Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34f21ff3 authored by Blagovest Kolenichev's avatar Blagovest Kolenichev
Browse files

Revert crypto changes from android-4.19.79-95 



This is a preparation change for merging android-4.19.95 into
msm-4.19 branch.

The following changes are reverted. They will be introduced to
msm-4.19 at later stage:

114c59d6 ANDROID: f2fs: fix possible merge of unencrypted with encrypted I/O
3a468438 ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag
6f915cf2 ANDROID: scsi: ufs-hisi: Enable BROKEN_CRYPTO quirk flag
86739e75 ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto
d2e05e75 ANDROID: scsi: ufs: UFS init should not require inline crypto
484f1873 ANDROID: scsi: ufs: UFS crypto variant operations API
f269cf51 ANDROID: gki_defconfig: enable inline encryption
f2ca2620 BACKPORT: FROMLIST: ext4: add inline encryption support
e274bd38 BACKPORT: FROMLIST: f2fs: add inline encryption support
07973695 BACKPORT: FROMLIST: fscrypt: add inline encryption support
a502a18f BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS
eedb6251 BACKPORT: FROMLIST: scsi: ufs: UFS crypto API
e00aafee BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions
392ad89e BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption
8fda3053 ANDROID: block: Fix bio_crypt_should_process WARN_ON
20efc30a BACKPORT: FROMLIST: block: Add encryption context to struct bio
b0a4fb22 BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption
2fedb52d FROMLIST: f2fs: add support for IV_INO_LBLK_64 encryption policies
11fd3752 FROMLIST: ext4: add support for IV_INO_LBLK_64 encryption policies
94231712 BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_64 policies
6806fd6a FROMLIST: fscrypt: zeroize fscrypt_info before freeing
97c9fb77 FROMLIST: fscrypt: remove struct fscrypt_ctx
65901127 BACKPORT: FROMLIST: fscrypt: invoke crypto API for ESSIV handling
651f77d3 ANDROID: sdcardfs: evict dentries on fscrypt key removal
4932f537 ANDROID: fscrypt: add key removal notifier chain
45b1509e ext4 crypto: fix to check feature status before get policy
c0751a1b fscrypt: document the new ioctls and policy version
435089d6 ubifs: wire up new fscrypt ioctls
c80449de f2fs: wire up new fscrypt ioctls
8178d688 ext4: wire up new fscrypt ioctls
30d0df15 fscrypt: require that key be added when setting a v2 encryption policy
080389cb fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
8e1c8874 fscrypt: allow unprivileged users to add/remove keys for v2 policies
73ce50dc fscrypt: v2 encryption policy support
6ad6af59 fscrypt: add an HKDF-SHA512 implementation
dbfc6584 fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
cacc84e0 fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
98462559 fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
c677e577 fscrypt: rename keyinfo.c to keysetup.c
43d52193 fscrypt: move v1 policy key setup to keysetup_v1.c
c55916aa fscrypt: refactor key setup code in preparation for v2 policies
d4b1cd7a fscrypt: rename fscrypt_master_key to fscrypt_direct_key
3246be13 fscrypt: add ->ci_inode to fscrypt_info
fc987b38 fscrypt: use FSCRYPT_* definitions, not FS_*
678ee276 fscrypt: use FSCRYPT_ prefix for uapi constants
a48b7adc fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
932301a5 fscrypt: use ENOPKG when crypto API support missing
60f50d13 fscrypt: improve warnings for missing crypto API support
830d573a fscrypt: improve warning messages for unsupported encryption contexts
9aa799b7 fscrypt: make fscrypt_msg() take inode instead of super_block
10c0af12 fscrypt: clean up base64 encoding/decoding
9842574a fscrypt: remove loadable module related code

Change-Id: I12036285cc65adcf79ff96ccf980408c8267c957
Signed-off-by: default avatarIvaylo Georgiev <irgeorgiev@codeaurora.org>
Signed-off-by: default avatarBlagovest Kolenichev <bkolenichev@codeaurora.org>
parent 45417b13

Documentation/block/inline-encryption.rst

deleted100644 → 0
+0 −183
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



=================

Inline Encryption

=================



Objective

=========



We want to support inline encryption (IE) in the kernel.

To allow for testing, we also want a crypto API fallback when actual

IE hardware is absent. We also want IE to work with layered devices

like dm and loopback (i.e. we want to be able to use the IE hardware

of the underlying devices if present, or else fall back to crypto API

en/decryption).





Constraints and notes

=====================



- IE hardware have a limited number of "keyslots" that can be programmed

  with an encryption context (key, algorithm, data unit size, etc.) at any time.

  One can specify a keyslot in a data request made to the device, and the

  device will en/decrypt the data using the encryption context programmed into

  that specified keyslot. When possible, we want to make multiple requests with

  the same encryption context share the same keyslot.



