mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 08:02:30 +00:00
325b764089
internal_hash and journal_mac capabilities. - Various DM writecache fixes to address performance, fix table output to match what was provided at table creation, fix writing beyond end of device when shrinking underlying data device, and a couple other small cleanups. - Add DM crypt support for using trusted keys. - Fix deadlock when swapping to DM crypt device by throttling number of in-flight REQ_SWAP bios. Implemented in DM core so that other bio-based targets can opt-in by setting ti->limit_swap_bios. - Fix various inverted logic bugs in the .iterate_devices callout functions that are used to assess if specific feature or capability is supported across all devices being combined/stacked by DM. - Fix DM era target bugs that exposed users to lost writes or memory leaks. - Add DM core support for passing through inline crypto support of underlying devices. Includes block/keyslot-manager changes that enable extending this support to DM. - Various small fixes and cleanups (spelling fixes, front padding calculation cleanup, cleanup conditional zoned support in targets, etc). -----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEJfWUX4UqZ4x1O2wixSPxCi2dA1oFAmAqxggTHHNuaXR6ZXJA cmVkaGF0LmNvbQAKCRDFI/EKLZ0DWjVOCACkZKleQhsCEYHNtjZ40Du+4PPBvESA O+ScdUCeik4YUXvQtlFRPcYxxOH0zL0CUivLnNlsKzGTTgulw5azgFNuUTzIhH5y a86Q+DReigPegzVCCOenInU18pYa03rLtYOAb6SK49IqVeMWMFSJVBv73HWS7OFV slMlsQCN46YgbviYsGUXk5+uKMET4ijJZVW+8zSYg0GsWLHdgQtBkEoojO1n9H2B jio2Nvhto0bJ4dV482lmd3G+LABmaBbLs0Xx/a7iHVigkIYZz4BHwDYNz/EQnNEi dYlOrSL9a6ur+DFR6vxShzG40LbK7KVr8jHiXyKv2WZA7FMK0l4fyEFV =E+n3 -----END PGP SIGNATURE----- Merge tag 'for-5.12/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - Fix DM integrity's HMAC support to provide enhanced security of internal_hash and journal_mac capabilities. - Various DM writecache fixes to address performance, fix table output to match what was provided at table creation, fix writing beyond end of device when shrinking underlying data device, and a couple other small cleanups. - Add DM crypt support for using trusted keys. - Fix deadlock when swapping to DM crypt device by throttling number of in-flight REQ_SWAP bios. Implemented in DM core so that other bio-based targets can opt-in by setting ti->limit_swap_bios. - Fix various inverted logic bugs in the .iterate_devices callout functions that are used to assess if specific feature or capability is supported across all devices being combined/stacked by DM. - Fix DM era target bugs that exposed users to lost writes or memory leaks. - Add DM core support for passing through inline crypto support of underlying devices. Includes block/keyslot-manager changes that enable extending this support to DM. - Various small fixes and cleanups (spelling fixes, front padding calculation cleanup, cleanup conditional zoned support in targets, etc). * tag 'for-5.12/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (31 commits) dm: fix deadlock when swapping to encrypted device dm: simplify target code conditional on CONFIG_BLK_DEV_ZONED dm: set DM_TARGET_PASSES_CRYPTO feature for some targets dm: support key eviction from keyslot managers of underlying devices dm: add support for passing through inline crypto support block/keyslot-manager: Introduce functions for device mapper support block/keyslot-manager: Introduce passthrough keyslot manager dm era: only resize metadata in preresume dm era: Use correct value size in equality function of writeset tree dm era: Fix bitset memory leaks dm era: Verify the data block size hasn't changed dm era: Reinitialize bitset cache before digesting a new writeset dm era: Update in-core bitset after committing the metadata dm era: Recover committed writeset after crash dm writecache: use bdev_nr_sectors() instead of open-coded equivalent dm writecache: fix writing beyond end of underlying device when shrinking dm table: remove needless request_queue NULL pointer checks dm table: fix zoned iterate_devices based device capability checks dm table: fix DAX iterate_devices based device capability checks dm table: fix iterate_devices based device capability checks ...
