From patchwork Fri Oct 13 16:04:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 152648 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp2001094vqb; Fri, 13 Oct 2023 09:13:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG6re9XPQPUbymqEzcclvMjS3vKMQ0FPBh9KN2MxLmJVfhkPEi93BVp+iC1dfqhpB6buCrq X-Received: by 2002:a05:6a00:10c2:b0:68f:c9f6:f366 with SMTP id d2-20020a056a0010c200b0068fc9f6f366mr30670533pfu.0.1697213598725; Fri, 13 Oct 2023 09:13:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697213598; cv=none; d=google.com; s=arc-20160816; b=hS9VAdIwdGwc3nhBleardfvLFnfN5cf5/5MwP8sDRwLINHhKAI+cBHzCuzw0WWnfw2 MQhfmeV2I/cNEHn0NPLkPvKhumaet2soHC7Y4Rri4wxJR6gwT66cxPi9Pu2yCZhx3yIl xzXQVSPcF251wwIzey+hwD4UDwNct+GEMKL1UKIwqcYd1LDNIW8QDF62l5Z7mxaNW5QY lfUGp1V3NgqS8LjdQWNPL33d/pAoxO3UPnqfsiWlJlwrWl/9z0GduZsqWas3mc32rGHM 3aCi7KwWvfXckJSwTxH8IjNzwILY+ytdBJtdoxmUW4EQB5HqW3TrZ+zWTHDxg2o3fiaV A3uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KBU+evKYv1DNx1iSvDhlzRDqOL3+5VRS9ZOU8xNhh8s=; fh=QCasRecNkSMoqSQLnZiX89u33dCID3L05AOtURpI2pA=; b=x3ILMX0DLQgxvZxTxAbVV8F5aasVJG4LfmyHYpcDWuipcyJsgcobqSjVmBsXHQU5XJ lV5CPWbbRnXooUJVje3Y8n3AGAyMCumcLijDjMgh53u3eTxC0DpQ92h5T+NgK+uFct7V +MRC5hYOcfVZE9DB1oVK9tX3H8zSyshtcCOZ/5dadQUYTi7gH/1s39INh4toNLHuaY71 +vedm2Tp2gpY2HqrsBnrW01PHL4xAPCPs7rm9/dg+ugf85mJUpE5F/UxS+nApzjcQtQq qmAqkv4qan/1yYmnsIcUyWkWH/HfTHjEyUtgQ3CQlHDUZmFpBfzwreSq7h0dkVKq/Zmd UTxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Pq4OfSne; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id n22-20020a635c56000000b00577448019cbsi4804535pgm.841.2023.10.13.09.13.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Oct 2023 09:13:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Pq4OfSne; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 2940B82ACACD; Fri, 13 Oct 2023 09:13:16 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232552AbjJMQNA (ORCPT + 19 others); Fri, 13 Oct 2023 12:13:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232657AbjJMQMp (ORCPT ); Fri, 13 Oct 2023 12:12:45 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71A3F59FD for ; Fri, 13 Oct 2023 09:09:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1697213281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KBU+evKYv1DNx1iSvDhlzRDqOL3+5VRS9ZOU8xNhh8s=; b=Pq4OfSneZxG7pqrzAmfdfMUvY7h7pNYU0pau8lzGVMUkI/8cHpZZh/H4FkN//S+h0JqxUr 2emYJ5uD0TwqfNo+SzmpIxyohlHtho6eBseNjMn04dQ3iTJc3JmKLrOwElDyYxR0hwOFdh JH4sh5nAu3BAVjhkJ7SvuUPywLhP4Nk= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-463-SPuFm4d-NGGsRvCeqTD79g-1; Fri, 13 Oct 2023 12:06:49 -0400 X-MC-Unique: SPuFm4d-NGGsRvCeqTD79g-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3A8E088B7A1; Fri, 13 Oct 2023 16:06:33 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.42.28.226]) by smtp.corp.redhat.com (Postfix) with ESMTP id 661D91C060DF; Fri, 13 Oct 2023 16:06:29 +0000 (UTC) From: David Howells To: Jeff Layton , Steve French Cc: David Howells , Matthew Wilcox , Marc Dionne , Paulo Alcantara , Shyam Prasad N , Tom Talpey , Dominique Martinet , Ilya Dryomov , Christian Brauner , linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-cachefs@redhat.com Subject: [RFC PATCH 36/53] netfs: Decrypt encrypted content Date: Fri, 13 Oct 2023 17:04:05 +0100 Message-ID: <20231013160423.2218093-37-dhowells@redhat.com> In-Reply-To: <20231013160423.2218093-1-dhowells@redhat.com> References: <20231013160423.2218093-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 13 Oct 2023 09:13:16 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779657446042530018 X-GMAIL-MSGID: 1779657446042530018 Implement a facility to provide decryption for encrypted content to a whole read-request in one go (which might have been stitched together from disparate sources with divisions that don't match page boundaries). Note that this doesn't necessarily gain the best throughput if the crypto block size is equal to or less than the size of a page (in which case we might be better doing it as pages become read), but it will handle crypto blocks larger than the size of a page. Signed-off-by: David Howells cc: Jeff Layton cc: linux-cachefs@redhat.com cc: linux-fsdevel@vger.kernel.org cc: linux-mm@kvack.org --- fs/netfs/crypto.c | 59 ++++++++++++++++++++++++++++++++++++ fs/netfs/internal.h | 1 + fs/netfs/io.c | 6 +++- include/linux/netfs.h | 3 ++ include/trace/events/netfs.h | 2 ++ 5 files changed, 70 insertions(+), 1 deletion(-) diff --git a/fs/netfs/crypto.c b/fs/netfs/crypto.c index 943d01f430e2..6729bcda4f47 100644 --- a/fs/netfs/crypto.c +++ b/fs/netfs/crypto.c @@ -87,3 +87,62 @@ bool netfs_encrypt(struct netfs_io_request *wreq) wreq->error = ret; return false; } + +/* + * Decrypt the result of a read request. + */ +void netfs_decrypt(struct netfs_io_request *rreq) +{ + struct netfs_inode *ctx = netfs_inode(rreq->inode); + struct scatterlist source_sg[16], dest_sg[16]; + unsigned int n_source; + size_t n, chunk, bsize = 1UL << ctx->crypto_bshift; + loff_t pos; + int ret; + + trace_netfs_rreq(rreq, netfs_rreq_trace_decrypt); + if (rreq->start >= rreq->i_size) + return; + + n = min_t(unsigned long long, rreq->len, rreq->i_size - rreq->start); + + _debug("DECRYPT %llx-%llx f=%lx", + rreq->start, rreq->start + n, rreq->flags); + + pos = rreq->start; + for (; n > 0; n -= chunk, pos += chunk) { + chunk = min(n, bsize); + + ret = netfs_iter_to_sglist(&rreq->io_iter, chunk, + source_sg, ARRAY_SIZE(source_sg)); + if (ret < 0) + goto error; + n_source = ret; + + if (test_bit(NETFS_RREQ_CRYPT_IN_PLACE, &rreq->flags)) { + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + source_sg, n_source); + } else { + ret = netfs_iter_to_sglist(&rreq->iter, chunk, + dest_sg, ARRAY_SIZE(dest_sg)); + if (ret < 0) + goto error; + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + dest_sg, ret); + } + + if (ret < 0) + goto error_failed; + } + + return; + +error_failed: + trace_netfs_failure(rreq, NULL, ret, netfs_fail_decryption); +error: + rreq->error = ret; + set_bit(NETFS_RREQ_FAILED, &rreq->flags); + return; +} diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h index 3f4e64968623..8dc68a75d6cd 100644 --- a/fs/netfs/internal.h +++ b/fs/netfs/internal.h @@ -26,6 +26,7 @@ int netfs_prefetch_for_write(struct file *file, struct folio *folio, * crypto.c */ bool netfs_encrypt(struct netfs_io_request *wreq); +void netfs_decrypt(struct netfs_io_request *rreq); /* * direct_write.c diff --git a/fs/netfs/io.c b/fs/netfs/io.c index 36a3f720193a..9887b22e4cb3 100644 --- a/fs/netfs/io.c +++ b/fs/netfs/io.c @@ -398,6 +398,9 @@ static void netfs_rreq_assess(struct netfs_io_request *rreq, bool was_async) return; } + if (!test_bit(NETFS_RREQ_FAILED, &rreq->flags) && + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) + netfs_decrypt(rreq); if (rreq->origin != NETFS_DIO_READ) netfs_rreq_unlock_folios(rreq); else @@ -427,7 +430,8 @@ static void netfs_rreq_work(struct work_struct *work) static void netfs_rreq_terminated(struct netfs_io_request *rreq, bool was_async) { - if (test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) && + if ((test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) || + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) && was_async) { if (!queue_work(system_unbound_wq, &rreq->work)) BUG(); diff --git a/include/linux/netfs.h b/include/linux/netfs.h index cdb471938225..524e6f5ff3fd 100644 --- a/include/linux/netfs.h +++ b/include/linux/netfs.h @@ -326,6 +326,9 @@ struct netfs_request_ops { int (*encrypt_block)(struct netfs_io_request *wreq, loff_t pos, size_t len, struct scatterlist *source_sg, unsigned int n_source, struct scatterlist *dest_sg, unsigned int n_dest); + int (*decrypt_block)(struct netfs_io_request *rreq, loff_t pos, size_t len, + struct scatterlist *source_sg, unsigned int n_source, + struct scatterlist *dest_sg, unsigned int n_dest); }; /* diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h index 70e2f9a48f24..2f35057602fa 100644 --- a/include/trace/events/netfs.h +++ b/include/trace/events/netfs.h @@ -40,6 +40,7 @@ #define netfs_rreq_traces \ EM(netfs_rreq_trace_assess, "ASSESS ") \ EM(netfs_rreq_trace_copy, "COPY ") \ + EM(netfs_rreq_trace_decrypt, "DECRYPT") \ EM(netfs_rreq_trace_done, "DONE ") \ EM(netfs_rreq_trace_encrypt, "ENCRYPT") \ EM(netfs_rreq_trace_free, "FREE ") \ @@ -75,6 +76,7 @@ #define netfs_failures \ EM(netfs_fail_check_write_begin, "check-write-begin") \ EM(netfs_fail_copy_to_cache, "copy-to-cache") \ + EM(netfs_fail_decryption, "decryption") \ EM(netfs_fail_dio_read_short, "dio-read-short") \ EM(netfs_fail_dio_read_zero, "dio-read-zero") \ EM(netfs_fail_encryption, "encryption") \