From patchwork Fri Nov 17 21:15:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 166387 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9910:0:b0:403:3b70:6f57 with SMTP id i16csp821195vqn; Fri, 17 Nov 2023 13:24:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IH63W1GmdnuRDXRhdvNmow3m20mlXfL9emM2x772WNJLSMiVmUlc9DZRJwxh1EdQkuj/7d8 X-Received: by 2002:a05:6a20:9144:b0:187:82bb:4a0a with SMTP id x4-20020a056a20914400b0018782bb4a0amr577470pzc.4.1700256268710; Fri, 17 Nov 2023 13:24:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700256268; cv=none; d=google.com; s=arc-20160816; b=bjSLIYPMws+2xLcsUGqNllM7yksvG6XGQyuhgcz/F48IDoc/iH77q2QA711neINcyw laWT3jo6AtdpTr4V6frRcl2WZzIghD8Tar3CoB/Y4ONDMsdvO14Jkl5bkJ/2ccqovXKZ VWpwFUBttmYVWA/qNyuK0J+s/wEgjc7N7YGbCDTwjNJiqKLJksCl8Y5OnaBDW2Awa2m2 Y2yvVGgfx48cXEGSoOseeWffc98uU/iCtOzBw66SskF86URzIdMfksmo24tOe0hA51yx dvvwyypvSqtwd2Lb4mFrAKsC35OZZ1tymAnEId5H01qexMuz0xjCcpV/cKh4PIMkxpGH NQDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PmfXBVlMsm2chMbQyKBBe8+lheiIqsV1CsACyw5IYTE=; fh=lVY/c7gYUTDnyYYKKvGQU3Q29dA69hck6eN/HP5dBQ0=; b=CmKe0gTuK922/SC1xtfjSc9k/zPSYpeH5F/xAMIQzex+f//rd753DGNATDGYMQyCIl 84ZtP1DxPokfQrTaY8qsuzPfVWLFKxOqmq5jWkAlAFfptIPUvW2dFO2Anczesc2VoUQ+ KD5BzzUPW2LFgCb6LSAwxYPPkiWrCXBbYaq7femJ8EGMmNwGGoxOmqE7WSawbrrepZZq k2o0MltKWV0Mmm4gJp160xa7YinKpEyYo9VNMUST5cq2FBGUECWItvixJnxhYsyEan/P 95fCwsYcYQ4iM/oaMgzzb9vgfm010tsoTBhz7nJyxY0QKF9f6dEVQLcNJezeyQjfpYrP vxOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GT6+TjSA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id t13-20020a056a00138d00b006cb49d0ffb6si262529pfg.82.2023.11.17.13.24.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Nov 2023 13:24:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GT6+TjSA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id CE9C3806E4E4; Fri, 17 Nov 2023 13:23:45 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346396AbjKQVVB (ORCPT + 29 others); Fri, 17 Nov 2023 16:21:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235819AbjKQVUf (ORCPT ); Fri, 17 Nov 2023 16:20:35 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F5771739 for ; Fri, 17 Nov 2023 13:18:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1700255887; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PmfXBVlMsm2chMbQyKBBe8+lheiIqsV1CsACyw5IYTE=; b=GT6+TjSAPHCzASYBkd1t6/wF/uuBhGI5KZeEKaiQdkAVSzGPn7WOPKvv9KajIOeDj3o9Dt 8HTGcRk7dlK3tGvsNtkLT/suH8Ve1JU9PLbLbFJq59f4d2OHmAyKLggqDsB2G+dBBLYi5S afxSdQ4IAcMdjjpF2t57URdCMBfi8TI= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-372-e8H8Un-WMimv7o6BGwG5zw-1; Fri, 17 Nov 2023 16:18:04 -0500 X-MC-Unique: e8H8Un-WMimv7o6BGwG5zw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 77ACD185A784; Fri, 17 Nov 2023 21:18:03 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBCAC5036; Fri, 17 Nov 2023 21:18:00 +0000 (UTC) From: David Howells To: Jeff Layton , Steve French Cc: David Howells , Matthew Wilcox , Marc Dionne , Paulo Alcantara , Shyam Prasad N , Tom Talpey , Dominique Martinet , Ilya Dryomov , Christian Brauner , linux-cachefs@redhat.com, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 34/51] netfs: Decrypt encrypted content Date: Fri, 17 Nov 2023 21:15:26 +0000 Message-ID: <20231117211544.1740466-35-dhowells@redhat.com> In-Reply-To: <20231117211544.1740466-1-dhowells@redhat.com> References: <20231117211544.1740466-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 17 Nov 2023 13:23:45 -0800 (PST) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782847917305426978 X-GMAIL-MSGID: 1782847917305426978 Implement a facility to provide decryption for encrypted content to a whole read-request in one go (which might have been stitched together from disparate sources with divisions that don't match page boundaries). Note that this doesn't necessarily gain the best throughput if the crypto block size is equal to or less than the size of a page (in which case we might be better doing it as pages become read), but it will handle crypto blocks larger than the size of a page. Signed-off-by: David Howells cc: Jeff Layton cc: linux-cachefs@redhat.com cc: linux-fsdevel@vger.kernel.org cc: linux-mm@kvack.org --- fs/netfs/crypto.c | 59 ++++++++++++++++++++++++++++++++++++ fs/netfs/internal.h | 1 + fs/netfs/io.c | 6 +++- include/linux/netfs.h | 3 ++ include/trace/events/netfs.h | 2 ++ 5 files changed, 70 insertions(+), 1 deletion(-) diff --git a/fs/netfs/crypto.c b/fs/netfs/crypto.c index 943d01f430e2..6729bcda4f47 100644 --- a/fs/netfs/crypto.c +++ b/fs/netfs/crypto.c @@ -87,3 +87,62 @@ bool netfs_encrypt(struct netfs_io_request *wreq) wreq->error = ret; return false; } + +/* + * Decrypt the result of a read request. + */ +void netfs_decrypt(struct netfs_io_request *rreq) +{ + struct netfs_inode *ctx = netfs_inode(rreq->inode); + struct scatterlist source_sg[16], dest_sg[16]; + unsigned int n_source; + size_t n, chunk, bsize = 1UL << ctx->crypto_bshift; + loff_t pos; + int ret; + + trace_netfs_rreq(rreq, netfs_rreq_trace_decrypt); + if (rreq->start >= rreq->i_size) + return; + + n = min_t(unsigned long long, rreq->len, rreq->i_size - rreq->start); + + _debug("DECRYPT %llx-%llx f=%lx", + rreq->start, rreq->start + n, rreq->flags); + + pos = rreq->start; + for (; n > 0; n -= chunk, pos += chunk) { + chunk = min(n, bsize); + + ret = netfs_iter_to_sglist(&rreq->io_iter, chunk, + source_sg, ARRAY_SIZE(source_sg)); + if (ret < 0) + goto error; + n_source = ret; + + if (test_bit(NETFS_RREQ_CRYPT_IN_PLACE, &rreq->flags)) { + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + source_sg, n_source); + } else { + ret = netfs_iter_to_sglist(&rreq->iter, chunk, + dest_sg, ARRAY_SIZE(dest_sg)); + if (ret < 0) + goto error; + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + dest_sg, ret); + } + + if (ret < 0) + goto error_failed; + } + + return; + +error_failed: + trace_netfs_failure(rreq, NULL, ret, netfs_fail_decryption); +error: + rreq->error = ret; + set_bit(NETFS_RREQ_FAILED, &rreq->flags); + return; +} diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h index d3e74ad478ce..fbecfd9b3174 100644 --- a/fs/netfs/internal.h +++ b/fs/netfs/internal.h @@ -26,6 +26,7 @@ int netfs_prefetch_for_write(struct file *file, struct folio *folio, * crypto.c */ bool netfs_encrypt(struct netfs_io_request *wreq); +void netfs_decrypt(struct netfs_io_request *rreq); /* * direct_write.c diff --git a/fs/netfs/io.c b/fs/netfs/io.c index 36a3f720193a..9887b22e4cb3 100644 --- a/fs/netfs/io.c +++ b/fs/netfs/io.c @@ -398,6 +398,9 @@ static void netfs_rreq_assess(struct netfs_io_request *rreq, bool was_async) return; } + if (!test_bit(NETFS_RREQ_FAILED, &rreq->flags) && + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) + netfs_decrypt(rreq); if (rreq->origin != NETFS_DIO_READ) netfs_rreq_unlock_folios(rreq); else @@ -427,7 +430,8 @@ static void netfs_rreq_work(struct work_struct *work) static void netfs_rreq_terminated(struct netfs_io_request *rreq, bool was_async) { - if (test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) && + if ((test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) || + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) && was_async) { if (!queue_work(system_unbound_wq, &rreq->work)) BUG(); diff --git a/include/linux/netfs.h b/include/linux/netfs.h index 639f1f9cb7e0..364361cc93be 100644 --- a/include/linux/netfs.h +++ b/include/linux/netfs.h @@ -327,6 +327,9 @@ struct netfs_request_ops { int (*encrypt_block)(struct netfs_io_request *wreq, loff_t pos, size_t len, struct scatterlist *source_sg, unsigned int n_source, struct scatterlist *dest_sg, unsigned int n_dest); + int (*decrypt_block)(struct netfs_io_request *rreq, loff_t pos, size_t len, + struct scatterlist *source_sg, unsigned int n_source, + struct scatterlist *dest_sg, unsigned int n_dest); }; /* diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h index 70e2f9a48f24..2f35057602fa 100644 --- a/include/trace/events/netfs.h +++ b/include/trace/events/netfs.h @@ -40,6 +40,7 @@ #define netfs_rreq_traces \ EM(netfs_rreq_trace_assess, "ASSESS ") \ EM(netfs_rreq_trace_copy, "COPY ") \ + EM(netfs_rreq_trace_decrypt, "DECRYPT") \ EM(netfs_rreq_trace_done, "DONE ") \ EM(netfs_rreq_trace_encrypt, "ENCRYPT") \ EM(netfs_rreq_trace_free, "FREE ") \ @@ -75,6 +76,7 @@ #define netfs_failures \ EM(netfs_fail_check_write_begin, "check-write-begin") \ EM(netfs_fail_copy_to_cache, "copy-to-cache") \ + EM(netfs_fail_decryption, "decryption") \ EM(netfs_fail_dio_read_short, "dio-read-short") \ EM(netfs_fail_dio_read_zero, "dio-read-zero") \ EM(netfs_fail_encryption, "encryption") \