mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 02:36:02 +00:00
block: Make blk-integrity preclude hardware inline encryption
Whenever a device supports blk-integrity, make the kernel pretend that the device doesn't support inline encryption (essentially by setting the keyslot manager in the request queue to NULL). There's no hardware currently that supports both integrity and inline encryption. However, it seems possible that there will be such hardware in the near future (like the NVMe key per I/O support that might support both inline encryption and PI). But properly integrating both features is not trivial, and without real hardware that implements both, it is difficult to tell if it will be done correctly by the majority of hardware that support both. So it seems best not to support both features together right now, and to decide what to do at probe time. Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
parent
a892c8d52c
commit
d145dc2303
@ -42,6 +42,9 @@ struct bio_integrity_payload *bio_integrity_alloc(struct bio *bio,
|
|||||||
struct bio_set *bs = bio->bi_pool;
|
struct bio_set *bs = bio->bi_pool;
|
||||||
unsigned inline_vecs;
|
unsigned inline_vecs;
|
||||||
|
|
||||||
|
if (WARN_ON_ONCE(bio_has_crypt_ctx(bio)))
|
||||||
|
return ERR_PTR(-EOPNOTSUPP);
|
||||||
|
|
||||||
if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) {
|
if (!bs || !mempool_initialized(&bs->bio_integrity_pool)) {
|
||||||
bip = kmalloc(struct_size(bip, bip_inline_vecs, nr_vecs), gfp_mask);
|
bip = kmalloc(struct_size(bip, bip_inline_vecs, nr_vecs), gfp_mask);
|
||||||
inline_vecs = nr_vecs;
|
inline_vecs = nr_vecs;
|
||||||
|
@ -409,6 +409,13 @@ void blk_integrity_register(struct gendisk *disk, struct blk_integrity *template
|
|||||||
bi->tag_size = template->tag_size;
|
bi->tag_size = template->tag_size;
|
||||||
|
|
||||||
disk->queue->backing_dev_info->capabilities |= BDI_CAP_STABLE_WRITES;
|
disk->queue->backing_dev_info->capabilities |= BDI_CAP_STABLE_WRITES;
|
||||||
|
|
||||||
|
#ifdef CONFIG_BLK_INLINE_ENCRYPTION
|
||||||
|
if (disk->queue->ksm) {
|
||||||
|
pr_warn("blk-integrity: Integrity and hardware inline encryption are not supported together. Disabling hardware inline encryption.\n");
|
||||||
|
blk_ksm_unregister(disk->queue);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(blk_integrity_register);
|
EXPORT_SYMBOL(blk_integrity_register);
|
||||||
|
|
||||||
|
@ -25,6 +25,9 @@
|
|||||||
* Upper layers will call blk_ksm_get_slot_for_key() to program a
|
* Upper layers will call blk_ksm_get_slot_for_key() to program a
|
||||||
* key into some slot in the inline encryption hardware.
|
* key into some slot in the inline encryption hardware.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#define pr_fmt(fmt) "blk-crypto: " fmt
|
||||||
|
|
||||||
#include <linux/keyslot-manager.h>
|
#include <linux/keyslot-manager.h>
|
||||||
#include <linux/atomic.h>
|
#include <linux/atomic.h>
|
||||||
#include <linux/mutex.h>
|
#include <linux/mutex.h>
|
||||||
@ -376,3 +379,19 @@ void blk_ksm_destroy(struct blk_keyslot_manager *ksm)
|
|||||||
memzero_explicit(ksm, sizeof(*ksm));
|
memzero_explicit(ksm, sizeof(*ksm));
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(blk_ksm_destroy);
|
EXPORT_SYMBOL_GPL(blk_ksm_destroy);
|
||||||
|
|
||||||
|
bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q)
|
||||||
|
{
|
||||||
|
if (blk_integrity_queue_supports_integrity(q)) {
|
||||||
|
pr_warn("Integrity and hardware inline encryption are not supported together. Disabling hardware inline encryption.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
q->ksm = ksm;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(blk_ksm_register);
|
||||||
|
|
||||||
|
void blk_ksm_unregister(struct request_queue *q)
|
||||||
|
{
|
||||||
|
q->ksm = NULL;
|
||||||
|
}
|
||||||
|
@ -1583,6 +1583,12 @@ struct blk_integrity *bdev_get_integrity(struct block_device *bdev)
|
|||||||
return blk_get_integrity(bdev->bd_disk);
|
return blk_get_integrity(bdev->bd_disk);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline bool
|
||||||
|
blk_integrity_queue_supports_integrity(struct request_queue *q)
|
||||||
|
{
|
||||||
|
return q->integrity.profile;
|
||||||
|
}
|
||||||
|
|
||||||
static inline bool blk_integrity_rq(struct request *rq)
|
static inline bool blk_integrity_rq(struct request *rq)
|
||||||
{
|
{
|
||||||
return rq->cmd_flags & REQ_INTEGRITY;
|
return rq->cmd_flags & REQ_INTEGRITY;
|
||||||
@ -1663,6 +1669,11 @@ static inline struct blk_integrity *blk_get_integrity(struct gendisk *disk)
|
|||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
static inline bool
|
||||||
|
blk_integrity_queue_supports_integrity(struct request_queue *q)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
static inline int blk_integrity_compare(struct gendisk *a, struct gendisk *b)
|
static inline int blk_integrity_compare(struct gendisk *a, struct gendisk *b)
|
||||||
{
|
{
|
||||||
return 0;
|
return 0;
|
||||||
@ -1714,6 +1725,25 @@ static inline struct bio_vec *rq_integrity_vec(struct request *rq)
|
|||||||
|
|
||||||
#endif /* CONFIG_BLK_DEV_INTEGRITY */
|
#endif /* CONFIG_BLK_DEV_INTEGRITY */
|
||||||
|
|
||||||
|
#ifdef CONFIG_BLK_INLINE_ENCRYPTION
|
||||||
|
|
||||||
|
bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q);
|
||||||
|
|
||||||
|
void blk_ksm_unregister(struct request_queue *q);
|
||||||
|
|
||||||
|
#else /* CONFIG_BLK_INLINE_ENCRYPTION */
|
||||||
|
|
||||||
|
static inline bool blk_ksm_register(struct blk_keyslot_manager *ksm,
|
||||||
|
struct request_queue *q)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void blk_ksm_unregister(struct request_queue *q) { }
|
||||||
|
|
||||||
|
#endif /* CONFIG_BLK_INLINE_ENCRYPTION */
|
||||||
|
|
||||||
|
|
||||||
struct block_device_operations {
|
struct block_device_operations {
|
||||||
int (*open) (struct block_device *, fmode_t);
|
int (*open) (struct block_device *, fmode_t);
|
||||||
void (*release) (struct gendisk *, fmode_t);
|
void (*release) (struct gendisk *, fmode_t);
|
||||||
|
Loading…
Reference in New Issue
Block a user