Commit | Line | Data |
---|---|---|
1b262839 ST |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* | |
3 | * Copyright 2019 Google LLC | |
4 | */ | |
5 | ||
6 | /** | |
7 | * DOC: The Keyslot Manager | |
8 | * | |
9 | * Many devices with inline encryption support have a limited number of "slots" | |
10 | * into which encryption contexts may be programmed, and requests can be tagged | |
11 | * with a slot number to specify the key to use for en/decryption. | |
12 | * | |
13 | * As the number of slots is limited, and programming keys is expensive on | |
14 | * many inline encryption hardware, we don't want to program the same key into | |
15 | * multiple slots - if multiple requests are using the same key, we want to | |
16 | * program just one slot with that key and use that slot for all requests. | |
17 | * | |
18 | * The keyslot manager manages these keyslots appropriately, and also acts as | |
19 | * an abstraction between the inline encryption hardware and the upper layers. | |
20 | * | |
21 | * Lower layer devices will set up a keyslot manager in their request queue | |
22 | * and tell it how to perform device specific operations like programming/ | |
23 | * evicting keys from keyslots. | |
24 | * | |
25 | * Upper layers will call blk_ksm_get_slot_for_key() to program a | |
26 | * key into some slot in the inline encryption hardware. | |
27 | */ | |
d145dc23 ST |
28 | |
29 | #define pr_fmt(fmt) "blk-crypto: " fmt | |
30 | ||
1e8d44bd | 31 | #include <linux/blk-crypto-profile.h> |
5851d3b0 | 32 | #include <linux/device.h> |
1b262839 ST |
33 | #include <linux/atomic.h> |
34 | #include <linux/mutex.h> | |
35 | #include <linux/pm_runtime.h> | |
36 | #include <linux/wait.h> | |
37 | #include <linux/blkdev.h> | |
fe45e630 | 38 | #include <linux/blk-integrity.h> |
1b262839 ST |
39 | |
40 | struct blk_ksm_keyslot { | |
41 | atomic_t slot_refs; | |
42 | struct list_head idle_slot_node; | |
43 | struct hlist_node hash_node; | |
44 | const struct blk_crypto_key *key; | |
45 | struct blk_keyslot_manager *ksm; | |
46 | }; | |
47 | ||
48 | static inline void blk_ksm_hw_enter(struct blk_keyslot_manager *ksm) | |
49 | { | |
50 | /* | |
51 | * Calling into the driver requires ksm->lock held and the device | |
52 | * resumed. But we must resume the device first, since that can acquire | |
53 | * and release ksm->lock via blk_ksm_reprogram_all_keys(). | |
54 | */ | |
55 | if (ksm->dev) | |
56 | pm_runtime_get_sync(ksm->dev); | |
57 | down_write(&ksm->lock); | |
58 | } | |
59 | ||
60 | static inline void blk_ksm_hw_exit(struct blk_keyslot_manager *ksm) | |
61 | { | |
62 | up_write(&ksm->lock); | |
63 | if (ksm->dev) | |
64 | pm_runtime_put_sync(ksm->dev); | |
65 | } | |
66 | ||
7bdcc48f ST |
67 | static inline bool blk_ksm_is_passthrough(struct blk_keyslot_manager *ksm) |
68 | { | |
69 | return ksm->num_slots == 0; | |
70 | } | |
71 | ||
1b262839 ST |
72 | /** |
73 | * blk_ksm_init() - Initialize a keyslot manager | |
74 | * @ksm: The keyslot_manager to initialize. | |
75 | * @num_slots: The number of key slots to manage. | |
76 | * | |
77 | * Allocate memory for keyslots and initialize a keyslot manager. Called by | |
78 | * e.g. storage drivers to set up a keyslot manager in their request_queue. | |
79 | * | |
80 | * Return: 0 on success, or else a negative error code. | |
81 | */ | |
82 | int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots) | |
83 | { | |
84 | unsigned int slot; | |
85 | unsigned int i; | |
86 | unsigned int slot_hashtable_size; | |
87 | ||
88 | memset(ksm, 0, sizeof(*ksm)); | |
89 | ||
90 | if (num_slots == 0) | |
91 | return -EINVAL; | |
92 | ||
