1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Utility functions for file contents encryption/decryption on |
4 | * block device-based filesystems. |
5 | * |
6 | * Copyright (C) 2015, Google, Inc. |
7 | * Copyright (C) 2015, Motorola Mobility |
8 | */ |
9 | |
10 | #include <linux/pagemap.h> |
11 | #include <linux/module.h> |
12 | #include <linux/bio.h> |
13 | #include <linux/namei.h> |
14 | #include "fscrypt_private.h" |
15 | |
16 | /** |
17 | * fscrypt_decrypt_bio() - decrypt the contents of a bio |
18 | * @bio: the bio to decrypt |
19 | * |
20 | * Decrypt the contents of a "read" bio following successful completion of the |
21 | * underlying disk read. The bio must be reading a whole number of blocks of an |
22 | * encrypted file directly into the page cache. If the bio is reading the |
23 | * ciphertext into bounce pages instead of the page cache (for example, because |
24 | * the file is also compressed, so decompression is required after decryption), |
25 | * then this function isn't applicable. This function may sleep, so it must be |
26 | * called from a workqueue rather than from the bio's bi_end_io callback. |
27 | * |
28 | * Return: %true on success; %false on failure. On failure, bio->bi_status is |
29 | * also set to an error status. |
30 | */ |
31 | bool fscrypt_decrypt_bio(struct bio *bio) |
32 | { |
33 | struct folio_iter fi; |
34 | |
35 | bio_for_each_folio_all(fi, bio) { |
36 | int err = fscrypt_decrypt_pagecache_blocks(folio: fi.folio, len: fi.length, |
37 | offs: fi.offset); |
38 | |
39 | if (err) { |
40 | bio->bi_status = errno_to_blk_status(errno: err); |
41 | return false; |
42 | } |
43 | } |
44 | return true; |
45 | } |
46 | EXPORT_SYMBOL(fscrypt_decrypt_bio); |
47 | |
48 | static int fscrypt_zeroout_range_inline_crypt(const struct inode *inode, |
49 | pgoff_t lblk, sector_t pblk, |
50 | unsigned int len) |
51 | { |
52 | const unsigned int blockbits = inode->i_blkbits; |
53 | const unsigned int blocks_per_page = 1 << (PAGE_SHIFT - blockbits); |
54 | struct bio *bio; |
55 | int ret, err = 0; |
56 | int num_pages = 0; |
57 | |
58 | /* This always succeeds since __GFP_DIRECT_RECLAIM is set. */ |
59 | bio = bio_alloc(bdev: inode->i_sb->s_bdev, BIO_MAX_VECS, opf: REQ_OP_WRITE, |
60 | GFP_NOFS); |
61 | |
62 | while (len) { |
63 | unsigned int blocks_this_page = min(len, blocks_per_page); |
64 | unsigned int bytes_this_page = blocks_this_page << blockbits; |
65 | |
66 | if (num_pages == 0) { |
67 | fscrypt_set_bio_crypt_ctx(bio, inode, first_lblk: lblk, GFP_NOFS); |
68 | bio->bi_iter.bi_sector = |
69 | pblk << (blockbits - SECTOR_SHIFT); |
70 | } |
71 | ret = bio_add_page(bio, ZERO_PAGE(0), len: bytes_this_page, off: 0); |
72 | if (WARN_ON_ONCE(ret != bytes_this_page)) { |
73 | err = -EIO; |
74 | goto out; |
75 | } |
76 | num_pages++; |
77 | len -= blocks_this_page; |
78 | lblk += blocks_this_page; |
79 | pblk += blocks_this_page; |
80 | if (num_pages == BIO_MAX_VECS || !len || |
81 | !fscrypt_mergeable_bio(bio, inode, next_lblk: lblk)) { |
82 | err = submit_bio_wait(bio); |
83 | if (err) |
84 | goto out; |
85 | bio_reset(bio, bdev: inode->i_sb->s_bdev, opf: REQ_OP_WRITE); |
86 | num_pages = 0; |
87 | } |
88 | } |
89 | out: |
90 | bio_put(bio); |
91 | return err; |
92 | } |
93 | |
94 | /** |
95 | * fscrypt_zeroout_range() - zero out a range of blocks in an encrypted file |
96 | * @inode: the file's inode |
97 | * @lblk: the first file logical block to zero out |
98 | * @pblk: the first filesystem physical block to zero out |
99 | * @len: number of blocks to zero out |
100 | * |
101 | * Zero out filesystem blocks in an encrypted regular file on-disk, i.e. write |
