1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * bio-integrity.c - bio data integrity extensions 4 * 5 * Copyright (C) 2007, 2008, 2009 Oracle Corporation 6 * Written by: Martin K. Petersen <martin.petersen@oracle.com> 7 */ 8 9 #include <linux/blk-integrity.h> 10 #include <linux/mempool.h> 11 #include <linux/export.h> 12 #include <linux/bio.h> 13 #include <linux/workqueue.h> 14 #include <linux/slab.h> 15 #include "blk.h" 16 17 static struct kmem_cache *bip_slab; 18 static struct workqueue_struct *kintegrityd_wq; 19 20 void blk_flush_integrity(void) 21 { 22 flush_workqueue(kintegrityd_wq); 23 } 24 25 static void __bio_integrity_free(struct bio_set *bs, 26 struct bio_integrity_payload *bip) 27 { 28 if (bs && mempool_initialized(&bs->bio_integrity_pool)) { 29 if (bip->bip_vec) 30 bvec_free(&bs->bvec_integrity_pool, bip->bip_vec, 31 bip->bip_max_vcnt); 32 mempool_free(bip, &bs->bio_integrity_pool); 33 } else { 34 kfree(bip); 35 } 36 } 37 38 /** 39 * bio_integrity_alloc - Allocate integrity payload and attach it to bio 40 * @bio: bio to attach integrity metadata to 41 * @gfp_mask: Memory allocation mask 42 * @nr_vecs: Number of integrity metadata scatter-gather elements 43 * 44 * Description: This function prepares a bio for attaching integrity 45 * metadata. nr_vecs specifies the maximum number of pages containing 46 * integrity metadata that can be attached. 47 */ 48 struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio, 49 gfp_t gfp_mask, 50 unsigned int nr_vecs) 51 { 52 struct bio_integrity_payload *bip; 53 struct bio_set *bs = bio->bi_pool; 54 unsigned inline_vecs; 55 56 if (WARN_ON_ONCE(bio_has_crypt_ctx(bio))) 57 return ERR_PTR(-EOPNOTSUPP); 58 59 if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) { 60 bip = kmalloc(struct_size(bip, bip_inline_vecs, nr_vecs), gfp_mask); 61 inline_vecs = nr_vecs; 62 } else { 63 bip = mempool_alloc(&bs->bio_integrity_pool, gfp_mask); 64 inline_vecs = BIO_INLINE_VECS; 65 } 66 67 if (unlikely(!bip)) 68 return ERR_PTR(-ENOMEM); 69 70 memset(bip, 0, sizeof(*bip)); 71 72 /* always report as many vecs as asked explicitly, not inline vecs */ 73 bip->bip_max_vcnt = nr_vecs; 74 if (nr_vecs > inline_vecs) { 75 bip->bip_vec = bvec_alloc(&bs->bvec_integrity_pool, 76 &bip->bip_max_vcnt, gfp_mask); 77 if (!bip->bip_vec) 78 goto err; 79 } else if (nr_vecs) { 80 bip->bip_vec = bip->bip_inline_vecs; 81 } 82 83 bip->bip_bio = bio; 84 bio->bi_integrity = bip; 85 bio->bi_opf |= REQ_INTEGRITY; 86 87 return bip; 88 err: 89 __bio_integrity_free(bs, bip); 90 return ERR_PTR(-ENOMEM); 91 } 92 EXPORT_SYMBOL(bio_integrity_alloc); 93 94 static void bio_integrity_unpin_bvec(struct bio_vec *bv, int nr_vecs, 95 bool dirty) 96 { 97 int i; 98 99 for (i = 0; i < nr_vecs; i++) { 100 if (dirty && !PageCompound(bv[i].bv_page)) 101 set_page_dirty_lock(bv[i].bv_page); 102 unpin_user_page(bv[i].bv_page); 103 } 104 } 105 106 static void bio_integrity_uncopy_user(struct bio_integrity_payload *bip) 107 { 108 unsigned short nr_vecs = bip->bip_max_vcnt - 1; 109 struct bio_vec *copy = &bip->bip_vec[1]; 110 