1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * bio-integrity.c - bio data integrity extensions 4 * 5 * Copyright (C) 2007, 2008, 2009 Oracle Corporation 6 * Written by: Martin K. Petersen <martin.petersen@oracle.com> 7 */ 8 9 #include <linux/blk-integrity.h> 10 #include <linux/mempool.h> 11 #include <linux/export.h> 12 #include <linux/bio.h> 13 #include <linux/workqueue.h> 14 #include <linux/slab.h> 15 #include "blk.h" 16 17 static struct kmem_cache *bip_slab; 18 static struct workqueue_struct *kintegrityd_wq; 19 20 void blk_flush_integrity(void) 21 { 22 flush_workqueue(kintegrityd_wq); 23 } 24 25 static void __bio_integrity_free(struct bio_set *bs, 26 struct bio_integrity_payload *bip) 27 { 28 if (bs && mempool_initialized(&bs->bio_integrity_pool)) { 29 if (bip->bip_vec) 30 bvec_free(&bs->bvec_integrity_pool, bip->bip_vec, 31 bip->bip_max_vcnt); 32 mempool_free(bip, &bs->bio_integrity_pool); 33 } else { 34 kfree(bip); 35 } 36 } 37 38 /** 39 * bio_integrity_alloc - Allocate integrity payload and attach it to bio 40 * @bio: bio to attach integrity metadata to 41 * @gfp_mask: Memory allocation mask 42 * @nr_vecs: Number of integrity metadata scatter-gather elements 43 * 44 * Description: This function prepares a bio for attaching integrity 45 * metadata. nr_vecs specifies the maximum number of pages containing 46 * integrity metadata that can be attached. 47 */ 48 struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, 49 gfp_t gfp_mask, 50 unsigned int nr_vecs) 51 { 52 struct bio_integrity_payload *bip; 53 struct bio_set *bs = bio->bi_pool; 54 unsigned inline_vecs; 55 56 if (WARN_ON_ONCE(bio_has_crypt_ctx(bio))) 57 return ERR_PTR(-EOPNOTSUPP); 58 59 if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) { 60 bip = kmalloc(struct_size(bip, bip_inline_vecs, nr_vecs), gfp_mask); 61 inline_vecs = nr_vecs; 62 } else { 63 bip = mempool_alloc(&bs->bio_integrity_pool, gfp_mask); 64 inline_vecs = BIO_INLINE_VECS; 65 } 66 67 if (unlikely(!bip)) 68 return ERR_PTR(-ENOMEM); 69 70 memset(bip, 0, sizeof(*bip)); 71 72 if (nr_vecs > inline_vecs) { 73 bip->bip_max_vcnt = nr_vecs; 74 bip->bip_vec = bvec_alloc(&bs->bvec_integrity_pool, 75 &bip->bip_max_vcnt, gfp_mask); 76 if (!bip->bip_vec) 77 goto err; 78 } else { 79 bip->bip_vec = bip->bip_inline_vecs; 80 bip->bip_max_vcnt = inline_vecs; 81 } 82 83 bip->bip_bio = bio; 84 bio->bi_integrity = bip; 85 bio->bi_opf |= REQ_INTEGRITY; 86 87 return bip; 88 err: 89 __bio_integrity_free(bs, bip); 90 return ERR_PTR(-ENOMEM); 91 } 92 EXPORT_SYMBOL(bio_integrity_alloc); 93 94 /** 95 * bio_integrity_free - Free bio integrity payload 96 * @bio: bio containing bip to be freed 97 * 98 * Description: Used to free the integrity portion of a bio. Usually 99 * called from bio_free(). 100 */ 101 void bio_integrity_free(struct bio *bio) 102 { 103 struct bio_integrity_payload *bip = bio_integrity(bio); 104 struct bio_set *bs = bio->bi_pool; 105 106 if (bip->bip_flags & BIP_BLOCK_INTEGRITY) 107 kfree(bvec_virt(bip->bip_vec)); 108 109 __bio_integrity_free(bs, bip); 110 bio->bi_integrity = NULL; 111 bio->bi_opf &= ~REQ_INTEGRITY; 112 } 113 114 /** 115 * bio_integrity_add_page - Attach integrity metadata 116 * @bio: bio to update 117 * @page: page containing integrity metadata 118 * @len: number of bytes of integrity metadata in page 119 * @offset: start offset within page 120 * 121 * Description: Attach a page containing integrity metadata to bio. 122 */ 123 int bio_integrity_add_page(struct bio *bio, struct page *page, 124 unsigned int len, unsigned