Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / refs/tags/FP3-REL-Q-3.A.0107 / . / drivers / md / dm-req-crypt.c
blob: b4bdbc07127a8df7db45f401a4ebd6124f50d3ab [file] [log] [blame]
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]1/*
2 * DM request based crypto driver
3 *
4 * Copyright (c) 2014-2017, The Linux Foundation. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 and
8 * only version 2 as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 */
15
16#include <linux/completion.h>
17#include <linux/err.h>
18#include <linux/module.h>
19#include <linux/init.h>
20#include <linux/kernel.h>
21#include <linux/bio.h>
22#include <linux/blkdev.h>
23#include <linux/mempool.h>
24#include <linux/slab.h>
25#include <linux/crypto.h>
26#include <linux/qcrypto.h>
27#include <linux/workqueue.h>
28#include <linux/backing-dev.h>
29#include <linux/atomic.h>
30#include <linux/scatterlist.h>
31#include <linux/device-mapper.h>
32#include <linux/printk.h>
33
34#include <asm/page.h>
35#include <asm/unaligned.h>
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]36#include <crypto/skcipher.h>
37#include <crypto/internal/skcipher.h>
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]38#include <crypto/scatterwalk.h>
39#include <crypto/hash.h>
40#include <crypto/md5.h>
41#include <crypto/algapi.h>
42#include <crypto/ice.h>
43
44#define DM_MSG_PREFIX "req-crypt"
45
46#define MAX_SG_LIST 1024
47#define REQ_DM_512_KB (512*1024)
48#define MAX_ENCRYPTION_BUFFERS 1
49#define MIN_IOS 256
50#define MIN_POOL_PAGES 32
51#define KEY_SIZE_XTS 32
52#define AES_XTS_IV_LEN 16
53#define MAX_MSM_ICE_KEY_LUT_SIZE 32
54#define SECTOR_SIZE 512
55#define MIN_CRYPTO_TRANSFER_SIZE (4 * 1024)
56
57#define DM_REQ_CRYPT_ERROR -1
58#define DM_REQ_CRYPT_ERROR_AFTER_PAGE_MALLOC -2
59
60/*
61 * ENCRYPTION_MODE_CRYPTO means dm-req-crypt would invoke crypto operations
62 * for all of the requests. Crypto operations are performed by crypto engine
63 * plugged with Linux Kernel Crypto APIs
64 */
65#define DM_REQ_CRYPT_ENCRYPTION_MODE_CRYPTO 0
66/*
67 * ENCRYPTION_MODE_TRANSPARENT means dm-req-crypt would not invoke crypto
68 * operations for any of the requests. Data would be encrypted or decrypted
69 * using Inline Crypto Engine(ICE) embedded in storage hardware
70 */
71#define DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT 1
72
73#define DM_REQ_CRYPT_QUEUE_SIZE 256
74
75struct req_crypt_result {
76 struct completion completion;
77 int err;
78};
79
80#define FDE_KEY_ID 0
81#define PFE_KEY_ID 1
82
83static struct dm_dev *dev;
84static struct kmem_cache *_req_crypt_io_pool;
85static struct kmem_cache *_req_dm_scatterlist_pool;
86static sector_t start_sector_orig;
87static struct workqueue_struct *req_crypt_queue;
88static struct workqueue_struct *req_crypt_split_io_queue;
89static mempool_t *req_io_pool;
90static mempool_t *req_page_pool;
91static mempool_t *req_scatterlist_pool;
92static bool is_fde_enabled;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]93static struct crypto_skcipher *tfm;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]94static unsigned int encryption_mode;
95static struct ice_crypto_setting *ice_settings;
96
97unsigned int num_engines;
98unsigned int num_engines_fde, fde_cursor;
99unsigned int num_engines_pfe, pfe_cursor;
100struct crypto_engine_entry *fde_eng, *pfe_eng;
101DEFINE_MUTEX(engine_list_mutex);
102
103struct req_dm_crypt_io {
104 struct ice_crypto_setting ice_settings;
105 struct work_struct work;
106 struct request *cloned_request;
107 int error;
108 atomic_t pending;
109 struct timespec start_time;
110 bool should_encrypt;
111 bool should_decrypt;
112 u32 key_id;
113};
114
115struct req_dm_split_req_io {
116 struct work_struct work;
117 struct scatterlist *req_split_sg_read;
118 struct req_crypt_result result;
119 struct crypto_engine_entry *engine;
120 u8 IV[AES_XTS_IV_LEN];
121 int size;
122 struct request *clone;
123};
124
125#ifdef CONFIG_FIPS_ENABLE
126static struct qcrypto_func_set dm_qcrypto_func;
127#else
128static struct qcrypto_func_set dm_qcrypto_func = {
129 qcrypto_cipher_set_device_hw,
130 qcrypto_cipher_set_flag,
131 qcrypto_get_num_engines,
132 qcrypto_get_engine_list
133};
134#endif
135static void req_crypt_cipher_complete
136 (struct crypto_async_request *req, int err);
137static void req_cryptd_split_req_queue_cb
138 (struct work_struct *work);
139static void req_cryptd_split_req_queue
140 (struct req_dm_split_req_io *io);
141static void req_crypt_split_io_complete
142 (struct req_crypt_result *res, int err);
143
144static bool req_crypt_should_encrypt(struct req_dm_crypt_io *req)
145{
146 int ret = 0;
147 bool should_encrypt = false;
148 struct bio *bio = NULL;
149 bool is_encrypted = false;
