Lines Matching +full:key +full:- +full:release
1 // SPDX-License-Identifier: GPL-2.0
7 * DOC: blk-crypto profiles
9 * 'struct blk_crypto_profile' contains all generic inline encryption-related
17 * these keyslots in a device-independent way, using the driver-provided
19 * of which key and how many I/O requests are using each keyslot, getting
20 * keyslots for I/O requests, and handling key eviction requests.
22 * For more information, see Documentation/block/inline-encryption.rst.
25 #define pr_fmt(fmt) "blk-crypto: " fmt
27 #include <linux/blk-crypto-profile.h>
34 #include <linux/blk-integrity.h>
35 #include "blk-crypto-internal.h"
41 const struct blk_crypto_key *key; member
48 * Calling into the driver requires profile->lock held and the device in blk_crypto_hw_enter()
50 * and release profile->lock via blk_crypto_reprogram_all_keys(). in blk_crypto_hw_enter()
52 if (profile->dev) in blk_crypto_hw_enter()
53 pm_runtime_get_sync(profile->dev); in blk_crypto_hw_enter()
54 down_write(&profile->lock); in blk_crypto_hw_enter()
59 up_write(&profile->lock); in blk_crypto_hw_exit()
60 if (profile->dev) in blk_crypto_hw_exit()
61 pm_runtime_put_sync(profile->dev); in blk_crypto_hw_exit()
65 * blk_crypto_profile_init() - Initialize a blk_crypto_profile
84 * profile->lock of an underlying device can nest inside profile->lock in blk_crypto_profile_init()
85 * of a device-mapper device, so use a dynamic lock class to avoid in blk_crypto_profile_init()
86 * false-positive lockdep reports. in blk_crypto_profile_init()
88 lockdep_register_key(&profile->lockdep_key); in blk_crypto_profile_init()
89 __init_rwsem(&profile->lock, "&profile->lock", &profile->lockdep_key); in blk_crypto_profile_init()
96 profile->slots = kvcalloc(num_slots, sizeof(profile->slots[0]), in blk_crypto_profile_init()
98 if (!profile->slots) in blk_crypto_profile_init()
101 profile->num_slots = num_slots; in blk_crypto_profile_init()
103 init_waitqueue_head(&profile->idle_slots_wait_queue); in blk_crypto_profile_init()
104 INIT_LIST_HEAD(&profile->idle_slots); in blk_crypto_profile_init()
107 profile->slots[slot].profile = profile; in blk_crypto_profile_init()
108 list_add_tail(&profile->slots[slot].idle_slot_node, in blk_crypto_profile_init()
109 &profile->idle_slots); in blk_crypto_profile_init()
112 spin_lock_init(&profile->idle_slots_lock); in blk_crypto_profile_init()
122 profile->log_slot_ht_size = ilog2(slot_hashtable_size); in blk_crypto_profile_init()
123 profile->slot_hashtable = in blk_crypto_profile_init()
125 sizeof(profile->slot_hashtable[0]), GFP_KERNEL); in blk_crypto_profile_init()
126 if (!profile->slot_hashtable) in blk_crypto_profile_init()
129 INIT_HLIST_HEAD(&profile->slot_hashtable[i]); in blk_crypto_profile_init()
135 return -ENOMEM; in blk_crypto_profile_init()
145 * devm_blk_crypto_profile_init() - Resource-managed blk_crypto_profile_init()
172 const struct blk_crypto_key *key) in blk_crypto_hash_bucket_for_key() argument
174 return &profile->slot_hashtable[ in blk_crypto_hash_bucket_for_key()
175 hash_ptr(key, profile->log_slot_ht_size)]; in blk_crypto_hash_bucket_for_key()
181 struct blk_crypto_profile *profile = slot->profile; in blk_crypto_remove_slot_from_lru_list()
184 spin_lock_irqsave(&profile->idle_slots_lock, flags); in blk_crypto_remove_slot_from_lru_list()
185 list_del(&slot->idle_slot_node); in blk_crypto_remove_slot_from_lru_list()
186 spin_unlock_irqrestore(&profile->idle_slots_lock, flags); in blk_crypto_remove_slot_from_lru_list()
191 const struct blk_crypto_key *key) in blk_crypto_find_keyslot() argument
194 blk_crypto_hash_bucket_for_key(profile, key); in blk_crypto_find_keyslot()
198 if (slotp->key == key) in blk_crypto_find_keyslot()
206 const struct blk_crypto_key *key) in blk_crypto_find_and_grab_keyslot() argument
210 slot = blk_crypto_find_keyslot(profile, key); in blk_crypto_find_and_grab_keyslot()
213 if (atomic_inc_return(&slot->slot_refs) == 1) { in blk_crypto_find_and_grab_keyslot()
221 * blk_crypto_keyslot_index() - Get the index of a keyslot
224 * Return: the 0-based index of the keyslot within the device's keyslots.
