// SPDX-License-Identifier: GPL-2.0 /* * Copyright 2019 Google LLC */ /** * DOC: blk-crypto profiles * * 'struct blk_crypto_profile' contains all generic inline encryption-related * state for a particular inline encryption device. blk_crypto_profile serves * as the way that drivers for inline encryption hardware expose their crypto * capabilities and certain functions (e.g., functions to program and evict * keys) to upper layers. Device drivers that want to support inline encryption * construct a crypto profile, then associate it with the disk's request_queue. * * If the device has keyslots, then its blk_crypto_profile also handles managing * these keyslots in a device-independent way, using the driver-provided * functions to program and evict keys as needed. This includes keeping track * of which key and how many I/O requests are using each keyslot, getting * keyslots for I/O requests, and handling key eviction requests. * * For more information, see Documentation/block/inline-encryption.rst. */ #define pr_fmt(fmt) … #include <linux/blk-crypto-profile.h> #include <linux/device.h> #include <linux/atomic.h> #include <linux/mutex.h> #include <linux/pm_runtime.h> #include <linux/wait.h> #include <linux/blkdev.h> #include <linux/blk-integrity.h> #include "blk-crypto-internal.h" struct blk_crypto_keyslot { … }; static inline void blk_crypto_hw_enter(struct blk_crypto_profile *profile) { … } static inline void blk_crypto_hw_exit(struct blk_crypto_profile *profile) { … } /** * blk_crypto_profile_init() - Initialize a blk_crypto_profile * @profile: the blk_crypto_profile to initialize * @num_slots: the number of keyslots * * Storage drivers must call this when starting to set up a blk_crypto_profile, * before filling in additional fields. * * Return: 0 on success, or else a negative error code. */ int blk_crypto_profile_init(struct blk_crypto_profile *profile, unsigned int num_slots) { … } EXPORT_SYMBOL_GPL(…); static void blk_crypto_profile_destroy_callback(void *profile) { … } /** * devm_blk_crypto_profile_init() - Resource-managed blk_crypto_profile_init() * @dev: the device which owns the blk_crypto_profile * @profile: the blk_crypto_profile to initialize * @num_slots: the number of keyslots * * Like blk_crypto_profile_init(), but causes blk_crypto_profile_destroy() to be * called automatically on driver detach. * * Return: 0 on success, or else a negative error code. */ int devm_blk_crypto_profile_init(struct device *dev, struct blk_crypto_profile *profile, unsigned int num_slots) { … } EXPORT_SYMBOL_GPL(…); static inline struct hlist_head * blk_crypto_hash_bucket_for_key(struct blk_crypto_profile *profile, const struct blk_crypto_key *key) { … } static void blk_crypto_remove_slot_from_lru_list(struct blk_crypto_keyslot *slot) { … } static struct blk_crypto_keyslot * blk_crypto_find_keyslot(struct blk_crypto_profile *profile, const struct blk_crypto_key *key) { … } static struct blk_crypto_keyslot * blk_crypto_find_and_grab_keyslot(struct blk_crypto_profile *profile, const struct blk_crypto_key *key) { … } /** * blk_crypto_keyslot_index() - Get the index of a keyslot * @slot: a keyslot that blk_crypto_get_keyslot() returned * * Return: the 0-based index of the keyslot within the device's keyslots. */ unsigned int blk_crypto_keyslot_index(struct blk_crypto_keyslot *slot) { … } EXPORT_SYMBOL_GPL(…); /** * blk_crypto_get_keyslot() - Get a keyslot for a key, if needed. * @profile: the crypto profile of the device the key will be used on * @key: the key that will be used * @slot_ptr: If a keyslot is allocated, an opaque pointer to the keyslot struct * will be stored here. blk_crypto_put_keyslot() must be called * later to release it. Otherwise, NULL will be stored here. * * If the device has keyslots, this gets a keyslot that's been programmed with * the specified key. If the key is already in a slot, this reuses it; * otherwise this waits for a slot to become idle and programs the key into it. * * Context: Process context. Takes and releases profile->lock. * Return: BLK_STS_OK on success, meaning that either a keyslot was allocated