Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'ecryptfs-3.10-rc1-ablkcipher' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
Pull eCryptfs update from Tyler Hicks:
"Improve performance when AES-NI (and most likely other crypto
accelerators) is available by moving to the ablkcipher crypto API.
The improvement is more apparent on faster storage devices.
There's no noticeable change when hardware crypto is not available"
* tag 'ecryptfs-3.10-rc1-ablkcipher' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
eCryptfs: Use the ablkcipher crypto API
+103
-41
+101
-40
fs/ecryptfs/crypto.c
+101
-40
fs/ecryptfs/crypto.c
···
243
243
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
244
244
245
245
if (crypt_stat->tfm)
246
-
crypto_free_blkcipher(crypt_stat->tfm);
246
+
crypto_free_ablkcipher(crypt_stat->tfm);
247
247
if (crypt_stat->hash_tfm)
248
248
crypto_free_hash(crypt_stat->hash_tfm);
249
249
list_for_each_entry_safe(key_sig, key_sig_tmp,
···
319
319
return i;
320
320
}
321
321
322
+
struct extent_crypt_result {
323
+
struct completion completion;
324
+
int rc;
325
+
};
326
+
327
+
static void extent_crypt_complete(struct crypto_async_request *req, int rc)
328
+
{
329
+
struct extent_crypt_result *ecr = req->data;
330
+
331
+
if (rc == -EINPROGRESS)
332
+
return;
333
+
334
+
ecr->rc = rc;
335
+
complete(&ecr->completion);
336
+
}
337
+
322
338
/**
323
339
* encrypt_scatterlist
324
340
* @crypt_stat: Pointer to the crypt_stat struct to initialize.
···
350
334
struct scatterlist *src_sg, int size,
351
335
unsigned char *iv)
352
336
{
353
-
struct blkcipher_desc desc = {
354
-
.tfm = crypt_stat->tfm,
355
-
.info = iv,
356
-
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
357
-
};
337
+
struct ablkcipher_request *req = NULL;
338
+
struct extent_crypt_result ecr;
358
339
int rc = 0;
359
340
360
341
BUG_ON(!crypt_stat || !crypt_stat->tfm
···
362
349
ecryptfs_dump_hex(crypt_stat->key,
363
350
crypt_stat->key_size);
364
351
}
365
-
/* Consider doing this once, when the file is opened */
352
+
353
+
init_completion(&ecr.completion);
354
+
366
355
mutex_lock(&crypt_stat->cs_tfm_mutex);
367
-
if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
368
-
rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
369
-
crypt_stat->key_size);
370
-
crypt_stat->flags |= ECRYPTFS_KEY_SET;
371
-
}
372
-
if (rc) {
373
-
ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
374
-
rc);
356
+
req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
357
+
if (!req) {
375
358
mutex_unlock(&crypt_stat->cs_tfm_mutex);
376
-
rc = -EINVAL;
359
+
rc = -ENOMEM;
377
360
goto out;
378
361
}
379
-
ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
380
-
crypto_blkcipher_encrypt_iv(&desc, dest_sg, src_sg, size);
362
+
363
+
ablkcipher_request_set_callback(req,
364
+
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
365
+
extent_crypt_complete, &ecr);
366
+
/* Consider doing this once, when the file is opened */
367
+
if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
368
+
rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
369
+
crypt_stat->key_size);
370
+
if (rc) {
371
+
ecryptfs_printk(KERN_ERR,
372
+
"Error setting key; rc = [%d]\n",
373
+
rc);
374
+
mutex_unlock(&crypt_stat->cs_tfm_mutex);
375
+
rc = -EINVAL;
376
+
goto out;
377
+
}
378
+
crypt_stat->flags |= ECRYPTFS_KEY_SET;
379
+
}
381
380
mutex_unlock(&crypt_stat->cs_tfm_mutex);
381
+
ecryptfs_printk(KERN_DEBUG, "Encrypting [%d] bytes.\n", size);
382
+
ablkcipher_request_set_crypt(req, src_sg, dest_sg, size, iv);
383
+
rc = crypto_ablkcipher_encrypt(req);
384
+
if (rc == -EINPROGRESS || rc == -EBUSY) {
385
+
struct extent_crypt_result *ecr = req->base.data;
386
+
387
+
wait_for_completion(&ecr->completion);
388
+
rc = ecr->rc;
389
+
INIT_COMPLETION(ecr->completion);
390
+
}
382
391
out:
392
+
ablkcipher_request_free(req);
383
393
return rc;
384
394
}
385
395
···
660
624