93 | ksm->slots = kvcalloc(num_slots, sizeof(ksm->slots[0]), GFP_KERNEL); | |
94 | if (!ksm->slots) | |
95 | return -ENOMEM; | |
96 | ||
97 | ksm->num_slots = num_slots; | |
98 | ||
99 | init_rwsem(&ksm->lock); | |
100 | ||
101 | init_waitqueue_head(&ksm->idle_slots_wait_queue); | |
102 | INIT_LIST_HEAD(&ksm->idle_slots); | |
103 | ||
104 | for (slot = 0; slot < num_slots; slot++) { | |
105 | ksm->slots[slot].ksm = ksm; | |
106 | list_add_tail(&ksm->slots[slot].idle_slot_node, | |
107 | &ksm->idle_slots); | |
108 | } | |
109 | ||
110 | spin_lock_init(&ksm->idle_slots_lock); | |
111 | ||
112 | slot_hashtable_size = roundup_pow_of_two(num_slots); | |
47a84653 EB |
113 | /* |
114 | * hash_ptr() assumes bits != 0, so ensure the hash table has at least 2 | |
115 | * buckets. This only makes a difference when there is only 1 keyslot. | |
116 | */ | |
117 | if (slot_hashtable_size < 2) | |
118 | slot_hashtable_size = 2; | |
119 | ||
1b262839 ST |
120 | ksm->log_slot_ht_size = ilog2(slot_hashtable_size); |
121 | ksm->slot_hashtable = kvmalloc_array(slot_hashtable_size, | |
122 | sizeof(ksm->slot_hashtable[0]), | |
123 | GFP_KERNEL); | |
124 | if (!ksm->slot_hashtable) | |
125 | goto err_destroy_ksm; | |
126 | for (i = 0; i < slot_hashtable_size; i++) | |
127 | INIT_HLIST_HEAD(&ksm->slot_hashtable[i]); | |
128 | ||
129 | return 0; | |
130 | ||
131 | err_destroy_ksm: | |
132 | blk_ksm_destroy(ksm); | |
133 | return -ENOMEM; | |
134 | } | |
135 | EXPORT_SYMBOL_GPL(blk_ksm_init); | |
136 | ||
5851d3b0 EB |
137 | static void blk_ksm_destroy_callback(void *ksm) |
138 | { | |
139 | blk_ksm_destroy(ksm); | |
140 | } | |
141 | ||
142 | /** | |
143 | * devm_blk_ksm_init() - Resource-managed blk_ksm_init() | |
144 | * @dev: The device which owns the blk_keyslot_manager. | |
145 | * @ksm: The blk_keyslot_manager to initialize. | |
146 | * @num_slots: The number of key slots to manage. | |
147 | * | |
148 | * Like blk_ksm_init(), but causes blk_ksm_destroy() to be called automatically | |
149 | * on driver detach. | |
150 | * | |
151 | * Return: 0 on success, or else a negative error code. | |
152 | */ | |
153 | int devm_blk_ksm_init(struct device *dev, struct blk_keyslot_manager *ksm, | |
154 | unsigned int num_slots) | |
155 | { | |
156 | int err = blk_ksm_init(ksm, num_slots); | |
157 | ||
158 | if (err) | |
159 | return err; | |
160 | ||
161 | return devm_add_action_or_reset(dev, blk_ksm_destroy_callback, ksm); | |
162 | } | |
163 | EXPORT_SYMBOL_GPL(devm_blk_ksm_init); | |
164 | ||
1b262839 ST |
165 | static inline struct hlist_head * |
166 | blk_ksm_hash_bucket_for_key(struct blk_keyslot_manager *ksm, | |
167 | const struct blk_crypto_key *key) | |
168 | { | |
169 | return &ksm->slot_hashtable[hash_ptr(key, ksm->log_slot_ht_size)]; | |
170 | } | |
171 | ||
172 | static void blk_ksm_remove_slot_from_lru_list(struct blk_ksm_keyslot *slot) | |
173 | { | |
174 | struct blk_keyslot_manager *ksm = slot->ksm; | |
175 | unsigned long flags; | |
176 | ||
177 | spin_lock_irqsave(&ksm->idle_slots_lock, flags); | |
178 | list_del(&slot->idle_slot_node); | |
179 | spin_unlock_irqrestore(&ksm->idle_slots_lock, flags); | |
180 | } | |
181 | ||
182 | static struct blk_ksm_keyslot *blk_ksm_find_keyslot( | |
183 | struct blk_keyslot_manager *ksm, | |
184 | const struct blk_crypto_key *key) | |
185 | { | |
186 | const struct hlist_head *head = blk_ksm_hash_bucket_for_key(ksm, key); | |
187 | struct blk_ksm_keyslot *slotp; | |
188 | ||
189 | hlist_for_each_entry(slotp, head, hash_node) { | |
190 | if (slotp->key == key) | |
191 | return slotp; | |
192 | } | |
193 | return NULL; | |
194 | } | |
