xref: /openbmc/linux/fs/crypto/bio.c (revision 796f12d742653028a1520cce3a76035c86e2ebf9) 
1b2441318SGreg Kroah-Hartman // SPDX-License-Identifier: GPL-2.0
258ae7468SRichard Weinberger /*
358ae7468SRichard Weinberger  * This contains encryption functions for per-file encryption.
458ae7468SRichard Weinberger  *
558ae7468SRichard Weinberger  * Copyright (C) 2015, Google, Inc.
658ae7468SRichard Weinberger  * Copyright (C) 2015, Motorola Mobility
758ae7468SRichard Weinberger  *
858ae7468SRichard Weinberger  * Written by Michael Halcrow, 2014.
958ae7468SRichard Weinberger  *
1058ae7468SRichard Weinberger  * Filename encryption additions
1158ae7468SRichard Weinberger  *	Uday Savagaonkar, 2014
1258ae7468SRichard Weinberger  * Encryption policy handling additions
1358ae7468SRichard Weinberger  *	Ildar Muslukhov, 2014
1458ae7468SRichard Weinberger  * Add fscrypt_pullback_bio_page()
1558ae7468SRichard Weinberger  *	Jaegeuk Kim, 2015.
1658ae7468SRichard Weinberger  *
1758ae7468SRichard Weinberger  * This has not yet undergone a rigorous security audit.
1858ae7468SRichard Weinberger  *
1958ae7468SRichard Weinberger  * The usage of AES-XTS should conform to recommendations in NIST
2058ae7468SRichard Weinberger  * Special Publication 800-38E and IEEE P1619/D16.
2158ae7468SRichard Weinberger  */
2258ae7468SRichard Weinberger 
2358ae7468SRichard Weinberger #include <linux/pagemap.h>
2458ae7468SRichard Weinberger #include <linux/module.h>
2558ae7468SRichard Weinberger #include <linux/bio.h>
2658ae7468SRichard Weinberger #include <linux/namei.h>
2758ae7468SRichard Weinberger #include "fscrypt_private.h"
2858ae7468SRichard Weinberger 
291565bdadSEric Biggers void fscrypt_decrypt_bio(struct bio *bio)
3058ae7468SRichard Weinberger {
3158ae7468SRichard Weinberger 	struct bio_vec *bv;
326dc4f100SMing Lei 	struct bvec_iter_all iter_all;
3358ae7468SRichard Weinberger 
342b070cfeSChristoph Hellwig 	bio_for_each_segment_all(bv, bio, iter_all) {
3558ae7468SRichard Weinberger 		struct page *page = bv->bv_page;
36ffceeefbSEric Biggers 		int ret = fscrypt_decrypt_pagecache_blocks(page, bv->bv_len,
37ffceeefbSEric Biggers 							   bv->bv_offset);
38ff5d3a97SEric Biggers 		if (ret)
3958ae7468SRichard Weinberger 			SetPageError(page);
4058ae7468SRichard Weinberger 	}
410cb8dae4SEric Biggers }
420cb8dae4SEric Biggers EXPORT_SYMBOL(fscrypt_decrypt_bio);
430cb8dae4SEric Biggers 
44*796f12d7SEric Biggers /**
45*796f12d7SEric Biggers  * fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file
46*796f12d7SEric Biggers  * @inode: the file's inode
47*796f12d7SEric Biggers  * @lblk: the first file logical block to zero out
48*796f12d7SEric Biggers  * @pblk: the first filesystem physical block to zero out
49*796f12d7SEric Biggers  * @len: number of blocks to zero out
50*796f12d7SEric Biggers  *
51*796f12d7SEric Biggers  * Zero out filesystem blocks in an encrypted regular file on-disk, i.e. write
52*796f12d7SEric Biggers  * ciphertext blocks which decrypt to the all-zeroes block.  The blocks must be
53*796f12d7SEric Biggers  * both logically and physically contiguous.  It's also assumed that the
54*796f12d7SEric Biggers  * filesystem only uses a single block device, ->s_bdev.
55*796f12d7SEric Biggers  *
56*796f12d7SEric Biggers  * Note that since each block uses a different IV, this involves writing a
57*796f12d7SEric Biggers  * different ciphertext to each block; we can't simply reuse the same one.
58*796f12d7SEric Biggers  *
59*796f12d7SEric Biggers  * Return: 0 on success; -errno on failure.