size_t bytes = bip->bip_iter.bi_size; 111 struct iov_iter iter; 112 int ret; 113 114 iov_iter_bvec(&iter, ITER_DEST, copy, nr_vecs, bytes); 115 ret = copy_to_iter(bvec_virt(bip->bip_vec), bytes, &iter); 116 WARN_ON_ONCE(ret != bytes); 117 118 bio_integrity_unpin_bvec(copy, nr_vecs, true); 119 } 120 121 static void bio_integrity_unmap_user(struct bio_integrity_payload *bip) 122 { 123 bool dirty = bio_data_dir(bip->bip_bio) == READ; 124 125 if (bip->bip_flags & BIP_COPY_USER) { 126 if (dirty) 127 bio_integrity_uncopy_user(bip); 128 kfree(bvec_virt(bip->bip_vec)); 129 return; 130 } 131 132 bio_integrity_unpin_bvec(bip->bip_vec, bip->bip_max_vcnt, dirty); 133 } 134 135 /** 136 * bio_integrity_free - Free bio integrity payload 137 * @bio: bio containing bip to be freed 138 * 139 * Description: Used to free the integrity portion of a bio. Usually 140 * called from bio_free(). 141 */ 142 void bio_integrity_free(struct bio *bio) 143 { 144 struct bio_integrity_payload *bip = bio_integrity(bio); 145 struct bio_set *bs = bio->bi_pool; 146 147 if (bip->bip_flags & BIP_INTEGRITY_USER) 148 return; 149 if (bip->bip_flags & BIP_BLOCK_INTEGRITY) 150 kfree(bvec_virt(bip->bip_vec)); 151 152 __bio_integrity_free(bs, bip); 153 bio->bi_integrity = NULL; 154 bio->bi_opf &= ~REQ_INTEGRITY; 155 } 156 157 /** 158 * bio_integrity_unmap_free_user - Unmap and free bio user integrity payload 159 * @bio: bio containing bip to be unmapped and freed 160 * 161 * Description: Used to unmap and free the user mapped integrity portion of a 162 * bio. Submitter attaching the user integrity buffer is responsible for 163 * unmapping and freeing it during completion. 164 */ 165 void bio_integrity_unmap_free_user(struct bio *bio) 166 { 167 struct bio_integrity_payload *bip = bio_integrity(bio); 168 struct bio_set *bs = bio->bi_pool; 169 170 if (WARN_ON_ONCE(!(bip->bip_flags & BIP_INTEGRITY_USER))) 171 return; 172 bio_integrity_unmap_user(bip); 173 __bio_integrity_free(bs, bip); 174 bio->bi_integrity = NULL; 175 bio->bi_opf &= ~REQ_INTEGRITY; 176 } 177 EXPORT_SYMBOL(bio_integrity_unmap_free_user); 178 179 /** 180 * bio_integrity_add_page - Attach integrity metadata 181 * @bio: bio to update 182 * @page: page containing integrity metadata 183 * @len: number of bytes of integrity metadata in page 184 * @offset: start offset within page 185 * 186 * Description: Attach a page containing integrity metadata to bio. 187 */ 188 int bio_integrity_add_page(struct bio *bio, struct page *page, 189 unsigned int len, unsigned int offset) 190 { 191 struct request_queue *q = bdev_get_queue(bio->bi_bdev); 192 struct bio_integrity_payload *bip = bio_integrity(bio); 193 194 if (((bip->bip_iter.bi_size + len) >> SECTOR_SHIFT) > 195 queue_max_hw_sectors(q)) 196 return 0; 197 198 if (bip->bip_vcnt > 0) { 199 struct bio_vec *bv = &bip->bip_vec[bip->bip_vcnt - 1]; 200 bool same_page = false; 201 202 if (bvec_try_merge_hw_page(q, bv, page, len, offset, 203 &same_page)) { 204 bip->bip_iter.bi_size += len; 205 return len; 206 } 207 208 if (bip->bip_vcnt >= 209 