From patchwork Thu Dec 7 21:21:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 175443 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp5081079vqy; Thu, 7 Dec 2023 13:43:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IHMGhE5M1m2GGFZ3ZOwtLG0Fry7x754FFEvwHK0h0ykcEpmEDO1SnwrKPNa4wlGmAouIqPp X-Received: by 2002:a05:6a00:b87:b0:6ce:2731:d5b4 with SMTP id g7-20020a056a000b8700b006ce2731d5b4mr3273656pfj.37.1701985382841; Thu, 07 Dec 2023 13:43:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701985382; cv=none; d=google.com; s=arc-20160816; b=rktKt1rrzO5GAQdBh6IUF1NJh9nlA1KjmO1KzwY6WjCG/Ni/t5ouerd9P+HJBtxW0O 4PhAc4mRj5w5eVjCpVHlbll6i2wWUOiCHqkJSk3rZQH/yOkke0LdujlUlsqM6+R7vK22 jjh8THTg0XW89UTClWP1AA4XxIiuPb3CCdyoZdub8pu0SdyiTym4i6qtIwNO4F58u2aL DaXSrfrxVe4+OKVrNdBC4UdsLyBaOrlnpc5pW62kpOGG+AE52dKVhbrpGAch3gueAu/V P5UossyJNEmoiGbqzz4GOM8QMk76+6ephKyEAEcuw2XTxC2aOdg948VyVIItkRkUwdCL MAEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=0/ZWBPm/tHnmUrEq/8pNkYJ1kzJiXAey759Ylmcjid8=; fh=ib4gl95HfLmZdfX9QIMf3rTepWCH9JlNymcDKJTPhJg=; b=RfTlt0FyBSpraU3KaagTnHnBus+d+Uoblm8gnKZkh3A7Ygo1lAIuqzeLse5UnZSu+g mJUoUgDVHeh23eUdXqL+UWOl9Yj/2ZRWzdc1l8oCyaM6d3qiM2RDwjnCVgh2w+8fHzob n55kgWThDQLJfbk8x/P+LZ2EnHaLje3pmn+tTdhwSEj+2Un7ta2/zn5SiqQ1noS3mRfE WqoWkkNSm0d7dx+oIHAcWzk+TsDFf6kTNy0/wv9xag5hkYHlUNzvI2+UClD4XWd6uZto 50kbdffhOmxPHMoQcqW7DoxeF+exjdTTrg9dbVlQmCiigehwCd6DVXu/+GGNTNhH12/s LPBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="XrMi/RP0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id t23-20020aa79397000000b006cd97ba7ccbsi324020pfe.232.2023.12.07.13.43.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Dec 2023 13:43:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="XrMi/RP0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 0818080ABB1E; Thu, 7 Dec 2023 13:43:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231756AbjLGVml (ORCPT + 99 others); Thu, 7 Dec 2023 16:42:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444127AbjLGV0E (ORCPT ); Thu, 7 Dec 2023 16:26:04 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 835CC3C23 for ; Thu, 7 Dec 2023 13:24:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701984265; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0/ZWBPm/tHnmUrEq/8pNkYJ1kzJiXAey759Ylmcjid8=; b=XrMi/RP03tfwJI5I+4sn3Ri2I59pB2Eqy6rZ2l0gariLO3LW5L1IvXkr9vqsw5NM2OaMJk RekBSiZSS2HR21CDfnMzVJ33iILIu65WJmN4B+YkA0TZKXXzF/gAz8z8ipDUqU+sMIpFae zXrfpcxxirwWHfxCSVWmMG2KH6AxmdE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-77-GRh1YG8LNE-t36Dw5asoYA-1; Thu, 07 Dec 2023 16:24:23 -0500 X-MC-Unique: GRh1YG8LNE-t36Dw5asoYA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5F78D86C043; Thu, 7 Dec 2023 21:24:22 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.161]) by smtp.corp.redhat.com (Postfix) with ESMTP id B769D8174; Thu, 7 Dec 2023 21:24:19 +0000 (UTC) From: David Howells To: Jeff Layton , Steve French Cc: David Howells , Matthew Wilcox , Marc Dionne , Paulo Alcantara , Shyam Prasad N , Tom Talpey , Dominique Martinet , Eric Van Hensbergen , Ilya Dryomov , Christian Brauner , linux-cachefs@redhat.com, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 38/59] netfs: Decrypt encrypted content Date: Thu, 7 Dec 2023 21:21:45 +0000 Message-ID: <20231207212206.1379128-39-dhowells@redhat.com> In-Reply-To: <20231207212206.1379128-1-dhowells@redhat.com> References: <20231207212206.1379128-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 07 Dec 2023 13:43:00 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1784661024402212095 X-GMAIL-MSGID: 1784661024402212095 Implement a facility to provide decryption for encrypted content to a whole read-request in one go (which might have been stitched together from disparate sources with divisions that don't match page boundaries). Note that this doesn't necessarily gain the best throughput if the crypto block size is equal to or less than the size of a page (in which case we might be better doing it as pages become read), but it will handle crypto blocks larger than the size of a page. Signed-off-by: David Howells cc: Jeff Layton cc: linux-cachefs@redhat.com cc: linux-fsdevel@vger.kernel.org cc: linux-mm@kvack.org --- fs/netfs/crypto.c | 59 ++++++++++++++++++++++++++++++++++++ fs/netfs/internal.h | 1 + fs/netfs/io.c | 6 +++- include/linux/netfs.h | 3 ++ include/trace/events/netfs.h | 2 ++ 5 files changed, 70 insertions(+), 1 deletion(-) diff --git a/fs/netfs/crypto.c b/fs/netfs/crypto.c index 943d01f430e2..6729bcda4f47 100644 --- a/fs/netfs/crypto.c +++ b/fs/netfs/crypto.c @@ -87,3 +87,62 @@ bool netfs_encrypt(struct netfs_io_request *wreq) wreq->error = ret; return false; } + +/* + * Decrypt the result of a read request. + */ +void netfs_decrypt(struct netfs_io_request *rreq) +{ + struct netfs_inode *ctx = netfs_inode(rreq->inode); + struct scatterlist source_sg[16], dest_sg[16]; + unsigned int n_source; + size_t n, chunk, bsize = 1UL << ctx->crypto_bshift; + loff_t pos; + int ret; + + trace_netfs_rreq(rreq, netfs_rreq_trace_decrypt); + if (rreq->start >= rreq->i_size) + return; + + n = min_t(unsigned long long, rreq->len, rreq->i_size - rreq->start); + + _debug("DECRYPT %llx-%llx f=%lx", + rreq->start, rreq->start + n, rreq->flags); + + pos = rreq->start; + for (; n > 0; n -= chunk, pos += chunk) { + chunk = min(n, bsize); + + ret = netfs_iter_to_sglist(&rreq->io_iter, chunk, + source_sg, ARRAY_SIZE(source_sg)); + if (ret < 0) + goto error; + n_source = ret; + + if (test_bit(NETFS_RREQ_CRYPT_IN_PLACE, &rreq->flags)) { + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + source_sg, n_source); + } else { + ret = netfs_iter_to_sglist(&rreq->iter, chunk, + dest_sg, ARRAY_SIZE(dest_sg)); + if (ret < 0) + goto error; + ret = ctx->ops->decrypt_block(rreq, pos, chunk, + source_sg, n_source, + dest_sg, ret); + } + + if (ret < 0) + goto error_failed; + } + + return; + +error_failed: + trace_netfs_failure(rreq, NULL, ret, netfs_fail_decryption); +error: + rreq->error = ret; + set_bit(NETFS_RREQ_FAILED, &rreq->flags); + return; +} diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h index 9412ec886df1..b6c142ef996a 100644 --- a/fs/netfs/internal.h +++ b/fs/netfs/internal.h @@ -30,6 +30,7 @@ int netfs_prefetch_for_write(struct file *file, struct folio *folio, * crypto.c */ bool netfs_encrypt(struct netfs_io_request *wreq); +void netfs_decrypt(struct netfs_io_request *rreq); /* * direct_write.c diff --git a/fs/netfs/io.c b/fs/netfs/io.c index 5d9098db815a..e4633ebc269f 100644 --- a/fs/netfs/io.c +++ b/fs/netfs/io.c @@ -400,6 +400,9 @@ static void netfs_rreq_assess(struct netfs_io_request *rreq, bool was_async) return; } + if (!test_bit(NETFS_RREQ_FAILED, &rreq->flags) && + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) + netfs_decrypt(rreq); if (rreq->origin != NETFS_DIO_READ) netfs_rreq_unlock_folios(rreq); else @@ -429,7 +432,8 @@ static void netfs_rreq_work(struct work_struct *work) static void netfs_rreq_terminated(struct netfs_io_request *rreq, bool was_async) { - if (test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) && + if ((test_bit(NETFS_RREQ_INCOMPLETE_IO, &rreq->flags) || + test_bit(NETFS_RREQ_CONTENT_ENCRYPTION, &rreq->flags)) && was_async) { if (!queue_work(system_unbound_wq, &rreq->work)) BUG(); diff --git a/include/linux/netfs.h b/include/linux/netfs.h index c2985f73d870..50adcf6942b8 100644 --- a/include/linux/netfs.h +++ b/include/linux/netfs.h @@ -325,6 +325,9 @@ struct netfs_request_ops { int (*encrypt_block)(struct netfs_io_request *wreq, loff_t pos, size_t len, struct scatterlist *source_sg, unsigned int n_source, struct scatterlist *dest_sg, unsigned int n_dest); + int (*decrypt_block)(struct netfs_io_request *rreq, loff_t pos, size_t len, + struct scatterlist *source_sg, unsigned int n_source, + struct scatterlist *dest_sg, unsigned int n_dest); }; /* diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h index 3f50819613e2..6394fdf7a9cd 100644 --- a/include/trace/events/netfs.h +++ b/include/trace/events/netfs.h @@ -40,6 +40,7 @@ #define netfs_rreq_traces \ EM(netfs_rreq_trace_assess, "ASSESS ") \ EM(netfs_rreq_trace_copy, "COPY ") \ + EM(netfs_rreq_trace_decrypt, "DECRYPT") \ EM(netfs_rreq_trace_done, "DONE ") \ EM(netfs_rreq_trace_encrypt, "ENCRYPT") \ EM(netfs_rreq_trace_free, "FREE ") \ @@ -75,6 +76,7 @@ #define netfs_failures \ EM(netfs_fail_check_write_begin, "check-write-begin") \ EM(netfs_fail_copy_to_cache, "copy-to-cache") \ + EM(netfs_fail_decryption, "decryption") \ EM(netfs_fail_dio_read_short, "dio-read-short") \ EM(netfs_fail_dio_read_zero, "dio-read-zero") \ EM(netfs_fail_encryption, "encryption") \