| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|
| 2 | /* |
|---|
| 3 | * Utility functions for file contents encryption/decryption on |
|---|
| 4 | * block device-based filesystems. |
|---|
| 5 | * |
|---|
| 6 | * Copyright (C) 2015, Google, Inc. |
|---|
| 7 | * Copyright (C) 2015, Motorola Mobility |
|---|
| 8 | */ |
|---|
| 9 | |
|---|
| 10 | #include <linux/pagemap.h> |
|---|
| 11 | #include <linux/module.h> |
|---|
| 12 | #include <linux/bio.h> |
|---|
| 13 | #include <linux/namei.h> |
|---|
| 14 | #include "fscrypt_private.h" |
|---|
| 15 | |
|---|
| 16 | /** |
|---|
| 17 | * fscrypt_decrypt_bio() - decrypt the contents of a bio |
|---|
| 18 | * @bio: the bio to decrypt |
|---|
| 19 | * |
|---|
| 20 | * Decrypt the contents of a "read" bio following successful completion of the |
|---|
| 21 | * underlying disk read. The bio must be reading a whole number of blocks of an |
|---|
| 22 | * encrypted file directly into the page cache. If the bio is reading the |
|---|
| 23 | * ciphertext into bounce pages instead of the page cache (for example, because |
|---|
| 24 | * the file is also compressed, so decompression is required after decryption), |
|---|
| 25 | * then this function isn't applicable. This function may sleep, so it must be |
|---|
| 26 | * called from a workqueue rather than from the bio's bi_end_io callback. |
|---|
| 27 | * |
|---|
| 28 | * Return: %true on success; %false on failure. On failure, bio->bi_status is |
|---|
| 29 | * also set to an error status. |
|---|
| 30 | */ |
|---|
| 31 | bool fscrypt_decrypt_bio(struct bio *bio) |
|---|
| 32 | { |
|---|
| 33 | struct folio_iter fi; |
|---|
| 34 | |
|---|
| 35 | bio_for_each_folio_all(fi, bio) { |
|---|
| 36 | int err = fscrypt_decrypt_pagecache_blocks(folio: fi.folio, len: fi.length, |
|---|
| 37 | offs: fi.offset); |
|---|
| 38 | |
|---|
| 39 | if (err) { |
|---|
| 40 | bio->bi_status = errno_to_blk_status(errno: err); |
|---|
| 41 | return false; |
|---|
| 42 | } |
|---|
| 43 | } |
|---|
| 44 | return true; |
|---|
| 45 | } |
|---|
| 46 | EXPORT_SYMBOL(fscrypt_decrypt_bio); |
|---|
| 47 | |
|---|
| 48 | static int fscrypt_zeroout_range_inline_crypt(const struct inode *inode, |
|---|
| 49 | pgoff_t lblk, sector_t pblk, |
|---|
| 50 | unsigned int len) |
|---|
| 51 | { |
|---|
| 52 | const unsigned int blockbits = inode->i_blkbits; |
|---|
| 53 | const unsigned int blocks_per_page = 1 << (PAGE_SHIFT - blockbits); |
|---|
| 54 | struct bio *bio; |
|---|
| 55 | int ret, err = 0; |
|---|
| 56 | int num_pages = 0; |
|---|
| 57 | |
|---|
| 58 | /* This always succeeds since __GFP_DIRECT_RECLAIM is set. */ |
|---|
| 59 | bio = bio_alloc(bdev: inode->i_sb->s_bdev, BIO_MAX_VECS, opf: REQ_OP_WRITE, |
|---|
| 60 | GFP_NOFS); |
|---|
| 61 | |
|---|
| 62 | while (len) { |
|---|
| 63 | unsigned int blocks_this_page = min(len, blocks_per_page); |
|---|
| 64 | unsigned int bytes_this_page = blocks_this_page << blockbits; |
|---|
| 65 | |
|---|