228 return slot - slot->profile->slots; in blk_crypto_keyslot_index()
233 * blk_crypto_get_keyslot() - Get a keyslot for a key, if needed.
234 * @profile: the crypto profile of the device the key will be used on
235 * @key: the key that will be used
238 * later to release it. Otherwise, NULL will be stored here.
241 * the specified key. If the key is already in a slot, this reuses it;
242 * otherwise this waits for a slot to become idle and programs the key into it.
244 * Context: Process context. Takes and releases profile->lock.
249 const struct blk_crypto_key *key, in blk_crypto_get_keyslot() argument
262 if (profile->num_slots == 0) in blk_crypto_get_keyslot()
265 down_read(&profile->lock); in blk_crypto_get_keyslot()
266 slot = blk_crypto_find_and_grab_keyslot(profile, key); in blk_crypto_get_keyslot()
267 up_read(&profile->lock); in blk_crypto_get_keyslot()
273 slot = blk_crypto_find_and_grab_keyslot(profile, key); in blk_crypto_get_keyslot()
281 * already programmed with the key. So try to program it. in blk_crypto_get_keyslot()
283 if (!list_empty(&profile->idle_slots)) in blk_crypto_get_keyslot()
287 wait_event(profile->idle_slots_wait_queue, in blk_crypto_get_keyslot()
288 !list_empty(&profile->idle_slots)); in blk_crypto_get_keyslot()
291 slot = list_first_entry(&profile->idle_slots, struct blk_crypto_keyslot, in blk_crypto_get_keyslot()
295 err = profile->ll_ops.keyslot_program(profile, key, slot_idx); in blk_crypto_get_keyslot()
297 wake_up(&profile->idle_slots_wait_queue); in blk_crypto_get_keyslot()
302 /* Move this slot to the hash list for the new key. */ in blk_crypto_get_keyslot()
303 if (slot->key) in blk_crypto_get_keyslot()
304 hlist_del(&slot->hash_node); in blk_crypto_get_keyslot()
305 slot->key = key; in blk_crypto_get_keyslot()
306 hlist_add_head(&slot->hash_node, in blk_crypto_get_keyslot()
307 blk_crypto_hash_bucket_for_key(profile, key)); in blk_crypto_get_keyslot()
309 atomic_set(&slot->slot_refs, 1); in blk_crypto_get_keyslot()
320 * blk_crypto_put_keyslot() - Release a reference to a keyslot
321 * @slot: The keyslot to release the reference of
327 struct blk_crypto_profile *profile = slot->profile; in blk_crypto_put_keyslot()
330 if (atomic_dec_and_lock_irqsave(&slot->slot_refs, in blk_crypto_put_keyslot()
331 &profile->idle_slots_lock, flags)) { in blk_crypto_put_keyslot()
332 list_add_tail(&slot->idle_slot_node, &profile->idle_slots); in blk_crypto_put_keyslot()
333 spin_unlock_irqrestore(&profile->idle_slots_lock, flags); in blk_crypto_put_keyslot()
334 wake_up(&profile->idle_slots_wait_queue); in blk_crypto_put_keyslot()
339 * __blk_crypto_cfg_supported() - Check whether the given crypto profile
351 if (!(profile->modes_supported[cfg->crypto_mode] & cfg->data_unit_size)) in __blk_crypto_cfg_supported()
353 if (profile->max_dun_bytes_supported < cfg->dun_bytes) in __blk_crypto_cfg_supported()
359 * This is an internal function that evicts a key from an inline encryption
360 * device that can be either a real device or the blk-crypto-fallback "device".
