ti->num_flush_requests = 1;
1702 1703
	ti->discard_zeroes_data_unsupported = 1;

L
Linus Torvalds 已提交
1704 1705
	return 0;

1706 1707 1708
bad:
	crypt_dtr(ti);
	return ret;
L
Linus Torvalds 已提交
1709 1710 1711 1712 1713
}

static int crypt_map(struct dm_target *ti, struct bio *bio,
		     union map_info *map_context)
{
A
Alasdair G Kergon 已提交
1714
	struct dm_crypt_io *io;
M
Mikulas Patocka 已提交
1715 1716
	struct crypt_config *cc;

1717 1718 1719 1720 1721 1722
	/*
	 * If bio is REQ_FLUSH or REQ_DISCARD, just bypass crypt queues.
	 * - for REQ_FLUSH device-mapper core ensures that no IO is in-flight
	 * - for REQ_DISCARD caller must use flush if IO ordering matters
	 */
	if (unlikely(bio->bi_rw & (REQ_FLUSH | REQ_DISCARD))) {
M
Mikulas Patocka 已提交
1723 1724
		cc = ti->private;
		bio->bi_bdev = cc->dev->bdev;
1725 1726
		if (bio_sectors(bio))
			bio->bi_sector = cc->start + dm_target_offset(ti, bio->bi_sector);
M
Mikulas Patocka 已提交
1727 1728
		return DM_MAPIO_REMAPPED;
	}
L
Linus Torvalds 已提交
1729

1730
	io = crypt_io_alloc(ti, bio, dm_target_offset(ti, bio->bi_sector));
M
Milan Broz 已提交
1731

1732 1733 1734 1735
	if (bio_data_dir(io->base_bio) == READ) {
		if (kcryptd_io_read(io, GFP_NOWAIT))
			kcryptd_queue_io(io);
	} else
M
Milan Broz 已提交
1736
		kcryptd_queue_crypt(io);
L
Linus Torvalds 已提交
1737

1738
	return DM_MAPIO_SUBMITTED;
L
Linus Torvalds 已提交
1739 1740 1741 1742 1743
}

static int crypt_status(struct dm_target *ti, status_type_t type,
			char *result, unsigned int maxlen)
{
M
Milan Broz 已提交
1744
	struct crypt_config *cc = ti->private;
L
Linus Torvalds 已提交
1745 1746 1747 1748 1749 1750 1751 1752
	unsigned int sz = 0;

	switch (type) {
	case STATUSTYPE_INFO:
		result[0] = '\0';
		break;

	case STATUSTYPE_TABLE:
1753
		DMEMIT("%s ", cc->cipher_string);
L
Linus Torvalds 已提交
1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766

		if (cc->key_size > 0) {
			if ((maxlen - sz) < ((cc->key_size << 1) + 1))
				return -ENOMEM;

			crypt_encode_key(result + sz, cc->key, cc->key_size);
			sz += cc->key_size << 1;
		} else {
			if (sz >= maxlen)
				return -ENOMEM;
			result[sz++] = '-';
		}

A
Andrew Morton 已提交
1767 1768
		DMEMIT(" %llu %s %llu", (unsigned long long)cc->iv_offset,
				cc->dev->name, (unsigned long long)cc->start);
1769 1770 1771 1772

		if (ti->num_discard_requests)
			DMEMIT(" 1 allow_discards");

L
Linus Torvalds 已提交
1773 1774 1775 1776 1777
		break;
	}
	return 0;
}

M
Milan Broz 已提交
1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810
static void crypt_postsuspend(struct dm_target *ti)
{
	struct crypt_config *cc = ti->private;

	set_bit(DM_CRYPT_SUSPENDED, &cc->flags);
}

static int crypt_preresume(struct dm_target *ti)
{
	struct crypt_config *cc = ti->private;

	if (!test_bit(DM_CRYPT_KEY_VALID, &cc->flags)) {
		DMERR("aborting resume - crypt key is not set.");
		return -EAGAIN;
	}

	return 0;
}

static void crypt_resume(struct dm_target *ti)
{
	struct crypt_config *cc = ti->private;

	clear_bit(DM_CRYPT_SUSPENDED, &cc->flags);
}

/* Message interface
 *	key set <key>
 *	key wipe
 */
static int crypt_message(struct dm_target *ti, unsigned argc, char **argv)
{
	struct crypt_config *cc = ti->private;
1811
	int ret = -EINVAL;
M
Milan Broz 已提交
1812 1813 1814 1815

	if (argc < 2)
		goto error;