- We need a way for filesystems to specify an encryption context to use for

  en/decrypting a struct bio, and a device driver (like UFS) needs to be able

  to use that encryption context when it processes the bio.



- We need a way for device drivers to expose their capabilities in a unified

  way to the upper layers.





Design

======



We add a struct bio_crypt_ctx to struct bio that can represent an

encryption context, because we need to be able to pass this encryption

context from the FS layer to the device driver to act upon.



While IE hardware works on the notion of keyslots, the FS layer has no

knowledge of keyslots - it simply wants to specify an encryption context to

use while en/decrypting a bio.



We introduce a keyslot manager (KSM) that handles the translation from

encryption contexts specified by the FS to keyslots on the IE hardware.

This KSM also serves as the way IE hardware can expose their capabilities to

upper layers. The generic mode of operation is: each device driver that wants

to support IE will construct a KSM and set it up in its struct request_queue.

Upper layers that want to use IE on this device can then use this KSM in

the device's struct request_queue to translate an encryption context into

a keyslot. The presence of the KSM in the request queue shall be used to mean

that the device supports IE.



On the device driver end of the interface, the device driver needs to tell the

KSM how to actually manipulate the IE hardware in the device to do things like

programming the crypto key into the IE hardware into a particular keyslot. All

this is achieved through the :c:type:`struct keyslot_mgmt_ll_ops` that the

device driver passes to the KSM when creating it.



It uses refcounts to track which keyslots are idle (either they have no

encryption context programmed, or there are no in-flight struct bios

referencing that keyslot). When a new encryption context needs a keyslot, it

tries to find a keyslot that has already been programmed with the same

encryption context, and if there is no such keyslot, it evicts the least

recently used idle keyslot and programs the new encryption context into that

one. If no idle keyslots are available, then the caller will sleep until there

is at least one.





Blk-crypto

==========



The above is sufficient for simple cases, but does not work if there is a

need for a crypto API fallback, or if we are want to use IE with layered

devices. To these ends, we introduce blk-crypto. Blk-crypto allows us to

present a unified view of encryption to the FS (so FS only needs to specify

an encryption context and not worry about keyslots at all), and blk-crypto

can decide whether to delegate the en/decryption to IE hardware or to the

crypto API. Blk-crypto maintains an internal KSM that serves as the crypto

API fallback.



Blk-crypto needs to ensure that the encryption context is programmed into the

"correct" keyslot manager for IE. If a bio is submitted to a layered device

that eventually passes the bio down to a device that really does support IE, we

want the encryption context to be programmed into a keyslot for the KSM of the

device with IE support. However, blk-crypto does not know a priori whether a

particular device is the final device in the layering structure for a bio or

not. So in the case that a particular device does not support IE, since it is

possibly the final destination device for the bio, if the bio requires

encryption (i.e. the bio is doing a write operation), blk-crypto must fallback

to the crypto API *before* sending the bio to the device.



Blk-crypto ensures that:



- The bio's encryption context is programmed into a keyslot in the KSM of the

  request queue that the bio is being submitted to (or the crypto API fallback

  KSM if the request queue doesn't have a KSM), and that the ``processing_ksm``

  in the ``bi_crypt_context`` is set to this KSM



- That the bio has its own individual reference to the keyslot in this KSM.

  Once the bio passes through blk-crypto, its encryption context is programmed

  in some KSM. The "its own individual reference to the keyslot" ensures that

  keyslots can be released by each bio independently of other bios while

  ensuring that the bio has a valid reference to the keyslot when, for e.g., the

  crypto API fallback KSM in blk-crypto performs crypto on the device's behalf.

  The individual references are ensured by increasing the refcount for the

  keyslot in the ``processing_ksm`` when a bio with a programmed encryption

  context is cloned.





What blk-crypto does on bio submission

--------------------------------------



**Case 1:** blk-crypto is given a bio with only an encryption context that hasn't

been programmed into any keyslot in any KSM (for e.g. a bio from the FS).

  In this case, blk-crypto will program the encryption context into the KSM of the

  request queue the bio is being submitted to (and if this KSM does not exist,

  then it will program it into blk-crypto's internal KSM for crypto API

  fallback). The KSM that this encryption context was programmed into is stored

  as the ``processing_ksm`` in the bio's ``bi_crypt_context``.



**Case 2:** blk-crypto is given a bio whose encryption context has already been

programmed into a keyslot in the *crypto API fallback* KSM.

  In this case, blk-crypto does nothing; it treats the bio as not having

  specified an encryption context. Note that we cannot do here what we will do

  in Case 3 because we would have already encrypted the bio via the crypto API

  by this point.



**Case 3:** blk-crypto is given a bio whose encryption context has already been

programmed into a keyslot in some KSM (that is *not* the crypto API fallback

KSM).

  In this case, blk-crypto first releases that keyslot from that KSM and then

  treats the bio as in Case 1.