or * one wasn't needed; or a blk_status_t error on failure. */ blk_status_t blk_crypto_get_keyslot(struct blk_crypto_profile *profile, const struct blk_crypto_key *key, struct blk_crypto_keyslot **slot_ptr) { … } /** * blk_crypto_put_keyslot() - Release a reference to a keyslot * @slot: The keyslot to release the reference of * * Context: Any context. */ void blk_crypto_put_keyslot(struct blk_crypto_keyslot *slot) { … } /** * __blk_crypto_cfg_supported() - Check whether the given crypto profile * supports the given crypto configuration. * @profile: the crypto profile to check * @cfg: the crypto configuration to check for * * Return: %true if @profile supports the given @cfg. */ bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile, const struct blk_crypto_config *cfg) { … } /* * This is an internal function that evicts a key from an inline encryption * device that can be either a real device or the blk-crypto-fallback "device". * It is used only by blk_crypto_evict_key(); see that function for details. */ int __blk_crypto_evict_key(struct blk_crypto_profile *profile, const struct blk_crypto_key *key) { … } /** * blk_crypto_reprogram_all_keys() - Re-program all keyslots. * @profile: The crypto profile * * Re-program all keyslots that are supposed to have a key programmed. This is * intended only for use by drivers for hardware that loses its keys on reset. * * Context: Process context. Takes and releases profile->lock. */ void blk_crypto_reprogram_all_keys(struct blk_crypto_profile *profile) { … } EXPORT_SYMBOL_GPL(…); void blk_crypto_profile_destroy(struct blk_crypto_profile *profile) { … } EXPORT_SYMBOL_GPL(…); bool blk_crypto_register(struct blk_crypto_profile *profile, struct request_queue *q) { … } EXPORT_SYMBOL_GPL(…); /** * blk_crypto_intersect_capabilities() - restrict supported crypto capabilities * by child device * @parent: the crypto profile for the parent device * @child: the crypto profile for the child device, or NULL * * This clears all crypto capabilities in @parent that aren't set in @child. If * @child is NULL, then this clears all parent capabilities. * * Only use this when setting up the crypto profile for a layered device, before * it's been exposed yet. */ void blk_crypto_intersect_capabilities(struct blk_crypto_profile *parent, const struct blk_crypto_profile *child) { … } EXPORT_SYMBOL_GPL(…); /** * blk_crypto_has_capabilities() - Check whether @target supports at least all * the crypto capabilities that @reference does. * @target: the target profile * @reference: the reference profile * * Return: %true if @target supports all the crypto capabilities of @reference. */ bool blk_crypto_has_capabilities(const struct blk_crypto_profile *target, const struct blk_crypto_profile *reference) { … } EXPORT_SYMBOL_GPL(…); /** * blk_crypto_update_capabilities() - Update the capabilities of a crypto * profile to match those of another crypto * profile. * @dst: The crypto profile whose capabilities to update. * @src: The crypto profile whose capabilities this function will update @dst's * capabilities to. * * Blk-crypto requires that crypto capabilities that were * advertised when a bio was created continue to be supported by the * device until that bio is ended. This is turn means that a device cannot * shrink its advertised crypto capabilities without any explicit * synchronization with upper layers. So if there's no such explicit * synchronization, @src must support all the crypto capabilities that * @dst does (i.e. we need blk_crypto_has_capabilities(@src, @dst)). * * Note also that as long as the crypto capabilities are being expanded, the * order of updates becoming visible is not important because it's alright * for blk-crypto to see stale values - they only cause blk-crypto to * believe that a crypto capability isn't supported when it actually is (which * might result in blk-crypto-fallback being used if available, or the bio being * failed). */ void blk_crypto_update_capabilities(struct blk_crypto_profile *dst, const struct blk_crypto_profile *src) { … } EXPORT_SYMBOL_GPL(…);
Codebase Browser
linux