120 lines
3.8 KiB
C
120 lines
3.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright 2019 Google LLC
|
|
*/
|
|
|
|
#ifndef __LINUX_KEYSLOT_MANAGER_H
|
|
#define __LINUX_KEYSLOT_MANAGER_H
|
|
|
|
#include <linux/bio.h>
|
|
#include <linux/blk-crypto.h>
|
|
|
|
struct blk_keyslot_manager;
|
|
|
|
/**
|
|
* struct blk_ksm_ll_ops - functions to manage keyslots in hardware
|
|
* @keyslot_program: Program the specified key into the specified slot in the
|
|
* inline encryption hardware.
|
|
* @keyslot_evict: Evict key from the specified keyslot in the hardware.
|
|
* The key is provided so that e.g. dm layers can evict
|
|
* keys from the devices that they map over.
|
|
* Returns 0 on success, -errno otherwise.
|
|
*
|
|
* This structure should be provided by storage device drivers when they set up
|
|
* a keyslot manager - this structure holds the function ptrs that the keyslot
|
|
* manager will use to manipulate keyslots in the hardware.
|
|
*/
|
|
struct blk_ksm_ll_ops {
|
|
int (*keyslot_program)(struct blk_keyslot_manager *ksm,
|
|
const struct blk_crypto_key *key,
|
|
unsigned int slot);
|
|
int (*keyslot_evict)(struct blk_keyslot_manager *ksm,
|
|
const struct blk_crypto_key *key,
|
|
unsigned int slot);
|
|
};
|
|
|
|
struct blk_keyslot_manager {
|
|
/*
|
|
* The struct blk_ksm_ll_ops that this keyslot manager will use
|
|
* to perform operations like programming and evicting keys on the
|
|
* device
|
|
*/
|
|
struct blk_ksm_ll_ops ksm_ll_ops;
|
|
|
|
/*
|
|
* The maximum number of bytes supported for specifying the data unit
|
|
* number.
|
|
*/
|
|
unsigned int max_dun_bytes_supported;
|
|
|
|
/*
|
|
* Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents
|
|
* whether a crypto mode and data unit size are supported. The i'th
|
|
* bit of crypto_mode_supported[crypto_mode] is set iff a data unit
|
|
* size of (1 << i) is supported. We only support data unit sizes
|
|
* that are powers of 2.
|
|
*/
|
|
unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX];
|
|
|
|
/* Device for runtime power management (NULL if none) */
|
|
struct device *dev;
|
|
|
|
/* Here onwards are *private* fields for internal keyslot manager use */
|
|
|
|
unsigned int num_slots;
|
|
|
|
/* Protects programming and evicting keys from the device */
|
|
struct rw_semaphore lock;
|
|
|
|
/* List of idle slots, with least recently used slot at front */
|
|
wait_queue_head_t idle_slots_wait_queue;
|
|
struct list_head idle_slots;
|
|
spinlock_t idle_slots_lock;
|
|
|
|
/*
|
|
* Hash table which maps struct *blk_crypto_key to keyslots, so that we
|
|
* can find a key's keyslot in O(1) time rather than O(num_slots).
|
|
* Protected by 'lock'.
|
|
*/
|
|
struct hlist_head *slot_hashtable;
|
|
unsigned int log_slot_ht_size;
|
|
|
|
/* Per-keyslot data */
|
|
struct blk_ksm_keyslot *slots;
|
|
};
|
|
|
|
int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots);
|
|
|
|
int devm_blk_ksm_init(struct device *dev, struct blk_keyslot_manager *ksm,
|
|
unsigned int num_slots);
|
|
|
|
blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm,
|
|
const struct blk_crypto_key *key,
|
|
struct blk_ksm_keyslot **slot_ptr);
|
|
|
|
unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot);
|
|
|
|
void blk_ksm_put_slot(struct blk_ksm_keyslot *slot);
|
|
|
|
bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
|
|
const struct blk_crypto_config *cfg);
|
|
|
|
int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
|
|
const struct blk_crypto_key *key);
|
|
|
|
void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm);
|
|
|
|
void blk_ksm_destroy(struct blk_keyslot_manager *ksm);
|
|
|
|
void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent,
|
|
const struct blk_keyslot_manager *child);
|
|
|
|
void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm);
|
|
|
|
bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset,
|
|
struct blk_keyslot_manager *ksm_subset);
|
|
|
|
void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm,
|
|
struct blk_keyslot_manager *reference_ksm);
|
|
|
|
#endif /* __LINUX_KEYSLOT_MANAGER_H */
|