150 bool is_inplace = false;
151
152 if (!req || !req->cloned_request || !req->cloned_request->bio)
153 return false;
154
155 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT)
156 return false;
157 bio = req->cloned_request->bio;
158
159 /* req->key_id = key_id; @todo support more than 1 pfe key */
160 if ((ret == 0) && (is_encrypted || is_inplace)) {
161 should_encrypt = true;
162 req->key_id = PFE_KEY_ID;
163 } else if (is_fde_enabled) {
164 should_encrypt = true;
165 req->key_id = FDE_KEY_ID;
166 }
167
168 return should_encrypt;
169}
170
171static bool req_crypt_should_deccrypt(struct req_dm_crypt_io *req)
172{
173 int ret = 0;
174 bool should_deccrypt = false;
175 struct bio *bio = NULL;
176 bool is_encrypted = false;
177 bool is_inplace = false;
178
179 if (!req || !req->cloned_request || !req->cloned_request->bio)
180 return false;
181 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT)
182 return false;
183
184 bio = req->cloned_request->bio;
185
186 /* req->key_id = key_id; @todo support more than 1 pfe key */
187 if ((ret == 0) && (is_encrypted && !is_inplace)) {
188 should_deccrypt = true;
189 req->key_id = PFE_KEY_ID;
190 } else if (is_fde_enabled) {
191 should_deccrypt = true;
192 req->key_id = FDE_KEY_ID;
193 }
194
195 return should_deccrypt;
196}
197
198static void req_crypt_inc_pending(struct req_dm_crypt_io *io)
199{
200 atomic_inc(&io->pending);
201}
202
203static void req_crypt_dec_pending_encrypt(struct req_dm_crypt_io *io)
204{
205 int error = 0;
206 struct request *clone = NULL;
207
208 if (io) {
209 error = io->error;
210 if (io->cloned_request) {
211 clone = io->cloned_request;
212 } else {
213 DMERR("%s io->cloned_request is NULL\n",
214 __func__);
215 /*
216 * If Clone is NULL we cannot do anything,
217 * this should never happen
218 */
219 WARN_ON(1);
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]220 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]221 }
222 } else {
223 DMERR("%s io is NULL\n", __func__);
224 /*
225 * If Clone is NULL we cannot do anything,
226 * this should never happen
227 */
228 WARN_ON(1);
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]229 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]230 }
231
232 atomic_dec(&io->pending);
233
234 if (error < 0) {
235 dm_kill_unmapped_request(clone, error);
236 mempool_free(io, req_io_pool);
237 } else
238 dm_dispatch_request(clone);
239}
240
241static void req_crypt_dec_pending_decrypt(struct req_dm_crypt_io *io)
242{
243 int error = 0;
244 struct request *clone = NULL;
245
246 if (io) {
247 error = io->error;
248 if (io->cloned_request) {
249 clone = io->cloned_request;
250 } else {
251 DMERR("%s io->cloned_request is NULL\n",
252 __func__);
253 /*
254 * If Clone is NULL we cannot do anything,
255 * this should never happen
256 */
257 WARN_ON(1);
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]258 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]259 }
260 } else {
261 DMERR("%s io is NULL\n",
262 __func__);
263 /*
264 * If Clone is NULL we cannot do anything,
265 * this should never happen
266 */
267 WARN_ON(1);
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]268 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]269 }
270
271 /* Should never get here if io or Clone is NULL */
272 dm_end_request(clone, error);
273 atomic_dec(&io->pending);
274 mempool_free(io, req_io_pool);
275}
276
277/*
278 * The callback that will be called by the worker queue to perform Decryption
279 * for reads and use the dm function to complete the bios and requests.
280 */
281static void req_cryptd_crypt_read_convert(struct req_dm_crypt_io *io)
282{
283 struct request *clone = NULL;
284 int error = DM_REQ_CRYPT_ERROR;
285 int total_sg_len = 0, total_bytes_in_req = 0, temp_size = 0, i = 0;
286 struct scatterlist *sg = NULL;
287 struct scatterlist *req_sg_read = NULL;
288
289 unsigned int engine_list_total = 0;
290 struct crypto_engine_entry *curr_engine_list = NULL;
291 bool split_transfers = 0;
292 sector_t tempiv;
293 struct req_dm_split_req_io *split_io = NULL;
294
295 if (io) {
296 error = io->error;
297 if (io->cloned_request) {
298 clone = io->cloned_request;
299 } else {
300 DMERR("%s io->cloned_request is NULL\n",
301 __func__);
302 error = DM_REQ_CRYPT_ERROR;
303 goto submit_request;
304 }
305 } else {
306 DMERR("%s io is NULL\n",
307 __func__);
308 error = DM_REQ_CRYPT_ERROR;
309 goto submit_request;
310 }
311
312 req_crypt_inc_pending(io);
313
314 mutex_lock(&engine_list_mutex);
315
316 engine_list_total = (io->key_id == FDE_KEY_ID ? num_engines_fde :
317 (io->key_id == PFE_KEY_ID ?
318 num_engines_pfe : 0));
319
320 curr_engine_list = (io->key_id == FDE_KEY_ID ? fde_eng :
321 (io->key_id == PFE_KEY_ID ?