| 66 | if (num_pages == 0) { |
|---|
| 67 | fscrypt_set_bio_crypt_ctx(bio, inode, first_lblk: lblk, GFP_NOFS); |
|---|
| 68 | bio->bi_iter.bi_sector = |
|---|
| 69 | pblk << (blockbits - SECTOR_SHIFT); |
|---|
| 70 | } |
|---|
| 71 | ret = bio_add_page(bio, ZERO_PAGE(0), len: bytes_this_page, off: 0); |
|---|
| 72 | if (WARN_ON_ONCE(ret != bytes_this_page)) { |
|---|
| 73 | err = -EIO; |
|---|
| 74 | goto out; |
|---|
| 75 | } |
|---|
| 76 | num_pages++; |
|---|
| 77 | len -= blocks_this_page; |
|---|
| 78 | lblk += blocks_this_page; |
|---|
| 79 | pblk += blocks_this_page; |
|---|
| 80 | if (num_pages == BIO_MAX_VECS || !len || |
|---|
| 81 | !fscrypt_mergeable_bio(bio, inode, next_lblk: lblk)) { |
|---|
| 82 | err = submit_bio_wait(bio); |
|---|
| 83 | if (err) |
|---|
| 84 | goto out; |
|---|
| 85 | bio_reset(bio, bdev: inode->i_sb->s_bdev, opf: REQ_OP_WRITE); |
|---|
| 86 | num_pages = 0; |
|---|
| 87 | } |
|---|
| 88 | } |
|---|
| 89 | out: |
|---|
| 90 | bio_put(bio); |
|---|
| 91 | return err; |
|---|
| 92 | } |
|---|
| 93 | |
|---|
| 94 | /** |
|---|
| 95 | * fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file |
|---|
| 96 | * @inode: the file's inode |
|---|
| 97 | * @lblk: the first file logical block to zero out |
|---|
| 98 | * @pblk: the first filesystem physical block to zero out |
|---|
| 99 | * @len: number of blocks to zero out |
|---|
| 100 | * |
|---|
| 101 | * Zero out filesystem blocks in an encrypted regular file on-disk, i.e. write |
|---|
| 102 | * ciphertext blocks which decrypt to the all-zeroes block. The blocks must be |
|---|
| 103 | * both logically and physically contiguous. It's also assumed that the |
|---|
| 104 | * filesystem only uses a single block device, ->s_bdev. |
|---|
| 105 | * |
|---|
| 106 | * Note that since each block uses a different IV, this involves writing a |
|---|
| 107 | * different ciphertext to each block; we can't simply reuse the same one. |
|---|
| 108 | * |
|---|
| 109 | * Return: 0 on success; -errno on failure. |
|---|
| 110 | */ |
|---|
| 111 | int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
|---|
| 112 | sector_t pblk, unsigned int len) |
|---|
| 113 | { |
|---|
| 114 | const struct fscrypt_inode_info *ci = inode->i_crypt_info; |
|---|
| 115 | const unsigned int du_bits = ci->ci_data_unit_bits; |
|---|
| 116 | const unsigned int du_size = 1U << du_bits; |
|---|
| 117 | const unsigned int du_per_page_bits = PAGE_SHIFT - du_bits; |
|---|
| 118 | const unsigned int du_per_page = 1U << du_per_page_bits; |
|---|
| 119 | u64 du_index = (u64)lblk << (inode->i_blkbits - du_bits); |
|---|
| 120 | u64 du_remaining = (u64)len << (inode->i_blkbits - du_bits); |
|---|
| 121 | sector_t sector = pblk << (inode->i_blkbits - SECTOR_SHIFT); |
|---|
| 122 | struct page *pages[16]; /* write up to 16 pages at a time */ |
|---|
| 123 | unsigned int nr_pages; |
|---|
| 124 | unsigned int i; |
|---|
| 125 | unsigned int offset; |
|---|
| 126 | struct bio *bio; |
|---|