This way, when a device driver is processing a bio, it can be sure that

the bio's encryption context has been programmed into some KSM (either the

device driver's request queue's KSM, or blk-crypto's crypto API fallback KSM).

It then simply needs to check if the bio's processing_ksm is the device's

request queue's KSM. If so, then it should proceed with IE. If not, it should

simply do nothing with respect to crypto, because some other KSM (perhaps the

blk-crypto crypto API fallback KSM) is handling the en/decryption.



Blk-crypto will release the keyslot that is being held by the bio (and also

decrypt it if the bio is using the crypto API fallback KSM) once

``bio_remaining_done`` returns true for the bio.





Layered Devices

===============



Layered devices that wish to support IE need to create their own keyslot

manager for their request queue, and expose whatever functionality they choose.

When a layered device wants to pass a bio to another layer (either by

resubmitting the same bio, or by submitting a clone), it doesn't need to do

anything special because the bio (or the clone) will once again pass through

blk-crypto, which will work as described in Case 3. If a layered device wants

for some reason to do the IO by itself instead of passing it on to a child

device, but it also chose to expose IE capabilities by setting up a KSM in its

request queue, it is then responsible for en/decrypting the data itself. In

such cases, the device can choose to call the blk-crypto function

``blk_crypto_fallback_to_kernel_crypto_api`` (TODO: Not yet implemented), which will

cause the en/decryption to be done via the crypto API fallback.





Future Optimizations for layered devices

========================================



Creating a keyslot manager for the layered device uses up memory for each

keyslot, and in general, a layered device (like dm-linear) merely passes the

request on to a "child" device, so the keyslots in the layered device itself

might be completely unused. We can instead define a new type of KSM; the

"passthrough KSM", that layered devices can use to let blk-crypto know that

this layered device *will* pass the bio to some child device (and hence

through blk-crypto again, at which point blk-crypto can program the encryption

context, instead of programming it into the layered device's KSM). Again, if

the device "lies" and decides to do the IO itself instead of passing it on to

a child device, it is responsible for doing the en/decryption (and can choose

to call ``blk_crypto_fallback_to_kernel_crypto_api``). Another use case for the

"passthrough KSM" is for IE devices that want to manage their own keyslots/do

not have a limited number of keyslots.

Documentation/filesystems/fscrypt.rst

+141 −659

File changed.

Preview size limit exceeded, changes collapsed.

MAINTAINERS

+0 −1
Original line number Diff line number Diff line
@@ -5999,7 +5999,6 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git 
S:	Supported

F:	fs/crypto/

F:	include/linux/fscrypt*.h

F:	include/uapi/linux/fscrypt.h

F:	Documentation/filesystems/fscrypt.rst



FSI-ATTACHED I2C DRIVER

arch/arm64/configs/gki_defconfig

+0 −3
Original line number Diff line number Diff line
@@ -81,7 +81,6 @@ CONFIG_SHADOW_CALL_STACK=y 
CONFIG_MODULES=y

CONFIG_MODULE_UNLOAD=y

CONFIG_MODVERSIONS=y

CONFIG_BLK_INLINE_ENCRYPTION=y

CONFIG_GKI_HACKS_TO_FIX=y

# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set

CONFIG_BINFMT_MISC=m
@@ -223,7 +222,6 @@ CONFIG_SCSI=y 
CONFIG_BLK_DEV_SD=y

CONFIG_SCSI_UFSHCD=y

CONFIG_SCSI_UFSHCD_PLATFORM=y

CONFIG_SCSI_UFS_CRYPTO=y

CONFIG_MD=y

CONFIG_BLK_DEV_DM=y

CONFIG_DM_CRYPT=y
@@ -394,7 +392,6 @@ CONFIG_EXT4_FS_SECURITY=y 
CONFIG_F2FS_FS=y

CONFIG_F2FS_FS_SECURITY=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y

CONFIG_FS_VERITY=y

CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y

# CONFIG_DNOTIFY is not set

arch/x86/configs/gki_defconfig

+0 −2
Original line number Diff line number Diff line
@@ -50,7 +50,6 @@ CONFIG_KPROBES=y 
CONFIG_MODULES=y

CONFIG_MODULE_UNLOAD=y

CONFIG_MODVERSIONS=y

CONFIG_BLK_INLINE_ENCRYPTION=y

CONFIG_GKI_HACKS_TO_FIX=y

# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set

CONFIG_BINFMT_MISC=m
@@ -330,7 +329,6 @@ CONFIG_EXT4_ENCRYPTION=y 
CONFIG_F2FS_FS=y

CONFIG_F2FS_FS_SECURITY=y

CONFIG_F2FS_FS_ENCRYPTION=y

CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y

CONFIG_FS_VERITY=y

CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y

# CONFIG_DNOTIFY is not set