min(bip->bip_max_vcnt, queue_max_integrity_segments(q))) 210 return 0; 211 212 /* 213 * If the queue doesn't support SG gaps and adding this segment 214 * would create a gap, disallow it. 215 */ 216 if (bvec_gap_to_prev(&q->limits, bv, offset)) 217 return 0; 218 } 219 220 bvec_set_page(&bip->bip_vec[bip->bip_vcnt], page, len, offset); 221 bip->bip_vcnt++; 222 bip->bip_iter.bi_size += len; 223 224 return len; 225 } 226 EXPORT_SYMBOL(bio_integrity_add_page); 227 228 static int bio_integrity_copy_user(struct bio *bio, struct bio_vec *bvec, 229 int nr_vecs, unsigned int len, 230 unsigned int direction, u32 seed) 231 { 232 bool write = direction == ITER_SOURCE; 233 struct bio_integrity_payload *bip; 234 struct iov_iter iter; 235 void *buf; 236 int ret; 237 238 buf = kmalloc(len, GFP_KERNEL); 239 if (!buf) 240 return -ENOMEM; 241 242 if (write) { 243 iov_iter_bvec(&iter, direction, bvec, nr_vecs, len); 244 if (!copy_from_iter_full(buf, len, &iter)) { 245 ret = -EFAULT; 246 goto free_buf; 247 } 248 249 bip = bio_integrity_alloc(bio, GFP_KERNEL, 1); 250 } else { 251 memset(buf, 0, len); 252 253 /* 254 * We need to preserve the original bvec and the number of vecs 255 * in it for completion handling 256 */ 257 bip = bio_integrity_alloc(bio, GFP_KERNEL, nr_vecs + 1); 258 } 259 260 if (IS_ERR(bip)) { 261 ret = PTR_ERR(bip); 262 goto free_buf; 263 } 264 265 if (write) 266 bio_integrity_unpin_bvec(bvec, nr_vecs, false); 267 else 268 memcpy(&bip->bip_vec[1], bvec, nr_vecs * sizeof(*bvec)); 269 270 ret = bio_integrity_add_page(bio, virt_to_page(buf), len, 271 offset_in_page(buf)); 272 if (ret != len) { 273 ret = -ENOMEM; 274 goto free_bip; 275 } 276 277 bip->bip_flags |= BIP_INTEGRITY_USER | BIP_COPY_USER; 278 bip->bip_iter.bi_sector = seed; 279 bip->bip_vcnt = nr_vecs; 280 return 0; 281 free_bip: 282 bio_integrity_free(bio); 283 free_buf: 284 kfree(buf); 285 return ret; 286 } 287 288 static int bio_integrity_init_user(struct bio *bio, struct bio_vec *bvec, 289 int nr_vecs, unsigned int len, u32 seed) 290 { 291 struct bio_integrity_payload *bip; 292 293 bip = bio_integrity_alloc(bio, GFP_KERNEL, nr_vecs); 294 if (IS_ERR(bip)) 295 return PTR_ERR(bip); 296 297 memcpy(bip->bip_vec, bvec, nr_vecs * sizeof(*bvec)); 298 bip->bip_flags |= BIP_INTEGRITY_USER; 299 bip->bip_iter.bi_sector = seed; 300 bip->bip_iter.bi_size = len; 301 bip->bip_vcnt = nr_vecs; 302 return 0; 303 } 304 305 static unsigned int bvec_from_pages(struct bio_vec *bvec, struct page **pages, 306 int nr_vecs, ssize_t bytes, ssize_t offset) 307 { 308 unsigned int nr_bvecs = 0; 309 int i, j; 310 311 for (i = 0; i < nr_vecs; i = j) { 312 size_t size = min_t(size_t, bytes, PAGE_SIZE - offset); 313 struct folio *folio = page_folio(pages[i]); 314 315 bytes -= size; 316 for (j = i + 1; j < nr_vecs; j++) { 317 size_t next = min_t(size_t, PAGE_SIZE, bytes); 318 319 if (page_folio(pages[j]) != folio || 320 pages[j] != pages[j - 1] + 1) 321 break; 322 unpin_user_page(pages[j]); 323 size += next; 324 bytes -= next; 325 } 326 327 bvec_set_page(&bvec[nr_bvecs], pages[i], size, offset); 328 offset = 0; 329 