| 127 | int ret, err; |
|---|
| 128 | |
|---|
| 129 | if (len == 0) |
|---|
| 130 | return 0; |
|---|
| 131 | |
|---|
| 132 | if (fscrypt_inode_uses_inline_crypto(inode)) |
|---|
| 133 | return fscrypt_zeroout_range_inline_crypt(inode, lblk, pblk, |
|---|
| 134 | len); |
|---|
| 135 | |
|---|
| 136 | BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_VECS); |
|---|
| 137 | nr_pages = min_t(u64, ARRAY_SIZE(pages), |
|---|
| 138 | (du_remaining + du_per_page - 1) >> du_per_page_bits); |
|---|
| 139 | |
|---|
| 140 | /* |
|---|
| 141 | * We need at least one page for ciphertext. Allocate the first one |
|---|
| 142 | * from a mempool, with __GFP_DIRECT_RECLAIM set so that it can't fail. |
|---|
| 143 | * |
|---|
| 144 | * Any additional page allocations are allowed to fail, as they only |
|---|
| 145 | * help performance, and waiting on the mempool for them could deadlock. |
|---|
| 146 | */ |
|---|
| 147 | for (i = 0; i < nr_pages; i++) { |
|---|
| 148 | pages[i] = fscrypt_alloc_bounce_page(gfp_flags: i == 0 ? GFP_NOFS : |
|---|
| 149 | GFP_NOWAIT | __GFP_NOWARN); |
|---|
| 150 | if (!pages[i]) |
|---|
| 151 | break; |
|---|
| 152 | } |
|---|
| 153 | nr_pages = i; |
|---|
| 154 | if (WARN_ON_ONCE(nr_pages <= 0)) |
|---|
| 155 | return -EINVAL; |
|---|
| 156 | |
|---|
| 157 | /* This always succeeds since __GFP_DIRECT_RECLAIM is set. */ |
|---|
| 158 | bio = bio_alloc(bdev: inode->i_sb->s_bdev, nr_vecs: nr_pages, opf: REQ_OP_WRITE, GFP_NOFS); |
|---|
| 159 | |
|---|
| 160 | do { |
|---|
| 161 | bio->bi_iter.bi_sector = sector; |
|---|
| 162 | |
|---|
| 163 | i = 0; |
|---|
| 164 | offset = 0; |
|---|
| 165 | do { |
|---|
| 166 | err = fscrypt_crypt_data_unit(ci, rw: FS_ENCRYPT, index: du_index, |
|---|
| 167 | ZERO_PAGE(0), dest_page: pages[i], |
|---|
| 168 | len: du_size, offs: offset, |
|---|
| 169 | GFP_NOFS); |
|---|
| 170 | if (err) |
|---|
| 171 | goto out; |
|---|
| 172 | du_index++; |
|---|
| 173 | sector += 1U << (du_bits - SECTOR_SHIFT); |
|---|
| 174 | du_remaining--; |
|---|
| 175 | offset += du_size; |
|---|
| 176 | if (offset == PAGE_SIZE || du_remaining == 0) { |
|---|
| 177 | ret = bio_add_page(bio, page: pages[i++], len: offset, off: 0); |
|---|
| 178 | if (WARN_ON_ONCE(ret != offset)) { |
|---|
| 179 | err = -EIO; |
|---|
| 180 | goto out; |
|---|
| 181 | } |
|---|
| 182 | offset = 0; |
|---|
| 183 | } |
|---|
| 184 | } while (i != nr_pages && du_remaining != 0); |
|---|
| 185 | |
|---|
| 186 | err = submit_bio_wait(bio); |
|---|
| 187 | if (err) |
|---|
| 188 | goto out; |
|---|
| 189 | bio_reset(bio, bdev: inode->i_sb->s_bdev, opf: REQ_OP_WRITE); |
|---|
| 190 | } while (du_remaining != 0); |
|---|
| 191 | err = 0; |
|---|
| 192 | out: |
|---|
| 193 | bio_put(bio); |
|---|
| 194 | for (i = 0; i < nr_pages; i++) |
|---|
| 195 | fscrypt_free_bounce_page(bounce_page: pages[i]); |
|---|
| 196 | return err; |
|---|
| 197 | } |
|---|
| 198 | EXPORT_SYMBOL(fscrypt_zeroout_range); |
|---|
| 199 | |
|---|