322 pfe_eng : NULL));
323
324 mutex_unlock(&engine_list_mutex);
325
326 req_sg_read = (struct scatterlist *)mempool_alloc(req_scatterlist_pool,
327 GFP_KERNEL);
328 if (!req_sg_read) {
329 DMERR("%s req_sg_read allocation failed\n",
330 __func__);
331 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]332 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]333 }
334 memset(req_sg_read, 0, sizeof(struct scatterlist) * MAX_SG_LIST);
335
336 total_sg_len = blk_rq_map_sg_no_cluster(clone->q, clone, req_sg_read);
337 if ((total_sg_len <= 0) || (total_sg_len > MAX_SG_LIST)) {
338 DMERR("%s Request Error%d", __func__, total_sg_len);
339 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]340 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]341 }
342
343 total_bytes_in_req = clone->__data_len;
344 if (total_bytes_in_req > REQ_DM_512_KB) {
345 DMERR("%s total_bytes_in_req > 512 MB %d",
346 __func__, total_bytes_in_req);
347 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]348 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]349 }
350
351
352 if ((clone->__data_len >= (MIN_CRYPTO_TRANSFER_SIZE *
353 engine_list_total))
354 && (engine_list_total > 1))
355 split_transfers = 1;
356
357 if (split_transfers) {
358 split_io = kzalloc(sizeof(struct req_dm_split_req_io)
359 * engine_list_total, GFP_KERNEL);
360 if (!split_io) {
361 DMERR("%s split_io allocation failed\n", __func__);
362 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]363 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]364 }
365
366 split_io[0].req_split_sg_read = sg = req_sg_read;
367 split_io[engine_list_total - 1].size = total_bytes_in_req;
368 for (i = 0; i < (engine_list_total); i++) {
369 while ((sg) && i < (engine_list_total - 1)) {
370 split_io[i].size += sg->length;
371 split_io[engine_list_total - 1].size -=
372 sg->length;
373 if (split_io[i].size >=
374 (total_bytes_in_req /
375 engine_list_total)) {
376 split_io[i + 1].req_split_sg_read =
377 sg_next(sg);
378 sg_mark_end(sg);
379 break;
380 }
381 sg = sg_next(sg);
382 }
383 split_io[i].engine = &curr_engine_list[i];
384 init_completion(&split_io[i].result.completion);
385 memset(&split_io[i].IV, 0, AES_XTS_IV_LEN);
386 tempiv = clone->__sector + (temp_size / SECTOR_SIZE);
387 memcpy(&split_io[i].IV, &tempiv, sizeof(sector_t));
388 temp_size += split_io[i].size;
389 split_io[i].clone = clone;
390 req_cryptd_split_req_queue(&split_io[i]);
391 }
392 } else {
393 split_io = kzalloc(sizeof(struct req_dm_split_req_io),
394 GFP_KERNEL);
395 if (!split_io) {
396 DMERR("%s split_io allocation failed\n", __func__);
397 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]398 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]399 }
400 split_io->engine = &curr_engine_list[0];
401 init_completion(&split_io->result.completion);
402 memcpy(split_io->IV, &clone->__sector, sizeof(sector_t));
403 split_io->req_split_sg_read = req_sg_read;
404 split_io->size = total_bytes_in_req;
405 split_io->clone = clone;
406 req_cryptd_split_req_queue(split_io);
407 }
408
409 if (!split_transfers) {
410 wait_for_completion_interruptible(&split_io->result.completion);
411 if (split_io->result.err) {
412 DMERR("%s error = %d for request\n",
413 __func__, split_io->result.err);
414 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]415 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]416 }
417 } else {
418 for (i = 0; i < (engine_list_total); i++) {
419 wait_for_completion_interruptible(
420 &split_io[i].result.completion);
421 if (split_io[i].result.err) {
422 DMERR("%s error = %d for %dst request\n",
423 __func__, split_io[i].result.err, i);
424 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]425 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]426 }
427 }
428 }
429 error = 0;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]430skcipher_req_alloc_failure:
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]431
432 mempool_free(req_sg_read, req_scatterlist_pool);
433 kfree(split_io);
434submit_request:
435 if (io)
436 io->error = error;
437 req_crypt_dec_pending_decrypt(io);
438}
439
440/*
441 * This callback is called by the worker queue to perform non-decrypt reads
442 * and use the dm function to complete the bios and requests.
443 */
444static void req_cryptd_crypt_read_plain(struct req_dm_crypt_io *io)
445{
446 struct request *clone = NULL;
447 int error = 0;
448
449 if (!io || !io->cloned_request) {
450 DMERR("%s io is invalid\n", __func__);
451 WARN_ON(1); /* should not happen */
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]452 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]453 }
454
455 clone = io->cloned_request;
456
457 dm_end_request(clone, error);
458 mempool_free(io, req_io_pool);
459}
460
461/*
462 * The callback that will be called by the worker queue to perform Encryption
463 * for writes and submit the request using the elevelator.
464 */
465static void req_cryptd_crypt_write_convert(struct req_dm_crypt_io *io)
466{
467 struct request *clone = NULL;
468 struct bio *bio_src = NULL;
469 unsigned int total_sg_len_req_in = 0, total_sg_len_req_out = 0,
470 total_bytes_in_req = 0, error = DM_MAPIO_REMAPPED, rc = 0;
471 struct req_iterator iter;
472 struct req_iterator iter1;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]473 struct skcipher_request *req = NULL;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]474 struct req_crypt_result result;
475 struct bio_vec bvec;
476 struct scatterlist *req_sg_in = NULL;
477 struct scatterlist *req_sg_out = NULL;
478 int copy_bio_sector_to_req = 0;
479 gfp_t gfp_mask = GFP_NOIO | __GFP_HIGHMEM;
480 struct page *page = NULL;
481 u8 IV[AES_XTS_IV_LEN];
482 int remaining_size = 0, err = 0;
483 struct crypto_engine_entry engine;
484 unsigned int engine_list_total = 0;
485 struct crypto_engine_entry *curr_engine_list = NULL;
486 unsigned int *engine_cursor = NULL;
487
488
489 if (io) {
490 if (io->cloned_request) {
491 clone = io->cloned_request;
492 } else {
493 DMERR("%s io->cloned_request is NULL\n",
494 __func__);
495 error = DM_REQ_CRYPT_ERROR;
496 goto submit_request;
497 }
498 } else {
499 DMERR("%s io is NULL\n",
500 __func__);
501 error = DM_REQ_CRYPT_ERROR;
502 goto submit_request;
503 }
504
505 req_crypt_inc_pending(io);
506
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]507 req = skcipher_request_alloc(tfm, GFP_KERNEL);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]508 if (!req) {
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]509 DMERR("%s skcipher request allocation failed\n",
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]510 __func__);
511 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]512 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]513 }
514
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]515 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]516 req_crypt_cipher_complete, &result);
517
518 mutex_lock(&engine_list_mutex);
519 engine_list_total = (io->key_id == FDE_KEY_ID ? num_engines_fde :
520 (io->key_id == PFE_KEY_ID ?
521 num_engines_pfe : 0));
522
523 curr_engine_list = (io->key_id == FDE_KEY_ID ? fde_eng :
524 (io->key_id == PFE_KEY_ID ?