nr_bvecs++; 330 } 331 332 return nr_bvecs; 333 } 334 335 int bio_integrity_map_user(struct bio *bio, void __user *ubuf, ssize_t bytes, 336 u32 seed) 337 { 338 struct request_queue *q = bdev_get_queue(bio->bi_bdev); 339 unsigned int align = blk_lim_dma_alignment_and_pad(&q->limits); 340 struct page *stack_pages[UIO_FASTIOV], **pages = stack_pages; 341 struct bio_vec stack_vec[UIO_FASTIOV], *bvec = stack_vec; 342 unsigned int direction, nr_bvecs; 343 struct iov_iter iter; 344 int ret, nr_vecs; 345 size_t offset; 346 bool copy; 347 348 if (bio_integrity(bio)) 349 return -EINVAL; 350 if (bytes >> SECTOR_SHIFT > queue_max_hw_sectors(q)) 351 return -E2BIG; 352 353 if (bio_data_dir(bio) == READ) 354 direction = ITER_DEST; 355 else 356 direction = ITER_SOURCE; 357 358 iov_iter_ubuf(&iter, direction, ubuf, bytes); 359 nr_vecs = iov_iter_npages(&iter, BIO_MAX_VECS + 1); 360 if (nr_vecs > BIO_MAX_VECS) 361 return -E2BIG; 362 if (nr_vecs > UIO_FASTIOV) { 363 bvec = kcalloc(nr_vecs, sizeof(*bvec), GFP_KERNEL); 364 if (!bvec) 365 return -ENOMEM; 366 pages = NULL; 367 } 368 369 copy = !iov_iter_is_aligned(&iter, align, align); 370 ret = iov_iter_extract_pages(&iter, &pages, bytes, nr_vecs, 0, &offset); 371 if (unlikely(ret < 0)) 372 goto free_bvec; 373 374 nr_bvecs = bvec_from_pages(bvec, pages, nr_vecs, bytes, offset); 375 if (pages != stack_pages) 376 kvfree(pages); 377 if (nr_bvecs > queue_max_integrity_segments(q)) 378 copy = true; 379 380 if (copy) 381 ret = bio_integrity_copy_user(bio, bvec, nr_bvecs, bytes, 382 direction, seed); 383 else 384 ret = bio_integrity_init_user(bio, bvec, nr_bvecs, bytes, seed); 385 if (ret) 386 goto release_pages; 387 if (bvec != stack_vec) 388 kfree(bvec); 389 390 return 0; 391 392 release_pages: 393 bio_integrity_unpin_bvec(bvec, nr_bvecs, false); 394 free_bvec: 395 if (bvec != stack_vec) 396 kfree(bvec); 397 return ret; 398 } 399 EXPORT_SYMBOL_GPL(bio_integrity_map_user); 400 401 /** 402 * bio_integrity_prep - Prepare bio for integrity I/O 403 * @bio: bio to prepare 404 * 405 * Description: Checks if the bio already has an integrity payload attached. 406 * If it does, the payload has been generated by another kernel subsystem, 407 * and we just pass it through. Otherwise allocates integrity payload. 408 * The bio must have data direction, target device and start sector set priot 409 * to calling. In the WRITE case, integrity metadata will be generated using 410 * the block device's integrity function. In the READ case, the buffer 411 * will be prepared for DMA and a suitable end_io handler set up. 412 */ 413 bool bio_integrity_prep(struct bio *bio) 414 { 415 struct bio_integrity_payload *bip; 416 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 417 unsigned int len; 418 void *buf; 419 gfp_t gfp = GFP_NOIO; 420 421 if (!bi) 422 return true; 423 424 if (!bio_sectors(bio)) 425 return true; 426 427 /* Already protected? */ 428 if (bio_integrity(bio)) 429 return true; 430 431 switch (bio_op(bio)) { 432 case REQ_OP_READ: 433 if (bi->flags & BLK_INTEGRITY_NOVERIFY) 434 return true; 435 break; 436 case REQ_OP_WRITE: 437 if (bi->flags & BLK_INTEGRITY_NOGENERATE) 438 return true; 439 440 /* 441 * Zero the memory allocated to not leak uninitialized kernel 442 * memory to disk for non-integrity metadata where nothing else 443 * initializes the memory. 