195 | ||
196 | static struct blk_ksm_keyslot *blk_ksm_find_and_grab_keyslot( | |
197 | struct blk_keyslot_manager *ksm, | |
198 | const struct blk_crypto_key *key) | |
199 | { | |
200 | struct blk_ksm_keyslot *slot; | |
201 | ||
202 | slot = blk_ksm_find_keyslot(ksm, key); | |
203 | if (!slot) | |
204 | return NULL; | |
205 | if (atomic_inc_return(&slot->slot_refs) == 1) { | |
206 | /* Took first reference to this slot; remove it from LRU list */ | |
207 | blk_ksm_remove_slot_from_lru_list(slot); | |
208 | } | |
209 | return slot; | |
210 | } | |
211 | ||
212 | unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot) | |
213 | { | |
214 | return slot - slot->ksm->slots; | |
215 | } | |
216 | EXPORT_SYMBOL_GPL(blk_ksm_get_slot_idx); | |
217 | ||
218 | /** | |
219 | * blk_ksm_get_slot_for_key() - Program a key into a keyslot. | |
220 | * @ksm: The keyslot manager to program the key into. | |
221 | * @key: Pointer to the key object to program, including the raw key, crypto | |
222 | * mode, and data unit size. | |
223 | * @slot_ptr: A pointer to return the pointer of the allocated keyslot. | |
224 | * | |
225 | * Get a keyslot that's been programmed with the specified key. If one already | |
226 | * exists, return it with incremented refcount. Otherwise, wait for a keyslot | |
227 | * to become idle and program it. | |
228 | * | |
229 | * Context: Process context. Takes and releases ksm->lock. | |
230 | * Return: BLK_STS_OK on success (and keyslot is set to the pointer of the | |
231 | * allocated keyslot), or some other blk_status_t otherwise (and | |
232 | * keyslot is set to NULL). | |
233 | */ | |
234 | blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm, | |
235 | const struct blk_crypto_key *key, | |
236 | struct blk_ksm_keyslot **slot_ptr) | |
237 | { | |
238 | struct blk_ksm_keyslot *slot; | |
239 | int slot_idx; | |
240 | int err; | |
241 | ||
242 | *slot_ptr = NULL; | |
7bdcc48f ST |
243 | |
244 | if (blk_ksm_is_passthrough(ksm)) | |
245 | return BLK_STS_OK; | |
246 | ||
1b262839 ST |
247 | down_read(&ksm->lock); |
248 | slot = blk_ksm_find_and_grab_keyslot(ksm, key); | |
249 | up_read(&ksm->lock); | |
250 | if (slot) | |
251 | goto success; | |
252 | ||
253 | for (;;) { | |
254 | blk_ksm_hw_enter(ksm); | |
255 | slot = blk_ksm_find_and_grab_keyslot(ksm, key); | |
256 | if (slot) { | |
257 | blk_ksm_hw_exit(ksm); | |
258 | goto success; | |
259 | } | |
260 | ||
261 | /* | |
262 | * If we're here, that means there wasn't a slot that was | |
263 | * already programmed with the key. So try to program it. | |
264 | */ | |
265 | if (!list_empty(&ksm->idle_slots)) | |
266 | break; | |
267 | ||
268 | blk_ksm_hw_exit(ksm); | |
269 | wait_event(ksm->idle_slots_wait_queue, | |
270 | !list_empty(&ksm->idle_slots)); | |
271 | } | |
272 | ||
273 | slot = list_first_entry(&ksm->idle_slots, struct blk_ksm_keyslot, | |
274 | idle_slot_node); | |
275 | slot_idx = blk_ksm_get_slot_idx(slot); | |
276 | ||
277 | err = ksm->ksm_ll_ops.keyslot_program(ksm, key, slot_idx); | |
278 | if (err) { | |
279 | wake_up(&ksm->idle_slots_wait_queue); | |
280 | blk_ksm_hw_exit(ksm); | |
281 | return errno_to_blk_status(err); | |
282 | } | |
283 | ||
284 | /* Move this slot to the hash list for the new key. */ | |
285 | if (slot->key) | |
286 | hlist_del(&slot->hash_node); | |
287 | slot->key = key; | |
288 | hlist_add_head(&slot->hash_node, blk_ksm_hash_bucket_for_key(ksm, key)); | |
289 | ||
290 | atomic_set(&slot->slot_refs, 1); | |
291 | ||
292 | blk_ksm_remove_slot_from_lru_list(slot); | |
293 | ||
294 | blk_ksm_hw_exit(ksm); | |
295 | success: | |
296 | *slot_ptr = slot; | |