525 pfe_eng : NULL));
526
527 engine_cursor = (io->key_id == FDE_KEY_ID ? &fde_cursor :
528 (io->key_id == PFE_KEY_ID ? &pfe_cursor
529 : NULL));
530 if ((engine_list_total < 1) || (curr_engine_list == NULL) ||
531 (engine_cursor == NULL)) {
532 DMERR("%s Unknown Key ID!\n", __func__);
533 error = DM_REQ_CRYPT_ERROR;
534 mutex_unlock(&engine_list_mutex);
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]535 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]536 }
537
538 engine = curr_engine_list[*engine_cursor];
539 (*engine_cursor)++;
540 (*engine_cursor) %= engine_list_total;
541
542 err = (dm_qcrypto_func.cipher_set)(req, engine.ce_device,
543 engine.hw_instance);
544 if (err) {
545 DMERR("%s qcrypto_cipher_set_device_hw failed with err %d\n",
546 __func__, err);
547 mutex_unlock(&engine_list_mutex);
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]548 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]549 }
550 mutex_unlock(&engine_list_mutex);
551
552 init_completion(&result.completion);
553
554 (dm_qcrypto_func.cipher_flag)(req,
555 QCRYPTO_CTX_USE_PIPE_KEY | QCRYPTO_CTX_XTS_DU_SIZE_512B);
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]556 crypto_skcipher_clear_flags(tfm, ~0);
557 crypto_skcipher_setkey(tfm, NULL, KEY_SIZE_XTS);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]558
559 req_sg_in = (struct scatterlist *)mempool_alloc(req_scatterlist_pool,
560 GFP_KERNEL);
561 if (!req_sg_in) {
562 DMERR("%s req_sg_in allocation failed\n",
563 __func__);
564 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]565 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]566 }
567 memset(req_sg_in, 0, sizeof(struct scatterlist) * MAX_SG_LIST);
568
569 req_sg_out = (struct scatterlist *)mempool_alloc(req_scatterlist_pool,
570 GFP_KERNEL);
571 if (!req_sg_out) {
572 DMERR("%s req_sg_out allocation failed\n",
573 __func__);
574 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]575 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]576 }
577 memset(req_sg_out, 0, sizeof(struct scatterlist) * MAX_SG_LIST);
578
579 total_sg_len_req_in = blk_rq_map_sg(clone->q, clone, req_sg_in);
580 if ((total_sg_len_req_in <= 0) ||
581 (total_sg_len_req_in > MAX_SG_LIST)) {
582 DMERR("%s Request Error%d", __func__, total_sg_len_req_in);
583 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]584 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]585 }
586
587 total_bytes_in_req = clone->__data_len;
588 if (total_bytes_in_req > REQ_DM_512_KB) {
589 DMERR("%s total_bytes_in_req > 512 MB %d",
590 __func__, total_bytes_in_req);
591 error = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]592 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]593 }
594
595 rq_for_each_segment(bvec, clone, iter) {
596 if (bvec.bv_len > remaining_size) {
597 page = NULL;
598 while (page == NULL) {
599 page = mempool_alloc(req_page_pool, gfp_mask);
600 if (!page) {
601 DMERR("%s Crypt page alloc failed",
602 __func__);
603 congestion_wait(BLK_RW_ASYNC, HZ/100);
604 }
605 }
606
607 bvec.bv_page = page;
608 bvec.bv_offset = 0;
609 remaining_size = PAGE_SIZE - bvec.bv_len;
610 if (remaining_size < 0)
611 WARN_ON(1);
612 } else {
613 bvec.bv_page = page;
614 bvec.bv_offset = PAGE_SIZE - remaining_size;
615 remaining_size = remaining_size - bvec.bv_len;
616 }
617 }
618
619 total_sg_len_req_out = blk_rq_map_sg(clone->q, clone, req_sg_out);
620 if ((total_sg_len_req_out <= 0) ||
621 (total_sg_len_req_out > MAX_SG_LIST)) {
622 DMERR("%s Request Error %d", __func__, total_sg_len_req_out);
623 error = DM_REQ_CRYPT_ERROR_AFTER_PAGE_MALLOC;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]624 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]625 }
626
627 memset(IV, 0, AES_XTS_IV_LEN);
628 memcpy(IV, &clone->__sector, sizeof(sector_t));
629
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]630 skcipher_request_set_crypt(req, req_sg_in, req_sg_out,
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]631 total_bytes_in_req, (void *) IV);
632
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]633 rc = crypto_skcipher_encrypt(req);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]634
635 switch (rc) {
636 case 0:
637 break;
638
639 case -EBUSY:
640 /*
641 * Lets make this synchronous request by waiting on
642 * in progress as well
643 */
644 case -EINPROGRESS:
645 wait_for_completion_interruptible(&result.completion);
646 if (result.err) {
647 DMERR("%s error = %d encrypting the request\n",
648 __func__, result.err);
649 error = DM_REQ_CRYPT_ERROR_AFTER_PAGE_MALLOC;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]650 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]651 }
652 break;
653
654 default:
655 error = DM_REQ_CRYPT_ERROR_AFTER_PAGE_MALLOC;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]656 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]657 }
658
659 __rq_for_each_bio(bio_src, clone) {
660 if (copy_bio_sector_to_req == 0)
661 copy_bio_sector_to_req++;
662 blk_queue_bounce(clone->q, &bio_src);
663 }
664
665 /*
666 * Recalculate the phy_segments as we allocate new pages
667 * This is used by storage driver to fill the sg list.
668 */
669 blk_recalc_rq_segments(clone);
670
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]671skcipher_req_alloc_failure:
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]672 if (req)
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]673 skcipher_request_free(req);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]674
675 if (error == DM_REQ_CRYPT_ERROR_AFTER_PAGE_MALLOC) {
676 rq_for_each_segment(bvec, clone, iter1) {
677 if (bvec.bv_offset == 0) {
678 mempool_free(bvec.bv_page, req_page_pool);
679 bvec.bv_page = NULL;
680 } else
681 bvec.bv_page = NULL;
682 }
683 }
684
685 mempool_free(req_sg_in, req_scatterlist_pool);
686 mempool_free(req_sg_out, req_scatterlist_pool);
687submit_request:
688 if (io)
689 io->error = error;
690 req_crypt_dec_pending_encrypt(io);
691}
692
693/*
694 * This callback is called by the worker queue to perform non-encrypted writes
695 * and submit the request using the elevelator.
