| blk-crypto.c (14e77332e74603efab8347c89d3cda447c3b97c9) | blk-crypto.c (fce3caea0f241f5d34855c82c399d5e0e2d91f07) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright 2019 Google LLC 4 */ 5 6/* 7 * Refer to Documentation/block/inline-encryption.rst for detailed explanation. 8 */ --- 340 unchanged lines hidden (view full) --- 349 blk_key->size = mode->keysize; 350 memcpy(blk_key->raw, raw_key, mode->keysize); 351 352 return 0; 353} 354 355/* 356 * Check if bios with @cfg can be en/decrypted by blk-crypto (i.e. either the | 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright 2019 Google LLC 4 */ 5 6/* 7 * Refer to Documentation/block/inline-encryption.rst for detailed explanation. 8 */ --- 340 unchanged lines hidden (view full) --- 349 blk_key->size = mode->keysize; 350 memcpy(blk_key->raw, raw_key, mode->keysize); 351 352 return 0; 353} 354 355/* 356 * Check if bios with @cfg can be en/decrypted by blk-crypto (i.e. either the |
| 357 * request queue it's submitted to supports inline crypto, or the | 357 * block_device it's submitted to supports inline crypto, or the |
| 358 * blk-crypto-fallback is enabled and supports the cfg). 359 */ | 358 * blk-crypto-fallback is enabled and supports the cfg). 359 */ |
| 360bool blk_crypto_config_supported(struct request_queue *q, | 360bool blk_crypto_config_supported(struct block_device *bdev, |
| 361 const struct blk_crypto_config *cfg) 362{ 363 return IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) || | 361 const struct blk_crypto_config *cfg) 362{ 363 return IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) || |
| 364 __blk_crypto_cfg_supported(q->crypto_profile, cfg); | 364 __blk_crypto_cfg_supported(bdev_get_queue(bdev)->crypto_profile, 365 cfg); |
| 365} 366 367/** 368 * blk_crypto_start_using_key() - Start using a blk_crypto_key on a device | 366} 367 368/** 369 * blk_crypto_start_using_key() - Start using a blk_crypto_key on a device |
| 370 * @bdev: block device to operate on |
|
| 369 * @key: A key to use on the device | 371 * @key: A key to use on the device |
| 370 * @q: the request queue for the device | |
| 371 * 372 * Upper layers must call this function to ensure that either the hardware 373 * supports the key's crypto settings, or the crypto API fallback has transforms 374 * for the needed mode allocated and ready to go. This function may allocate 375 * an skcipher, and *should not* be called from the data path, since that might 376 * cause a deadlock 377 * 378 * Return: 0 on success; -ENOPKG if the hardware doesn't support the key and 379 * blk-crypto-fallback is either disabled or the needed algorithm 380 * is disabled in the crypto API; or another -errno code. 381 */ | 372 * 373 * Upper layers must call this function to ensure that either the hardware 374 * supports the key's crypto settings, or the crypto API fallback has transforms 375 * for the needed mode allocated and ready to go. This function may allocate 376 * an skcipher, and *should not* be called from the data path, since that might 377 * cause a deadlock 378 * 379 * Return: 0 on success; -ENOPKG if the hardware doesn't support the key and 380 * blk-crypto-fallback is either disabled or the needed algorithm 381 * is disabled in the crypto API; or another -errno code. 382 */ |
| 382int blk_crypto_start_using_key(const struct blk_crypto_key *key, 383 struct request_queue *q) | 383int blk_crypto_start_using_key(struct block_device *bdev, 384 const struct blk_crypto_key *key) |
| 384{ | 385{ |
| 385 if (__blk_crypto_cfg_supported(q->crypto_profile, &key->crypto_cfg)) | 386 if (__blk_crypto_cfg_supported(bdev_get_queue(bdev)->crypto_profile, 387 &key->crypto_cfg)) |
| 386 return 0; 387 return blk_crypto_fallback_start_using_mode(key->crypto_cfg.crypto_mode); 388} 389 390/** 391 * blk_crypto_evict_key() - Evict a key from any inline encryption hardware 392 * it may have been programmed into | 388 return 0; 389 return blk_crypto_fallback_start_using_mode(key->crypto_cfg.crypto_mode); 390} 391 392/** 393 * blk_crypto_evict_key() - Evict a key from any inline encryption hardware 394 * it may have been programmed into |
| 393 * @q: The request queue who's associated inline encryption hardware this key | 395 * @bdev: The block_device who's associated inline encryption hardware this key |
| 394 * might have been programmed into 395 * @key: The key to evict 396 * 397 * Upper layers (filesystems) must call this function to ensure that a key is 398 * evicted from any hardware that it might have been programmed into. The key 399 * must not be in use by any in-flight IO when this function is called. 400 * 401 * Return: 0 on success or if the key wasn't in any keyslot; -errno on error. 402 */ | 396 * might have been programmed into 397 * @key: The key to evict 398 * 399 * Upper layers (filesystems) must call this function to ensure that a key is 400 * evicted from any hardware that it might have been programmed into. The key 401 * must not be in use by any in-flight IO when this function is called. 402 * 403 * Return: 0 on success or if the key wasn't in any keyslot; -errno on error. 404 */ |
| 403int blk_crypto_evict_key(struct request_queue *q, | 405int blk_crypto_evict_key(struct block_device *bdev, |
| 404 const struct blk_crypto_key *key) 405{ | 406 const struct blk_crypto_key *key) 407{ |
| 408 struct request_queue *q = bdev_get_queue(bdev); 409 |
|
| 406 if (__blk_crypto_cfg_supported(q->crypto_profile, &key->crypto_cfg)) 407 return __blk_crypto_evict_key(q->crypto_profile, key); 408 409 /* | 410 if (__blk_crypto_cfg_supported(q->crypto_profile, &key->crypto_cfg)) 411 return __blk_crypto_evict_key(q->crypto_profile, key); 412 413 /* |
| 410 * If the request_queue didn't support the key, then blk-crypto-fallback | 414 * If the block_device didn't support the key, then blk-crypto-fallback |
| 411 * may have been used, so try to evict the key from blk-crypto-fallback. 412 */ 413 return blk_crypto_fallback_evict_key(key); 414} 415EXPORT_SYMBOL_GPL(blk_crypto_evict_key); | 415 * may have been used, so try to evict the key from blk-crypto-fallback. 416 */ 417 return blk_crypto_fallback_evict_key(key); 418} 419EXPORT_SYMBOL_GPL(blk_crypto_evict_key); |