444 */ 445 if (bi->csum_type == BLK_INTEGRITY_CSUM_NONE) 446 gfp |= __GFP_ZERO; 447 break; 448 default: 449 return true; 450 } 451 452 /* Allocate kernel buffer for protection data */ 453 len = bio_integrity_bytes(bi, bio_sectors(bio)); 454 buf = kmalloc(len, gfp); 455 if (unlikely(buf == NULL)) { 456 goto err_end_io; 457 } 458 459 bip = bio_integrity_alloc(bio, GFP_NOIO, 1); 460 if (IS_ERR(bip)) { 461 kfree(buf); 462 goto err_end_io; 463 } 464 465 bip->bip_flags |= BIP_BLOCK_INTEGRITY; 466 bip_set_seed(bip, bio->bi_iter.bi_sector); 467 468 if (bi->csum_type == BLK_INTEGRITY_CSUM_IP) 469 bip->bip_flags |= BIP_IP_CHECKSUM; 470 471 if (bio_integrity_add_page(bio, virt_to_page(buf), len, 472 offset_in_page(buf)) < len) { 473 printk(KERN_ERR "could not attach integrity payload\n"); 474 goto err_end_io; 475 } 476 477 /* Auto-generate integrity metadata if this is a write */ 478 if (bio_data_dir(bio) == WRITE) 479 blk_integrity_generate(bio); 480 else 481 bip->bio_iter = bio->bi_iter; 482 return true; 483 484 err_end_io: 485 bio->bi_status = BLK_STS_RESOURCE; 486 bio_endio(bio); 487 return false; 488 } 489 EXPORT_SYMBOL(bio_integrity_prep); 490 491 /** 492 * bio_integrity_verify_fn - Integrity I/O completion worker 493 * @work: Work struct stored in bio to be verified 494 * 495 * Description: This workqueue function is called to complete a READ 496 * request. The function verifies the transferred integrity metadata 497 * and then calls the original bio end_io function. 498 */ 499 static void bio_integrity_verify_fn(struct work_struct *work) 500 { 501 struct bio_integrity_payload *bip = 502 container_of(work, struct bio_integrity_payload, bip_work); 503 struct bio *bio = bip->bip_bio; 504 505 blk_integrity_verify(bio); 506 bio_integrity_free(bio); 507 bio_endio(bio); 508 } 509 510 /** 511 * __bio_integrity_endio - Integrity I/O completion function 512 * @bio: Protected bio 513 * 514 * Description: Completion for integrity I/O 515 * 516 * Normally I/O completion is done in interrupt context. However, 517 * verifying I/O integrity is a time-consuming task which must be run 518 * in process context. This function postpones completion 519 * accordingly. 520 */ 521 bool __bio_integrity_endio(struct bio *bio) 522 { 523 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 524 struct bio_integrity_payload *bip = bio_integrity(bio); 525 526 if (bio_op(bio) == REQ_OP_READ && !bio->bi_status && 527 (bip->bip_flags & BIP_BLOCK_INTEGRITY) && bi->csum_type) { 528 INIT_WORK(&bip->bip_work, bio_integrity_verify_fn); 529 queue_work(kintegrityd_wq, &bip->bip_work); 530 return false; 531 } 532 533 bio_integrity_free(bio); 534 return true; 535 } 536 537 /** 538 * bio_integrity_advance - Advance integrity vector 539 * @bio: bio whose integrity vector to update 540 * @bytes_done: number of data bytes that have been completed 541 * 542 * Description: This function calculates how many integrity bytes the 543 * number of completed data bytes correspond to and advances the 544 * integrity vector accordingly. 