696 */
697static void req_cryptd_crypt_write_plain(struct req_dm_crypt_io *io)
698{
699 struct request *clone = NULL;
700
701 if (!io || !io->cloned_request) {
702 DMERR("%s io is invalid\n", __func__);
703 WARN_ON(1); /* should not happen */
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]704 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]705 }
706
707 clone = io->cloned_request;
708 io->error = 0;
709 dm_dispatch_request(clone);
710}
711
712/* Queue callback function that will get triggered */
713static void req_cryptd_crypt(struct work_struct *work)
714{
715 struct req_dm_crypt_io *io =
716 container_of(work, struct req_dm_crypt_io, work);
717
718 if (rq_data_dir(io->cloned_request) == WRITE) {
719 if (io->should_encrypt)
720 req_cryptd_crypt_write_convert(io);
721 else
722 req_cryptd_crypt_write_plain(io);
723 } else if (rq_data_dir(io->cloned_request) == READ) {
724 if (io->should_decrypt)
725 req_cryptd_crypt_read_convert(io);
726 else
727 req_cryptd_crypt_read_plain(io);
728 } else {
729 DMERR("%s received non-write request for Clone 0x%p\n",
730 __func__, io->cloned_request);
731 }
732}
733
734static void req_cryptd_split_req_queue_cb(struct work_struct *work)
735{
736 struct req_dm_split_req_io *io =
737 container_of(work, struct req_dm_split_req_io, work);
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]738 struct skcipher_request *req = NULL;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]739 struct req_crypt_result result;
740 int err = 0;
741 struct crypto_engine_entry *engine = NULL;
742
743 if ((!io) || (!io->req_split_sg_read) || (!io->engine)) {
744 DMERR("%s Input invalid\n",
745 __func__);
746 err = DM_REQ_CRYPT_ERROR;
747 /* If io is not populated this should not be called */
748 WARN_ON(1);
Dinesh K Gargf8301022017-10-16 11:08:40 -0700[diff] [blame]749 return;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]750 }
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]751 req = skcipher_request_alloc(tfm, GFP_KERNEL);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]752 if (!req) {
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]753 DMERR("%s skcipher request allocation failed\n", __func__);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]754 err = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]755 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]756 }
757
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]758 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]759 req_crypt_cipher_complete, &result);
760
761 engine = io->engine;
762
763 err = (dm_qcrypto_func.cipher_set)(req, engine->ce_device,
764 engine->hw_instance);
765 if (err) {
766 DMERR("%s qcrypto_cipher_set_device_hw failed with err %d\n",
767 __func__, err);
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]768 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]769 }
770 init_completion(&result.completion);
771 (dm_qcrypto_func.cipher_flag)(req,
772 QCRYPTO_CTX_USE_PIPE_KEY | QCRYPTO_CTX_XTS_DU_SIZE_512B);
773
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]774 crypto_skcipher_clear_flags(tfm, ~0);
775 crypto_skcipher_setkey(tfm, NULL, KEY_SIZE_XTS);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]776
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]777 skcipher_request_set_crypt(req, io->req_split_sg_read,
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]778 io->req_split_sg_read, io->size, (void *) io->IV);
779
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]780 err = crypto_skcipher_decrypt(req);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]781 switch (err) {
782 case 0:
783 break;
784
785 case -EBUSY:
786 /*
787 * Lets make this synchronous request by waiting on
788 * in progress as well
789 */
790 case -EINPROGRESS:
791 wait_for_completion_io(&result.completion);
792 if (result.err) {
793 DMERR("%s error = %d encrypting the request\n",
794 __func__, result.err);
795 err = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]796 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]797 }
798 break;
799
800 default:
801 err = DM_REQ_CRYPT_ERROR;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]802 goto skcipher_req_alloc_failure;
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]803 }
804 err = 0;
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]805skcipher_req_alloc_failure:
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]806 if (req)
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]807 skcipher_request_free(req);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]808
809 req_crypt_split_io_complete(&io->result, err);
810}
811
812static void req_cryptd_split_req_queue(struct req_dm_split_req_io *io)
813{
814 INIT_WORK(&io->work, req_cryptd_split_req_queue_cb);
815 queue_work(req_crypt_split_io_queue, &io->work);
816}
817
818static void req_cryptd_queue_crypt(struct req_dm_crypt_io *io)
819{
820 INIT_WORK(&io->work, req_cryptd_crypt);
821 queue_work(req_crypt_queue, &io->work);
822}
823
824/*
825 * Cipher complete callback, this is triggered by the Linux crypto api once
826 * the operation is done. This signals the waiting thread that the crypto
827 * operation is complete.
828 */
829static void req_crypt_cipher_complete(struct crypto_async_request *req, int err)
830{
831 struct req_crypt_result *res = req->data;
832
833 if (err == -EINPROGRESS)
834 return;
835
836 res->err = err;
837 complete(&res->completion);
838}
839
840static void req_crypt_split_io_complete(struct req_crypt_result *res, int err)
841{
842 if (err == -EINPROGRESS)
843 return;
844
845 res->err = err;
846 complete(&res->completion);
847}
848/*
849 * If bio->bi_dev is a partition, remap the location
850 */
851static inline void req_crypt_blk_partition_remap(struct bio *bio)
852{
853 struct block_device *bdev = bio->bi_bdev;
854
855 if (bio_sectors(bio) && bdev != bdev->bd_contains) {
856 struct hd_struct *p = bdev->bd_part;
857 /*
858 * Check for integer overflow, should never happen.
859 */
860 if (p->start_sect > (UINT_MAX - bio->bi_iter.bi_sector))
861 WARN_ON(1);
862
863 bio->bi_iter.bi_sector += p->start_sect;
864 bio->bi_bdev = bdev->bd_contains;
865 }
866}
867
868/*
869 * The endio function is called from ksoftirqd context (atomic).
870 * For write operations the new pages created form the mempool
871 * is freed and returned. * For read operations, decryption is
872 * required, since this is called in a atomic * context, the
873 * request is sent to a worker queue to complete decryptiona and
874 * free the request once done.