297 | return BLK_STS_OK; | |
298 | } | |
299 | ||
300 | /** | |
301 | * blk_ksm_put_slot() - Release a reference to a slot | |
302 | * @slot: The keyslot to release the reference of. | |
303 | * | |
304 | * Context: Any context. | |
305 | */ | |
306 | void blk_ksm_put_slot(struct blk_ksm_keyslot *slot) | |
307 | { | |
308 | struct blk_keyslot_manager *ksm; | |
309 | unsigned long flags; | |
310 | ||
311 | if (!slot) | |
312 | return; | |
313 | ||
314 | ksm = slot->ksm; | |
315 | ||
316 | if (atomic_dec_and_lock_irqsave(&slot->slot_refs, | |
317 | &ksm->idle_slots_lock, flags)) { | |
318 | list_add_tail(&slot->idle_slot_node, &ksm->idle_slots); | |
319 | spin_unlock_irqrestore(&ksm->idle_slots_lock, flags); | |
320 | wake_up(&ksm->idle_slots_wait_queue); | |
321 | } | |
322 | } | |
323 | ||
324 | /** | |
325 | * blk_ksm_crypto_cfg_supported() - Find out if a crypto configuration is | |
326 | * supported by a ksm. | |
327 | * @ksm: The keyslot manager to check | |
328 | * @cfg: The crypto configuration to check for. | |
329 | * | |
330 | * Checks for crypto_mode/data unit size/dun bytes support. | |
331 | * | |
332 | * Return: Whether or not this ksm supports the specified crypto config. | |
333 | */ | |
334 | bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm, | |
335 | const struct blk_crypto_config *cfg) | |
336 | { | |
337 | if (!ksm) | |
338 | return false; | |
339 | if (!(ksm->crypto_modes_supported[cfg->crypto_mode] & | |
340 | cfg->data_unit_size)) | |
341 | return false; | |
342 | if (ksm->max_dun_bytes_supported < cfg->dun_bytes) | |
343 | return false; | |
344 | return true; | |
345 | } | |
346 | ||
347 | /** | |
348 | * blk_ksm_evict_key() - Evict a key from the lower layer device. | |
349 | * @ksm: The keyslot manager to evict from | |
350 | * @key: The key to evict | |
351 | * | |
352 | * Find the keyslot that the specified key was programmed into, and evict that | |
353 | * slot from the lower layer device. The slot must not be in use by any | |
354 | * in-flight IO when this function is called. | |
355 | * | |
356 | * Context: Process context. Takes and releases ksm->lock. | |
357 | * Return: 0 on success or if there's no keyslot with the specified key, -EBUSY | |
358 | * if the keyslot is still in use, or another -errno value on other | |
359 | * error. | |
360 | */ | |
361 | int blk_ksm_evict_key(struct blk_keyslot_manager *ksm, | |
362 | const struct blk_crypto_key *key) | |
363 | { | |
364 | struct blk_ksm_keyslot *slot; | |
365 | int err = 0; | |
366 | ||
7bdcc48f ST |
367 | if (blk_ksm_is_passthrough(ksm)) { |
368 | if (ksm->ksm_ll_ops.keyslot_evict) { | |
369 | blk_ksm_hw_enter(ksm); | |
370 | err = ksm->ksm_ll_ops.keyslot_evict(ksm, key, -1); | |
371 | blk_ksm_hw_exit(ksm); | |
372 | return err; | |
373 | } | |
374 | return 0; | |
375 | } | |
376 | ||
1b262839 ST |
377 | blk_ksm_hw_enter(ksm); |
378 | slot = blk_ksm_find_keyslot(ksm, key); | |
379 | if (!slot) | |
380 | goto out_unlock; | |
381 | ||
382 | if (WARN_ON_ONCE(atomic_read(&slot->slot_refs) != 0)) { | |
383 | err = -EBUSY; | |
384 | goto out_unlock; | |
385 | } | |
386 | err = ksm->ksm_ll_ops.keyslot_evict(ksm, key, | |
387 | blk_ksm_get_slot_idx(slot)); | |
388 | if (err) | |
389 | goto out_unlock; | |
390 | ||
391 | hlist_del(&slot->hash_node); | |
392 | slot->key = NULL; | |
393 | err = 0; | |
394 | out_unlock: | |
395 | blk_ksm_hw_exit(ksm); | |
396 | return err; | |
397 | } | |
398 | ||
399 | /** | |
400 | * blk_ksm_reprogram_all_keys() - Re-program all keyslots. | |
401 | * @ksm: The keyslot manager | |
402 | * | |
403 | * Re-program all keyslots that are supposed to have a key programmed. This is | |