int offset) 125 { 126 struct request_queue *q = bdev_get_queue(bio->bi_bdev); 127 struct bio_integrity_payload *bip = bio_integrity(bio); 128 129 if (((bip->bip_iter.bi_size + len) >> SECTOR_SHIFT) > 130 queue_max_hw_sectors(q)) 131 return 0; 132 133 if (bip->bip_vcnt > 0) { 134 struct bio_vec *bv = &bip->bip_vec[bip->bip_vcnt - 1]; 135 bool same_page = false; 136 137 if (bvec_try_merge_hw_page(q, bv, page, len, offset, 138 &same_page)) { 139 bip->bip_iter.bi_size += len; 140 return len; 141 } 142 143 if (bip->bip_vcnt >= 144 min(bip->bip_max_vcnt, queue_max_integrity_segments(q))) 145 return 0; 146 147 /* 148 * If the queue doesn't support SG gaps and adding this segment 149 * would create a gap, disallow it. 150 */ 151 if (bvec_gap_to_prev(&q->limits, bv, offset)) 152 return 0; 153 } 154 155 bvec_set_page(&bip->bip_vec[bip->bip_vcnt], page, len, offset); 156 bip->bip_vcnt++; 157 bip->bip_iter.bi_size += len; 158 159 return len; 160 } 161 EXPORT_SYMBOL(bio_integrity_add_page); 162 163 /** 164 * bio_integrity_process - Process integrity metadata for a bio 165 * @bio: bio to generate/verify integrity metadata for 166 * @proc_iter: iterator to process 167 * @proc_fn: Pointer to the relevant processing function 168 */ 169 static blk_status_t bio_integrity_process(struct bio *bio, 170 struct bvec_iter *proc_iter, integrity_processing_fn *proc_fn) 171 { 172 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 173 struct blk_integrity_iter iter; 174 struct bvec_iter bviter; 175 struct bio_vec bv; 176 struct bio_integrity_payload *bip = bio_integrity(bio); 177 blk_status_t ret = BLK_STS_OK; 178 179 iter.disk_name = bio->bi_bdev->bd_disk->disk_name; 180 iter.interval = 1 << bi->interval_exp; 181 iter.tuple_size = bi->tuple_size; 182 iter.seed = proc_iter->bi_sector; 183 iter.prot_buf = bvec_virt(bip->bip_vec); 184 185 __bio_for_each_segment(bv, bio, bviter, *proc_iter) { 186 void *kaddr = bvec_kmap_local(&bv); 187 188 iter.data_buf = kaddr; 189 iter.data_size = bv.bv_len; 190 ret = proc_fn(&iter); 191 kunmap_local(kaddr); 192 193 if (ret) 194 break; 195 196 } 197 return ret; 198 } 199 200 /** 201 * bio_integrity_prep - Prepare bio for integrity I/O 202 * @bio: bio to prepare 203 * 204 * Description: Checks if the bio already has an integrity payload attached. 205 * If it does, the payload has been generated by another kernel subsystem, 206 * and we just pass it through. Otherwise allocates integrity payload. 207 * The bio must have data direction, target device and start sector set priot 208 * to calling. In the WRITE case, integrity metadata will be generated using 209 * the block device's integrity function. In the READ case, the buffer 210 * will be prepared for DMA and a suitable end_io handler set up. 211 */ 212 bool bio_integrity_prep(struct bio *bio) 213 { 214 struct bio_integrity_payload *bip; 215 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 216 void *buf; 217 unsigned long start, end; 218 unsigned int len, nr_pages; 219 unsigned int bytes, offset, i; 220 gfp_t gfp = GFP_NOIO; 221 222 if (!bi) 223 return true; 224 225 if (bio_op(bio) != REQ_OP_READ && bio_op(bio) != REQ_OP_WRITE) 226 return true; 227 228 if (!bio_sectors(bio)) 229 return true; 230 231 /* Already protected? */ 232 if (bio_integrity(bio)) 233 return true; 234 235 if (bio_data_dir(bio) == READ) { 236 if (!bi->profile->verify_fn || 237 !(bi->flags & BLK_INTEGRITY_VERIFY)) 238 return true; 239 } else { 240 if (!bi->profile->generate_fn || 241 !