struct scatterlist *src_sg, int size,
661
625
unsigned char *iv)
662
626
{
663
-
struct blkcipher_desc desc = {
664
-
.tfm = crypt_stat->tfm,
665
-
.info = iv,
666
-
.flags = CRYPTO_TFM_REQ_MAY_SLEEP
667
-
};
627
+
struct ablkcipher_request *req = NULL;
628
+
struct extent_crypt_result ecr;
668
629
int rc = 0;
669
630
670
-
/* Consider doing this once, when the file is opened */
631
+
BUG_ON(!crypt_stat || !crypt_stat->tfm
632
+
|| !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
633
+
if (unlikely(ecryptfs_verbosity > 0)) {
634
+
ecryptfs_printk(KERN_DEBUG, "Key size [%zd]; key:\n",
635
+
crypt_stat->key_size);
636
+
ecryptfs_dump_hex(crypt_stat->key,
637
+
crypt_stat->key_size);
638
+
}
639
+
640
+
init_completion(&ecr.completion);
641
+
671
642
mutex_lock(&crypt_stat->cs_tfm_mutex);
672
-
rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
673
-
crypt_stat->key_size);
674
-
if (rc) {
675
-
ecryptfs_printk(KERN_ERR, "Error setting key; rc = [%d]\n",
676
-
rc);
643
+
req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
644
+
if (!req) {
677
645
mutex_unlock(&crypt_stat->cs_tfm_mutex);
678
-
rc = -EINVAL;
646
+
rc = -ENOMEM;
679
647
goto out;
680
648
}
681
-
ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
682
-
rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size);
649
+
650
+
ablkcipher_request_set_callback(req,
651
+
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
652
+
extent_crypt_complete, &ecr);
653
+
/* Consider doing this once, when the file is opened */
654
+
if (!(crypt_stat->flags & ECRYPTFS_KEY_SET)) {
655
+
rc = crypto_ablkcipher_setkey(crypt_stat->tfm, crypt_stat->key,
656
+
crypt_stat->key_size);
657
+
if (rc) {
658
+
ecryptfs_printk(KERN_ERR,
659
+
"Error setting key; rc = [%d]\n",
660
+
rc);
661
+
mutex_unlock(&crypt_stat->cs_tfm_mutex);
662
+
rc = -EINVAL;
663
+
goto out;
664
+
}
665
+
crypt_stat->flags |= ECRYPTFS_KEY_SET;
666
+
}
683
667
mutex_unlock(&crypt_stat->cs_tfm_mutex);
684
-
if (rc) {
685
-
ecryptfs_printk(KERN_ERR, "Error decrypting; rc = [%d]\n",
686
-
rc);
687
-
goto out;
668
+
ecryptfs_printk(KERN_DEBUG, "Decrypting [%d] bytes.\n", size);
669
+
ablkcipher_request_set_crypt(req, src_sg, dest_sg, size, iv);
670
+
rc = crypto_ablkcipher_decrypt(req);
671
+
if (rc == -EINPROGRESS || rc == -EBUSY) {
672
+
struct extent_crypt_result *ecr = req->base.data;
673
+
674
+
wait_for_completion(&ecr->completion);
675
+
rc = ecr->rc;
676
+
INIT_COMPLETION(ecr->completion);
688
677
}
689
-
rc = size;
690
678
out:
679
+
ablkcipher_request_free(req);
691
680
return rc;
681
+
692
682
}
693
683
694
684
/**
···
808
746
crypt_stat->cipher, "cbc");
809
747
if (rc)
810
748
goto out_unlock;
811
-
crypt_stat->tfm = crypto_alloc_blkcipher(full_alg_name, 0,
812
-
CRYPTO_ALG_ASYNC);
749
+
crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0);
813
750
kfree(full_alg_name);
814
751
if (IS_ERR(crypt_stat->tfm)) {
815
752
rc = PTR_ERR(crypt_stat->tfm);
···
818
757
crypt_stat->cipher);
819
758
goto out_unlock;
820
759
}
821
-
crypto_blkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
760
+
crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
822
761
rc = 0;
823
762
out_unlock:
824
763
mutex_unlock(&crypt_stat->cs_tfm_mutex);
+2
-1
fs/ecryptfs/ecryptfs_kernel.h
+2
-1
fs/ecryptfs/ecryptfs_kernel.h
···
38
38
#include <linux/nsproxy.h>
39
39
#include <linux/backing-dev.h>
40
40
#include <linux/ecryptfs.h>
41
+
#include <linux/crypto.h>
41
42
42
43
#define ECRYPTFS_DEFAULT_IV_BYTES 16
43
44
#define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096
···
234
233
size_t extent_shift;
235
234
unsigned int extent_mask;
236
235
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
237
-
struct crypto_blkcipher *tfm;
236
+
struct crypto_ablkcipher *tfm;
238
237
struct crypto_hash *hash_tfm; /* Crypto context for generating
239
238
* the initialization vectors */
240
239
unsigned char cipher[ECRYPTFS_MAX_CIPHER_NAME_SIZE];