404 | * intended only for use by drivers for hardware that loses its keys on reset. | |
405 | * | |
406 | * Context: Process context. Takes and releases ksm->lock. | |
407 | */ | |
408 | void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm) | |
409 | { | |
410 | unsigned int slot; | |
411 | ||
7bdcc48f ST |
412 | if (blk_ksm_is_passthrough(ksm)) |
413 | return; | |
414 | ||
1b262839 ST |
415 | /* This is for device initialization, so don't resume the device */ |
416 | down_write(&ksm->lock); | |
417 | for (slot = 0; slot < ksm->num_slots; slot++) { | |
418 | const struct blk_crypto_key *key = ksm->slots[slot].key; | |
419 | int err; | |
420 | ||
421 | if (!key) | |
422 | continue; | |
423 | ||
424 | err = ksm->ksm_ll_ops.keyslot_program(ksm, key, slot); | |
425 | WARN_ON(err); | |
426 | } | |
427 | up_write(&ksm->lock); | |
428 | } | |
429 | EXPORT_SYMBOL_GPL(blk_ksm_reprogram_all_keys); | |
430 | ||
431 | void blk_ksm_destroy(struct blk_keyslot_manager *ksm) | |
432 | { | |
433 | if (!ksm) | |
434 | return; | |
435 | kvfree(ksm->slot_hashtable); | |
3e20aa96 | 436 | kvfree_sensitive(ksm->slots, sizeof(ksm->slots[0]) * ksm->num_slots); |
1b262839 ST |
437 | memzero_explicit(ksm, sizeof(*ksm)); |
438 | } | |
439 | EXPORT_SYMBOL_GPL(blk_ksm_destroy); | |
d145dc23 ST |
440 | |
441 | bool blk_ksm_register(struct blk_keyslot_manager *ksm, struct request_queue *q) | |
442 | { | |
443 | if (blk_integrity_queue_supports_integrity(q)) { | |
444 | pr_warn("Integrity and hardware inline encryption are not supported together. Disabling hardware inline encryption.\n"); | |
445 | return false; | |
446 | } | |
447 | q->ksm = ksm; | |
448 | return true; | |
449 | } | |
450 | EXPORT_SYMBOL_GPL(blk_ksm_register); | |
451 | ||
452 | void blk_ksm_unregister(struct request_queue *q) | |
453 | { | |
454 | q->ksm = NULL; | |
455 | } | |
7bdcc48f | 456 | |
d3b17a24 ST |
457 | /** |
458 | * blk_ksm_intersect_modes() - restrict supported modes by child device | |
459 | * @parent: The keyslot manager for parent device | |
460 | * @child: The keyslot manager for child device, or NULL | |
461 | * | |
462 | * Clear any crypto mode support bits in @parent that aren't set in @child. | |
463 | * If @child is NULL, then all parent bits are cleared. | |
464 | * | |
465 | * Only use this when setting up the keyslot manager for a layered device, | |
466 | * before it's been exposed yet. | |
467 | */ | |
468 | void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent, | |
469 | const struct blk_keyslot_manager *child) | |
470 | { | |
471 | if (child) { | |
472 | unsigned int i; | |
473 | ||
474 | parent->max_dun_bytes_supported = | |
475 | min(parent->max_dun_bytes_supported, | |
476 | child->max_dun_bytes_supported); | |
477 | for (i = 0; i < ARRAY_SIZE(child->crypto_modes_supported); | |
478 | i++) { | |
479 | parent->crypto_modes_supported[i] &= | |
480 | child->crypto_modes_supported[i]; | |
481 | } | |
482 | } else { | |
483 | parent->max_dun_bytes_supported = 0; | |
484 | memset(parent->crypto_modes_supported, 0, | |
485 | sizeof(parent->crypto_modes_supported)); | |
486 | } | |
487 | } | |
488 | EXPORT_SYMBOL_GPL(blk_ksm_intersect_modes); | |
489 | ||
490 | /** | |
491 | * blk_ksm_is_superset() - Check if a KSM supports a superset of crypto modes | |
492 | * and DUN bytes that another KSM supports. Here, | |
493 | * "superset" refers to the mathematical meaning of the | |
494 | * word - i.e. if two KSMs have the *same* capabilities, | |
495 | * they *are* considered supersets of each other. | |
496 | * @ksm_superset: The KSM that we want to verify is a superset | |