(bi->flags & BLK_INTEGRITY_GENERATE)) 242 return true; 243 244 /* 245 * Zero the memory allocated to not leak uninitialized kernel 246 * memory to disk. For PI this only affects the app tag, but 247 * for non-integrity metadata it affects the entire metadata 248 * buffer. 249 */ 250 gfp |= __GFP_ZERO; 251 } 252 253 /* Allocate kernel buffer for protection data */ 254 len = bio_integrity_bytes(bi, bio_sectors(bio)); 255 buf = kmalloc(len, gfp); 256 if (unlikely(buf == NULL)) { 257 printk(KERN_ERR "could not allocate integrity buffer\n"); 258 goto err_end_io; 259 } 260 261 end = (((unsigned long) buf) + len + PAGE_SIZE - 1) >> PAGE_SHIFT; 262 start = ((unsigned long) buf) >> PAGE_SHIFT; 263 nr_pages = end - start; 264 265 /* Allocate bio integrity payload and integrity vectors */ 266 bip = bio_integrity_alloc(bio, GFP_NOIO, nr_pages); 267 if (IS_ERR(bip)) { 268 printk(KERN_ERR "could not allocate data integrity bioset\n"); 269 kfree(buf); 270 goto err_end_io; 271 } 272 273 bip->bip_flags |= BIP_BLOCK_INTEGRITY; 274 bip_set_seed(bip, bio->bi_iter.bi_sector); 275 276 if (bi->flags & BLK_INTEGRITY_IP_CHECKSUM) 277 bip->bip_flags |= BIP_IP_CHECKSUM; 278 279 /* Map it */ 280 offset = offset_in_page(buf); 281 for (i = 0; i < nr_pages && len > 0; i++) { 282 bytes = PAGE_SIZE - offset; 283 284 if (bytes > len) 285 bytes = len; 286 287 if (bio_integrity_add_page(bio, virt_to_page(buf), 288 bytes, offset) < bytes) { 289 printk(KERN_ERR "could not attach integrity payload\n"); 290 goto err_end_io; 291 } 292 293 buf += bytes; 294 len -= bytes; 295 offset = 0; 296 } 297 298 /* Auto-generate integrity metadata if this is a write */ 299 if (bio_data_dir(bio) == WRITE) { 300 bio_integrity_process(bio, &bio->bi_iter, 301 bi->profile->generate_fn); 302 } else { 303 bip->bio_iter = bio->bi_iter; 304 } 305 return true; 306 307 err_end_io: 308 bio->bi_status = BLK_STS_RESOURCE; 309 bio_endio(bio); 310 return false; 311 } 312 EXPORT_SYMBOL(bio_integrity_prep); 313 314 /** 315 * bio_integrity_verify_fn - Integrity I/O completion worker 316 * @work: Work struct stored in bio to be verified 317 * 318 * Description: This workqueue function is called to complete a READ 319 * request. The function verifies the transferred integrity metadata 320 * and then calls the original bio end_io function. 321 */ 322 static void bio_integrity_verify_fn(struct work_struct *work) 323 { 324 struct bio_integrity_payload *bip = 325 container_of(work, struct bio_integrity_payload, bip_work); 326 struct bio *bio = bip->bip_bio; 327 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 328 329 /* 330 * At the moment verify is called bio's iterator was advanced 331 * during split and completion, we need to rewind iterator to 332 * it's original position. 333 */ 334 bio->bi_status = bio_integrity_process(bio, &bip->bio_iter, 335 bi->profile->verify_fn); 336 bio_integrity_free(bio); 337 bio_endio(bio); 338 } 339 340 /** 341 * __bio_integrity_endio - Integrity I/O completion function 342 * @bio: Protected bio 343 * 344 * Description: Completion for integrity I/O 345 * 346 * Normally I/O completion is done in interrupt context. However, 347 * verifying I/O integrity is a time-consuming task which must be run 348 * in process context. This function postpones completion 349 * accordingly. 