875 */
876static int req_crypt_endio(struct dm_target *ti, struct request *clone,
877 int error, union map_info *map_context)
878{
879 int err = 0;
880 struct req_iterator iter1;
881 struct bio_vec bvec;
882 struct req_dm_crypt_io *req_io = map_context->ptr;
883
884 /* If it is for ICE, free up req_io and return */
885 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT) {
886 mempool_free(req_io, req_io_pool);
887 err = error;
888 goto submit_request;
889 }
890
891 if (rq_data_dir(clone) == WRITE) {
892 rq_for_each_segment(bvec, clone, iter1) {
893 if (req_io->should_encrypt && bvec.bv_offset == 0) {
894 mempool_free(bvec.bv_page, req_page_pool);
895 bvec.bv_page = NULL;
896 } else
897 bvec.bv_page = NULL;
898 }
899 mempool_free(req_io, req_io_pool);
900 goto submit_request;
901 } else if (rq_data_dir(clone) == READ) {
902 req_io->error = error;
903 req_cryptd_queue_crypt(req_io);
904 err = DM_ENDIO_INCOMPLETE;
905 goto submit_request;
906 }
907
908submit_request:
909 return err;
910}
911
912/*
913 * This function is called with interrupts disabled
914 * The function remaps the clone for the underlying device.
915 * If it is a write request, it calls into the worker queue to
916 * encrypt the data
917 * and submit the request directly using the elevator
918 * For a read request no pre-processing is required the request
919 * is returned to dm once mapping is done
920 */
921static int req_crypt_map(struct dm_target *ti, struct request *clone,
922 union map_info *map_context)
923{
924 struct req_dm_crypt_io *req_io = NULL;
925 int error = DM_REQ_CRYPT_ERROR, copy_bio_sector_to_req = 0;
926 struct bio *bio_src = NULL;
927 gfp_t gfp_flag = GFP_KERNEL;
928
929 if (in_interrupt() || irqs_disabled())
930 gfp_flag = GFP_NOWAIT;
931
932 req_io = mempool_alloc(req_io_pool, gfp_flag);
933 if (!req_io) {
934 WARN_ON(1);
935 error = DM_REQ_CRYPT_ERROR;
936 goto submit_request;
937 }
938
939 /* Save the clone in the req_io, the callback to the worker
940 * queue will get the req_io
941 */
942 req_io->cloned_request = clone;
943 map_context->ptr = req_io;
944 atomic_set(&req_io->pending, 0);
945
946 if (rq_data_dir(clone) == WRITE)
947 req_io->should_encrypt = req_crypt_should_encrypt(req_io);
948 if (rq_data_dir(clone) == READ)
949 req_io->should_decrypt = req_crypt_should_deccrypt(req_io);
950
951 /* Get the queue of the underlying original device */
952 clone->q = bdev_get_queue(dev->bdev);
953 clone->rq_disk = dev->bdev->bd_disk;
954
955 __rq_for_each_bio(bio_src, clone) {
956 bio_src->bi_bdev = dev->bdev;
957 /* Currently the way req-dm works is that once the underlying
958 * device driver completes the request by calling into the
959 * block layer. The block layer completes the bios (clones) and
960 * then the cloned request. This is undesirable for req-dm-crypt
961 * hence added a flag BIO_DONTFREE, this flag will ensure that
962 * blk layer does not complete the cloned bios before completing
963 * the request. When the crypt endio is called, post-processing
964 * is done and then the dm layer will complete the bios (clones)
965 * and free them.
966 */
967 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT)
968 bio_src->bi_flags |= 1 << BIO_INLINECRYPT;
969 else
970 bio_src->bi_flags |= 1 << BIO_DONTFREE;
971
972 /*
973 * If this device has partitions, remap block n
974 * of partition p to block n+start(p) of the disk.
975 */
976 req_crypt_blk_partition_remap(bio_src);
977 if (copy_bio_sector_to_req == 0) {
978 clone->__sector = bio_src->bi_iter.bi_sector;
979 copy_bio_sector_to_req++;
980 }
981 blk_queue_bounce(clone->q, &bio_src);
982 }
983
984 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT) {
985 /* Set all crypto parameters for inline crypto engine */
986 memcpy(&req_io->ice_settings, ice_settings,
987 sizeof(struct ice_crypto_setting));
988 } else {
989 /* ICE checks for key_index which could be >= 0. If a chip has
990 * both ICE and GPCE and wanted to use GPCE, there could be
991 * issue. Storage driver send all requests to ICE driver. If
992 * it sees key_index as 0, it would assume it is for ICE while
993 * it is not. Hence set invalid key index by default.
994 */
995 req_io->ice_settings.key_index = -1;
996
997 }
998
999 if (rq_data_dir(clone) == READ ||
1000 encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT) {
1001 error = DM_MAPIO_REMAPPED;
1002 goto submit_request;
1003 } else if (rq_data_dir(clone) == WRITE) {
1004 req_cryptd_queue_crypt(req_io);
1005 error = DM_MAPIO_SUBMITTED;
1006 goto submit_request;
1007 }
1008
1009submit_request:
1010 return error;
1011
1012}
1013
1014static void deconfigure_qcrypto(void)
1015{
1016 mempool_destroy(req_page_pool);
1017 req_page_pool = NULL;
1018
1019 mempool_destroy(req_scatterlist_pool);
1020 req_scatterlist_pool = NULL;
1021
1022 if (req_crypt_split_io_queue) {
1023 destroy_workqueue(req_crypt_split_io_queue);