497 | * @ksm_subset: The KSM that we want to verify is a subset | |
498 | * | |
499 | * Return: True if @ksm_superset supports a superset of the crypto modes and DUN | |
500 | * bytes that @ksm_subset supports. | |
501 | */ | |
502 | bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset, | |
503 | struct blk_keyslot_manager *ksm_subset) | |
504 | { | |
505 | int i; | |
506 | ||
507 | if (!ksm_subset) | |
508 | return true; | |
509 | ||
510 | if (!ksm_superset) | |
511 | return false; | |
512 | ||
513 | for (i = 0; i < ARRAY_SIZE(ksm_superset->crypto_modes_supported); i++) { | |
514 | if (ksm_subset->crypto_modes_supported[i] & | |
515 | (~ksm_superset->crypto_modes_supported[i])) { | |
516 | return false; | |
517 | } | |
518 | } | |
519 | ||
520 | if (ksm_subset->max_dun_bytes_supported > | |
521 | ksm_superset->max_dun_bytes_supported) { | |
522 | return false; | |
523 | } | |
524 | ||
525 | return true; | |
526 | } | |
527 | EXPORT_SYMBOL_GPL(blk_ksm_is_superset); | |
528 | ||
529 | /** | |
530 | * blk_ksm_update_capabilities() - Update the restrictions of a KSM to those of | |
531 | * another KSM | |
532 | * @target_ksm: The KSM whose restrictions to update. | |
533 | * @reference_ksm: The KSM to whose restrictions this function will update | |
534 | * @target_ksm's restrictions to. | |
535 | * | |
536 | * Blk-crypto requires that crypto capabilities that were | |
537 | * advertised when a bio was created continue to be supported by the | |
538 | * device until that bio is ended. This is turn means that a device cannot | |
539 | * shrink its advertised crypto capabilities without any explicit | |
540 | * synchronization with upper layers. So if there's no such explicit | |
541 | * synchronization, @reference_ksm must support all the crypto capabilities that | |
542 | * @target_ksm does | |
543 | * (i.e. we need blk_ksm_is_superset(@reference_ksm, @target_ksm) == true). | |
544 | * | |
545 | * Note also that as long as the crypto capabilities are being expanded, the | |
546 | * order of updates becoming visible is not important because it's alright | |
547 | * for blk-crypto to see stale values - they only cause blk-crypto to | |
548 | * believe that a crypto capability isn't supported when it actually is (which | |
549 | * might result in blk-crypto-fallback being used if available, or the bio being | |
550 | * failed). | |
551 | */ | |
552 | void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm, | |
553 | struct blk_keyslot_manager *reference_ksm) | |
554 | { | |
555 | memcpy(target_ksm->crypto_modes_supported, | |
556 | reference_ksm->crypto_modes_supported, | |
557 | sizeof(target_ksm->crypto_modes_supported)); | |
558 | ||
559 | target_ksm->max_dun_bytes_supported = | |
560 | reference_ksm->max_dun_bytes_supported; | |
561 | } | |
562 | EXPORT_SYMBOL_GPL(blk_ksm_update_capabilities); | |
563 | ||
7bdcc48f ST |
564 | /** |
565 | * blk_ksm_init_passthrough() - Init a passthrough keyslot manager | |
566 | * @ksm: The keyslot manager to init | |
567 | * | |
568 | * Initialize a passthrough keyslot manager. | |
569 | * Called by e.g. storage drivers to set up a keyslot manager in their | |
570 | * request_queue, when the storage driver wants to manage its keys by itself. | |
571 | * This is useful for inline encryption hardware that doesn't have the concept | |
572 | * of keyslots, and for layered devices. | |
573 | */ | |
574 | void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm) | |
575 | { | |
576 | memset(ksm, 0, sizeof(*ksm)); | |
577 | init_rwsem(&ksm->lock); | |
578 | } | |
579 | EXPORT_SYMBOL_GPL(blk_ksm_init_passthrough); |