350 */ 351 bool __bio_integrity_endio(struct bio *bio) 352 { 353 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 354 struct bio_integrity_payload *bip = bio_integrity(bio); 355 356 if (bio_op(bio) == REQ_OP_READ && !bio->bi_status && 357 (bip->bip_flags & BIP_BLOCK_INTEGRITY) && bi->profile->verify_fn) { 358 INIT_WORK(&bip->bip_work, bio_integrity_verify_fn); 359 queue_work(kintegrityd_wq, &bip->bip_work); 360 return false; 361 } 362 363 bio_integrity_free(bio); 364 return true; 365 } 366 367 /** 368 * bio_integrity_advance - Advance integrity vector 369 * @bio: bio whose integrity vector to update 370 * @bytes_done: number of data bytes that have been completed 371 * 372 * Description: This function calculates how many integrity bytes the 373 * number of completed data bytes correspond to and advances the 374 * integrity vector accordingly. 375 */ 376 void bio_integrity_advance(struct bio *bio, unsigned int bytes_done) 377 { 378 struct bio_integrity_payload *bip = bio_integrity(bio); 379 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 380 unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9); 381 382 bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9); 383 bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes); 384 } 385 386 /** 387 * bio_integrity_trim - Trim integrity vector 388 * @bio: bio whose integrity vector to update 389 * 390 * Description: Used to trim the integrity vector in a cloned bio. 391 */ 392 void bio_integrity_trim(struct bio *bio) 393 { 394 struct bio_integrity_payload *bip = bio_integrity(bio); 395 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 396 397 bip->bip_iter.bi_size = bio_integrity_bytes(bi, bio_sectors(bio)); 398 } 399 EXPORT_SYMBOL(bio_integrity_trim); 400 401 /** 402 * bio_integrity_clone - Callback for cloning bios with integrity metadata 403 * @bio: New bio 404 * @bio_src: Original bio 405 * @gfp_mask: Memory allocation mask 406 * 407 * Description: Called to allocate a bip when cloning a bio 408 */ 409 int bio_integrity_clone(struct bio *bio, struct bio *bio_src, 410 gfp_t gfp_mask) 411 { 412 struct bio_integrity_payload *bip_src = bio_integrity(bio_src); 413 struct bio_integrity_payload *bip; 414 415 BUG_ON(bip_src == NULL); 416 417 bip = bio_integrity_alloc(bio, gfp_mask, bip_src->bip_vcnt); 418 if (IS_ERR(bip)) 419 return PTR_ERR(bip); 420 421 memcpy(bip->bip_vec, bip_src->bip_vec, 422 bip_src->bip_vcnt * sizeof(struct bio_vec)); 423 424 bip->bip_vcnt = bip_src->bip_vcnt; 425 bip->bip_iter = bip_src->bip_iter; 426 bip->bip_flags = bip_src->bip_flags & ~BIP_BLOCK_INTEGRITY; 427 428 return 0; 429 } 430 431 int bioset_integrity_create(struct bio_set *bs, int pool_size) 432 { 433 if (mempool_initialized(&bs->bio_integrity_pool)) 434 return 0; 435 436 if (mempool_init_slab_pool(&bs->bio_integrity_pool, 437 pool_size, bip_slab)) 438 return -1; 439 440 if (biovec_init_pool(&bs->bvec_integrity_pool, pool_size)) { 441 mempool_exit(&bs->bio_integrity_pool); 442 return -1; 443 } 444 445 return 0; 446 } 447 EXPORT_SYMBOL(bioset_integrity_create); 448 449 void bioset_integrity_free(struct bio_set *bs) 450 { 451 mempool_exit(&bs->bio_integrity_pool); 452 mempool_exit(&bs->bvec_integrity_pool); 453 } 454 455 void __init bio_integrity_init(void) 456 { 457 /* 458 * kintegrityd won't block much but may burn a lot of CPU cycles. 459 * Make it highpri CPU intensive wq with max concurrency of 1. 460 */ 461 kintegrityd_wq = alloc_workqueue("kintegrityd", WQ_MEM_RECLAIM | 462 WQ_HIGHPRI | WQ_CPU_INTENSIVE, 1); 463 if (!kintegrityd_wq) 464 panic("Failed to create kintegrityd\n"); 465 466 bip_slab = kmem_cache_create("bio_integrity_payload", 467 sizeof(struct bio_integrity_payload) + 468 sizeof(struct bio_vec) * BIO_INLINE_VECS, 469 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); 470 } 471