364 const struct blk_crypto_key *key) in __blk_crypto_evict_key() argument
369 if (profile->num_slots == 0) { in __blk_crypto_evict_key()
370 if (profile->ll_ops.keyslot_evict) { in __blk_crypto_evict_key()
372 err = profile->ll_ops.keyslot_evict(profile, key, -1); in __blk_crypto_evict_key()
380 slot = blk_crypto_find_keyslot(profile, key); in __blk_crypto_evict_key()
383 * Not an error, since a key not in use by I/O is not guaranteed in __blk_crypto_evict_key()
390 if (WARN_ON_ONCE(atomic_read(&slot->slot_refs) != 0)) { in __blk_crypto_evict_key()
391 /* BUG: key is still in use by I/O */ in __blk_crypto_evict_key()
392 err = -EBUSY; in __blk_crypto_evict_key()
395 err = profile->ll_ops.keyslot_evict(profile, key, in __blk_crypto_evict_key()
399 * Callers free the key even on error, so unlink the key from the hash in __blk_crypto_evict_key()
400 * table and clear slot->key even on error. in __blk_crypto_evict_key()
402 hlist_del(&slot->hash_node); in __blk_crypto_evict_key()
403 slot->key = NULL; in __blk_crypto_evict_key()
410 * blk_crypto_reprogram_all_keys() - Re-program all keyslots.
413 * Re-program all keyslots that are supposed to have a key programmed. This is
416 * Context: Process context. Takes and releases profile->lock.
422 if (profile->num_slots == 0) in blk_crypto_reprogram_all_keys()
426 down_write(&profile->lock); in blk_crypto_reprogram_all_keys()
427 for (slot = 0; slot < profile->num_slots; slot++) { in blk_crypto_reprogram_all_keys()
428 const struct blk_crypto_key *key = profile->slots[slot].key; in blk_crypto_reprogram_all_keys() local
431 if (!key) in blk_crypto_reprogram_all_keys()
434 err = profile->ll_ops.keyslot_program(profile, key, slot); in blk_crypto_reprogram_all_keys()
437 up_write(&profile->lock); in blk_crypto_reprogram_all_keys()
445 lockdep_unregister_key(&profile->lockdep_key); in blk_crypto_profile_destroy()
446 kvfree(profile->slot_hashtable); in blk_crypto_profile_destroy()
447 kvfree_sensitive(profile->slots, in blk_crypto_profile_destroy()
448 sizeof(profile->slots[0]) * profile->num_slots); in blk_crypto_profile_destroy()
460 q->crypto_profile = profile; in blk_crypto_register()
466 * blk_crypto_intersect_capabilities() - restrict supported crypto capabilities
483 parent->max_dun_bytes_supported = in blk_crypto_intersect_capabilities()
484 min(parent->max_dun_bytes_supported, in blk_crypto_intersect_capabilities()
485 child->max_dun_bytes_supported); in blk_crypto_intersect_capabilities()
486 for (i = 0; i < ARRAY_SIZE(child->modes_supported); i++) in blk_crypto_intersect_capabilities()
487 parent->modes_supported[i] &= child->modes_supported[i]; in blk_crypto_intersect_capabilities()
489 parent->max_dun_bytes_supported = 0; in blk_crypto_intersect_capabilities()
490 memset(parent->modes_supported, 0, in blk_crypto_intersect_capabilities()
491 sizeof(parent->modes_supported)); in blk_crypto_intersect_capabilities()
497 * blk_crypto_has_capabilities() - Check whether @target supports at least all
515 for (i = 0; i < ARRAY_SIZE(target->modes_supported); i++) { in blk_crypto_has_capabilities()
516 if (reference->modes_supported[i] & ~target->modes_supported[i]) in blk_crypto_has_capabilities()
520 if (reference->max_dun_bytes_supported > in blk_crypto_has_capabilities()
521 target->max_dun_bytes_supported) in blk_crypto_has_capabilities()
529 * blk_crypto_update_capabilities() - Update the capabilities of a crypto
536 * Blk-crypto requires that crypto capabilities that were
546 * for blk-crypto to see stale values - they only cause blk-crypto to
548 * might result in blk-crypto-fallback being used if available, or the bio being
554 memcpy(dst->modes_supported, src->modes_supported, in blk_crypto_update_capabilities()
555 sizeof(dst->modes_supported)); in blk_crypto_update_capabilities()
557 dst->max_dun_bytes_supported = src->max_dun_bytes_supported; in blk_crypto_update_capabilities()