1024 req_crypt_split_io_queue = NULL;
1025 }
1026 if (req_crypt_queue) {
1027 destroy_workqueue(req_crypt_queue);
1028 req_crypt_queue = NULL;
1029 }
1030
1031 kmem_cache_destroy(_req_dm_scatterlist_pool);
1032
1033 mutex_lock(&engine_list_mutex);
1034 kfree(pfe_eng);
1035 pfe_eng = NULL;
1036 kfree(fde_eng);
1037 fde_eng = NULL;
1038 mutex_unlock(&engine_list_mutex);
1039
1040 if (tfm) {
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]1041 crypto_free_skcipher(tfm);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]1042 tfm = NULL;
1043 }
1044}
1045
1046static void req_crypt_dtr(struct dm_target *ti)
1047{
1048 DMDEBUG("dm-req-crypt Destructor.\n");
1049
1050 mempool_destroy(req_io_pool);
1051 req_io_pool = NULL;
1052
1053 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT) {
1054 kfree(ice_settings);
1055 ice_settings = NULL;
1056 } else {
1057 deconfigure_qcrypto();
1058 }
1059
1060 kmem_cache_destroy(_req_crypt_io_pool);
1061
1062 if (dev) {
1063 dm_put_device(ti, dev);
1064 dev = NULL;
1065 }
1066}
1067
1068static int configure_qcrypto(void)
1069{
1070 struct crypto_engine_entry *eng_list = NULL;
1071 struct block_device *bdev = NULL;
1072 int err = DM_REQ_CRYPT_ERROR, i;
1073 struct request_queue *q = NULL;
1074
1075 bdev = dev->bdev;
1076 q = bdev_get_queue(bdev);
1077 blk_queue_max_hw_sectors(q, DM_REQ_CRYPT_QUEUE_SIZE);
1078
1079 /* Allocate the crypto alloc blk cipher and keep the handle */
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]1080 tfm = crypto_alloc_skcipher("qcom-xts(aes)", 0, 0);
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]1081 if (IS_ERR(tfm)) {
AnilKumar Chimataddc48122017-06-23 03:12:57 -0700[diff] [blame]1082 DMERR("%s skcipher tfm allocation failed : error\n",
AnilKumar Chimata7214d7e2017-06-23 03:09:59 -0700[diff] [blame]1083 __func__);
1084 tfm = NULL;
1085 goto exit_err;
1086 }
1087
1088 num_engines_fde = num_engines_pfe = 0;
1089
1090 mutex_lock(&engine_list_mutex);
1091 num_engines = (dm_qcrypto_func.get_num_engines)();
1092 if (!num_engines) {
1093 DMERR(KERN_INFO "%s qcrypto_get_num_engines failed\n",
1094 __func__);
1095 err = DM_REQ_CRYPT_ERROR;
1096 mutex_unlock(&engine_list_mutex);
1097 goto exit_err;
1098 }
1099
1100 eng_list = kcalloc(num_engines, sizeof(*eng_list), GFP_KERNEL);
1101 if (eng_list == NULL) {
1102 DMERR("%s engine list allocation failed\n", __func__);
1103 err = DM_REQ_CRYPT_ERROR;
1104 mutex_unlock(&engine_list_mutex);
1105 goto exit_err;
1106 }
1107
1108 (dm_qcrypto_func.get_engine_list)(num_engines, eng_list);
1109
1110 for (i = 0; i < num_engines; i++) {
1111 if (eng_list[i].ce_device == FDE_KEY_ID)
1112 num_engines_fde++;
1113 if (eng_list[i].ce_device == PFE_KEY_ID)
1114 num_engines_pfe++;
1115 }
1116
1117 fde_eng = kcalloc(num_engines_fde, sizeof(*fde_eng), GFP_KERNEL);
1118 if (fde_eng == NULL) {
1119 DMERR("%s fde engine list allocation failed\n", __func__);
1120 mutex_unlock(&engine_list_mutex);
1121 goto exit_err;
1122 }
1123
1124 pfe_eng = kcalloc(num_engines_pfe, sizeof(*pfe_eng), GFP_KERNEL);
1125 if (pfe_eng == NULL) {
1126 DMERR("%s pfe engine list allocation failed\n", __func__);
1127 mutex_unlock(&engine_list_mutex);
1128 goto exit_err;
1129 }
1130
1131 fde_cursor = 0;
1132 pfe_cursor = 0;
1133
1134 for (i = 0; i < num_engines; i++) {
1135 if (eng_list[i].ce_device == FDE_KEY_ID)
1136 fde_eng[fde_cursor++] = eng_list[i];
1137 if (eng_list[i].ce_device == PFE_KEY_ID)
1138 pfe_eng[pfe_cursor++] = eng_list[i];
1139 }
1140
1141 fde_cursor = 0;
1142 pfe_cursor = 0;
1143 mutex_unlock(&engine_list_mutex);
1144
1145 _req_dm_scatterlist_pool = kmem_cache_create("req_dm_scatterlist",
1146 sizeof(struct scatterlist) * MAX_SG_LIST,
1147 __alignof__(struct scatterlist), 0, NULL);
1148 if (!_req_dm_scatterlist_pool)
1149 goto exit_err;
1150
1151 req_crypt_queue = alloc_workqueue("req_cryptd",
1152 WQ_UNBOUND |
1153 WQ_CPU_INTENSIVE |
1154 WQ_MEM_RECLAIM,
1155 0);
1156 if (!req_crypt_queue) {
1157 DMERR("%s req_crypt_queue not allocated\n", __func__);
1158 goto exit_err;
1159 }
1160
1161 req_crypt_split_io_queue = alloc_workqueue("req_crypt_split",
1162 WQ_UNBOUND |
1163 WQ_CPU_INTENSIVE |
1164 WQ_MEM_RECLAIM,
1165 0);
1166 if (!req_crypt_split_io_queue) {
1167 DMERR("%s req_crypt_split_io_queue not allocated\n", __func__);
1168 goto exit_err;
1169 }
1170 req_scatterlist_pool = mempool_create_slab_pool(MIN_IOS,
1171 _req_dm_scatterlist_pool);
1172 if (!req_scatterlist_pool) {
1173 DMERR("%s req_scatterlist_pool is not allocated\n", __func__);
1174 err = -ENOMEM;
1175 goto exit_err;
1176 }
1177
1178 req_page_pool = mempool_create_page_pool(MIN_POOL_PAGES, 0);
1179 if (!req_page_pool) {
1180 DMERR("%s req_page_pool not allocated\n", __func__);
1181 goto exit_err;
1182 }
1183
1184 err = 0;
1185
1186exit_err:
1187 kfree(eng_list);
1188 return err;
1189}
1190
1191/*
1192 * Construct an encryption mapping:
