xref: /linux/fs/crypto/bio.c (revision cbafa54aa2ae23939846e150ad4ba98c784f6395)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * This contains encryption functions for per-file encryption.
4  *
5  * Copyright (C) 2015, Google, Inc.
6  * Copyright (C) 2015, Motorola Mobility
7  *
8  * Written by Michael Halcrow, 2014.
9  *
10  * Filename encryption additions
11  *	Uday Savagaonkar, 2014
12  * Encryption policy handling additions
13  *	Ildar Muslukhov, 2014
14  * Add fscrypt_pullback_bio_page()
15  *	Jaegeuk Kim, 2015.
16  *
17  * This has not yet undergone a rigorous security audit.
18  *
19  * The usage of AES-XTS should conform to recommendations in NIST
20  * Special Publication 800-38E and IEEE P1619/D16.
21  */
22 
23 #include <linux/pagemap.h>
24 #include <linux/module.h>
25 #include <linux/bio.h>
26 #include <linux/namei.h>
27 #include "fscrypt_private.h"
28 
29 void fscrypt_decrypt_bio(struct bio *bio)
30 {
31 	struct bio_vec *bv;
32 	struct bvec_iter_all iter_all;
33 
34 	bio_for_each_segment_all(bv, bio, iter_all) {
35 		struct page *page = bv->bv_page;
36 		int ret = fscrypt_decrypt_pagecache_blocks(page, bv->bv_len,
37 							   bv->bv_offset);
38 		if (ret)
39 			SetPageError(page);
40 	}
41 }
42 EXPORT_SYMBOL(fscrypt_decrypt_bio);
43 
44 static int fscrypt_zeroout_range_inline_crypt(const struct inode *inode,
45 					      pgoff_t lblk, sector_t pblk,
46 					      unsigned int len)
47 {
48 	const unsigned int blockbits = inode->i_blkbits;
49 	const unsigned int blocks_per_page = 1 << (PAGE_SHIFT - blockbits);
50 	struct bio *bio;
51 	int ret, err = 0;
52 	int num_pages = 0;
53 
54 	/* This always succeeds since __GFP_DIRECT_RECLAIM is set. */
55 	bio = bio_alloc(GFP_NOFS, BIO_MAX_VECS);
56 
57 	while (len) {
58 		unsigned int blocks_this_page = min(len, blocks_per_page);
59 		unsigned int bytes_this_page = blocks_this_page << blockbits;
60 
61 		if (num_pages == 0) {
62 			fscrypt_set_bio_crypt_ctx(bio, inode, lblk, GFP_NOFS);
63 			bio_set_dev(bio, inode->i_sb->s_bdev);
64 			bio->bi_iter.bi_sector =
65 					pblk << (blockbits - SECTOR_SHIFT);
66 			bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
67 		}
68 		ret = bio_add_page(bio, ZERO_PAGE(0), bytes_this_page, 0);
69 		if (WARN_ON(ret != bytes_this_page)) {
70 			err = -EIO;
71 			goto out;
72 		}
73 		num_pages++;
74 		len -= blocks_this_page;
75 		lblk += blocks_this_page;
76 		pblk += blocks_this_page;
77 		if (num_pages == BIO_MAX_VECS || !len ||
78 		    !fscrypt_mergeable_bio(bio, inode, lblk)) {
79 			err = submit_bio_wait(bio);
80 			if (err)
81 				goto out;
82 			bio_reset(bio);
83 			num_pages = 0;
84 		}
85 	}
86 out:
87 	bio_put(bio);
88 	return err;
89 }
90 
91 /**
92  * fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file
93  * @inode: the file's inode
94  * @lblk: the first file logical block to zero out
95  * @pblk: the first filesystem physical block to zero out
96  * @len: number of blocks to zero out
97  *
98  * Zero out filesystem blocks in an encrypted regular file on-disk, i.e. write
99  * ciphertext blocks which decrypt to the all-zeroes block.  The blocks must be
100  * both logically and physically contiguous.  It's also assumed that the
101  * filesystem only uses a single block device, ->s_bdev.
102  *
103  * Note that since each block uses a different IV, this involves writing a
104  * different ciphertext to each block; we can't simply reuse the same one.
105  *
106  * Return: 0 on success; -errno on failure.
107  */
108 int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
109 			  sector_t pblk, unsigned int len)
110 {
111 	const unsigned int blockbits = inode->i_blkbits;
112 	const unsigned int blocksize = 1 << blockbits;
113 	const unsigned int blocks_per_page_bits = PAGE_SHIFT - blockbits;
114 	const unsigned int blocks_per_page = 1 << blocks_per_page_bits;
115 	struct page *pages[16]; /* write up to 16 pages at a time */
116 	unsigned int nr_pages;
117 	unsigned int i;
118 	unsigned int offset;
119 	struct bio *bio;
120 	int ret, err;
121 
122 	if (len == 0)
123 		return 0;
124 
125 	if (fscrypt_inode_uses_inline_crypto(inode))
126 		return fscrypt_zeroout_range_inline_crypt(inode, lblk, pblk,
127 							  len);
128 
129 	BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_VECS);
130 	nr_pages = min_t(unsigned int, ARRAY_SIZE(pages),
131 			 (len + blocks_per_page - 1) >> blocks_per_page_bits);
132 
133 	/*
134 	 * We need at least one page for ciphertext.  Allocate the first one
135 	 * from a mempool, with __GFP_DIRECT_RECLAIM set so that it can't fail.
136 	 *
137 	 * Any additional page allocations are allowed to fail, as they only
138 	 * help performance, and waiting on the mempool for them could deadlock.
139 	 */
140 	for (i = 0; i < nr_pages; i++) {
141 		pages[i] = fscrypt_alloc_bounce_page(i == 0 ? GFP_NOFS :
142 						     GFP_NOWAIT | __GFP_NOWARN);
143 		if (!pages[i])
144 			break;
145 	}
146 	nr_pages = i;
147 	if (WARN_ON(nr_pages <= 0))
148 		return -EINVAL;
149 
150 	/* This always succeeds since __GFP_DIRECT_RECLAIM is set. */
151 	bio = bio_alloc(GFP_NOFS, nr_pages);
152 
153 	do {
154 		bio_set_dev(bio, inode->i_sb->s_bdev);
155 		bio->bi_iter.bi_sector = pblk << (blockbits - 9);
156 		bio_set_op_attrs(bio, REQ_OP_WRITE, 0);
157 
158 		i = 0;
159 		offset = 0;
160 		do {
161 			err = fscrypt_crypt_block(inode, FS_ENCRYPT, lblk,
162 						  ZERO_PAGE(0), pages[i],
163 						  blocksize, offset, GFP_NOFS);
164 			if (err)
165 				goto out;
166 			lblk++;
167 			pblk++;
168 			len--;
169 			offset += blocksize;
170 			if (offset == PAGE_SIZE || len == 0) {
171 				ret = bio_add_page(bio, pages[i++], offset, 0);
172 				if (WARN_ON(ret != offset)) {
173 					err = -EIO;
174 					goto out;
175 				}
176 				offset = 0;
177 			}
178 		} while (i != nr_pages && len != 0);
179 
180 		err = submit_bio_wait(bio);
181 		if (err)
182 			goto out;
183 		bio_reset(bio);
184 	} while (len != 0);
185 	err = 0;
186 out:
187 	bio_put(bio);
188 	for (i = 0; i < nr_pages; i++)
189 		fscrypt_free_bounce_page(pages[i]);
190 	return err;
191 }
192 EXPORT_SYMBOL(fscrypt_zeroout_range);
193