1816
	if (!strcasecmp(argv[0], "key")) {
M
Milan Broz 已提交
1817 1818 1819 1820
		if (!test_bit(DM_CRYPT_SUSPENDED, &cc->flags)) {
			DMWARN("not suspended during key manipulation.");
			return -EINVAL;
		}
1821
		if (argc == 3 && !strcasecmp(argv[1], "set")) {
1822 1823 1824 1825 1826 1827 1828
			ret = crypt_set_key(cc, argv[2]);
			if (ret)
				return ret;
			if (cc->iv_gen_ops && cc->iv_gen_ops->init)
				ret = cc->iv_gen_ops->init(cc);
			return ret;
		}
1829
		if (argc == 2 && !strcasecmp(argv[1], "wipe")) {
1830 1831 1832 1833 1834
			if (cc->iv_gen_ops && cc->iv_gen_ops->wipe) {
				ret = cc->iv_gen_ops->wipe(cc);
				if (ret)
					return ret;
			}
M
Milan Broz 已提交
1835
			return crypt_wipe_key(cc);
1836
		}
M
Milan Broz 已提交
1837 1838 1839 1840 1841 1842 1843
	}

error:
	DMWARN("unrecognised message received.");
	return -EINVAL;
}

M
Milan Broz 已提交
1844 1845 1846 1847 1848 1849 1850 1851 1852 1853
static int crypt_merge(struct dm_target *ti, struct bvec_merge_data *bvm,
		       struct bio_vec *biovec, int max_size)
{
	struct crypt_config *cc = ti->private;
	struct request_queue *q = bdev_get_queue(cc->dev->bdev);

	if (!q->merge_bvec_fn)
		return max_size;

	bvm->bi_bdev = cc->dev->bdev;
1854
	bvm->bi_sector = cc->start + dm_target_offset(ti, bvm->bi_sector);
M
Milan Broz 已提交
1855 1856 1857 1858

	return min(max_size, q->merge_bvec_fn(q, bvm, biovec));
}

1859 1860 1861 1862 1863
static int crypt_iterate_devices(struct dm_target *ti,
				 iterate_devices_callout_fn fn, void *data)
{
	struct crypt_config *cc = ti->private;

1864
	return fn(ti, cc->dev, cc->start, ti->len, data);
1865 1866
}

L
Linus Torvalds 已提交
1867 1868
static struct target_type crypt_target = {
	.name   = "crypt",
1869
	.version = {1, 11, 0},
L
Linus Torvalds 已提交
1870 1871 1872 1873 1874
	.module = THIS_MODULE,
	.ctr    = crypt_ctr,
	.dtr    = crypt_dtr,
	.map    = crypt_map,
	.status = crypt_status,
M
Milan Broz 已提交
1875 1876 1877 1878
	.postsuspend = crypt_postsuspend,
	.preresume = crypt_preresume,
	.resume = crypt_resume,
	.message = crypt_message,
M
Milan Broz 已提交
1879
	.merge  = crypt_merge,
1880
	.iterate_devices = crypt_iterate_devices,
L
Linus Torvalds 已提交
1881 1882 1883 1884 1885 1886
};

static int __init dm_crypt_init(void)
{
	int r;

A
Alasdair G Kergon 已提交
1887
	_crypt_io_pool = KMEM_CACHE(dm_crypt_io, 0);
L
Linus Torvalds 已提交
1888 1889 1890 1891 1892
	if (!_crypt_io_pool)
		return -ENOMEM;

	r = dm_register_target(&crypt_target);
	if (r < 0) {
1893
		DMERR("register failed %d", r);
1894
		kmem_cache_destroy(_crypt_io_pool);
L
Linus Torvalds 已提交
1895 1896 1897 1898 1899 1900 1901
	}

	return r;
}

static void __exit dm_crypt_exit(void)
{
1902
	dm_unregister_target(&crypt_target);
L
Linus Torvalds 已提交
1903 1904 1905 1906 1907 1908 1909 1910 1911
	kmem_cache_destroy(_crypt_io_pool);
}

module_init(dm_crypt_init);
module_exit(dm_crypt_exit);

MODULE_AUTHOR("Christophe Saout <christophe@saout.de>");
MODULE_DESCRIPTION(DM_NAME " target for transparent encryption / decryption");
MODULE_LICENSE("GPL");