545 */ 546 void bio_integrity_advance(struct bio *bio, unsigned int bytes_done) 547 { 548 struct bio_integrity_payload *bip = bio_integrity(bio); 549 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 550 unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9); 551 552 bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9); 553 bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes); 554 } 555 556 /** 557 * bio_integrity_trim - Trim integrity vector 558 * @bio: bio whose integrity vector to update 559 * 560 * Description: Used to trim the integrity vector in a cloned bio. 561 */ 562 void bio_integrity_trim(struct bio *bio) 563 { 564 struct bio_integrity_payload *bip = bio_integrity(bio); 565 struct blk_integrity *bi = blk_get_integrity(bio->bi_bdev->bd_disk); 566 567 bip->bip_iter.bi_size = bio_integrity_bytes(bi, bio_sectors(bio)); 568 } 569 EXPORT_SYMBOL(bio_integrity_trim); 570 571 /** 572 * bio_integrity_clone - Callback for cloning bios with integrity metadata 573 * @bio: New bio 574 * @bio_src: Original bio 575 * @gfp_mask: Memory allocation mask 576 * 577 * Description: Called to allocate a bip when cloning a bio 578 */ 579 int bio_integrity_clone(struct bio *bio, struct bio *bio_src, 580 gfp_t gfp_mask) 581 { 582 struct bio_integrity_payload *bip_src = bio_integrity(bio_src); 583 struct bio_integrity_payload *bip; 584 585 BUG_ON(bip_src == NULL); 586 587 bip = bio_integrity_alloc(bio, gfp_mask, 0); 588 if (IS_ERR(bip)) 589 return PTR_ERR(bip); 590 591 bip->bip_vec = bip_src->bip_vec; 592 bip->bip_iter = bip_src->bip_iter; 593 bip->bip_flags = bip_src->bip_flags & ~BIP_BLOCK_INTEGRITY; 594 595 return 0; 596 } 597 598 int bioset_integrity_create(struct bio_set *bs, int pool_size) 599 { 600 if (mempool_initialized(&bs->bio_integrity_pool)) 601 return 0; 602 603 if (mempool_init_slab_pool(&bs->bio_integrity_pool, 604 pool_size, bip_slab)) 605 return -1; 606 607 if (biovec_init_pool(&bs->bvec_integrity_pool, pool_size)) { 608 mempool_exit(&bs->bio_integrity_pool); 609 return -1; 610 } 611 612 return 0; 613 } 614 EXPORT_SYMBOL(bioset_integrity_create); 615 616 void bioset_integrity_free(struct bio_set *bs) 617 { 618 mempool_exit(&bs->bio_integrity_pool); 619 mempool_exit(&bs->bvec_integrity_pool); 620 } 621 622 void __init bio_integrity_init(void) 623 { 624 /* 625 * kintegrityd won't block much but may burn a lot of CPU cycles. 626 * Make it highpri CPU intensive wq with max concurrency of 1. 627 */ 628 kintegrityd_wq = alloc_workqueue("kintegrityd", WQ_MEM_RECLAIM | 629 WQ_HIGHPRI | WQ_CPU_INTENSIVE, 1); 630 if (!kintegrityd_wq) 631 panic("Failed to create kintegrityd\n"); 632 633 bip_slab = kmem_cache_create("bio_integrity_payload", 634 sizeof(struct bio_integrity_payload) + 635 sizeof(struct bio_vec) * BIO_INLINE_VECS, 636 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); 637 } 638