1193 * <cipher> <key> <iv_offset> <dev_path> <start>
1194 */
1195static int req_crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv)
1196{
1197 int err = DM_REQ_CRYPT_ERROR;
1198 unsigned long long tmpll;
1199 char dummy;
1200 int ret;
1201
1202 DMDEBUG("dm-req-crypt Constructor.\n");
1203
1204 if (argc < 5) {
1205 DMERR(" %s Not enough args\n", __func__);
1206 err = DM_REQ_CRYPT_ERROR;
1207 goto ctr_exit;
1208 }
1209
1210 if (argv[3]) {
1211 if (dm_get_device(ti, argv[3],
1212 dm_table_get_mode(ti->table), &dev)) {
1213 DMERR(" %s Device Lookup failed\n", __func__);
1214 err = DM_REQ_CRYPT_ERROR;
1215 goto ctr_exit;
1216 }
1217 } else {
1218 DMERR(" %s Arg[3] invalid\n", __func__);
1219 err = DM_REQ_CRYPT_ERROR;
1220 goto ctr_exit;
1221 }
1222
1223 if (argv[4]) {
1224 if (sscanf(argv[4], "%llu%c", &tmpll, &dummy) != 1) {
1225 DMERR("%s Invalid device sector\n", __func__);
1226 err = DM_REQ_CRYPT_ERROR;
1227 goto ctr_exit;
1228 }
1229 } else {
1230 DMERR(" %s Arg[4] invalid\n", __func__);
1231 err = DM_REQ_CRYPT_ERROR;
1232 goto ctr_exit;
1233 }
1234 start_sector_orig = tmpll;
1235
1236 /* Allow backward compatible */
1237 if (argc >= 6) {
1238 if (argv[5]) {
1239 if (!strcmp(argv[5], "fde_enabled"))
1240 is_fde_enabled = true;
1241 else
1242 is_fde_enabled = false;
1243 } else {
1244 DMERR(" %s Arg[5] invalid\n", __func__);
1245 err = DM_REQ_CRYPT_ERROR;
1246 goto ctr_exit;
1247 }
1248 } else {
1249 DMERR(" %s Arg[5] missing, set FDE enabled.\n", __func__);
1250 is_fde_enabled = true; /* backward compatible */
1251 }
1252
1253 _req_crypt_io_pool = KMEM_CACHE(req_dm_crypt_io, 0);
1254 if (!_req_crypt_io_pool) {
1255 err = DM_REQ_CRYPT_ERROR;
1256 goto ctr_exit;
1257 }
1258
1259 encryption_mode = DM_REQ_CRYPT_ENCRYPTION_MODE_CRYPTO;
1260 if (argc >= 7 && argv[6]) {
1261 if (!strcmp(argv[6], "ice"))
1262 encryption_mode =
1263 DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT;
1264 }
1265
1266 if (encryption_mode == DM_REQ_CRYPT_ENCRYPTION_MODE_TRANSPARENT) {
1267 /* configure ICE settings */
1268 ice_settings =
1269 kzalloc(sizeof(struct ice_crypto_setting), GFP_KERNEL);
1270 if (!ice_settings) {
1271 err = -ENOMEM;
1272 goto ctr_exit;
1273 }
1274 ice_settings->key_size = ICE_CRYPTO_KEY_SIZE_128;
1275 ice_settings->algo_mode = ICE_CRYPTO_ALGO_MODE_AES_XTS;
1276 ice_settings->key_mode = ICE_CRYPTO_USE_LUT_SW_KEY;
1277 if (kstrtou16(argv[1], 0, &ice_settings->key_index) ||
1278 ice_settings->key_index < 0 ||
1279 ice_settings->key_index > MAX_MSM_ICE_KEY_LUT_SIZE) {
1280 DMERR("%s Err: key index %d received for ICE\n",
1281 __func__, ice_settings->key_index);
1282 err = DM_REQ_CRYPT_ERROR;
1283 goto ctr_exit;
1284 }
1285 } else {
1286 ret = configure_qcrypto();
1287 if (ret) {
1288 DMERR("%s failed to configure qcrypto\n", __func__);
1289 err = ret;
1290 goto ctr_exit;
1291 }
1292 }
1293
1294 req_io_pool = mempool_create_slab_pool(MIN_IOS, _req_crypt_io_pool);
1295 if (!req_io_pool) {
1296 DMERR("%s req_io_pool not allocated\n", __func__);
1297 err = -ENOMEM;
1298 goto ctr_exit;
1299 }
1300
1301 /*
1302 * If underlying device supports flush/discard, mapped target
1303 * should also allow it
1304 */
1305 ti->num_flush_bios = 1;
1306 ti->num_discard_bios = 1;
1307
1308 err = 0;
1309 DMINFO("%s: Mapping block_device %s to dm-req-crypt ok!\n",
1310 __func__, argv[3]);
1311ctr_exit:
1312 if (err)
1313 req_crypt_dtr(ti);
1314
1315 return err;
1316}
1317
1318static int req_crypt_iterate_devices(struct dm_target *ti,
1319 iterate_devices_callout_fn fn, void *data)
1320{
1321 return fn(ti, dev, start_sector_orig, ti->len, data);
1322}
1323void set_qcrypto_func_dm(void *dev,
1324 void *flag,
1325 void *engines,
1326 void *engine_list)
1327{
1328 dm_qcrypto_func.cipher_set = dev;
1329 dm_qcrypto_func.cipher_flag = flag;
1330 dm_qcrypto_func.get_num_engines = engines;
1331 dm_qcrypto_func.get_engine_list = engine_list;
1332}
1333EXPORT_SYMBOL(set_qcrypto_func_dm);
1334
1335static struct target_type req_crypt_target = {
1336 .name = "req-crypt",
1337 .version = {1, 0, 0},
1338 .module = THIS_MODULE,
1339 .ctr = req_crypt_ctr,
1340 .dtr = req_crypt_dtr,
1341 .map_rq = req_crypt_map,
1342 .rq_end_io = req_crypt_endio,
1343 .iterate_devices = req_crypt_iterate_devices,
1344};
1345
1346static int __init req_dm_crypt_init(void)
1347{
1348 int r;
1349
1350
1351 r = dm_register_target(&req_crypt_target);
1352 if (r < 0) {
1353 DMERR("register failed %d", r);
1354 return r;
1355 }
1356
1357 DMINFO("dm-req-crypt successfully initalized.\n");
1358
1359 return r;
1360}
1361
1362static void __exit req_dm_crypt_exit(void)
1363{
1364 dm_unregister_target(&req_crypt_target);
1365}
1366
1367module_init(req_dm_crypt_init);
1368module_exit(req_dm_crypt_exit);
1369
1370MODULE_DESCRIPTION(DM_NAME " target for request based transparent encryption / decryption");
1371MODULE_LICENSE("GPL v2");