102 | * ciphertext blocks which decrypt to the all-zeroes block. The blocks must be |
103 | * both logically and physically contiguous. It's also assumed that the |
104 | * filesystem only uses a single block device, ->s_bdev. |
105 | * |
106 | * Note that since each block uses a different IV, this involves writing a |
107 | * different ciphertext to each block; we can't simply reuse the same one. |
108 | * |
109 | * Return: 0 on success; -errno on failure. |
110 | */ |
111 | int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
112 | sector_t pblk, unsigned int len) |
113 | { |
114 | const struct fscrypt_inode_info *ci = inode->i_crypt_info; |
115 | const unsigned int du_bits = ci->ci_data_unit_bits; |
116 | const unsigned int du_size = 1U << du_bits; |
117 | const unsigned int du_per_page_bits = PAGE_SHIFT - du_bits; |
118 | const unsigned int du_per_page = 1U << du_per_page_bits; |
119 | u64 du_index = (u64)lblk << (inode->i_blkbits - du_bits); |
120 | u64 du_remaining = (u64)len << (inode->i_blkbits - du_bits); |
121 | sector_t sector = pblk << (inode->i_blkbits - SECTOR_SHIFT); |
122 | struct page *pages[16]; /* write up to 16 pages at a time */ |
123 | unsigned int nr_pages; |
124 | unsigned int i; |
125 | unsigned int offset; |
126 | struct bio *bio; |
127 | int ret, err; |
128 | |
129 | if (len == 0) |
130 | return 0; |
131 | |
132 | if (fscrypt_inode_uses_inline_crypto(inode)) |
133 | return fscrypt_zeroout_range_inline_crypt(inode, lblk, pblk, |
134 | len); |
135 | |
136 | BUILD_BUG_ON(ARRAY_SIZE(pages) > BIO_MAX_VECS); |
137 | nr_pages = min_t(u64, ARRAY_SIZE(pages), |
138 | (du_remaining + du_per_page - 1) >> du_per_page_bits); |
139 | |
140 | /* |
141 | * We need at least one page for ciphertext. Allocate the first one |
142 | * from a mempool, with __GFP_DIRECT_RECLAIM set so that it can't fail. |
143 | * |
144 | * Any additional page allocations are allowed to fail, as they only |
145 | * help performance, and waiting on the mempool for them could deadlock. |
146 | */ |
147 | for (i = 0; i < nr_pages; i++) { |
148 | pages[i] = fscrypt_alloc_bounce_page(gfp_flags: i == 0 ? GFP_NOFS : |
149 | GFP_NOWAIT | __GFP_NOWARN); |
150 | if (!pages[i]) |
151 | break; |
152 | } |
153 | nr_pages = i; |
154 | if (WARN_ON_ONCE(nr_pages <= 0)) |
155 | return -EINVAL; |
156 | |
157 | /* This always succeeds since __GFP_DIRECT_RECLAIM is set. */ |
158 | bio = bio_alloc(bdev: inode->i_sb->s_bdev, nr_vecs: nr_pages, opf: REQ_OP_WRITE, GFP_NOFS); |
159 | |
160 | do { |
161 | bio->bi_iter.bi_sector = sector; |
162 | |
163 | i = 0; |
164 | offset = 0; |
165 | do { |
166 | err = fscrypt_crypt_data_unit(ci, rw: FS_ENCRYPT, index: du_index, |
167 | ZERO_PAGE(0), dest_page: pages[i], |
168 | len: du_size, offs: offset, |
169 | GFP_NOFS); |
170 | if (err) |
171 | goto out; |
172 | du_index++; |
173 | sector += 1U << (du_bits - SECTOR_SHIFT); |
174 | du_remaining--; |
175 | offset += du_size; |
176 | if (offset == PAGE_SIZE || du_remaining == 0) { |
177 | ret = bio_add_page(bio, page: pages[i++], len: offset, off: 0); |
178 | if (WARN_ON_ONCE(ret != offset)) { |
179 | err = -EIO; |
180 | goto out; |
181 | } |
182 | offset = 0; |
183 | } |
184 | } while (i != nr_pages && du_remaining != 0); |
185 | |
186 | err = submit_bio_wait(bio); |
187 | if (err) |
188 | goto out; |
189 | bio_reset(bio, bdev: inode->i_sb->s_bdev, opf: REQ_OP_WRITE); |
190 | } while (du_remaining != 0); |
191 | err = 0; |
192 | out: |
193 | bio_put(bio); |
194 | for (i = 0; i < nr_pages; i++) |
195 | fscrypt_free_bounce_page(bounce_page: pages[i]); |
196 | return err; |
197 | } |
198 | EXPORT_SYMBOL(fscrypt_zeroout_range); |
199 | |