60*796f12d7SEric Biggers  */
6158ae7468SRichard Weinberger int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
6258ae7468SRichard Weinberger 			  sector_t pblk, unsigned int len)
6358ae7468SRichard Weinberger {
64930d4539SEric Biggers 	const unsigned int blockbits = inode->i_blkbits;
65930d4539SEric Biggers 	const unsigned int blocksize = 1 << blockbits;
66*796f12d7SEric Biggers 	const unsigned int blocks_per_page_bits = PAGE_SHIFT - blockbits;
67*796f12d7SEric Biggers 	const unsigned int blocks_per_page = 1 << blocks_per_page_bits;
68*796f12d7SEric Biggers 	struct page *pages[16]; /* write up to 16 pages at a time */
69*796f12d7SEric Biggers 	unsigned int nr_pages;
70*796f12d7SEric Biggers 	unsigned int i;
71*796f12d7SEric Biggers 	unsigned int offset;
7258ae7468SRichard Weinberger 	struct bio *bio;
73*796f12d7SEric Biggers 	int ret, err;
7458ae7468SRichard Weinberger 
75*796f12d7SEric Biggers 	if (len == 0)
76*796f12d7SEric Biggers 		return 0;
7758ae7468SRichard Weinberger 
78*796f12d7SEric Biggers 	BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_PAGES);
79*796f12d7SEric Biggers 	nr_pages = min_t(unsigned int, ARRAY_SIZE(pages),
80*796f12d7SEric Biggers 			 (len + blocks_per_page - 1) >> blocks_per_page_bits);
8158ae7468SRichard Weinberger 
82*796f12d7SEric Biggers 	/*
83*796f12d7SEric Biggers 	 * We need at least one page for ciphertext.  Allocate the first one
84*796f12d7SEric Biggers 	 * from a mempool, with __GFP_DIRECT_RECLAIM set so that it can't fail.
85*796f12d7SEric Biggers 	 *
86*796f12d7SEric Biggers 	 * Any additional page allocations are allowed to fail, as they only
87*796f12d7SEric Biggers 	 * help performance, and waiting on the mempool for them could deadlock.
88*796f12d7SEric Biggers 	 */
89*796f12d7SEric Biggers 	for (i = 0; i < nr_pages; i++) {
90*796f12d7SEric Biggers 		pages[i] = fscrypt_alloc_bounce_page(i == 0 ? GFP_NOFS :
91*796f12d7SEric Biggers 						     GFP_NOWAIT | __GFP_NOWARN);
92*796f12d7SEric Biggers 		if (!pages[i])
93*796f12d7SEric Biggers 			break;
9458ae7468SRichard Weinberger 	}
95*796f12d7SEric Biggers 	nr_pages = i;
96*796f12d7SEric Biggers 	if (WARN_ON(nr_pages <= 0))
97*796f12d7SEric Biggers 		return -EINVAL;
98*796f12d7SEric Biggers 
99*796f12d7SEric Biggers 	/* This always succeeds since __GFP_DIRECT_RECLAIM is set. */
100*796f12d7SEric Biggers 	bio = bio_alloc(GFP_NOFS, nr_pages);
101*796f12d7SEric Biggers 
102*796f12d7SEric Biggers 	do {
10374d46992SChristoph Hellwig 		bio_set_dev(bio, inode->i_sb->s_bdev);
104930d4539SEric Biggers 		bio->bi_iter.bi_sector = pblk << (blockbits - 9);
10558ae7468SRichard Weinberger 		bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
106*796f12d7SEric Biggers 
107*796f12d7SEric Biggers 		i = 0;
108*796f12d7SEric Biggers 		offset = 0;
109*796f12d7SEric Biggers 		do {
110*796f12d7SEric Biggers 			err = fscrypt_crypt_block(inode, FS_ENCRYPT, lblk,
111*796f12d7SEric Biggers 						  ZERO_PAGE(0), pages[i],
112*796f12d7SEric Biggers 						  blocksize, offset, GFP_NOFS);
11358ae7468SRichard Weinberger 			if (err)
114*796f12d7SEric Biggers 				goto out;
11558ae7468SRichard Weinberger 			lblk++;
11658ae7468SRichard Weinberger 			pblk++;
117*796f12d7SEric Biggers 			len--;
118*796f12d7SEric Biggers 			offset += blocksize;
119*796f12d7SEric Biggers 			if (offset == PAGE_SIZE || len == 0) {
120*796f12d7SEric Biggers 				ret = bio_add_page(bio, pages[i++], offset, 0);
121*796f12d7SEric Biggers 				if (WARN_ON(ret != offset)) {
122*796f12d7SEric Biggers 					err = -EIO;
123*796f12d7SEric Biggers 					goto out;
12458ae7468SRichard Weinberger 				}
125*796f12d7SEric Biggers 				offset = 0;
126*796f12d7SEric Biggers 			}
127*796f12d7SEric Biggers 		} while (i != nr_pages && len != 0);
128*796f12d7SEric Biggers 
129*796f12d7SEric Biggers 		err = submit_bio_wait(bio);
130*796f12d7SEric Biggers 		if (err)
131*796f12d7SEric Biggers 			goto out;
132*796f12d7SEric Biggers 		bio_reset(bio);
133*796f12d7SEric Biggers 	} while (len != 0);
13458ae7468SRichard Weinberger 	err = 0;
135*796f12d7SEric Biggers out:
136*796f12d7SEric Biggers 	bio_put(bio);
137*796f12d7SEric Biggers 	for (i = 0; i < nr_pages; i++)
138*796f12d7SEric Biggers 		fscrypt_free_bounce_page(pages[i]);
13958ae7468SRichard Weinberger 	return err;
14058ae7468SRichard Weinberger }
14158ae7468SRichard Weinberger EXPORT_SYMBOL(fscrypt_zeroout_range);
142